Privacy Notice Codit
Last update: 12 November 2025
Version: 2.0
1. Purpose of this privacy notice
This privacy notice describes how Codit, acting as controller, processes the personal data of persons that are external to its organisation. This concerns customers (including potential or former customers and including the persons working at or for customers), suppliers (including potential or former suppliers and including the persons working at or for suppliers), commercial contacts, visitors to the Codit offices, the Codit website or Codit social media channels, participants to activities and events organised by Codit or in which Codit is involved, job applicants, persons who are not retained for an open position and trainees.
This privacy notice further explains when Codit processes your personal data and for what reason (purpose), what personal data is in scope, with whom it is shared, on what legal basis it is processed, how long we keep your personal data and who you can contact.
2. Who are we?
“Codit”, “us” or “we” as referred to in this privacy notice shall mean the respective legal entity that is part of the Codit Group. The Codit Group are the following legal entities Codit Holding BV (1), Codit BV (2), Codit Managed Services BV (3), Codit France SAS (4) and Codit Nederland B.V. (5). Depending on the processing activity, your personal data is collected, used or otherwise processed by one of these legal entities. Such legal entity is the controller of your personal data and it shall process your personal data as described in this privacy notice.
Contact us via e-mail: privacy@codit.eu if you have any question in relation to your personal data that Codit is processing or in case you have a question related to any information provided in this privacy notice.
(1) Codit Holding BV, Gaston Crommenlaan 14, 9050 Gent, Belgium
(2) Codit BV, Gaston Crommenlaan 14, 9050 Gent, Belgium
(3) Codit Managed Services BV, Gaston Crommenlaan 14, 9050 Gent, Belgium
(4) Codit France SAS, 18 Boulevard de Malesherbes, 75008 Paris, France
(5) Codit Nederland B.V. Krommewetering 7, 3543 AP, Utrecht, the Netherlands
3. Our processing of your personal data
In this section we describe more in detail in which case and for what purposes we process your personal data, what personal data we process, with whom your personal data is shared and what the legal basis is of the processing. As mentioned above, Codit acts as controller when it processes these personal data.
3.1. Developing and promoting Codit services, brand and activities
3.1.1. When do we process your personal data and for what purpose:
- Codit website and Codit social media channels
- Answering your questions and requests (“Let’s talk”)
- Posting pictures and/or videos of Codit activities
- On demand content (whitepapers, one minute video’s, webcasts, individualised reports,…)
- Handling your request and providing you with access to the requested content
- Follow up e-mail to see if we can support you further
(For the cookies and similar techniques that we use when you visit the Codit website and Codit social media channels, please see the Codit Cookie Notice)
- Communicating on our activities and sharing news
- Commercial communication
- Handling your registration
- Sending you the commercial communication
- Analyse and follow up on the effectiveness and your use of the commercial communication
- Events, seminars, roundtables and webinars
- Sending invitations when organising events, seminars, roundtables and/or webinars
- Handling your registration for events, seminars, roundtables and/or webinars
- Analyse and follow up on the effectiveness of the event, seminar, roundtable and/or webinars
- Lead generation and management of prospects
- Advertising campaigns on social media channels (LinkedIn, …) containing a form that you can complete
- Answering your questions and requests
- Commercial communication
3.1.2. Type of personal data
- Codit website and Codit social media channels
- Contact data, identification data, profession data, content of your request or question and any other data that you share with us, images on pictures and/or videos
- Communicating on our activities and sharing news
- Contact data, identification data, profession data, interaction data (e-mail openings and clicks on items) any other data that you share with us
- Lead generation and management of prospects
- Contact data, identification data, profession data, content of your request or question and any other data that you share with us
3.1.3. With whom do we share your personal data?
- Codit website and Codit social media channels
- Suppliers (including persons working at or for the supplier) that have a need to know
- Communicating on our activities and sharing news
- Commercial communication
- Suppliers (including persons working at or for the supplier) that have a need to know
- Events, seminars, roundtables and webinars
- Suppliers (including persons working at or for the supplier) that have a need to know
- Lead generation and management of prospects
- Suppliers (including persons working at or for the supplier) that have a need to know
- Commercial communication
3.1.4. Legal basis
- Codit website and Codit social media channels
- Answering your questions and requests (“Let’s talk”)
- Consent: Your consent in order for Codit to process your data and send you a response.
- Posting pictures and/or videos of Codit activities
- Consent
- On demand content
- Handling your request and providing you with access
- Consent
- Sending you a follow up e-mail
- Consent
- Handling your request and providing you with access
- Answering your questions and requests (“Let’s talk”)
- Communicating on our activities and sharing news
- Commercial communication
- Consent: if you are not a Codit customer
- Legitimate interests: if you are a Codit customer or a former Codit customer, then the legal basis for the processing of your personal data is Codit’s legitimate interest to further promote the Codit services, brand and activities by informing you on new developments and to share interesting news in relation to the services that you currently receive from Codit or that are similar thereto.
