Compliance with GDPR

Compliance with GDPR

Privacy Notice

 “We”, “us” and “our” means RLM Consulting, SPRL and we are committed to respecting your privacy. 

Our registered address is at Chemin du Cyclotron, 6 1348 Louvain-la-Neuve Belgium and our company registration number is 0884910412.

About this privacy notice

For the purposes of GDPR, we are a data controller in respect of your personal data. RLM Consulting is responsible for ensuring that it uses your personal data in compliance with data protection law, including but not limited to GDPR.

The privacy notice sets out the basis on which any personal data about you that you provide to us or that we create will be processed by us. Please take the time to read and understand this privacy notice.

Uses of your personal data

Your personal data may be stored and processed by us in order to perform the contract that we have entered into.

We are entitled to use your personal data in these ways because:

  • we have legal and regulatory obligations that we have to discharge; 
  • we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
  • the use of your personal data as described is necessary for our legitimate business interests, such as commercial and marketing purposes.

Disclosure of your information to third parties

We will take steps to ensure that the personal data is accessed only by our employees that have a need to do so for the purposes described in this notice.

We may also share your personal data with third party contractors (manufacturing, preclinical experts with which we have a partnership/Confidentiality  agreement).

Transfers of personal data outside the European Economic Area

The personal data that we process may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for our affiliates or for one of our suppliers. 

Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:

  • the country that we send the data to might be approved by the European Commission;  
  • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or
  • where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme. 

In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.  

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.

Retention of personal data

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

  • the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose, for example as long as we have a contractual relationship (plus a period covering statute of limitation); and
  • legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.

Your rights

You have a number of legal rights in relation to the personal data that we hold about you. These rights include:

  • the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
  • the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so; 
  • in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
  • the right to request that we rectify your personal data if it is inaccurate or incomplete;
  • the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
  • the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
  • the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.

You can find out more information about your rights by contacting the Data Protection Authority, rue de la Presse 35, 1000 Brussels or via its website www.autoriteprotectiondonnees.be or www.gegevensbeschermingsautoriteit.be

Contacting us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to r.mignolet@rlmconsulting.be.