Login MySecurex
Contact Our offices Lex4You
Login MySecurex
Consult

Securex Vitality Privacy Statement

Who are we?

Securex Vitality, a division of Securex Consult sa/nv (hereinafter referred to as "Securex”), with registered office situated in Belgium, at 1040 Brussel, Avenue Tervuren/Tervurenlaan 43, VAT BE0459.865.914, Brussels Trade Register, and which can be contacted by telephone on +32 2 729 92 11, and by email at info@securex.be.

Securex is an international provider of employment administration and HR services for private individuals, start-ups, self-employed people, SMEs and large companies. As a full-service HR partner, we focus on the wellbeing and talent of employees, colleagues, customers and self-employed people. Long-term employability and wellbeing are important for everyone. This is why we have developed a variety of solutions to provide preventive and proactive support.

Purpose of processing personal data

The data processed by Securex is treated as strictly confidential in accordance with medical confidentiality and the provisions of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the “GDPR”, with the aim of promoting health and wellbeing.

Your personal data is or may be processed for the following purposes:

  • For the planning, organisation and delivery of medical check-ups or fitchecks, either carried out by us or at an external medical centre
  • To assess your state of health and to provide you with personalised feedback and advice on this
  • To provide your employer with a collective report containing the necessary recommendations, once the results have been anonymised
  • To support the organisation and delivery of various workshops or training sessions on wellbeing
  • To ask you about your experiences with our services and processes, so that we can further develop and improve both our communication and the services we provide
  • To analyse, further develop, support and/or improve the whole range of services provided by Securex or a third party
  • For internal reporting and statistical purposes
  • For contact and contract management, and to inform you about Securex’s services if you are a contact person or representative of an affiliated employer.

Legal basis for processing

The legal basis for the processing of personal data by Securex Vitality in the course of its activities is based on one or more of the following legal bases:

  • The affiliation agreement between an employer and Securex
  • The individual request from the data subjects to make use of the services offered
  • Your individual consent to share your data, for example, with another healthcare provider.

The legal basis for the processing of personal data of the customer’s contacts or representatives is the legitimate interest in relation to

  • Customer Contract & Relation Management: for business operations and their optimisation
  • For the management, evaluation and optimisation of services
  • Direct marketing activities: to promote the services of Securex Vitality, as well as the services of the other Securex entities, to its customers  

Medical data: medical data processed by Securex Vitality is protected by professional confidentiality.

Categories of data subjects

The categories of persons concerned are the employees of, and/or any persons carrying out work for, the company that has an affiliation agreement or contract with Securex and/or its representatives.

Categories of processed data

Personal data can be defined as all information relating to an identified or identifiable natural person (data subject).

Securex processes or may process the following data, among other categories:

  • Personal and administrative details of the data subject (surname, first name, date of birth, national register number, etc.)
  • Contact details (address, telephone number, email, etc.)
  • Health and/or medical information
  • Specific personal data relating to the promotion of the employee’s health and wellbeing: family history, sport, smoking, alcohol consumption
  • If applicable, information on mental health and/or psychosocial wellbeing.

Data retention period

Securex does not retain your personal data for longer than is strictly necessary for the purposes of processing and for as long as required by law (including the laws on patient rights).

Confidentiality and data protection

In accordance with applicable legislation, Securex ensures an appropriate level of protection for personal data. The measures it has implemented include technical and organisational measures to protect personal data against accidental or unauthorised destruction, accidental loss, and against any modification of, access to, or other unauthorised processing of the personal data.

Securex nevertheless wishes to point out that no security system can guarantee 100% security. You may, however, contact us if you have any questions about the confidentiality and security of your personal data.

Data recipients

Your personal data will only be processed and shared for the intended purposes:

  • Some of your personal data may be passed on to the medical laboratory or medical centre engaged to provide the service
  • Some of your personal data may be passed on to subcontractors who provide certain services strictly within the context of a subcontracting agreement and for the sole purpose of providing Securex with the necessary technical or administrative assistance
  • Some of your personal data or data on the services provided may be shared with your employer upon specific request or to ensure transparency, for example in relation to invoicing. No other personal or medical data will ever be disclosed to third parties, an employer or their HR department.  
  • Employers may receive a collective report containing the necessary recommendations regarding certain parameters, provided that the volume of data is sufficient to ensure its confidentiality. To that end, the relevant data is processed and stored anonymously and is never made available to an employer or their HR department.

In exceptional cases Securex may be required to pass on certain personal data to the supervisory authorities, to our lawyers, to our experts or to judicial authorities.

Transfer of data to third countries

Securex does not transfer personal data outside the European Economic Area.

If a data transfer to a country outside the EEA is necessary in order to carry out its activities or services, Securex will implement appropriate safeguards in accordance with data protection legislation and ensure that enforceable rights and effective legal remedies are available to the data subjects.

To ensure that there are enforceable rights and effective legal remedies for data subjects, processing and transfer may only take place under one of the following conditions:

  • The data transfer will be to countries that provide an appropriate level of protection on the basis of adequacy decisions made by the European Commission
  • The data transfer will be to a data processor or sub-processor that is covered by binding corporate rules. These corporate rules guarantee an appropriate level of protection
  • The transfer will be made to a processor or sub-processor with which a standard agreement provided by the European Commission has also been concluded (standard contractual clauses, cf (EU) 2021/914 of 4 June 2021) and where an additional risk assessment has also been carried out beforehand. The contractual provisions and any additional measures following a prior risk assessment or data transfer impact assessment must then provide the necessary guarantees with regard to data protection.

If there are no appropriate guarantees regarding the level of protection, Securex will not transfer or allow the transfer of personal data to such third countries, unless it has the consent of the data subject.

Your rights

You may view the data that Securex Outsourcing processes and, if need be, have it corrected by sending a dated and signed request, together with a copy of the front of your identity card, by email to privacy@securex.be or by post to Groep Securex, Data Protection Officer, Tervurenlaan 43, 1040 Brussels.

In the same manner and within the limits of the GDPR, you may also object to your personal data being processed or ask that any such processing is limited. You may also ask for your data to be erased or transferred. More information can be obtained from the same address.

If you believe that a violation has occurred with regard to the data processing or your rights, you may submit a complaint to the Data Protection Authority.

On this page