Last modified: 10-May-2023
This is the privacy statement of Cerba Research NV (hereinafter “Cerba Research”, “we” or “us”). Your privacy is of great importance to us. This means that we store, save and otherwise process your personal data in a secure manner. In this privacy statement, we explain, among other things, which personal data we collect, how we process that data and for what purposes.
Scope of this privacy statement
This privacy statement applies to the processing of personal data by Cerba Research of (contact persons of) suppliers and clients of Cerba Research, visitors of www.cerbaresearch.com and visitors of one of our premises.
This privacy statement does not apply to websites of third parties to which you are referred by means of links on our website. We cannot guarantee that these third parties will handle your personal data in a reliable or safe manner. We therefore recommend that you read the privacy statements of these parties before using any of their products or services.
Also, this privacy statement does not cover the processing of personal data of applicants, personnel, freelancers, interns and trainees of Cerba Research. A separate privacy statement will be made available to applicants during the application process.
We may modify this privacy statement from time to time. The most recent version can always be found on this website. At the top you can see when this statement was last modified. We advise you to consult this privacy statement regularly so that you are aware of any relevant changes.
From whom do we process personal data?
This privacy statement applies to the following categories of individuals:
- Individuals that visit our premises (hereinafter: “Visitors”);
- Individuals that visit our website www.cerbaresearch.com (hereinafter: “Website Visitors”);
- Individuals that apply for a job at Cerba Research (hereinafter: “Applicants”).
- Individuals who are clients of Cerba Research or who work at one of our clients (hereinafter: “Clients”);
- Individuals from whom Cerba Research purchases products or services or who work for a supplier of Cerba Research (hereinafter “Suppliers”); and
- third parties, such as individuals who are not Clients or Suppliers, but whose personal data are stored in our systems (“Third Parties”).
What personal data do we process and why?
We ask Visitors to leave the following personal data in a visitor’s log at the reception when visiting our premises:
- Date + time of arrival and departure; and
These personal data are collected in order to be able to determine whether there are still people in the building at the time of an emergency. This is in your best interest as well as in our best interest.
For health, safety and security reasons, camera surveillance is used at our office in. These cameras are located at the entrance and the reception. In principle, the camera footage is retained for four weeks. In case of an incident, the footage may be retained longer and shall be deleted after the incident has been dealt with. Only a limited number of people have access to the camera footage.
We process the following personal data of our Website Visitors:
- data obtained through contact forms, or e-mails that you send us, including your name, company name (optional), e-mail address, phone number, subject and the content of your question or information request; and
- data obtained through subscription to our newsletter, such as your name, e-mail, the country where you live, your job title and the company you work for.
We process the above data of Website Visitors in order to communicate about a possible question or (information) request, to send newsletters . Depending on the content of your question or request, these processing activities are based on the performance of a (future) contract, a legitimate interest or consent.
For more specific information about the data collected by means of cookies and similar techniques, we refer you to our cookie statement.
On a regular basis we publish job advertisements on our website and/or on external vacancy websites, job boards and the like. During the application process, we may process the following personal data from Applicants:
- Contact details (such as name and address details, telephone numbers and e-mail addresses), date of birth, place of birth, nationality and gender;
- Completed education, courses and internships;
- Data relating to the nature and content of the current employment and any termination thereof;
- Other information which may be relevant to the performance of the position one has applied for, such as information contained in a resume or letter of application, and references; and
- Where applicable, bank details (bank account number and account holder name).
We process aforementioned information in order to establish the Applicant’s identity and to contact the Applicant with regard to the application procedure, to assess the Applicant’s suitability for a vacant position, and to reimburse any travel expenses other costs incurred by the Applicant during as part of the application process.
These processing activities are based on the performance of a (future) contract, a legal obligation, a legitimate interest or consent.
We process the following personal data from (individuals working at or for) our Clients:
- Contact details, such as a name, e-mail address and telephone number;
- Data relevant to the performance of our services, such as a company name and job title; and
- Other data of which the processing is relevant in connection with applicable laws and regulations.
We process the above data to establish the identity of our Clients, to enter into contracts with Clients, to perform our services for Clients, to calculate or record fees for our services, to make and collect payments, to inform Clients about our service portfolio, or to send out questionnaires in order to carry out a Client satisfaction survey. These processing activities are based on the performance of a (future) contract, a legal obligation or a legitimate interest.
We process the following personal data of (individuals working at or for) Suppliers:
- contact details, such as a name, telephone number and e-mail address;
- data relevant for the placement of orders or purchasing services (company name and address); and
- Other data of which the processing is relevant in connection with applicable laws and regulations.
