Your personal data are important to XEFI
The user is informed that personal data concerning them may be collected by HOLDING GALAXITY (hereinafter the “Company”) while browsing the website www.xefi.be (hereinafter the “Site”).
This Privacy Policy defines and informs users how the Company collects, uses, stores, and protects information transmitted when they use the Site.
The Company pays particular attention to respecting users’ privacy and the protection of their personal data.
As such, the Company undertakes to comply strictly with the applicable legislation, including the Belgian Data Protection Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data, and with the EU General Data Protection Regulation (GDPR).
Transparency: personal data are hosted exclusively on servers located in France (European Union).
PRELIMINARY ARTICLE – DEFINITIONS
The terms used with a capital letter in this Privacy Policy have the meanings given below:
– Personal Data: any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity (Article 4.1 GDPR).
– Processing: any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, restriction, erasure, or destruction (Article 4.2 GDPR).
– Controller: any natural or legal person, public authority, service, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
– Processor: any natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
– Cookies and tracking technologies: text files stored on the user’s device (computer, smartphone, etc.) to record information about browsing activity and to recognise the browser during future visits. Their storage period is defined by the website operator and may vary depending on the type of cookie.
ARTICLE 1 – PURPOSE
Users may browse the Site without providing personal information.
In some cases, personal data may be required to access specific services.
Collected data may include: Name, surname, IP address, gender, date of birth, telephone, company, job title, business sector, private or business e-mail, postal address, city, postcode, CV and cover letter.
By providing these details, the user agrees that the Company may collect, process and store the data for the following purposes:
- Providing requested information or services (contact, newsletters, job applications);
- Managing user profiles and online access;
- Conducting statistical analyses;
- Improving services and browsing experience;
- Detecting fraudulent or malicious behaviour;
- Authenticating users in client areas.
ARTICLE 2 – SPECIFIC COLLECTION AND USE OF DATA
In addition to the purposes stated above, users may post comments on the Site.
Contact details (name and e-mail address) may be saved through a cookie valid for one (1) year.
Users may delete this cookie at any time.
For security purposes, users’ IP addresses are verified to prevent spam and identify unwanted comments.
Users may use the contact form to be contacted again and/or receive commercial information about the Company’s products and services.
By submitting this form, they expressly consent to the use of their data for marketing purposes.
Data collected via the contact form are kept for a reasonable period, consistent with the purpose of collection.
Optional fields are processed and stored under the same conditions as mandatory ones.
Users may also apply for job offers published on the Site.
By doing so, they consent to the use of their data for processing their application and/or receiving similar offers.
If the applicant’s profile is not retained, the data will be permanently deleted at the end of the recruitment process, without archiving.
ARTICLE 3 – DATA DISCLOSURE
The Company is the sole recipient of personal data.
The Company does not sell, rent or exchange users’ personal data for commercial purposes.
Its processors are bound by the same obligation of confidentiality and may only use data in accordance with this Policy.
Data may be transmitted, within the limits of the purposes set out above, to authorised Company staff and subcontractors to respond to user requests.
Data may also be shared with public authorities, judicial officers or debt collection agencies, solely to comply with legal obligations.
Personal data will not be sold, leased, exchanged, or disclosed to third parties without the user’s prior express consent, unless required by law (fraud prevention, legal defence, etc.).
Users are informed that no personal health data are transferred outside the European Economic Area (EEA).
ARTICLE 4 – RETENTION PERIOD
Personal data are retained by the Company for no longer than necessary for the purposes for which they are collected and processed and, in any case, for a maximum of thirty-six (36) months from the date of collection.
Users are informed that a longer retention period may apply pursuant to a legal or regulatory provision.
ARTICLE 5 – USER RIGHTS
5.1 Exercise of rights
In accordance with the provisions of the GDPR, users are informed that they have the following rights concerning their personal data.
They may exercise their rights directly with the Company, subject to proof of identity, or by contacting the Company’s Data Protection Officer (DPO) as provided in Article 9 below.
Rights include:
5.1.1 Right of access
Users may request confirmation as to whether the controller holds data concerning them and may obtain a copy of all such data.
5.1.2 Right of rectification
Users may request the correction, update, blocking or deletion of inaccurate or incomplete information.
5.1.3 Right to erasure
Users may request the complete or partial deletion of their personal data under the conditions set out in Article 17 GDPR.
5.1.4 Right to restriction of processing
Users may request the temporary suspension of all or part of the processing of their data.
5.1.5 Right to data portability
Users may request a copy of their personal data in a structured, machine-readable format for transmission to another controller.
5.1.6 Right to object
Users may object, on legitimate grounds, to the processing of their data.
The Company undertakes to respond to user requests within a reasonable time.
5.2 Objection to marketing communications
Users who do not wish to receive marketing communications by telephone may request to be added to an opposition list or exercise their right to object to direct marketing.
Users may also opt out of receiving newsletters or solicitations by using the unsubscribe link provided in such communications or by contacting the Company via dpo@xefi.fr.
ARTICLE 6 – SECURITY
As the publisher of the Site, the Company may install cookies on users’ devices to improve browsing experience.
A cookie banner appears upon first connection to the Site, allowing users to accept or refuse cookies.
Users may change their preferences at any time.
The Site may contain embedded content (videos, images, articles, etc.) from third-party websites, which may install their own tracking cookies.
The Company is not responsible for third-party cookies.
7.1 Types of cookies
7.1.1 Essential cookies – necessary for navigation.
7.1.2 Analytical and functional cookies – measure traffic and improve performance.
7.1.3 Social sharing cookies – enable users to share content on social networks.
Each category is subject to its own privacy policy.
7.2 Browser settings
Most browsers are configured to accept cookies by default. Users may change these settings to systematically refuse cookies or accept some while rejecting others.
Refusing cookies may affect navigation quality.
Instructions for managing cookies:
- Chrome: Settings → Privacy and Security → “View all cookies and site data”
- Firefox: Options → Privacy → “Manage Cookies”
- Safari: Preferences → Security → “Show Cookies”
- Edge/IE: Tools → Internet Options → Privacy → Settings
Further information: www.cnil.fr (reference site in French).
ARTICLE 8 – COMPLAINTS TO THE SUPERVISORY AUTHORITY
In the event of non-compliance with this Privacy Policy, users may lodge a complaint with the Data Protection Authority (DPA):
Rue de la Presse 35, 1000 Brussels, Belgium
📧 contact@apd-gba.be
🌐 www.dataprotectionauthority.be
ARTICLE 9 – RESPONSIBILITIES
The Company uses NEXEREN (SAS – RCS 753 351 709), located at 2507 Avenue de l’Europe, 69140 Rillieux-la-Pape, France, as its hosting provider.
Health data are hosted exclusively on infrastructures meeting HDS security standards within the European Union.
The Company ensures that all subcontractors provide equivalent guarantees of confidentiality and protection of personal data.
Data Protection Officer (DPO):
Ms. Amandine ROUSSEY
📧 dpo@xefi.fr
📞 +33 4 72 01 04 11
ARTICLE 10 – CHANGES
This Privacy Policy may be amended or supplemented, in whole or in part, at any time to comply with legislative, regulatory, judicial, or technological developments.
Unless a substantial change requires the express consent of the user, continued use of the Site after such changes come into effect shall constitute acknowledgment and acceptance of the new Privacy Policy.
In the absence of consent, the user may exercise their rights under the conditions set out in Article 5 above.
The date of the latest updates shall be explicitly stated in the following paragraph of this Article.
This implies that the user regularly and independently reviews this Policy.
The latest update of this Privacy Policy was made on 2 January 2024.