VALPEO Privacy Statement

This file contains the privacy policy for the following domains: valpeo.com

This privacy policy describes how VALPEO holding nv (BE 0783.777.420) VALPEO International nv (BE 0799.551.006) and Accord Group Belgium nv (BE 0431 718 690.) (“VALPEO”), Rijvisschestraat 122 (3Square) B-9052 Zwijnaarde, Belgium, collects, uses and safeguards the personal information you provide to us.

VALPEO is the party responsible for processing personal data.

We process your personal data in accordance with the applicable legal provisions stemming from Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

Please direct any questions or comments on our privacy policy to our DPO:

Fabiaan Van Vrekhem

privacy@valpeo.com

Introduction

At VALPEO (“VALPEO”), we take the security of your Personal Data seriously and want you to be aware of how we collect, use and disclose your Personal Data. This Privacy Policy (the “Privacy Policy”) describes our privacy practices with respect to the collection, use and transfer of Personal Data collected by VALPEO. In this Privacy Policy, “Personal Data” refers to any information, truthful or otherwise, about an individual that can be identified (i) from that data; or (ii) from that data and other information to which the organisation has or is likely to have access.

By communicating with us, providing information to us, registering or subscribing to products or services offered by us, you consent to VALPEO and their respective representatives and/or agents (“Representatives”) to collect, use, disclose and share your Personal Information and to transfer such Personal Information to VALPEO’s authorised service providers and relevant third parties in the manner described in this Privacy Policy.

This Privacy Policy supplements, but does not replace, any other consent you have previously given to VALPEO with respect to your Personal Data and your consents. It is in addition to any rights VALPEO has under the law to collect, use and/or disclose your Personal Data.

This Privacy Policy may be amended from time to time to stay in line with VALPEO’s future developments, industry trends and/or changes in laws and/or regulations. In it, we explain how we handle your personal data, what your rights are, how to exercise them, etc.

Our responsibilities

If you are a registered Valpeo user or fill in one of our surveys, we act as data controller of personal data. This means that we determine the means and purposes for processing your personal data.

Personal data we collect

When you visit our website, register with us (as a partner, customer or candidate) or sign up to receive our newsletters or request information about our products or services, we may collect, store and use certain personal data about you. The following personal data may be processed:

As a customer or supplier:

• Personal identification data: name, title, address, e-mail address, phone number.
• Financial identification data: bank account numbers.
• Financial transactions: amounts to be paid by the person on file
• Indemnification: details of the indemnification sought, amounts paid or other forms of compensation.
• Professional activities of the person on file: nature of activity, nature of goods or services used or provided by the person on file, business relationships.
• Agreements and settlements: details of settlements or commercial agreements, agreements on representation or legal agreements, details of agents.

As part of our Executive Search, Executive Interim Management and Assessments services:

• Personal identification data: name, title, address, e-mail address, phone number;
• Personal data: age, gender, date of birth, place of birth, marital status, nationality, language;
• Opinions on personality or character;
• Marriage or current form of cohabitation: name of spouse or partner, maiden name of spouse or partner, date of marriage, date of cohabitation contract, number of children, etc;
• Details of other relatives or relatives: children, dependants, other relatives, collateral relatives, parents and descendants;
• Leisure activities and interests: hobbies, sports, other interests
• Memberships (excluding professional, political or trade union memberships): memberships of charitable or voluntary organisations, clubs, associations, organisations, groups, etc;
• Academic curriculum: overview of schools, institutions, universities attended, type of courses taken, diplomas applied for, examination results, other diplomas obtained, assessment of study progress;
• Professional competence: certificates and vocational training, special driving licences (driver, etc.);
• Work experience: professional interests, research interests, academic interests, specialisation subjects, teaching experience, consultations;
• Membership/participation in professional organisations: details of groups, committees or commissions involved, functions performed, special interests and summary of participation;
• Publications: books, articles, reports, published audiovisual material;
• Current employment: employer, position and description of position, grade, date of employment, place of employment, specialisation or type of company, conditions of employment, previous positions and previous experience with current employer;
• Recruitment: date of recruitment, method of recruitment, source of recruitment, references, details of trial period;
• Termination of employment: date of departure, reason for departure, notice period, terms of notice.
• Career: previous jobs and employers, periods without work, military service.
• Wages.
• Staff member’s property: car, tools, spare parts, reference books, other items owned by the staff member.
• Public mandates exercised: positions at municipal, provincial, regional or community or federal level, participation in government committees or working groups or reflection groups.
• Organisation of work: current responsibilities, projects, billed hourly rate, schedule, hours worked.

