Privacy policy

PRIVACY STATEMENT van Heylen bvba version 1.0

Who are we?

Name: Heylen bvba

Address: Schurhovenveld 2320, 3800 Sint-Truiden

Enterprise number: 0834,848,217

Since we comply with the GDPR / AVG – Legislation in force since 25/05/2018, we present this privacy statement.

If you still have questions after reading this statement, you can always contact our data protection officer or DPO (Data Protection Officer) via this route:

  1. WHAT:

Herein we explain how we handle your personal data, what your rights are, how you can enforce them, etc.

  • Terms used :
  • Personal data : this means the GDPR / AVG all information that a natural person could identify, directly or indirectly. Also referred to as “data.” It is therefore NOT about company data !!
  • Processing : collecting, recording, organizing, structuring, storing, updating or modifying, retrieving, consulting, using, providing by means of forwarding, distributing or otherwise making available, aligning or combining, protecting, deleting or destroying data.


We process the following personal data from you:

  • Name, address, telephone number and / or mobile phone number and e-mail address

This data has been sent to us by:

  • 1. That you have supplied them to us during or prior to a personal interview
  • 2. By registering and logging in to our website:

We do not collect data in any other way.


We do this with the aim of coming or staying in contact with you regarding services and / or goods to be delivered, following up services and / or goods delivered or to be able to answer all your questions. This is a pre-contractual or contractual relationship.

If we exceptionally receive other personal data from you for private purposes, this will only be used for 1 specific purpose and only stored temporarily. :


We will keep your data as long as you use our internet application and as long as we need your personal data to be able to offer you a certain service or product.

More specifically:

  • Trade books:  7 years  in original or electronic form with the retention period starting from 1 January of the year following the closing of the financial year. Here we follow Article III.86 of the Code of Economic Law and Article 9 of the Royal Decree of 12/09/1983 implementing the law of 17/07/1975 on the accounting of Heylen bvba.
  • Justifying documents:  7 years  in original or electronic form with the retention period starting after the closing of the financial year. Here we follow Article II.86 of the Code of Economic Law.
  • Documents that do not serve as proof to third parties:  3 years  in original or copy, whereby Article III.86 of the Code of Economic Law again applies. :


For this processing, we take the  appropriate technical and organizational  measures to optimally protect your data, taking into account the nature of the data and the associated risks. We do not store any special personal data and have the following measures in place for the security of your data:

  • The computers on which data are processed are standard protected with a user name and a complex password.
  • All computers are equipped with a Small Office Security solution, which of course is always kept “up-to-date” and automatically performs multiple scans. All Windows installations are automatically updated. The installation is checked at least once a month and possibly started manually.
  • The data is stored on a part of the disk that is set up as a “data safe.” This is encrypted and can only be accessed after starting up the computers + Windows logon + opening the safe using Kaspersky and a long and complex password.
  • To avoid data loss in the event of computer loss, we make daily backups to an encrypted cloud environment.
  • The data is first compressed, then encrypted with at least AES256 bit key and this form is stored at the off-site location. The responsible for the backups cannot read data in this way as the encryption key is only known by us and stored in a special “password manager”.
  • All passwords are managed by Kaspersky password manager and stored in the cloud environment.
  • Our employees are fully informed about the safe handling of your personal data and are kept confidential by their employment agreement.
  • No data is kept on paper due to the possibility of online registration and are not accessible to unauthorized persons.

The past teaches us that no risk is completely avoided and if we are aware of unauthorized access to our IT systems or unauthorized modification, damage or possible loss of your data, we will immediately take  all necessary measures  to reduce this risk to a minimum and to avoid in the future. As a result, the possible damage for you will remain very limited. :


We pass on your details to the following parties for the purposes stated below;

  • The accountant to comply with our legal accounting requirements;
  • For employees: The social secretariat with the aim of wage calculation;
  • The supplier of this application with the aim of ensuring the security and operation of this internet application.

PS This only concerns your general personal data and these will not be passed on to organizations and / or persons for marketing purposes.

For other parties, we only do this with your express permission or on your behalf.

We conclude processing agreements with the parties mentioned above, which stipulate that they too must comply with the GDPR / AVG guidelines.

We will at all times ensure that your personal data will  NOT be  stored outside the EEA without a solid guarantee from any parties involved that they also fully comply with GDPR / AVG legislation.


The following is a summary of your rights regarding the processing of your personal data, whether or not it applies and how you can enforce it:

  • Inspection: You have the right to request access to information about your data and if there are errors or omissions, requests for rectification, addition and even removal.
  • Attention! : If you request removal, this can only be done if we no longer need your information for reasons other than those mentioned in our goal description point 3.

Think especially of fiscal and social legislation.

  • Transferability: If you want to change service providers, we will hand over your personal data in a digitally readable standard format to the new organization.
  • Objection to automated decision-making and profiling: Since we do not implement this, this does not apply either.
  • Objection to data processing: This only applies if your data is used for direct marketing, but since we do not implement this either, this does not apply.
  • Right to transparency: You will be informed about the content of this privacy statement via this link, as an attachment to every electronic contact and visibly placed in our offices.

A debit can be delivered on simple request.

If you want to apply one or more of these rights, please request this in writing with proof of your  double Opt-In verification by email  and we will respond within 30 days.


If you do not agree with the way we handle your personal data, respect your rights or this privacy statement, let us know first so that we can respond appropriately

You can always submit a complaint to the Data Protection Authority = GBA (the old Privacy Commission) via   in 1000 Brussels, Drukpersstraat 35 or via mail to  or by telephone on 02 / 274.48.00


This privacy statement will enter into force on January 28, 2019, at the same time as the web application is displayed online.

We reserve the right to change this privacy statement at any time.