Privacy Statement

Xperiencentral is a brand of GX.

This is the Privacy Policy of GX. The Policy describes how our regulations concerning the processing of personal data are applied in practice. These regulations have been tightened considerably in the light of the introduction of the General Data Protection Regulation (GDPR).

This Privacy Policy contains information about our objectives in recording personal data, and explains how you can exercise your legal rights with regards to those personal data.

In what circumstances do we use personal data?

First of all, we use personal data to keep in touch with our (potential) customers: name, telephone numbers, addresses and email. There is usually no need to provide personal details when you visit our website and pages related to our website. The information on our website and our other channels is organized in accordance with article 7.4 of the GDPR, and in such a way that there is no obligation for visitors to pass on personal details in order to see particular pieces of information.

What type of personal data of we process?

We process different categories of personal data.

  • We save and process customer data to be able to carry out the contracts agreed with our customers. For this purpose, we store: name, visiting address, billing address, company incorporation details and information related to the relevant assignment. It goes without saying that we store and process this data safely, in accordance with the regulations set out in the GDPR. To make sure this happens at all times, we have drawn up a binding code of conduct for our employees.

  • If you send us an email or leave a message in our Customer Service system, we store your name, email address and the contents of your message.

  • In addition, we store and process data about potential customers, with a view to approaching them in the context of our marketing and sales activities.

  • GX has its own pages on a range of social media websites such as the GX Facebook page. When someone likes our Facebook page or shares any of our content on that page, this is communicated to us. If we were to place an advertisement on Facebook, it would in all likelihood be shown first to those people who liked our page.

  • We publish white papers, blogs and other marketing material on Emerce, FrankWatching, MarketingFacts and Adformatie. When you download any of our material, you will be asked to leave your contact details, which are passed on to us. As you fill in your details, the website in question has to ask on our behalf if we have your permission to approach you.

  • Finally, we store and process data about our own employees. Our policies regarding co-worker data is available only to them and falls outside the scope of this this public document.

We will never collect so-called “special categories of personal data” (as described in article 9 of the GDPR), such as information about race, ethnicity, political conviction, religion beliefs, health or a criminal history. Within our own HR administration, this would only happen if there were a legal imperative.

To what ends do we use personal data?

We process the data listed above for the following purposes:

  1. We use your email address, first name, surname and areas of personal interests to alert you to new content (blogs for example) regarding our offerings. We do this by creating targeted mailings in our CRM tool. On the basis of article 6.1.f (“legitimate interests”) of the GDPR, we believe it is sufficient to seek opt-out consent. This means you may receive an informative mailing from us without having given your express consent, but you can unsubscribe or opt out at any time.
  2. We use your telephone number to give your further information if you have shown an interest in our products and propositions. On the basis of article 6.1.f (“legitimate interests”) of the GDPR, we believe it is sufficient to seek opt-out consent. This means we may telephone you for this purpose and that you have the possibility to indicate that this is against your wishes. If that is the case, we will no longer contact you by telephone for this purpose.
  3. We use your email address, first name and surname to send you information about events in which GX is participating. We do this by creating targeted mailings in our CRM tool. On the basis of article 6.1.f (“legitimate interests”) of the GDPR we believe it is sufficient to seek opt-out consent. This means you may receive an informative mailing from us without having given your express consent, but you can unsubscribe or opt out at any time.
  4. We use your email address, first name and surname to send you information about GX events such as GX Connect. We do this by creating targeted mailings in our CRM tool. On the basis of article 6.1.f of the GDPR, we believe it is sufficient to seek opt-out consent. This means you may receive an informative mailing from us without having given your express consent, but you can unsubscribe or opt out at any time.
  5. We share certain profile data with our advertising networks: LinkedIn, Google Adwords and Google Dynamic Remarketing. This happens by means of cookies. These advertising networks use these details to show you personalized content and commercial offers, based on your profile characteristics. We shall never share data with them that could lead to identification (email address, name, telephone number and the like). We will ask your consent to share this information in a dialogue box during your first visit to one of your online channels. If you would like to know more about the use of cookies on our website, read our cookie statement.
  6. The profile page on our Customer Portal offers you the possibility to download a photograph that then features on all the correspondence on that portal. This photograph will not be used for any other purpose. If you wish to download a photograph, we first ask for your consent. We need this consent to make it technically possible to place the photograph. When you change or delete the photograph, it will immediately be changed/erased from our servers.
  7. To prevent fraud or theft. We also use personal data to comply with our legal obligations (in accordance with article 6.1.c of the GDPR), or if we judge in good faith that it is necessary to do so to prevent fraud or to react to fraud, or to protect our websites or our products against attack, or to protect the property and safety of GX, our customers or the general public (in accordance with article 32 of the GDPR).
  8. We use the email address and telephone number passed on to us by Emerce, FrankWatching, MarketingFacts and Adformatie to make contact with you after you have downloaded content from us. Consent to use this information (in accordance with article 6.1.a of the GDPR) is requested in a dialogue box on the website where you left your details.