As part of our Executive Search and Executive Interim Management services:

Legal basis: consent

At VALPEO, we collect personal data from candidates, including CVs and assessment results, as part of our executive search and interim management services. This data is used to identify and evaluate suitable candidate profiles for our clients. When an application is made through our website, we explicitly ask the candidate’s permission to keep their data for up to three years. After this period, we contact the candidate again to ask for renewal of consent. If consent is not obtained, the data will be deleted from our systems. For personal data collected outside the website, as part of our executive search and interim management practices, we also send an e-mail to ask for consent to process and retain this data. This approach ensures that our data processing complies with the GDPR and respects the privacy and rights of data subjects.

As part of our VALPEO salary survey

Legal basis: legitimate interest

As part of our salary studies, we retain personal data for a standard period of one year. At the end of this year, a review will take place to determine whether we need to keep your personal data for longer. If not, we will delete this data (or at least apply anonymisation to the data). If we still need to keep your data for a longer period, we will retain the data based on our legitimate interest. This enables us to provide accurate and relevant salary analyses on an ongoing basis, while strictly maintaining privacy and protection of personal information in accordance with applicable privacy laws.

As part of our VALPEO culture survey

Legal basis: legitimate interest

To ensure the integrity and effectiveness of our culture studies, VALPEO collects personal information essential for conducting our questionnaires. The personal data we question are (first) name, age, gender, function/role in the team, department/department within the company, seniority. Depending on the agreements with our client, the requested data may vary. This information is used exclusively for the specific purpose of these queries and is treated in accordance with the General Data Protection Regulation (GDPR). We guarantee that all personal data is managed and secured with the utmost care. Personal data is kept for one year as standard in order to evaluate and improve our services. After this year, all personal data is anonymised, making identification of individuals impossible. These measures have been taken to both protect the privacy of data subjects and ensure compliance with the AVG.

As part of our VALPEO Complexity, Behaviour & Values survey

Legal basis: legitimate interest

VALPEO uses personal data such as your name, age and contact details, as well as the input and results of your complexity, values and behavioural orientation in the context of assessment & development centres to support recruitment processes and other strategic decisions based on our legitimate interest. In accordance with GDPR guidelines, this data will be retained by VALPEO for a maximum of 5 years, after which it will be deleted or anonymised, unless otherwise requested via our online form. This retention period allows us to provide long-term support and track the candidate’s development over a significant period (e.g. in the context of succession planning, development…). VALPEO will never share this information with third parties without your explicit consent.

As part of VALPEO Coaching Platform

Legal basis: legitimate interest

As part of our coaching services, VALPEO collects and processes personal data to provide effective and personalised coaching based on legitimate interest. These data (name, first name, age, position, mail address and in some cases phone number) are essential to monitor the coachee’s progress, evaluate and improve the quality of our services. We keep this personal data for a period of five years. This retention period allows us to provide long-term support and monitor the coachee’s development over a significant period of time. After this five-year period, the data is anonymised, ensuring the privacy of our users while retaining valuable insights for statistical analysis and business development.

As part of our VALPEO Strategy Survey

Legal basis: legitimate interest

As part of the Business Dynamics questionnaire, designed to gain insights into the strategic aspects within an organisation, VALPEO collects personal data such as name, job title, and contact information based on justified bealng. This data is used strictly to link the questionnaire results to relevant strategic advice and feedback, which are critical to both VALPEO’s and the client’s decision-making processes. In accordance with the General Data Protection Regulation (GDPR), we retain this data for a period of one year, after which it is carefully deleted. This retention period is set to allow sufficient time for analysis and possible follow-up within the established strategic context, and to meet our reporting and audit obligations, while protecting your rights and privacy.