We process the above data to establish the identity of our Suppliers, enter into contracts with Suppliers, place orders and purchase services for our internal business operations and our Clients’ business operations, maintain contact and communication about placed orders and services, to calculate or record fees and make and collect payments. These processing activities are based on the performance of a (future) contract, a legal obligation or a legitimate interest.
From Third Parties we may process the following personal data:
- the content of (electronic) messages originating from or intended for Third Parties; and
- other data provided to us by Clients, Suppliers, or (other) third parties (such as names and contact details).
We process the above data as part of the performance of our services for our Clients or in connection with the communication between Cerba Research, Suppliers and/or Clients. These processing activities are based on the performance of a (future) contract, a legal obligation or a legitimate interest.
With whom do we share personal data?
We may provide your personal data to one of our affiliates if this is necessary for one of the purposes as described in this Privacy Statement. In addition, we provide personal data to others in the following situations:
Third party systems
For both legal and business purposes, personal data may be stored in our systems. Depending on the nature of your relationship with us and your contact history, personal data may be stored in one or more of the following systems:
- ERP (Enterprise Resource Planning) software;
- Financial software, used to process invoices, to monitor in- and outgoing payments, and for general accounting purposes;
- CRM (Customer Relationship Management/ Marketing related Software).
As far as necessary, we have concluded data processing agreements with these parties. These data processing agreements contain strict agreements on what data will be stored and processed on our behalf.
Protecting ourselves and others
In order to protect our own rights and those of others, it is sometimes necessary to disclose information to governmental authorities, investigative bodies or other parties.
For example, we may disclose personal data to third parties, including lawyers: (i) to respond to claims from third parties, whether in connection with legal proceedings or otherwise; (ii) to comply with a court order or a request or demand from a supervisory, investigative, or other governmental authority; (iii) to protect our own and others’ (intellectual property) rights and safety; and (iv) to cease or prevent activities that we deem to be unlawful, unethical, or criminal, such as fraud and cybercrime.
These processing activities are primarily based on a legal obligation or a legitimate interest.
Sale of our business assets
Your personal data may be considered a business asset. If we face a bankruptcy, merger, acquisition, reorganisation, sale of assets or similar situation, your personal data, may be sold and transferred to a third party as part of that transaction. These processing activities will usually be based on a legitimate interest.
Do we transfer personal data to countries outside the EEA?
In some cases, your personal data may be transferred to organisations or countries outside the European Economic Area (EEA). If your personal data is transferred to a country that does not offer an adequate level of protection, we will put in place appropriate safeguards to protect your personal data, such as the conclusion of the EU Standard Contractual Clauses with the recipient of the personal data.
How long do we keep your personal data?
In principle, we do not keep your personal data any longer than necessary for the purposes it was originally collected for, unless the data must be kept for a longer period in order to comply with legal obligations, such as a statutory retention period. Some examples are given below:
- Camera footage shall be retained for no longer than four weeks, unless an incident has occurred;
- Personal data of Applicants will be deleted four weeks after the end of the application process, unless the Applicant will take up employment or gives us authorisation to keep his or her data for a longer period of time with a maximum of one year;
- We are required to retain tax-related data for a period of seven years, such as our accounts receivable and accounts payable records; and
- Contracts may be retained for as long as necessary in connection with the statute of limitations on any related claims.
What rights do you have?
You have the right to request us access, rectification, and erasure of your personal data or restriction of processing. You also have the right to object to the processing and under certain circumstances you have the right to data portability. If the processing of your personal data is based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before your withdrawal.
If you would like to exercise any data subject right in line with the EU General Data Protection Regulation (GDPR), please forward your request in writing to:
- If you are a Supplier, please forward your request to:
- For any other enquiries please forward your request to: [email protected]
Circumstances may arise where we may not be able to respond fully or at all to your request. Please make sure that you send your request from the e-mail address that you are known to us, so that we know who you are and can access, modify or delete the correct information. To prevent abuse, we may ask you to identify yourself before we handle your request.
We will in principle respond to your request within one month after receipt thereof.
Do you have any questions, comments or complaints?
We provide our services on a global scale. If applicable, we comply with local privacy regulations. Our company is based in the EU (Belgium). The framework of this privacy statement is therefore based on the GDPR.
In case you have a question, comment or complaint in relation to the processing of your personal data, we kindly ask you to submit your enquiry in writing to: [email protected] In case you are not satisfied about how we handle your enquiry, you may file a complaint with your national supervisory authority.
Cerba Research NV
T: +32 93 292 329
Still have questions? Reach out to our team hereContact Us