Elia (hereafter: "we", "our", "us" or "Elia") is committed to respecting and protecting your privacy.
Please read the following carefully to understand our practices regarding your personal data and how we will use them. By visiting the website https:/investor.eliagroup.eu, you agree to the practices described in this Policy.
Our Policy contains the following sections:
1. Who is the data controller and who can you contact?
The data controller of your data is Elia Group SA, a public limited company incorporated under Belgian law with its registered office at Boulevard de l’Empereur 20, 1000 Brussels, Belgium, registered in the Crossroads Bank for Enterprises under number 0476.388.378.
You can contact the data protection officer at the same address as above, or by e-mail at: email@example.com.
2. Personal information we collect from you
Depending on the nature of the relationship you have with Elia, we are likely to collect your personal data, directly or indirectly, in several ways:
- In connection with and in the course of commercial, contractual and pre-contractual relations with the data subjects;
- In connection with the provision of our services;
- In the course of our open and transparent dialogue with our shareholders and relations/contacts with stakeholders;
- When personal data are provided directly by you or collected with your permission (e.g. when you subscribe to Elia’s newsletter);
- When you contact us directly by e-mail, telephone, post, message, online forms, or in any other way;
- When you visit our website: https:/investor.eliagroup.eu (hereafter “the Website”).
We may also collect information on third party sites (e.g. LinkedIn when you apply for a job with us). Finally, we also collect information that we receive from other sources. We sometimes work closely with third parties (including, for example, commercial partners, technical service providers) who may share information with us.
4. What categories of personal data do we collect and for what uses (purposes)?
We process personal data as part of our relationships with data subjects. The personal data that we process include, but are not limited to:
- Personal identification data (e.g. last name, first name, e-mail address, telephone number, the job and department of the contact person for our customers and suppliers) for the management of our contracts (e.g. order management, delivery, performance of the service or supply of the product, invoices and payments), to provide you with services defined within the framework of a contract concluded with you, or to carry out satisfaction surveys;
- Technical data (including the IP address used to connect your computer to the Internet, browser type and version, time zone, browser plug-in type and version, operating system and platform, your device identifier) when visiting our website for the implementation of our IT support, the detection and prevention of fraud and IT security breaches;
- Professional identification data (job function, business address, etc.), for the management of our relations with our suppliers and to fulfil our obligations resulting from contracts concluded between you and us and to provide you with the information and services you request from us;
- Data relating to your use of our website (the pages visited, the links you clicked, the time you spent on a page, etc.), processed in an aggregated manner and solely for the purpose of improving the user experience on our website and ensuring that the content is presented in the most effective way for you and for your computer/device;
- Professional identification data (e.g. last name, first name, e-mail address, telephone number) as part of managing relationships with stakeholders in the Elia network development and engineering process (main objective);
- Data of a professional nature (e.g. professional responsibilities, name, place of work) and sensitive data for specific functions within Elia and within the framework provided for by law and its implementing decrees concerning security investigations in order to examine and assess your application when you apply for a job via our website or a third party website (e.g. LinkedIn);
- Ordinary data (e.g. your last name, first name and e-mail address) to contact you for direct marketing purposes, where applicable with your consent, in order to invite you to events, to offer you appropriate, personalised marketing content that may be of interest to you as well as interactions when receiving marketing content or newsletters, visible to the sender;
- General information about you from messages you publish on third party websites, or via a comment/opinion, or when you contact us by e-mail, post, telephone or via any other communication channel, including in connection with stakeholder management, e.g. in order to respond to all your questions/requests;
- Bank data (bank account numbers, etc.), for billing management;
- Video recordings (images) relating to you, processed solely within the context of the monitoring of our buildings by surveillance cameras (CCTV) and to the extent permitted by applicable law;
- Data that we receive from other sources; and
- Personal data relating to shareholding of Elia shareholders, holders of other Elia securities, investors and to their proxyholders and representatives, if any, such as:
- contact details (e.g. name, address, e-mail, phone number);
- identification data (e.g. ID number or copy of ID card);
- financial information (e.g. bank account number, bank identification);
- any information related to the holdings and entitlements connected to the holdings (e.g. voting rights and voting instructions, amount and type of shares or other securities, preference or other rights that may from time to time be attached to the shares);
- if a proxy is appointed, information on who you are representing or by whom you are represented (as relevant);
- information on how votes may be processed (e.g. remote voting; use of voting devices; how vote counting is carried out);
- questions or comments raised at the occasion of a general assembly; and
- the recording of the image and/or voice made during a general assembly or during official or unofficial events.
The personal data relating to shareholding of Elia shareholders, holders of other Elia securities, investors and to their proxyholders and representatives, as mentioned hereabove, are processed to (i) prepare for and manage the meetings of Elia shareholders or holders of other securities, (ii) prepare and manage capital increases or other financial operations, (iii) manage the register of shareholders, (iv) make analyses on the shareholding’s structure and composition (e.g. geographical distribution or by type of shares) (v) answer to questions or requests of shareholders or holders of other securities, and (vi) pay dividends and other distributions.
