Privacy Notice

Show table of contents

    1. Introduction

    We appreciate the trust you place in RHEA Group when sharing your personal data. The security of your personal data is very important to us. In the following sections, we will explain how we collect, use and protect your personal data.

    We will also explain what rights you have with regards to your personal data and how you can exercise those rights.

    This Privacy Policy applies to the personal data of our Website User, Candidates, Clients, Suppliers, and other people whom we may contact in order to find out more about our candidates. It also applies to RHEA’s employees and the emergency contacts of our employees.

    This Privacy Policy applies in relevant countries throughout our international network. Different countries throughout our international network may approach data privacy in slightly different ways and so we also have country-specific parts to this Privacy Policy. You can find country-specific terms for your jurisdiction on Section 10. This allows us to ensure that we are complying with all applicable data privacy protections, no matter where you are.

    2. Who are we?

    The RHEA Group consists of RHEA System S.A., a company incorporated under the Belgium law and its subsidiaries located in the Netherlands, Italy, Germany, United-Kingdom, Czech-Republic and Canada (see our Legal Notice).

    In this Privacy Policy, when we refer to “RHEA GROUP”, “RHEA”, “us”, “we” or “our”, we mean the RHEA GROUP companies which are responsible for any personal information collected about you, and the RHEA GROUP companies to which you may apply.

    RHEA is a multinational Engineering Group, operating in 9 European countries and Canada on service delivery of systems, software and solutions to the aerospace, defence and security markets. This includes Information and Communications Technology (ICT) solutions involving information security risk management, information security engineering, information and critical infrastructure protection and applications for cyber defence and cyber forensics. RHEA has a consolidated experience and a broad set of ongoing activities and capabilities in the field of Security with a prominent focus on Cyber and Space applications;

    Our Data Protection Officer can be contacted directly here:

    3. How and when do we collect your Personal data?

    We collect your personal data:

    •  If you apply for a role via our website or email your CV directly to RHEA recruitment team or being interviewed by our recruiters.
    •  In the normal course of our relationship with you; as soon as you have provided your personal data to us: this can be done by email, text message, verbally (by phone, skype, at an event, etc.), through giving us your business card or in any other possible way. (e.g. reports from your job interview).
    •  If you have made these data public on public/social media (e.g. LinkedIn) which could indicate that you are interested in work-related services. In this case, we will ask you first whether you are interested in registering with us in accordance with our conditions and taking account of this privacy statement. If you are not interested, we will refrain from keeping or processing any of your personal information in our database.
    • When you register as the point of contact for your company or organisation to know more about our services or products.
    • When these are issued by third parties (e.g. recruitment agencies, your employer, job boards).
    •  When you visit our website (see our cookies policy) or as soon as you enter your data or leave it on our website www.rheagroup.com (e.g. subscription to our newsletter, specific question related to our products or services)

    4. What kind of Personal Data do we collect?

    We process your personal details that are necessary to perform our service and desirable to better align our services to your expectations or to meet more specific questions or obligation coming from RHEA’s client namely:

    • Personal and contact details (name, age/date of birth, contact details, Sex/Gender, Marital status, nationality, language spoken, pastimes)
      Employment history
      Qualification, Training and Education History
      Copy of your ID or Passport:
      Family and emergency contacts
      Referee details;
      Details about your current remuneration, pensions, and benefits arrangements;
    • Security information: security clearances required for specific client and/or role.
    • Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.
    • Marketing preferences;

    You are responsible for the correctness and relevance of the data you provide RHEA. Please provide any changes in your personal details to privacy@rhearoup.com

    We do not collect any Specific Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Subject to specific and exceptional request from the client, we do not collect any information about criminal convictions and offences.

