If you have any questions or concerns, please feel free to contact us at any time using the details below (see Title I).
Who is responsible for the processing of your personal data?
IRP or a company within the IRP group, if applicable the real estate company that processes your personal data in the context of its activities (e.g. the company that owns the building with which you have concluded a (rental) contract is responsible for the processing of your personal data (the “Controller”).
This means that this entity determines the purposes for which and the means by which your personal data are processed.
IRP is a public limited company incorporated under Belgian law, having its registered office at Vredestraat 53, 8790 Waregem and registered with the Crossroads Bank for Enterprises under company number 0764.473.727.
What data do we process?
We collect your data in three ways.
The data you provide us with
Firstly, we receive your personal data when you share them with us voluntarily, via the website(s) or outside of it (them).
- This can be, for example, via the contact forms on our website(s), via e-mail or social media. You can use these contact forms to ask us a question or to request certain information, for example when you are interested in a particular property as a tenant or buyer, or if you wish to work together with us as a property or landowner. In the contact form, you must provide the mandatory information (marked with a red asterisk) and you can send us a personal message.
- When you visit our office, we may also receive information from you that you provide voluntarily.
- Furthermore, you provide us with your data when you register on the website(s) to receive marketing by (electronic) mail, as well as to receive invitations to events.
- You also provide your personal data voluntarily when you give a business card to one of the employees of the controller or when you send us an e-mail or call us.
- Furthermore, you provide your data voluntarily when you are interested in a particular project of the controller and thus contact an employee of IRP via real estate websites (e.g. as a tenant or as a property or landowner).
- We also receive your personal data when you enter into a contract with us (for example: a lease agreement).
- You also provide your personal data voluntarily when you provide us with an identification form for fraud prevention purposes.
We may process the following data about you:
- identification data, e.g. your name, company name, position, address, e-mail address, telephone number, gender, date and place of birth, nationality, number of identity card or passport; expiry date of identity card or passport, politically exposed person, or a family member or close associate of such person, and position/connection, copies of identification documents (such as your identity card), company number;
- financial data, e.g. your VAT number, pay slips (e.g. as a potential tenant);
- other information you provide to us. Examples of such other information are data on your preferences, such as the property you are interested in, the type of marketing you wish to receive, the job vacancy you are applying for, etc.
The data we receive from third parties
In addition, we may also receive your personal data from third parties, such as external brokers, property managers, investors, temporary employment agencies and interim offices, or from your employer or the legal person on behalf of which you are acting.
The latter is the case, for example, when we have an agreement with a contracting party (e.g. a supplier or contractor) for whom you work or on whose behalf you provide services to the controller.
Furthermore, we may also obtain data about you from third parties (natural or legal persons) for fraud prevention purposes, and in particular when you, as a natural person, have intervened in a transaction or when you are an agent of the third party, a director of the third party and, in the case of trusts, fiduciaries or similar legal arrangements, also when you are a founder or protector of the third party.
This includes identification data such as your name, company name, position, address, e-mail address, telephone number, gender, place and date of birth, nationality, number of identity card or passport, expiry date of identity card or passport, politically exposed person, or a family member or close associate of such person, and position/connection, your authority to bind the third party, your appointment, copy of your identity card, etc.
The data we collect automatically
Furthermore, we process certain data via cookies on our website(s), such as the type of browser you use, the operating system you use, your IP address, the number of page visits, whether you are a unique visitor, etc.
We also process certain non-directly identifying data via cookies when you visit our website(s), such as the type of browser you use, the pages you visit, your language preference, your location and the time and duration of your visit.
In addition, the controller may also process camera footage (including sound and, for instance, time of arrival in office buildings) to increase the security in its buildings for its employees and other visitors.
The controller may also take photographs and videos of you when you visit our events
Why do we process your data?
To answer your questions
When you contact us (e.g. via one of the contact forms on the website(s), via e-mail, social media or the application form on the website(s)), we will use the personal data you provide us with to get in touch with you and to answer your question.