As part of our VALPEO 360° survey

Legal basis: legitimate interest

When participating in our 360° evaluation through VALPEO, we collect name, e-mail address, phone number (if applicable), job title, employer and questionnaire responses to conduct the survey, facilitate communication and schedule interviews as needed. Personal data is kept strictly confidential and not used in reports to others, and answers are automatically anonymised to ensure privacy. We retain this personal data for a period of five years, as the performance of the agreement often requires us to make comparisons with the four years preceding the reference year. For processing personal data, we invoke legitimate interest.

When using our website: your IP address, browsing behaviour, search terms used;

Via cookies (also read our Cookie Policy ): IP address, likely place of consultation, time and day of consultation, which pages were visited;

When you sign up for our newsletter: your e-mail address.

We may also receive personal data from third parties (such as credit reference agencies) who are legally entitled to disclose that information to us.

Automatically collected information: Like most website providers, we analyse server log files to gather statistical information about how our website is used. This type of information is collected only at an aggregate level and includes browser types, operating systems, IP addresses, referring/exit pages, platform types and date/time stamps.

How we use the information we collect

We use the information we collect to support products or services offered by us. The following sections describe some of the ways in which we may use your Personal Information:

Fulfilling your requests – We may use your Personal Data to answer your questions and fulfil your requests. If you contact us, we may maintain your contact details and correspondence and use any information you provide in your message to respond to your request.

Business purpose – We may use your Personal Data for our business purposes, such as audits, internal communications regarding candidates and customers, determining the effectiveness of our promotional activities, managing our products and services, maintaining and securing our infrastructure and for procurement and financial transactions.

Informational Messages – VALPEO may from time to time send informational emails, articles, white papers, proposals, order confirmations and other information relating to our products and/or services. Occasionally, and with your consent, we may use your Personal Data in press releases and direct marketing materials. We may also use your Personal Data, such as e-mail or postal addresses, to conduct surveys.

Customer service – Notifying you of changes to our service, resolving issues via live chat or email, including bug fixes.

Marketing purposes (with your consent) – To send you emails and messages about new features, products and services and content. Legal basis for this use of data: consent.

Here’s what each of these “legal bases” means: Consent = You have clearly given consent for your personal data to be processed for a specific purpose.

Administrative information – We may use your Personal Data from time to time to send you important information about our products and/or services, changes to our terms and conditions and policies and/or other administrative information. We may also contact you from time to time to verify that your Personal Data that we have collected is accurate and up to date.

Other activities – In addition, we may use and disclose your Personal Data to improve the delivery of our products and/or services, including but not limited to the following:

Additional activities. In the context of providing our products and/or services, we use personal information collected about candidates to identify professional opportunities that we believe may be of interest. We may from time to time contact potential candidates about such job opportunities. We may also from time to time contact individuals to request names of or other personal information about potential candidates in connection with a search we conduct and for market research purposes.

We also use personal data to confirm references and conduct training and background checks where necessary. Furthermore, we may use the personal data we collect to compile and disclose diversity statistics and other statistical information about our candidates and placement activities.

Additional activities for our services. In the context of providing our services to our customers, we may use your Personal Data collected through assessments we have carried out on you.

Analysis – We may retain and use information about you, including for example your personal data, for research, publication, development, benchmarking and standards, validation, longitudinal studies, trend analysis and to improve and expand our products and/or services or to develop and market new products and/or services. Any published end product may or may not relate only to larger collections of individuals and will not personally identify you or contain results attributable to you.

Key-encrypted data – We may key-encrypt your personal data, which means that such data is stripped of all information that identifies you (direct identifiers) and replaced with a key-encryption to minimise unwanted or unintended identification. Such key-encrypted information can be decrypted using the key so that you can be identified with it again. We may use such information for the purposes described in the “Analytics” section above and as permitted by applicable law. Any published end product may or may not refer to larger collections of individuals and will not personally identify you or contain results attributable to you.