- Commercial communication
- Events, seminars, roundtables and webinars
- Sending invitations when organising events, seminars, roundtables and/or webinars
- Consent: in case you are not a Codit customer
- Legitimate interests: if you are a Codit customer or a former Codit customer, then the legal basis for the processing of your personal data is Codit’s legitimate interest to invite you for events, seminars, roundtables and/or webinars that we organise to communicate on our activities in relation to the services that you currently receive from Codit or that are similar thereto.
- Handle your registration
- Consent
- Consent
- Analyse and follow up on the effectiveness of the event, seminar, roundtable and/or webinar
- Legitimate interests: Codit’s legitimate interest to analyse and follow up on the effectiveness of the event, seminar, roundtable or webinar in order to adapt its way of working in order to provide you with content and share news in the most effective manner.
- Sending invitations when organising events, seminars, roundtables and/or webinars
- Lead generation and management of prospects
- Advertising campaigns on social media channels (LinkedIn, …) containing a form that you can complete
- Consent: your consent in order for Codit to process your data and send you a response
- Answering questions and requests
- Consent: Your consent in order for Codit to process your data and send you a response.
- Advertising campaigns on social media channels (LinkedIn, …) containing a form that you can complete
3.2. Customer and supplier management
3.2.1. When do we process your personal data and for what purpose
- Customer management (including potential or former customers and including the persons working at or for customers)
- Processing orders, provisioning of services, billing, collecting payments, …
- Self-service portal for customer care customers
- Relationship management (follow up and reporting)
- Archiving purposes
- Supplier management (including potential or former suppliers and including the persons working at or for suppliers)
- Ordering of goods and services, receiving ordered goods and services, payment, …
- Relationship management (follow up and reporting, if any)
- Archiving purposes.
3.2.2. Type of personal data
- Customer management (including potential or former customers and including the persons working at or for customers)
- Contact data, identification data, profession data, financial data and billing data (if applicable)
- Supplier management (including potential or former suppliers and including the persons working at or for suppliers)
- Contact data, identification data, profession data, education and training data, financial data and billing data (if applicable).
3.2.3. With whom do we share your personal data?
- Customer management (including potential or former customers and including the persons working at or for customers)
- Suppliers (including persons working at or for the supplier) that have a need to know, persons working at or for a Proximus Group company.
- Supplier management (including potential or former suppliers and including the persons working at or for suppliers)
- Suppliers (including persons working at or for the supplier) that have a need to know, persons working at or for a Proximus Group company.
3.2.4. Legal basis
- Customer management (including potential or former customers and including the persons working at or for customers)
- Processing orders, provisioning of services, billing, collecting payments, …
- Performance of the contract
- Self-service portal for customer care customers
- Legitimate interests: Codit’s legitimate interest to organise and optimise its service offering by providing you with an efficient tool that allows to organise the customer care support in an efficient and customer friendly manner.
- Relationship management (follow up and reporting)
- Performance of the contract
- Archiving purposes
- Legitimate interests to defend our rights in case of contractual liability claims.
- Supplier management (including potential or former suppliers and including the persons working at or for suppliers)
- Ordering of goods and services, receiving ordered goods and services, payment, …
- Performance of the contract
- Relationship management (follow up and reporting)
- Performance of the contract
- Archiving purposes
- Legitimate interests to defend our rights in case of contractual liability claims.
- Ordering of goods and services, receiving ordered goods and services, payment, …
- Processing orders, provisioning of services, billing, collecting payments, …
3.3. Recruitment
3.3.1. When do we process your personal data and for what purpose
- Job applicants: To handle and evaluate your job application
- Persons who were not retained: To consider whether you would be a good candidate for future vacancies
- Trainees: Selection, onboarding and managing traineeship
3.3.2. Type of personal data
- Job applicants
- Contact data, identification data, profession data, education and training data, any other data that you share with us
- Persons who were not retained
- Contact data, identification data, profession data, education and training data, any other data that you share with us
- Trainees
- Contact data, identification data, profession data, education and training data, any other data that you share with us or that we need to receive from you or third parties in view of your traineeship.
3.3.3. With whom do we share your personal data?
- Job applicants
- Suppliers (including persons working at or for the supplier) that have a need to know, persons working at or for a Proximus Group company
- Persons who were not retained
- Suppliers (including persons working at or for the supplier) that have a need to know, persons working at or for a Proximus Group company
- Trainees
- Suppliers (including persons working at or for the supplier) that have a need to know, governmental entities, persons working at or for a Proximus Group company.
