Privacy Policy

1. Introduction

This privacy policy aims to inform you about how Growth Inc. collects and processes personal data.

Growth Inc. refers to Growth Inc. BV, having its registered office at 2018 Antwerpen, Mechelsesteenweg 180/7 and with company number 0644.822.346.

Growth Inc. respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR).

Please read this privacy policy carefully. It describes not only your rights, but also the way in which you can exercise these rights.

On specific occasions, we may provide you with additional privacy notices so that you are fully aware of how and why we are using your personal data. This privacy policy supplements other more specific notices and privacy policies and is not intended to override them.

We keep our privacy policy under regular review. This version was last updated on 7 December 2023

2. Controller vs. processor

This privacy policy only describes our data processing activities as controller. Under the GDPR, controllers are the main decision-makers: they exercise overall control over the purposes and means of the processing of personal data.

However, in some circumstances, we may also act as a processor for our clients. Processors act on behalf of, and only on the instructions of, the relevant controller. By way example, we act as a processor of our clients in the following circumstances:

  • when we organise events for our clients (as opposed to events that we organise on our behalf, as mentioned below),
  • when our clients ask us to collect personal data and/or to analyse or complete documents containing personal data (e.g., in the context of stakeholder research),
  • in the event our clients ask us to contact third parties on their behalf (e.g., journalists).

Controllers have the obligations to inform the persons of whom they process personal data. If you wish to receive more information regarding the personal data we process on behalf of our clients, we recommend contacting our clients directly.

3. How to contact us

If you have any questions about this privacy policy or our privacy practices, please contact our privacy manager by sending an e-mail to: christine@growth-inc.be.

4. How we process personal data

We process your personal data as a controller when you contact us, sign up to our newsletter, purchase our services and/or apply for a job at Growth Inc, as further explained below.

4.1 Respond to questions and other requests

PurposeTo answer questions or other requests received via our online contact form and/or via other means (e.g., by e-mail)
Type of personal dataName, e-mail address of the person contacting us, and any other personal data mentioned in the message
Legal groundConsent (regarding the personal data of the person contacting us)
Legitimate interests (in respect of any third-party personal data mentioned in the message)
Retention termFor a period of 3 years after the last communication with the data subject, unless the data subject has become customer, vendor or employee of Growth Inc in which case longer retention periods may apply

 

4.2 Provision of our services and organisation of events

PurposeTo provide our services and to organise events
Type of personal dataWe are primarily engaged by companies and other organisations and as such those instructors are not data subjects. However, as part of our client relationship our clients may provide us with personal data (e.g., relating to their personnel and other persons) and we may use such data when providing our services.
In the context of our services, we may also process personal data of other third parties (including contact data of stakeholders and journalists). In most cases, such personal data are processed by us in our capacity of processor on behalf of our clients (see below for more information regarding our activities as processor).
In addition, we process personal data (e.g., name and contact details of participants) when we organise Growth Inc. events.
Legal groundLegitimate interests
Performance of an agreement (if we enter directly into agreements with the person of whom we process personal data)
Retention termUntil 10 years after the expiry or termination of the client relationship

 

4.3 Collection and storage of stakeholder personal data

PurposeCollecting and otherwise processing personal data of stakeholders (politicians, cabinet officials,…) in a dedicated list. This personal data is initially collected and processed for customers, but afterwards stored by us for business purposes.
Type of personal dataName, e-mail address and function
Legal groundLegitimate interests
Retention termFor a period of 10 years from the date of collection of the stakeholder personal data.