We are also liable to process certain special categories of personal data where their processing is necessary for the establishment, exercise or defence of a legal claim; to carry out corporate restructuring operations; to carry out internal and external audits; to manage disputes with customers, suppliers and other data subjects; and generally, to fulfil our contractual and/or legal obligations.
5. Legal basis
Your personal data are collected and processed on the following legal bases:
- If processing is necessary for pursuing our legitimate interests, considering these interests do not override your fundamental freedoms and rights. For example, we use your personal data to understand your preferences to enable us to better personalise our services, to carry out satisfaction surveys, to prevent fraud and secure our website;
- If processing is necessary for the performance of the contract we have concluded with you, e.g. contact details in a supplier contract or a regulated contract (e.g. connection contract);
- If processing is necessary to comply with a legal obligation or regulatory requirement to which we are subject (e.g. in the area of billing, taxation, etc.); or
- If you have consented to such collection and processing. For example, if you have given your prior formal consent to processing, we may use your e-mail address to send you marketing communications.
Moreover, we process the personal data relating to shareholding of Elia shareholders, holders of other Elia securities, investors and to their proxyholders and representatives, if any, on the following legal grounds:
- it is necessary to comply with our legal or regulatory obligations;
- it is in our legitimate interests to do so, e.g. make the general assembly more accessible to our shareholders and holders of other Elia securities (if applicable) and be able to maintain adequate security or order during the general assembly; or
- based on your consent when, for example, recording your image or voice.
Elia does not subject data subjects to decisions based solely on automated processing that have a legal effect or similarly significant effect on them.
Possible consequences associated with not providing your data could include our inability to fulfil our obligations under a contract or a breach by us of one or more obligations under applicable laws (e.g. accounting, tax or financial laws).
6. Recipients of your personal data
You agree that we have the right to share your personal data with certain recipients, including:
- Our affiliated/associated companies or other entities within the Elia Group;
- Our internal services if and to the extent necessary to fulfil certain legal obligations or to safeguard our legitimate interests. This may be the case, for example, for
- Internal administrative purposes. This includes the coordination of services to our partners, the centralised provision of internal services, etc.;
- Our commercial partners, including our suppliers and stakeholders;
- Public authorities (including judicial and police authorities and regulators);
- Banks and insurers;
- Our professional advisers (e.g. lawyers, consultants);
- Service providers connected with recruitment;
- Our IT service providers (e.g. SAP);
- Online payment service providers;
- Providers of analytics and search engines that help us improve and optimise your site (e.g. Google);
- Ordinary courts and tribunals in the event of a dispute involving you;
- The law enforcement authorities in the event of the detection or suspicion of the occurrence of an offence involving you in accordance with or as required by applicable law;
- Government entities authorised to access/obtain your data in accordance with applicable law;
- External service providers in connection with the management of our commercial relationship with you (this is the case, for example, for certain advertising delivery services or when carrying out our surveys with you);
We will also disclose your personal data to third parties:
- In the event of the sale or purchase of a company or assets, in which case we may disclose your personal data to the potential seller or buyer of such company or assets;
- If Elia or almost all of its assets are acquired by a third party, in which case the data it holds concerning you may be part of the assets transferred;
- If we are required to disclose or share your personal data in order to fulfil any legal obligation or to protect the rights, property or security of Elia, our customers or third parties. We may then be required to exchange data with public authorities (including judicial authorities, police and regulators) in the case of, for example, cyber incidents;
- If such disclosure is necessary to achieve any of the purposes set out in section 4 of this Policy.
- Our affiliated/associated companies or other entities within the Elia Group;
7. Transfers of your personal data
We may, on an exceptional basis, transfer your personal data to a destination outside the European Economic Area (EEA), if necessary (i) to achieve one of the purposes set out in section 4 and/or (ii) to disclose your personal data to a third party in accordance with section 6 of this Policy.
If we transfer your personal data outside the EEA, we will ensure that these data are protected by adequate protection measures, including (but not limited to) the laws of the country to which the personal data are transferred that ensure an adequate level of data protection, data protection clauses approved by the European Commission, binding corporate rules or additional measures that guarantee an essentially equivalent level of protection to that guaranteed within the European Union (technical, organisational, legal measures, etc.).
If you wish to obtain further information about transfers of your personal data and/or the protective measures implemented, you can contact us by e-mail at: firstname.lastname@example.org.
8. ProcessorsWe take appropriate steps to ensure that our processors process your data in accordance with data protection laws.
In this way, we ensure that our processors undertake, inter alia, to only process your data on our instructions, not to engage another processor without our agreement, to take appropriate technical and organisational measures to guarantee the security of your data, to ensure that the persons authorised to access your data are subject to confidentiality obligations, and to provide us with assistance in following up your requests regarding the exercise of your rights with regard to your data.