3.3.4. Legal basis
- Job applicants
- Performance of a contract (pre-contractual processing activities)
- Persons who were not retained
- Legitimate interests: Codit’s legitimate interest to increase its chances to find the right person for future jobs
- Consent in case special categories of personal data (e.g. health data)
- Trainees
- Performance of the contract
3.4. Other business purposes
3.4.1. When do we process your personal data and for what purpose
- To comply with any request that you have as a data subject when you exercise your rights
- Initiating and processing surveys
- To understand how you perceive Codit and how we can improve our service offering
- Facility management
- Managing and controlling your access to and presence at the Codit offices
- Protecting company interests (legal defence, legal claims)
- Fulfilment of legal obligations
3.4.2. Type of personal data
- To comply with any request that you have as a data subject when you exercise your rights
- Contact data, identification data, all other data that we process about you and that is part of your request
- Initiating and processing surveys
- Contact data, identification data, profession data, any data that you share with us
- Facility management
- Contact data, identification data, profession data and any other data that you share with us
- Codit offices in Ghent: an audio-visual recording (10 seconds video) is taken of every person who rings the office doorbell.
- Protecting company interests (legal defence, legal claims)
- Contact data, identification data, any other data that is relevant in view of protecting company interests
- Fulfilment of legal obligations
- Any data we are obliged to provide
3.4.3. With whom do we share your personal data?
- To comply with any request that you have as a data subject when you exercise your rights
- Suppliers (including persons working at or for the supplier) that have a need to know, potentially also with data protection authorities
- Initiating and processing surveys
- Suppliers (including persons working at or for the supplier) that have a need to know
- Facility management
- Suppliers (including persons working at or for the supplier) that have a need to know, except for the audio-visual recording which is not shared with suppliers.
- Protecting company interests (legal defence, legal claims)
- Suppliers (including persons working at or for the supplier) that have a need to know, governmental entities, auditors of Codit or Proximus Group, any other persons with whom your personal data needs to be shared depending on the nature of the issue at stake
- Fulfilment of legal obligations
- Legal entity requesting the information, auditors of Codit or Proximus Group
3.4.4. Legal basis
- To comply with any request that you have as a data subject when you exercise your rights
- Legal obligation
- Initiating and processing surveys
- Legitimate interests: Codit’s legitimate interest to launch/initiate surveys in order to assess whether its services and activities are in line with expectations of the audience that will receive the survey and to adapt its services and activities when appropriate.
- Consent: to analyse/process your feedback
- Facility management
- Legitimate interests: Codit’s legitimate interest to implement security and safety measures in its offices.
- Protecting company interests (legal defence, legal claims)
- Legitimate interests: Codit’s legitimate interest to defend itself or to initiate legal claims in order to resolve disputes and protect and safeguard its business and interests
- Fulfilment of legal obligations
- Legal obligation
4. How long do we keep your personal data?
We will retain your personal data for no longer than is needed to fulfil the purposes for which we process such data. The retention periods differ in terms of the type of processing activity and the purpose for which the personal data was collected.
Personal data that we collect based on your consent is retained by us during the defined retention period on the condition that your consent is still valid.
In all cases, personal data may be retained for a longer period if there is a legal or regulatory reason to do so, or for a shorter period if you object to the processing of your personal data and there is no longer a legitimate reason to retain it. We will delete your personal data once the retention period has expired.
In particular, we keep personal data for the following periods of time:
| Purposes | Retention period: |
Codit website and Codit social media channels:
|
· As long as needed to process your request
· Until the picture or video is removed · Until the day that we have sent you one follow up e-mail unless you reach out to us as a result thereof |
| Communicating on our activities and sharing news: | |
|
o When you are not a Codit customer then we will keep your data for three (3) years after you have given your consent.
o When you are a Codit customer or a former Codit customer then we will keep your data for five (5) years after the end of your contractual relationship with Codit. |
|
o When you are not a Codit customer then we will keep your data for three (3) years after you have given your consent. o When you are a Codit customer or a former Codit customer then we will keep your data for five (5) years after the end of your contractual relationship with Codit. |
Lead generation and management of prospects:
|
· As long as needed to process your request |
|
· As long as needed to process your request
|
Customer management:
|
· As long as we have a contract with the customer and eleven (11) years thereafter |
|
· Seven (7) years following the day that a support ticket was created |
|
· As long as we have a contract with the customer and eleven (11) years thereafter |
|
· Eleven (11) years after the end of the contractual relationship with the customer |
Supplier management
|
· As long as we have a contract with the supplier and eleven (11) years thereafter |
|
· As long as we have a contract with the supplier and eleven (11) years thereafter |
|
· Eleven (11) years after the end of the contractual relationship with the supplier |
Recruitment
|
· Until the end of the recruitment process |
|
· Once the recruitment process has ended, the personal data will be kept for twenty four (24) months |
|
· During the term of the traineeship and thereafter as long as legally obliged |
Other business purposes
|
· We retain a proof that we complied with your request for a period of ten (10) years following the day that we closed your request
|
o The personal data used to send out the surveys |
o Maximum five (5) years after the end of your contract with Codit. |
| o The personal data processed in the context of the surveys |
o Maximum three (3) years after the date of the survey |
o All personal data other than |
o Thirty (30) days as from the day you visited the Codit offices |
| o Audio-visual recording | o Seven (7) days starting the day following the day that the audio-visual image was recorded |
|
· Ten (10) years after our last interaction with you as a potential plaintiff or defendant |