    5. For which purposes do we collect your personal data?

    The personal data we collect will be used for the following purposes:

    • Marketing: To send you our latest news and our invitations to business events.
    • Travel Organisation: To organise your missions travelling on behalf of RHEA Group.
    • Recruitment activities: To include you in our applicant’s database for our recruitment activities.
    • Employee Administration: To enter with you into an employment relationship to maintain it by carrying out the relevant administration tasks such as staff management, wage processing, wellbeing at work,…
    • Website administration: To monitor and to improve our website and career portal (e.g. to make user experience more efficient, including RHEA web portals troubleshooting and usage analysis).
    • Security of our business Infrastructure: To monitor and to improve the security of our business infrastructure (e.g. prevent unauthorized access and modifications to RHEA Network /website/premises).
    • Commercial Transaction: To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
    • Contractual Purpose: To fulfil a contract arrangements with you or with the entity that you represent;
    • Legal Claim: To help us to establish, exercise or defend legal claims.

    6. What are the legal grounds to collect and handle your personal information?

    RHEA GROUP will collect, use and share your personal information only when this is legally justified.

    We can summarize our relevant legal basis for processing your personal data as follows:

    • Your consent. The data subject has given consent to the processing of his or her personal data for the specific purpose here-above;
    • Legal obligation. The use of your personal data is required for complying with our legal file or obligation.
    • Legitimate Interests. RHEA GROUP also processes your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights.

    Our legitimate interests include:

    selling and supplying goods and services to our customers;

    • protecting customers, employees and other individuals and maintaining their safety, health and welfare;
    • promoting, marketing and advertising our products and services;
    • sending promotional communications which are relevant and tailored to individual customers;
    • understanding our customers’ behaviour, activities, preferences, and needs;
    • improving existing products and services and developing new products and services;
    • handling customer contacts, queries, complaints or disputes; and
    • fulfilling our duties to our customers, partners, colleagues, shareholders and other stakeholders.

    7. Cookies

    You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly. For more information on cookies please go to the Cookies Policy.

    8. Consent

    By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified. Generally, RHEA GROUP do not rely on consent as a legal basis for processing your personal data in any other case than sending certain direct marketing communications to you via email or to perform active recruitment activities.

    You may withdraw consent at any time by sending an email to:

    privacy@rheagroup.com

    9. Disclosures of your Personal data

    Internal Disclosure

    RHEA GROUP may share internally your personal information with its affiliates where such disclosure is necessary to provide you with our services or to manage our business. Other companies in the RHEA Group act as joint controllers.

    External Disclosure

    RHEA GROUP may share your information with other third parties named in the following cases:

    • Customers or trusted partners that work with us and require Identity Data and Contact Data for operations, business development, selling and support purposes.
    • Service providers to assist us in updating our websites, improving products and services and responding to your requests.
    • Professional consultant and advisers including public relations firms, market research and consulting companies, lawyers, bankers, auditors, consultants and insurers;
    • Regulators and other authorities who require reporting of processing activities in certain circumstances namely:o to comply with our legal obligations;
      – to exercise our legal rights (e.g. pursue or defend a claim); and
      – for the prevention, detection and investigation of crime.

    RHEA GROUP will not pass on or sell your personal data to third parties for their own marketing purposes without first obtaining your consent.

    RHEA GROUP shall give access to your personal information only to trusted partners or services providers who require the use of such information for business purposes. These third parties are entities for whom we have established they have adequate and sufficient data protection and security controls in place and with whom we have also implemented contractual obligations to ensure they can only use your data to provide services to RHEA GROUP limited to the purposes listed above. Moreover, these third parties shall not use or process your Personal Data for any purpose other than to provide the Service to RHEA GROUP.

    International transfers

    Personal Information which you supply to us is generally stored and kept in our own servers located in Belgium. However, due to the nature of our global business and the technologies required (some cloud-based tools), your Personal Information may be transferred to an internal or external third party located outside the EEA, in countries where there may be a lower legal level of data protection.

    In such situations, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    • We put in place binding corporate agreements which give personal data the same protection it has in Europe.
    • We include the standard contractual clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties; or
    • We ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission.
    • We carefully validate any requests for information from law enforcement or regulators before disclosing the information.
    • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EUUS Privacy Shield.