9. Your rights
Subject to data protection laws, you have certain rights regarding the personal data we hold about you. These rights may be exercised by contacting us in accordance with section 1:
- The right to be informed. You have the right to be informed in a clear, transparent and easily understandable manner about how we use your data and about your rights. This is why we provide you with all this information in this Policy;
- The right of access. You have the right to access the personal data we keep about you. We wish to inform you of the personal data we have about you and to enable you to verify whether we are processing them in accordance with data protection laws and regulations;
- The right to restrict processing. You have the right, under certain circumstances, to block or halt further use of your personal data. When the processing is restricted, we can still store your personal data, but we can no longer use them;
- The right to rectification. If your personal data are inaccurate or incomplete, you have the right to request the rectification of your personal data;
- The right to erasure. You have the right to have your data erased. However, the right to erasure (or the “right to be forgotten”) is not absolute and is subject to specific conditions. We are likely to keep your data to the extent permitted by applicable law, and in particular when processing remains necessary to comply with a legal obligation to which Elia is subject or to establish, exercise or defend a legal claim;
- The right to lodge a complaint. You have the right to lodge a complaint about the way we manage or process your personal data with the competent national data protection authority (in Belgium, this is the Data Protection Authority, Rue de la Presse 35, 1000 Brussels, +32 (0)2 274 48 00, contact(at)apd-gba.be, https://www.autoriteprotectiondonnees.be/);
- The right to withdraw your consent. If our processing of your personal data is based specifically on your consent, you have the right to withdraw that consent at any time. This includes your right to withdraw consent to our use of your personal data for direct marketing purposes. To do this you can (1) select the “unsubscribe” option when available, or (2) contact us;
- The right to data portability. You have the right to receive, in certain cases, your personal data in a structured, commonly used and machine-readable form so that you can reuse it for your own purposes in other services. For example: if you want to work with a different service provider, this enables you to move your personal data easily and in a secure manner to this new service provider;
- The right to object to processing. You also have the right to object to certain types of processing, including processing for direct marketing purposes.
However, note that we may need to retain certain information, for example for legal or administrative purposes (e.g. keeping of accounting records).
To exercise the above-mentioned requests, please send us an email with “data protection request” in the subject line and include a copy of your identity card or another proof of your identity (e.g. your driving licence) to help us prevent unauthorised individuals from accessing, changing or deleting your personal data. We will respond to your request as soon as practically possible. If we need more than one month (from receipt of your request) to respond to your request, we will come back to you and let you know.
10. Security of personal data
We have implemented a series of security measures on our website in order to avoid the unauthorised distribution or accessing of data collected and/or received. We have endeavoured to create a secure and reliable website for you, but please be aware that the confidentiality of communications or documents transmitted to us or transmitted or received by a third party through our website or by email cannot be guaranteed. We accept no responsibility regarding the security of the data transmitted using these methods.
All data you provide to us is stored on secured servers. All payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We follow industry best practices to ensure that data are not accidentally or unlawfully destroyed, lost, altered, disclosed or accessed in an unauthorised manner.
11. Retention of your personal data
We ensure that your data are only retained for a period that does not exceed that which is necessary having regard to the purposes for which they are processed.
Elia uses the following criteria to determine the retention period for data depending on the context and purposes of each processing operation:
- The date of the end of your commercial relationship with us;
- The sensitive nature of the data;
- Security reasons (for example, the security of our information systems);
- In connection with any ongoing or future legal proceedings, including any request for disclosure made by a court or competent authority;
- Guidelines issued by competent authorities (e.g. European Data Protection Supervisor, Belgian Data Protection Authority, etc.);
- Our contractual rights and obligations in relation to the data concerned;
- Limitation periods under applicable laws;
- Our legitimate interest in processing when we have carried out balancing tests;
- The processing of your personal data is necessary in connection with any actual or potential dispute (e.g. we need this information to establish or defend legal claims), in which case we will keep your personal data until the end of such dispute; and/or
- The retention is necessary for us to comply with any legal or regulatory obligation (e.g. for tax purposes), in which case we will keep your personal data for as long as required by that obligation.
12. External websites/applications
Our website may occasionally contain links to websites and/or applications of our partner networks, advertisers and affiliates and vice versa.
To the extent that hyperlinks or banner ads with hyperlinks are used to access third party websites and/or applications, you should be aware that these third party websites and/or applications are not controlled by us and have their own data protection policies. They are not therefore subject to this Policy and we accept no responsibility for such policies. You should consult such policies before communicating any data to these websites and/or applications.
Elia reserves the right to update this Policy from time to time. Any changes we make will be posted on this page and, if necessary, notified to you by e-mail. Please check it frequently to track any updates or changes made. Your continued use of this Website, following the publication of the changes to the Policy, implies your acceptance thereof.
In the event of a conflict or incompatibility between a provision of this Policy and a provision of another Elia policy or document relating to data processing, the provision of this Policy shall prevail.