|
· The duration of the legal obligation |
5. Are your personal data transferred outside the European Economic Area (EEA)?
We use software applications for which personal data may be transferred to or remotely accessed by suppliers that are located outside the European Economic Area (in case of maintenance, support, …).
In addition we might transfer your personal data to a country located outside the EEA or we might allow remote access to your data from such country.
By preference such country shall offer an “adequate” level of protection, as obtained by the European Commission (a list of adequate third countries is available on the European Commission’s website).
Alternatively, where your personal data is not sent to a country that provides an adequate level of protection, we will process your data in accordance with the provisions of Chapter V of the GDPR and in accordance with the Schrems II ruling (C-311/18) and we will put in place appropriate safeguards with the entity receiving your personal data to ensure that your personal data remains protected in accordance with applicable data protection legislation.
6. What are your rights
6.1. Overview
6.1.1. You can access your personal data (right of access, art. 15 GDPR)
You have the right to request access to the personal data that we process about you. In such case we will provide you with an overview of this personal data. We will also provide you with additional information on, for example why these personal data are processed, the categories of personal data concerned, the recipients with whom we share your personal data, etc.
6.1.2. You can have your personal data corrected (right to rectification, art. 16 GDPR)
If you notice that certain personal data that we have about you are no longer correct, then you can have them corrected.
6.1.3. You can have your personal data deleted (right to erasure, art. 17 GDPR)
You can ask for your personal data to be erased (deleted). We are not always obliged to do so. This only applies in cases and to the extent provided by law.
6.1.4. You can ask restriction of the processing of your personal data (right to restriction of processing, art. 18 GDPR)
In some cases you have the right to request that we only store your personal data. Codit shall then not be allowed to further process your personal data unless for some limited purposes that are specifically defined in the GDPR.
6.1.5. You can object to the use of certain personal data (right to object to the processing of your personal data, art. 21 GDPR)
Direct marketing
You can always object (without the need to motivate this) to the processing of your personal data for direct marketing purposes. You can do so by clicking on the “unsubscribe” button or similar instruction that is mentioned at the bottom of every direct marketing communication.
Other purposes
The right to object to the processing of your personal data for other purposes then direct marketing, if the processing is based on our legitimate interests or on grounds of public interest. We will stop processing unless we can demonstrate compelling legitimate grounds for further processing or for the exercise of legal claims.
6.1.6. You can withdraw a consent that you previously gave (right to withdraw your consent, art. 7,3 GDPR)
Whenever you have given us your consent to process your personal data then you can withdraw your consent at any time. For example, you can unsubscribe from commercial communication at any time. However, withdrawing your consent does not affect the lawfulness of the processing based on consent before its withdrawal.
6.1.7. You can ask to transfer your personal data (right to data portability, art. 20 GDPR)
You can submit a request for the transfer of your personal data to a recipient of your choice.
6.2. How to exercise your rights?
If you want to exercise these rights, you can send us an e-mail at privacy@codit.eu
To ensure that the request is made by the right person, we ask you to provide certain information to confirm your identity and to avoid anyone else to exercise your rights. If this information is not sufficient to confirm your identity, we may ask for additional information to allow us to uniquely identify you or ask you to send us a copy of the front side of your identity card (you may redact all information on your identity card that is not relevant to confirm your identity).
We have one month to respond to your request. This term starts running as soon as we have all the information to confirm your identity.
The term of one month may be extended by a maximum of 2 months, depending on the number and complexity of the requests. We will keep you informed of any delay in our response within the initial term.
If you are not satisfied with our answer, please let us know by e-mail at privacy@codit.eu.
6.3. Right to lodge a complaint at the Belgian Data Protection Authority
If you believe that we are not processing your personal data in compliance with the applicable data protection legislation, you have the right to lodge a complaint with the Belgian Data Protection Authority.
Data Protection Authority
Drukpersstraat 35/Rue de la Presse 35
1000 Brussels,
Tel +32 (0) 2 274 48 00,
e-mail: contact@apd-gba.be.
7. Changes to this Privacy Notice
Codit may modify this Privacy Notice in the future. The date mentioned in the beginning of this Privacy Notice indicates when it was last modified. The modifications that were made will apply from that date. We invite you to regularly review our Privacy Notice to stay informed about the processing of your personal data.