    10. Retention period

    General Principle

    RHEA GROUP guarantees not to keep your personal data for longer than required by law or such other period necessary to fulfil the purposes we collected them for.

    For Applicants

    When you apply for a job, you allow us to retain your personal information to support you in your search for work (CVs, education, work expectations, contact information, etc.) for a period of 3 years. If any other opportunities become available which you may be interested in, we will contact you by email, telephone or by skype.

    After this initial period of 3 years you will automatically get an e-mail asking you whether you authorize us to keep your personal information in our recruitment database or not.
    In case of a negative answer we will delete all your personal data (including your contact details).

    In absence of reply we will only file your contact details for archives for a period of five years unless you decide to give us a new consent in the meantime.

    In case of a positive answer we will again inform you by e-mail 3 years later that we will only file your data for archives for a period of five years due to certain statutory periods of limitation, unless you decide to give us a new consent.

    For Employees

    If you work or have worked at RHEA GROUP, we will save all your employment data (identification, performances, wage information, multifunctional declaration at the social security department, tax declaration, …) for a period of 10 years after the end of your employment contract. This is in order to satisfy with a variety of social, fiscal and other legal obligations and periods of time limitation.

    For marketing purpose

    RHEA GROUP will process and store personal data for 3 years.

    11. Your rights as a data subject

    While we are in possession of, or processing your personal data, you, the data subject, have the following rights:

    • Right of access – you have the right to request a copy of the information that we hold about you.
    • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
    • Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
    • Right to processing restriction– where certain conditions apply to have a right to restrict the processing.
    • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
    • Right to object – you have the right to object to certain types of processing such as direct marketing.
    • Right to object to automated processing, including profiling – you also have the right to object to be subject to the legal effects of automated processing or profiling.
    • Right to judicial review: in the event that RHEA GROUP refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 12 below.

    All of the above requests can be sent to privacy@rheagroup.com

    12. Security Measures

    RHEA GROUP does everything in its power to optimally protect your personal information against unlawful use. We do this on the basis of physical, administrative and technological measures. For ensuring notably the security of its Information processing, RHEA GROUP is currently implementing ISO 27001 international standard which describes namely how to manage information security in a company. The focus of ISO 27001 is to protect the confidentiality, integrity and availability of the information in a company.

    RHEA GROUP plans to be certified ISO 27001 at the beginning of 2019.

    13. Complaints

    In the event that you wish to make a complaint about how your personal data is being processed by RHEA GROUP, or about how your complaint has been handled internally by RHEA GROUP, you have the right to lodge a complaint directly with the supervisory authority or/and RHEA GROUP’s Data Protection Officer (DPO).

    The details for each of these contacts are:

    14. Privacy Policy changes

    This Privacy Policy was last reviewed and updated in August 2018.

    It is important to point out that we can amend this Privacy Policy from time to time. Please make sure you visit our “privacy notice” page from time to time if you want to stay up to date.

    15. COUNTRY-SPECIFIC VARIATIONS TO OUR PRIVACY POLICY

    JURISDICTION: Belgium

    COUNTRY-SPECIFIC LEGAL REQUIREMENT:

    As described in the main body of our Privacy Policy, we are entitled to rely on “soft opt-in” consent in respect of certain marketing messages that we wish to send you. In all other e-marketing circumstances, active “opt-in” consent is required by law and RHEA GROUP is required to keep records of each specific consent provided by you.

    JURISDICTION: Canada

    Users with any concerns are invited to contact RHEA Group’s Canadian Data Protection Officer (DPO) at 6700 Chemin de la Côte-de-Liesse, Suite 102, Montréal, Québec, H4T 2B5, Canada or via email: privacy@rheagroup.com

    If you are not satisfied with our response to your request, you may contact the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/en/

    NOTE: THIS SECTION WILL BE UPDATED WHEN LOCAL IMPLEMENTING LAW SHALL BE FINALISED