Anonymised data – In addition, we may anonymise personal information in such a way that the end product does not personally identify you or any other individual, for example, to generate standards by industry, geography, level, etc., enable us to conduct ongoing validation studies, compile reports and publish journal articles to increase the knowledge base of organisational and leadership science. Such aggregated or anonymised information is not considered personal information for the purposes of this Privacy Policy and we may use it for any purpose.

As part of our Executive Interim Management service:

• Personnel administration: the recruitment and selection of employees, the administration of salaries, allowances, commissions and wages and the application of social legislation with the implementation of the contract as the legal basis.
• Personnel management: evaluation and follow-up of staff and intermediaries and planning of training and careers based on contract execution.
• Work planning: the planning and monitoring of tasks, workload and performance with the execution of the agreement as the legal basis.

As part of our Executive Search service:

For recruitment, selection and development purposes by prospective employers, management of recruitment and HR processes and any related purpose for which you have consented to collection, where your consent is the legitimate basis.

As part of our service Assessments:

Analysis of the qualities needed for a particular job, with your consent as the legitimate basis.

Disclosure to customers, partners, service providers and others

Disclosure to customers – In the course of providing our products and/or services, we may disclose your Personal Data to customers who have purchased our products and/or used our services:

In the course of providing our products and/or services, VALPEO may disclose assessment and other information to the employer/client that has engaged VALPEO and to designated personnel of the client. Assessment and other personal information collected by our consultants or provided by our client may be stored in a database and/or platform that VALPEO, in its sole discretion, deems appropriate so that our clients and/or certain personnel designated by our clients have access both during and after the completion of our engagement. If you participate in our assessments, we will not use your assessment reports to provide our products and/or services without your consent.

In the context of providing our products and/or services, we may provide Candidates’ Personal Data, including the results of assessments, to potential employers who have engaged VALPEO to conduct searches, or to consult sources.

Disclosure to VALPEO companies – Subject to the provisions of applicable law, your Personal Data may be disclosed to the companies affiliated with VALPEO. In addition, VALPEO may from time to time disclose your Personal Information to our network of independent consultants who provide Services on behalf of VALPEO for the purposes set out above.

Disclosure to service providers – VALPEO works with third-party service providers who provide services that may include, but are not necessarily limited to; website hosting and IT support and consulting services; data analysis; CV verification; background checks; payroll; public relations services; lawyers, accountants and other administrative and back-up and security services. As part of providing these services, such third parties may have access to your Personal Data. In addition, our software development partners may use your Personal Data to adapt, improve, refine and validate their technology and research and development.

Business Transfers – VALPEO reserves the right to disclose or transfer any personal information we have collected from visitors, or that we otherwise collect in connection with our Services, to a third party, or in the event of a sale of our company or any of our affiliates, or a merger or consolidation involving our company or any of our affiliates, or a sale or transfer of assets or part of our company or the business of one or more of our affiliates.

Other disclosures – VALPEO may also use or disclose personal information to: (i) comply with applicable laws and regulations; (ii) respond to enquiries or requests from public or governmental authorities, including those outside your country of residence; (iii) comply with valid legal process; (iv) protect the rights, privacy, safety or property of VALPEO, users of the Online Systems or the public; (v) enable us to pursue available legal remedies or limit the damages we may incur; (vi) enforce our Legal Disclaimer; (vii) enforce our Terms of Service; or (viii) respond to an emergency. We cannot and do not take responsibility for the acts or omissions of third parties, such as customers, including how they use personal information received from VALPEO or other independent sources.

What about really sensitive data?

We do not collect “sensitive data” about you (such as racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data relating to your sex life or sexual orientation and offences or alleged offences), except when we have your specific consent or when we are required to do so to comply with the law.

What about children’s data?

VALEPO is a service aimed at and intended for use by persons aged 18 or older. We do not target VALPEO at children and we do not knowingly collect personal data from persons under 18 years of age.

Additional guidelines

VALPEO may from time to time sponsor special features or promotions on the website, and additional privacy information may be posted. That privacy information, to the extent it conflicts with this policy, applies to that particular feature or promotion.

Your privacy choices and rights

Providing personal information to us is voluntary, but if you do not provide certain personal information, you may not be able to participate in our website, products and/or services.