 

4.4 Business administration and legal compliance

PurposeWe use your personal use for the following business administration and legal compliance purposes:
– to manage our client relations (e.g. by sending Christmas cards),
– to comply with our legal obligations,
– to enforce our legal rights, and
– to protect the rights of third parties.
Type of personal dataName, role and contact details of employees, contractors and/or other contact persons our clients
Other types of personal data, depending on the legal obligation concerned or the scope of the legal claim
Legal groundLegal obligation
Legitimate interests
Retention termUntil 10 years after the expiry or termination of the client relationship or as long as legally required

 

4.5 Job applications

PurposeTo manage job applications
Type of personal dataYour name, e-mail address and other personal data mentioned in your CV or cover letter (including your age, gender, your education, employment history).
Legal groundConsent
Performance of an agreement
Retention termUntil 5 years after your application in order to defend ourselves in case of any claims
If you have explicitly consented to such use, we may also keep your data in for a to-be agreed period of time in our recruitment reserve.

 

4.6 Cookies

Our website uses cookies and similar technologies. For more information, we refer to our cookie policy and banner on our website.

5. Legal ground

Below you can find some more information regarding the different legal grounds on which we rely:

  • Consent
    Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by sending an e-mail to christine@growth-inc.be .However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Performance of an agreement
    Under this legal ground we process your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This legal ground only applies when you are the natural person with whom we enter into a contract.In most cases, we enter into agreements with companies or other types of organisations. When we process the personal data of the persons acting on behalf of legal persons, we rely on our legitimate interests.
  • Legitimate interests
    Our legitimate interests refer to our interest to conduct and manage our business.We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you by contacting us.
  • Legal obligation
    Sometimes we need to process your personal data where it is necessary for compliance with a legal obligation that we are subject to.

6. Disclosures of personal data

We may share your personal data with the parties set out below for the purposes set out in section 4.

Such third parties include our services providers (e.g., IT service providers, hosting providers), professional advisers (including lawyers, bankers, auditors and insurers).

We may also share certain personal data with third parties to whom we intend or choose to sell, transfer or merge (parts of) our shares, business or assets.

In addition, we may disclose your personal data if this is required by law, or if we determine in good faith that such disclosure is required in order to comply with any pending judicial inquiry, judicial order or litigation and/or to safeguard our rights.

7. International transfers

Some of our external third parties are based outside the European Economic Area (EEA) so their processing of personal data will involve a transfer of data outside the EEA.

Whenever we transfer personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards.

Please contact us if you want further information on the specific mechanism(s) used by us when transferring personal data out of the EEA.

8. Data security

We have implemented appropriate technical and organizational measures, safeguards and assurances to process your personal data in accordance with applicable regulations, in particular to protect your personal data against loss, misuse, or unauthorized alteration or destruction.

We make all reasonable and appropriate efforts to protect the confidentiality of your personal data.

Despite the above measures taken by us, you should be aware that there are always risks associated with sending personal data over the internet. The security and protection of your personal data can never be fully guaranteed.

9. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or the organisation you work for.

The applicable retention periods are set out in the table above under section 4.

10. Your legal rights

Subject to the conditions set forth in the GDPR, you have the right:

  • to receive confirmation as to whether we process your personal data and, where this is the case, to access such personal data,
  • to have any inaccurate or incomplete personal data corrected,
  • to have your personal data deleted by us,
  • to obtain your personal data and to transfer them to another controller or processor,
  • to obtain a limitation of the processing of your personal data,
  • to receive your personal data in a structured, common and machine-readable format, and
  • to prevent the processing of your personal data and the use of your personal data for direct marketing purposes.

You can exercise these rights by contacting our privacy manager via christine@growth-inc.be.

Please note that if your request relates to processing activities where we act as processor, we do not have the right to handle such request ourselves and we will forward your request to the applicable controller (in most cases, one of our clients).

You have the right to file a complaint with the competent supervisory authority should the processing of your personal data by us violate the GDPR or other applicable data protection legislation. In Belgium the competent authority is the Data Protection Authority (“Gegevensbeschermingsautoriteit”):

www.gegevensbeschermingsautoriteit.be

Drukpersstraat 35, 1000 Brussels, Belgium

+32 (0)2 274 48 00

contact@apd-gba.be.

We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.