Data protection statement Carotel

1. Introduction

Our Carotel branches are committed to the secure, transparent and confidential collection and processing of your personal data. In particular, we want to protect the data of our customers, subcontractors and suppliers, among others, from loss, leaks, errors, unauthorized access or unlawful processing. We would like to inform you through this Data Protection Notice about the collection and processing of your personal data. We ask that you read this Data Protection Notice carefully, as it contains essential information about how your personal data is processed and for what purpose. By communicating your personal data, you expressly declare that you have read this Data Protection Notice and also expressly agree to it, as well as to the processing itself.

2. Scope

This Data Protection Notice relates to all services provided by us and in general to all activities we perform.

3. Controller and its commitments.

Carotel is the controller of your personal data. When collecting and processing your personal data, we respect Belgian regulations on the protection of personal data, as well as the General Data Protection Regulation (“GDPR”) as of its entry into force on May 25, 2018.

4. Personal data

According to your activities and your relationship with our company, you communicate to us the following personal data: your identity and contact information (name, title of address, address, e-mail address, 2 telephone and cell phone number). We kindly remind you that you are responsible for all data you provide to us and that we rely on its accuracy. If your information should be out of date, please notify us by return. You are not obliged to communicate your personal data, but you understand that the provision of certain services or cooperation becomes impossible if you do not consent to its collection and processing.

5. Processing purposes and legal basis.

5.1 Customer data

As part of our services, we maintain of no one’s data, identity nor contact. Only during the covid period are contact forms maintained as a function of contract tracing. After several weeks, these are destroyed.

The data is obviously never and with no one shared outside of those responsible at the various sites and/or federal/local government agencies. Customer data is not maintained unless due to theft, vandalism and/or malpractice data is entered into the security system. This is also entirely internal and accessible only to management, those in charge and federal or local government agencies.

Only data that are kept for a limited period of time are : camera images of the car parks / covid contact forms

Camera servers are in accordance with the current RD of 21.03.2007, data are automatically overwritten after a period of storage.

5.2 Details of suppliers and subcontractors

We collect and process the identity and contact information of our suppliers and subcontractors, as well as their subcontractor(s) (if any), their staff, employees, appointees and other useful contacts. The purposes of this processing are the performance of this agreement, supplier/subcontractor management, accounting and direct marketing activities such as sending promotional or commercial information. The legal grounds are performance of the contract, fulfillment of legal and regulatory obligations and/or our legitimate interest (such as for direct marketing). For direct marketing activities by e-mail (such as a newsletter or event invitation), consent will always be sought and can also be withdrawn at any time.

5.3 Staff data

We process our employees’ personal data as part of our personnel management and payroll administration.

6. Duration of processing.

Personal data will be kept and processed by us for a period necessary in function of the purposes of the processing and in function of the relationship (contractual or otherwise) we have with you. Customer data and data of suppliers or subcontractors will be deleted from our systems in any case after a period of 10 years after the termination of the contract or project, except with regard to this personal data that we are required to keep longer on the basis of specific legislation or in case of an ongoing dispute for which the personal data is still necessary.

7. Rights

In accordance and under the terms of Belgian privacy legislation and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:

  • Right of access and inspection: you have the right to acquaint yourself, free of charge, with the data we hold about you and to find out what it is used for.

  • Right to rectification: you have the right to obtain rectification (correction) of your incorrect personal data, as well as to complete incomplete personal data.

  • Right to data erasure or restriction: you have the right to request us to erase or restrict the processing of your personal data in the circumstances and under the conditions stipulated by the General Data Protection Regulation. We may refuse data erasure or restriction of any personal data necessary for us to carry out a legal obligation, the performance of the contract or our legitimate interest for as long as such data is necessary for the purposes for which it was collected.

  • Right to data portability: you have the right to obtain the personal data you have provided to us in a structured, common and machine-readable form. You have the right to transfer this data to another data controller.

  • Right to object: you have the right to object to the processing of your personal data for serious and legitimate reasons. However, please note that you cannot oppose the processing of personal data that is necessary for us to carry out a legal obligation, the performance of the contract or our legitimate interest, and for as long as this data is necessary for the purposes for which it was collected.

  • Right to withdraw consent: If the processing of personal data is based on prior consent, you have the right to withdraw this consent. These personal data will then only be processed if we have another legal basis for doing so.

  • Automated decisions and profiling: we confirm that the processing of personal data does not involve profiling and that you will not be subject to fully automated decisions.

You may exercise the aforementioned rights by contacting the business manager at

We make every effort to handle your personal data in a careful and legitimate manner in accordance with applicable regulations. If, nevertheless, you believe that your rights have been violated and you do not find a hearing for your concerns within our company, you are free to file a complaint with:

Privacy Protection Commission.
Press Street 35, 1000 Brussels
Tel. 02 274 48 00
Fax. 02 274 48 35

You may additionally apply to a court if you believe you would suffer damages as a result of the processing of your personal data.

8. Transfer to third parties

Certain personal data collected by us will be transmitted to and possibly processed by third party service providers, such as our IT supplier, accountant, …

One or more of the above third parties may be located outside the European Economic Area (“EEA”). However, personal data will only be transferred to third countries with an adequate level of protection.

The employees, managers and/or representatives of the aforementioned service providers or institutions and the specialized service providers appointed by them must respect the confidential nature of your personal data and can only use these data for the purposes in the context of which they were provided.

If necessary, your personal data may be transferred to other third parties. This may be the case, for example, if we were to be reorganized in whole or in part, our business transferred, or if we were to be declared bankrupt. Personal data may also need to be transferred pursuant to a court order or to comply with a particular legal obligation. We will make reasonable efforts to notify you in advance of this communication to other third parties in such cases. However, you will recognize and understand that in certain circumstances this may not always be technically or commercially feasible or legal restrictions may apply.

Under no circumstances will we sell or make your personal data commercially available to direct marketing agencies or similar service providers, except with your prior consent.

9. Technical and organizational measures

We take the necessary technical and organizational measures to process your personal data according to an adequate level of security and protect it from destruction, loss, falsification, modification, unauthorized access or notification by mistake to third parties, as well as any other unauthorized processing of this data. Under no circumstances can we be held liable for any direct or indirect damage resulting from an erroneous or unlawful use by a third party of the personal data.

10. Third party access

For the purpose of processing your personal data, we grant access to your personal data to our management and, if necessary, local or federal government agencies. We guarantee a similar level of protection by making contractual obligations opposable to these employees, associates and appointees similar to this Data Protection Notice.

11. Any questions?

If after reading this Data Protection Notice you have further questions or comments regarding the collection and processing of your personal data, you may contact us either by mail to Carotel, Brugsesteenweg 94, 8520 Kuurne or by email at

2023 Carotel. Alle rechten voorbehouden.


Algemene voorwaarden


2023 Carotel. Alle rechten voorbehouden.


Algemene voorwaarden

2023 Carotel. All rights reserved.

Privacy Policy

General conditions


2023 Carotel. All rights reserved.

Privacy Policy

General conditions