• You can disable cookies in your browser by changing its settings.
• You can block cookies by activating a setting in your browser that allows you to reject cookies. You can also delete cookies through your browser’s settings. If you disable cookies, you can continue to use the website and browse the pages, but VALPEO and certain services will not work effectively.

You may contact us atsupport@valpeo.com if you wish to receive certain information about whether or not we hold personal information about you and to obtain a copy of such information.

If you: (i) wish to ask questions about how we handle personal data; (ii) wish to access, correct or update your personal data; or (iii) request that your personal data be removed from VALPEO’s database, please contact us at contact@valpeo.com. Please note that we can only provide you with a non-confidential summary of our final assessment report, as such report contains confidential client information that we are not permitted to disclose. You can request to be removed from VALPEO’s database by putting “Delete User” in the subject line of the email and including your full name, VALPEO reference code and phone number in the body of the email.

We will try to comply with your request as soon as reasonably possible and may need to contact you to ensure we delete the correct data. Please note that we are not responsible for removing your data from our database if that data is part of our products and/or services on behalf of your company. In that case, it may be necessary to address your request to your company’s management. However, we will forward your request to the appropriate person within your company.

We may also need to retain certain information about you, such as your email address, in order to comply with opt-out or similar requests. Please note that this residual information will remain in VALPEO’s databases, access logs and other files, which may or may not contain personal information about you. Residual information will not be used for commercial purposes. However, VALPEO reserves the right to contact former users of our website, products and/or services from time to time.

Your rights

You can exercise your rights by sending an e-mail to support@valpeo.com

You have the right to access the information we hold about you

This includes the right to ask us for additional information about:

The categories of data we process

The purposes of data processing

the categories of third parties to whom the data may be disclosed

how long the data will be kept (or the criteria used to determine that period)

Your other rights regarding our use of your information

We will provide you with the information within one month of your request, unless this would adversely affect the rights and freedoms of others (e.g. confidentiality or intellectual property rights of another person). We will let you know if we cannot fulfil your request for that reason.

You have the right to request us to correct inaccurate personal data about you

You have the right to withdraw your consent and have us delete your personal data.

You have the right to request a restriction on the processing of your personal data

You have the right to data portability

You can object to the use of your data to profile you or to make automated decisions about you.

We may use your data to determine whether we need to send you information that may be relevant to you (e.g. tailoring emails to you based on your behaviour). Otherwise, the only circumstance in which we will do this is to provide the VALEPO service to you.

You have the right to be ‘forgotten’ by us

You can do this by asking us to delete the personal data we hold about you if it is no longer necessary for us to hold the data for your use of VALPEO.

You have the right to complain about our use of your data

Let us know first so we have a chance to address your concerns.

How secure is the data we collect?

VALPEO has taken reasonable organisational, technical and administrative measures to protect against the loss, misuse and alteration of personal information of users of our website, products and/or services under our control. Unfortunately, however, no security system or system for transmitting personal information can be guaranteed to be 100% secure.

We have taken the following measures to ensure the security of your data;

• The computers on which data is processed are secured by default with a username and a complex password.
• All computers are equipped with a Small Office Security solution, which is of course always kept “up-to-date” and automatically performs multiple scans. All Windows installations are updated automatically. The installation is checked at least once a month and manually started if necessary.
• The data is stored on a part of the disk set up as a “data vault”. This is encrypted and can only be accessed after booting the computers + logging into Windows + opening a password vault.
• To prevent data loss if the computers are lost, we make daily backups to an encrypted cloud environment.
• All passwords are managed and stored in the cloud environment.
• Our employees are fully informed about the safe handling of your personal data and are bound to confidentiality under their employment contract.
• No records are kept on paper as online registration is possible and these records are not accessible to unauthorised persons.

If you have reason to believe that your interaction with us is no longer secure (for example, if you believe that the security of any account you have with us has been compromised), please notify us immediately of the problem by contacting us in accordance with the “Contact Us” section at the top of the homepage.

Where do we store the data?

Your Personal Data may be collected, used, processed, disclosed and transferred to and within Belgium and other countries where we conduct operations or engage service providers. By using our website, products and/or services, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than your country.

