The Controller

Your personal data is collected and processed by SECRATO (“SECRATO”).

SECRATO specialises in mitigating compliance complexities. We support and familiarise your organisation with the applicable EU and international compliance standards and risks, including ISO Standards and NIS2, CyFUN, among others. Our headquarters is located at 18, Van Landeghemstraat, Sint-Niklaas, Belgium.

 

Scope of this Privacy Statement

SECRATO values privacy and is committed to protecting the personal data of all stakeholders with the greatest possible care, and to processing personal data only in a fair and lawful manner. This Privacy Statement applies to prospects, customers, partners, applicants and website visitors for personal data collected and processed by SECRATO through this website and related services.

This Privacy Statement explains how SECRATO, as the data controller, collects and processes personal data, for which purposes, and sets out your rights as a data subject.

 

Processing of Personal Data

Personal data means any information relating to an identified or identifiable natural person. You may provide personal data to us in connection with the activities and purposes below.

Purpose	Legal Basis	Personal Data Processed	Data Subjects
Contact form or correspondence	Consent	Name, Country (IP-derived), IP address, Phone number, Email address, Company name, and the subject, questions and contents of your message	Potential customers
Request a demo	Consent	Name, Country (IP-derived), IP address, Phone number, Email address, Company name, and appointment details	Potential customers
Partnership	Consent	Name, Phone number, Email address, Company name, and appointment details	Potential partners
Marketing campaigns	Consent (cookie banner)	SECRATO uses analytics tools on the website for the collection, reporting and analysis of website and visitor data. This information may be used to improve and optimise direct marketing campaigns; inform you about promotions related to SECRATO products and services; contact potential future customers; and improve our website pages. We may also use the data to make targeted offers (e.g., via email) or display advertisements on our website. Where we observe that you are interested in or may benefit from our services or products, we may send these communications or place advertisements based on SECRATO’s legitimate interests. You can consent to analytics cookies or reject this category to disable analytics data being provided to SECRATO.	Potential customers and partners
Provisioning of SECRATO products and services	Contract	When you purchase products and services from the SECRATO catalogue, we collect your contact details and billing data for the purpose of providing our services and managing our customer relationship under the purchase agreement with SECRATO.	Customers
Starting a demo or trial with SECRATO	Consent	Name, Country (IP-derived), IP address, Phone number, Email address, Company name, and appointment details	Prospective customers
Using the SECRATO application	Contract	Name, Country (IP-derived), IP address, relevant data for GRC, Phone number, Email address, Company name, and company documentation related to Governance, Risk and Compliance (GRC).	Customers

 

 

Your Rights as a Data Subject

You may exercise the rights granted by the General Data Protection Regulation at any time:

 

Right of access
You have the right to obtain access to your personal data and request a copy of the personal data SECRATO holds about you, free of charge.

 

Right to rectification
You have the right to have inaccurate personal data corrected and incomplete personal data completed.

 

Right to erasure (“right to be forgotten”)
You may request the deletion of your personal data from SECRATO’s systems. This request may not always be granted due to contractual or legal obligations. SECRATO will take these obligations into account when responding.

 

Right to object
You have the right to object to the processing of your personal data if the processing takes place on the ground of the legitimate interest of SECRATO or on the ground of the public interest. We will cease processing unless we demonstrate compelling legitimate grounds or for the establishment, exercise or defence of legal claims. You may also object to processing for direct marketing, in which case your personal data will no longer be processed for such purposes.

 

Right to withdraw consent
Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect processing carried out before the withdrawal.

 

Right to restriction of processing
In certain cases, you may obtain restriction of processing. We will continue to store your data but restrict its use (e.g., where you contest the accuracy of your personal data or consider SECRATO’s processing unjustified). We will grant such requests in the specific cases defined by law.

 

Right to data portability
You have the right to receive the personal data concerning you, processed by SECRATO, in a structured, commonly used and machine-readable format and/or to transmit those data to another controller.