GX does not use personal data for any other purposes than those outlined here.

Statistics

GX uses analytical tools to measure the use of its website. In this way, we can determine which parts of the site are the most interesting and user-friendly. The statistics and reports that flow from this analysis cannot be traced back to any individuals. On the grounds of article 21.6 of the GDPR, we believe it is sufficient to seek opt-out consent. This means that your details contribute in principle to the user statistics but that you have the possibility to stop this from happening.

Amendments to the Privacy Statement

GX continues to develop and optimize its services. We may in future add new functionalities to our online channels. If this impacts the way we process your personal data, we will publish an amended Privacy Statement in good time.

Right of access

All our clients, prospects and other parties in our systems have a right of access to the data we record (in accordance with article 15 of the GDPR). Where GX is the Controller, we can send you a breakdown of the (personal) data that we hold about you. This record is formatted in ordinary text. We see no reason in our case to also make your personal data available in a machine-readable format. You should submit your request digitally, so that we can verify your identity with an email check. We have made the form for such a request available on our Customer Portal.

Are your data incorrect? You can use the same form to pass on your amendments.

For both right of access and corrections, we will do our upmost to comply with your request within 30 days, in as far as this is feasible, within the scope of the applicable legislation.

On the grounds of the processing agreements in place with our customers and partners, we are not permitted to use or sell on data that we manage on their behalf (in the role of Processor as defined by the GDPR). If you are a client of one of our customers and are seeking information on the data that we process on their behalf, you need to contact the customer in question directly. We will under no circumstance grant access to data we administer on behalf of our customers.

Data retention

We store the information in accordance with our data retention policy. Personal data are retained for the processing purposes described above, and for the period of time prescribed by law.

Processing register

As part of the GDPR, we have the role of Processor in relation to our customers. This means that we process personal data at the instruction of our customers. Because under the terms of the GDPR, our customers are legally liable for such processing, we are obliged to register these instructions in a record of processing activities (described in articles 39 and 30 of the GDPR). GX has automated this record, so customers need to submit their instructions digitally from our Customer Portal or to CC-in our record of processing activities when making such a request.

Storage of data

We monitor that Personal Information is not stored longer than strictly necessary. XperienCentral implements reasonable administrative and technical safeguards to ensure that the information stored in our systems is not kept for longer than the stated retention period. The retention period is set at 2 years (730 days). If no new digital, non-digital or administrative activities take place during that period, starting after the last (digital, non-digital or administrative) activity, all contact-related information will be deleted. Company data, company related information and data that must be stored or archived in order to comply with the law (such as tax and financial information) are excluded.

Security

As well as safeguarding your personal data, we also want to keep them as accurate and up-to-date as possible. GX implements all reasonable physical, administrative and technical measures to protect your personal data against loss, theft, misuse as well as unauthorized access, use and publication. For example, we encrypt sensitive personal data such as user names and passwords when we transmit such information via the internet or store it in our database. We demand that our suppliers for their part also protect such information against unauthorized access, use or publication.

Privacy: children

GX understands and endorses the importance of protecting the privacy of children, especially in an online environment. Our website is not intended or designed for children under 16. It is our policy never knowingly to collect or store personal data of children under the age of 16. Should GX obtain personal information about any person under 16, we will immediately erase this data from our systems.

Last update: our privacy policy was last updated on January 10th 2022.