For this purpose, we process data such as your name, e-mail address, telephone number, address, your interests, your correspondence with us and any other data you provide us with that may be relevant to answering your question.
We process these data on the basis of our legitimate interest to be able to answer the questions we are asked.
To keep you informed of our services and activities and for direct marketing purposes
We process data for prospection and promotional purposes and for (direct) marketing. This enables us to inform you about our projects in which you may be interested. For example, we may invite you to our events and remind you of them.
For this purpose, we mainly process personal data such as your name, e-mail address, telephone number and address. In addition, we also process data on your preferences, such as your preferred location based on a property in which you have shown interest in the past, etc.
We process these data either on the basis of your consent or on the basis of our legitimate interest to keep you informed about our activities and services. For example, we have a legitimate interest ("soft opt-in") to send you electronic messages about our activities if you are already a customer of the controller. You have the right to withdraw your consent or to object to the processing at any time (see Title VIII).
The controller may also process your personal data in order to send you personalised information or advertising. For this purpose, we process personal data such as your name, your e-mail address, your telephone number and your address.
We may develop a profile based on your online behaviour. This profile takes into account your preferences and interests, for example, the pages you have visited, the links you have clicked on, the projects you have viewed and other projects that might interest you. We receive this information via cookies placed on our website. On the basis of the information collected in the profile, we can send you information and advertisements, such as information and advertisements related to projects that match your profile or that might interest you.
Furthermore, we may use the services of third parties, such as Facebook, to identify target groups and lookalike audiences so that we can advertise our products and services to individuals with similar profiles. For this purpose, we may process personal data such as your name, telephone number, address, e-mail address, date of birth, age, gender, position, the name of your company, your preferred language, and specific products and services you are interested in.
We may create a profile of you and send you personalised (direct) marketing on the basis of your consent when you accept the cookies that capture this information. You have the right to withdraw your consent to the processing of your personal data for direct marketing purposes at any time (see Title VIII).
To carry out (satisfaction) surveys
We process your data with a view to conducting (telephone) (satisfaction) surveys. In the context of such survey, we provide your personal data (including your name, your e-mail address, your telephone number, the property that you are renting, or will rent) to specialised service providers, such as Profacts.
We process these data on the basis of our legitimate interest to assess the satisfaction of our customers. If you do not wish to take part in this telephone survey, you can object at any time to the processing of your personal data for that purpose using the contact details given in Title Error! Reference source not found..
To organise contests
We process your data with a view to organising contests. In the context of these contests, we may process your personal data such as your name, e-mail address, address and telephone number, as well as the personal data you provide to us voluntarily, for example via the contest form when participating. In the context of such contests, we may also share the same personal data with service providers, such as Profacts, and with other parties with which the controller cooperates for the purpose of organising the contests.
We process these data either on the basis of your consent or on the basis of our legitimate interest to enable you to participate in these contests. You have the right to withdraw your consent or to object to the processing at any time (see Title VIII).
To be able to offer our services and carry out our activities
The controller processes personal data to carry out its activities, to offer, set up, maintain, support and improve its services, to perform its contracts, and for administrative purposes.
For example, the controller will process your data in order to negotiate a contract with you (e.g. to prepare offers) or to send you an invoice for services rendered.
In this context, we primarily process personal data such as:
- your identification data (see Title II);
- your financial data (see Title II);
- data about your personal preferences in connection with the services the controller provides to you, such as the property in which you are interested;
- correspondence with the controller.
We process these data on the basis of your request to take steps prior to the conclusion of a contract, on the basis of the performance of a contract or our legitimate interest to be able to offer our services, perform our contracts and/or carry out our activities.
To comply with legal obligations
We process personal data in order to comply with our legal obligations. In many cases, we are required by law to retain certain personal data and/or communicate them to public authorities, for example in light of tax obligations.
For this purpose, we may process data such as your name, address, telephone number, e-mail address, transaction data and all data required to fulfil our legal obligations.