If we transfer or store your data in this way outside the EEA, we will take steps to ensure that your privacy rights remain protected as set out in this Privacy Policy.

How long do we keep your data?

We will retain your Personal Data for the period necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

In particular:

• Company books: 7 years in original or electronic form, with the retention period starting from 1 January of the year following the close of the financial year. Here we follow Article III.86 of the Code of Economic Law and Article 9 of the Royal Decree of 12/09/1983 implementing the law of 17/07/1975 on Valpeo accounting.
• Supporting documents: 7 years in original or electronic form, starting with the retention period after the close of the financial year. Here we follow Article II.86 of the Economic Law Code.
• Documents not serving as evidence against third parties: 3 years in original or copy, again applying Article III.86 of the Economic Code.

Third parties processing your data

Technology companies often use third parties to host their applications, communicate with customers, power their emails, etc.

When we do this, it is sometimes necessary for us to share your data with them to make these services work properly. Your data will only be shared when strictly necessary and in accordance with the safeguards and good practices described in this Privacy Policy. When personal data is transferred to a third party in the United States, we take steps to ensure that the organisation in question has up-to-date certification with the EU-US and Swiss-US Privacy Shield Frameworks administered by the U.S. International Trade Administration (ITA) of the Department of Commerce.

Here are the details of our main third-party service providers and what data they collect or we share with them, where they store the data and why they need it:

Google Ads, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland

Advertising Web analytics service

Gclid, ads viewed, cookie id, date and time of visit, device information, geographical location, IP address, search terms, ads displayed, impressions, online IDs, browser information

In Ireland and the US

6(1)(1) GDPR

https://policies.google.com/privacy?hl=en

Google Analytics, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Advertising Web analytics service

Google client ID, click path, date and time of visit, device data, location data, IP address, pages visited, referring URL, browser data, host name, browser language, browser type, screen resolution, operating system teem of device, interaction data, user behaviour, URL visited

In Ireland and the US

6(1)(1) GDPR

https://policies.google.com/privacy?hl=en

Sendgrid, Twilio Germany GmbH,Rosenheimer Str. 143C81671 Munich, Germany

Email shipping provider primarily used for sending Cookiebot scan reports and invoices (for paying customers only) via email

Email addresses

The EU and the US

6(1)(1)(b) GDPR

https://www.twilio.com/legal/privacy

Amazon Web Services EMEA SARL is the provider of an AWS offering, Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg, is the controller of personal data collected or processed through the AWS offering.

Web application hosting: code storage, file storage.

Database hosting: storage of software data.

Any data you enter on app.valpeo.com, coaching.valpeo.com or any of our surveys is stored by Amazon Web Services.

EU and Ireland

https://aws.amazon.com/privacy/?nc1=f_pr

Cronofy : Amsterdam

Apollolaan 151

Amsterdam

1077 AR

Netherlands

Organising meetings: Cronofy is both a controller and a processor. We collect (and manage) the information from users who want to schedule events through Cronofy, and process the data from their end-users with whom they plan the event.

https://docs.cronofy.com/policies/privacy-notice/

Cookies

We use cookies. Unless you adjust your browser settings to refuse cookies, we (and these third parties) will set cookies when you interact with VALPEO. These may be ‘session cookies’, meaning they delete themselves when you leave VALPEO, or ‘permanent’ cookies that do not delete themselves and help us recognise you when you return so that we can provide you with a tailored service.

To read more about our use of cookies, click here to read our cookie policy.

Policy summaries

This Privacy Policy is the only authorised statement of VALPEO’s practices regarding the collection of personal data. Any summaries of this policy generated by third-party software or otherwise (for example, in connection with the “Privacy Preference Platform” or “P3P”) shall have no legal effect, shall not be binding on VALPEO in any way, cannot be used to replace this policy and do not replace or modify this policy.

Applicable law and jurisdiction

The terms of this Privacy Policy are subject to and governed by Belgian law. All disputes related to and/or arising from the terms of this Privacy Policy will be exclusively settled by the courts of Brussels/Ghent, Belgium.

© 2025 VALPEO – All rights reserved.