 

You can exercise these rights free of charge by emailing privacy@secrato.io. We will respond within one month of receipt. We may request additional information to confirm your identity and ensure the request originates from you.

 

Right to lodge a complaint
If you believe SECRATO infringes your privacy, you have the right to lodge a complaint with the Belgian Data Protection Authority:
Gegevensbeschermingsautoriteit,
Drukpersstraat 35, 1000 Brussels
Tel. +32 (0)2 274 48 00
Email: contact@apd-gba.be

 

Processors and Disclosure to Third Parties

SECRATO will not disclose or sell personal data to third parties, nor publicly disclose personal data, except in the following cases:

• Personal data may be shared between SECRATO departments where required for the provision of our products or services, in line with the predetermined purpose.
• Personal data may be shared with third-party service providers (processors) to whom SECRATO outsources certain processing activities. They are limited to processing your personal data in accordance with our instructions, and, where necessary, a data processing agreement will be concluded obliging them to comply with applicable data protection legislation.
• Where required by applicable laws or regulations, SECRATO may disclose requested information to the competent authority.

 

International transfers: Regarding processing outside the European Economic Area (EEA), your data related to sales and marketing communications with SECRATO are stored and processed (based on our instructions) in Belgium or in EEA-based data centres. Data are transferred to other SECRATO departments or parties in third countries (such as software providers and cloud or mailing services) only where permitted under applicable data protection legislation. We provide appropriate safeguards to ensure your rights are respected by the data recipient outside the EEA in accordance with an adequate level of data protection.

 

Retention of Your Personal Data

SECRATO recognises the importance of protecting personal data. We do not retain personal data longer than is strictly necessary for the purposes for which the data were collected, for the performance of a contract, or for compliance with a legal obligation. Retention periods vary according to the processing activity and the purpose for which the personal data were collected.

• Personal data collected on the basis of your consent are retained for as long as your consent remains valid.
• Customer and partner information is retained for as long as reasonably necessary to perform our agreements, comply with legal obligations (e.g., accounting and tax), and resolve disputes or enforce agreements—i.e., for the duration of our contractual relationship and for 10 years thereafter.
• Personal data processed for job applications are retained only as long as required to process your application. In the event of a negative hiring decision, your personal data will be removed within a maximum of 3 months after the hiring cycle, unless you consent to our retaining your personal data for one year in our “Talent pool”. In the event of a positive decision, after contract signing, the SECRATO Employee Privacy Policy will apply and will be provided during onboarding.

In all cases, personal data may be retained for a longer period where there is a legal or regulatory reason to do so, or for a shorter period if the data subject objects to the processing of his/her personal data and there is no longer a legitimate reason to retain the data. We guarantee limited access to archived data and will delete or anonymise your personal data once the retention period has expired.

 

Security and Confidentiality of Your Personal Data

SECRATO has taken technical and organisational security measures to prevent the destruction, loss, falsification, alteration, unauthorised access or disclosure of your personal data to third parties and any other unauthorised processing of these data.

We have taken steps to ensure the confidentiality, integrity and availability of the information systems and services that process personal data. These measures include physical and operational safeguards, access controls, awareness-raising and confidentiality obligations. All our employees and engaged third parties are obliged to respect the privacy and security of your data.

  

Contact Details

If you have comments, questions or concerns about this Privacy Statement or about the processing of your personal data by SECRATO, please contact our Data Protection Single Point of Contact (SPOC) at privacy@secrato.io.

 

If you prefer to contact us by post:
SECRATO
18, Van Landeghemstraat
Sint-Niklaas, Belgium

 

Changes to this Privacy Statement

We may amend or update this Privacy Statement from time to time to reflect changes in our practices regarding the processing of your personal data or changes in applicable law. We will do so by posting the updated version on this webpage. When we publish changes, we will update the “last update” date of this Privacy Statement. Significant changes will be highlighted on our homepage. We encourage you to review this Privacy Statement periodically.

 

Any Questions About this Privacy Statement?

Get in touch and we’ll respond as soon as possible.
Contact us via the website contact form, or email privacy@secrato.io.