We process these personal data because the processing is necessary to comply with our legal obligations.
For fraud prevention
Although IRP is not an obliged entity in the sense of the Belgian Anti-Money Laundering Law, it applies mutatis mutandis certain principles of that Anti-Money Laundering Law in its fraud prevention activities. IRP acts in the same way to ensure compliance with financial embargoes.
For this purpose, we may process data such as your name, first name, address, place and date of birth, nationality, occupation, company number, number of identity card or passport, expiry date of identity card or passport, politically exposed person, or a family member or close associate of such person, and position/connection, copies of your identity card or passport, etc.
We collect these data on the basis of our legitimate interest to combat money laundering and the financing of terrorism, and to prevent fraud.
For supplier management
We process personal data as part of the management of our suppliers (e.g. our contractors).
This concerns data such as your name, e-mail address and, in certain cases, your CV and/or references to your previous work, which are provided to us by our contracting party.
The processing of the data is then based on the performance of our contract or our legitimate interest to be able to perform our contracts with our suppliers.
For the technical and functional management of our website(s), keeping statistics and storing search preferences
We process personal data obtained via cookies for the technical and functional management of our website(s), to ensure that our website(s) is (are) easy to use, to keep statistics (e.g. to measure the number of visitors to the website(s) and to measure the most visited pages) and to store your search preferences. Your data help us to secure our website(s) and to monitor how it is (they are) being used, so that we can improve its (their) content and layout.
For this purpose, we may process data such as your IP address, the pages you visit, the browser you use, your language preference, your location and the time and duration of your visit.
The processing of these data is based on your consent (via our cookie banner) or on the controller’s legitimate interest to provide a well-functioning and secure website and pages with content relevant to you.
For the security of the IRP buildings (camera surveillance)
IRP has installed surveillance cameras in certain places on and in the buildings of its facilities to increase the security of its employees, its customers and other visitors.
We collect these data on the basis of our legitimate interest to provide security for everyone within our (office) buildings and to protect our business assets.
Who has access to your personal data?
You can count on us to protect your privacy as much as possible. In this context, we want to minimise the sharing of your personal data with third parties.
- The real estate companies within the IRP group call on IRP and IRP in turn calls on ION Real Estate Services NV (“ION RES”) for various forms of service, such as communication, marketing, administrative services, etc. , in the context of which processing of personal data can take place.
- The real estate companies within the IRP group pass on personal data to IRP in order to provide services, to prevent fraud, to comply with legal obligations, etc.
- The Controller calls on property managers for, among other things, the management and maintenance of its property, in the context of which processing of personal data can take place.
In this context, the Controller has concluded a processing agreement with the property manager.
- In addition, the controller may transmit personal data to external parties that also qualify as a data controller, such as notaries, banks, insurers, external advisors, external property developers, external brokers, municipalities etc., if this is necessary for the provision of our services. Furthermore, the controller may also share personal data with parties in the context of contests.
- We may also share personal data with competent authorities that are authorised to request such data or to which we must disclose information, as well as when required by law or as a result of a (legal) procedure.
- Finally, in the event of a reorganisation, demerger, contribution of a branch of activity, merger or sale of the company, we may transmit all the personal data we collect to the relevant third party or parties.
Do we transfer your personal data outside the European Economic Area?
The controller itself does not process your personal data outside the European Economic Area (EEA).
Some personal data may be stored or transferred outside the EEA for the purposes described. This transfer may take place via service providers established outside the territory of the EEA or that store data on servers located or accessible outside the EEA.
If this is the case, the controller will ensure that an adequacy decision (Article 45 General Data Protection Regulation (“GDPR”) exists for the country to which data are transferred, or that standard contractual clauses (Article 46, par. 2 GDPR) are concluded, or that other appropriate safeguards are provided in accordance with Chapter V GDPR.
If you have any questions about the transfer of your personal data outside the EEA or if you wish to obtain a copy of the relevant documents, please submit a dated and signed request to the controller (see contact details under Title IX).
How long do we keep your personal data and how do we secure your personal data?
We will not keep your personal data for longer than necessary for the purposes for which they are processed, taking into account any legal retention obligations.
The following is a (non-exhaustive) overview of the most important retention periods that IRP endeavours to comply with. In any event, the controller may retain (personal) data for a longer period in connection with a (potential) complaint, a dispute or an investigation.
- Personal data in contracts (such as purchase and lease agreements, but also agreements with service providers of the controller): are kept for a minimum of ten years after termination of the contract.
- Security camera footage: is kept for a maximum period of 1 month (unless the personal data are required for further investigation when an incident has occurred).
- Personal data of prospects:
- who have completed the contact form on the website: are kept for a reasonable period of time after the actions (if any) taken in response to the submitted contact form have been completed.
- who have subscribed via the website to receive marketing from the controller: are kept until a) a request to unsubscribe is received, b) the e-mail address is no longer accurate (when sent e-mails are not delivered), or c) when updating the list, it is found that data are no longer relevant or accurate.
- Personal data of customers (such as tenants or buyers) used for direct marketing for similar products/services: are kept until a) a request to unsubscribe is received, or b) the person is no longer a "current customer" of the controller. A person is no longer considered a customer of the controller after a period of 10 years following the last transaction or communication with the customer.
- Personal data contained in job application documents: are kept for at least five years from the date of application/publication of the job vacancy, unless the applicant is clearly unsuitable, in which case such information will be deleted within a reasonable period of time.
Moreover, the controller attaches the utmost importance to the security of your personal data. We take appropriate organisational and technical measures, taking into account the state of the art and the nature of the data to be protected as well as the possible risks, in order to optimally protect personal data against accidental or unauthorised destruction, accidental loss, as well as against unauthorised access, alteration, and any other unauthorised processing of personal data.
What about links to other websites and social media?
Social media pages of the controller
Social media operators may obtain information such as the websites you are currently visiting or have visited in the past, and your IP address. When you visit these pages, the controller may receive aggregate data from the respective social networks in the form of statistics about how our pages are visited by social media users.
Links on our website(s) and social media share buttons
Our website offers you the possibility to share content with Twitter, Facebook, LinkedIn, Instagram and YouTube. When using these social plug-in functions (e.g. share button, ...), information on your usage is sent directly from your browser to the respective social network. If you are already registered with a social network while visiting our website, the social media operator can assign the visit to your personal account through the social plug-ins. If you are not yet a member of a social network, it is still possible for the social networks to receive and store your IP address and information about the browser and operating system you are using through the social plug-ins.
If you share content from our website directly on the social media page, your personal data will be visible for the visitors of these social media. For the scope and purpose of data collection, as well as further processing and use of data by social networks and information on rights and settings to protect your privacy, please refer to the privacy policies of these social networks.
How can you exercise your rights?
Privacy legislation gives you various rights and we take information about these rights and how to exercise them very seriously.
You have the right to request, free of charge, access to the personal data we process about you, to have them rectified or deleted, or to restrict the processing of your personal data. In some cases, you can also object to the processing of your personal data, and you have the right to data portability. In addition, you also have the right to obtain human intervention in decisions based on automated decision-making or profiling.
Where the processing of your personal data is based on your consent, you have the right to withdraw it at any time, but you understand that such withdrawal will not affect the lawful processing that we have previously carried out on the basis of your consent.
In certain cases, we may refuse your request if it would be manifestly unfounded or excessive. In doing so, we always act in compliance with the applicable data protection legislation.
Although we naturally prefer to resolve any problems directly with you, we would like to remind you that you always have the right to submit a complaint or question to a competent supervisory authority. In Belgium, you can submit a complaint or question to the Data Protection Authority (see https://www.dataprotectionauthority.be; address: Drukpersstraat 35, 1000 Brussels; tel.: +32 (0)2 274 48 00; E: [email protected]).
 Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash, as amended from time to time.