Privacy policy

Protecting your personal data is important to us. FACIL CORPORATE BV (FACIL, we, us, or the Controller) processes your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable data protection legislation.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data, as well as your rights.

1. Identity of the Data Controller

The data controller under GDPR is:
FACIL CORPORATE BV
Geleenlaan 20, B-3600 Genk, Belgium
Company number: 0466971955
Email: fasteneers@facil.be 

The contact details of the Data Protection Officer (DPO) are:
DPO FACIL
Geleenlaan 20, B-3600 Genk, Belgium
Email: dpo@facil.be 

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed when you:
- Visit our offices, warehouses or websites
- Use our applications, tools or services
- Contact us or interact with us in any way
- Are a (former or potential) customer or business contact

Our website or services may contain links to third-party websites. We cannot accept any responsibility for the confidential handling of your data on the websites of third parties, as we have no influence on whether these third parties comply with the data protection regulations. Please inform yourself directly about the handling of your personal data by these third parties on the corresponding websites.

3. Categories of Personal Data

We only process personal data that is relevant and necessary for the purposes described below.

3.1 Identification and Contact Data
- Name, first name
- Address
- Email address
- Telephone number
- Language preference

3.2 Customer and Transaction Data
- Orders, purchases, and delivery details
- Invoicing and payment information (e.g. bank account number, payment status)
- Customer history

3.3 Financial and Creditworthiness Data
- Payment behaviour
- Credit status (where necessary for risk management and legal compliance)

3.4 Usage and Service Data
- Products and services used
- Interaction and usage behaviour

3.5 Technical Data
- IP address (anonymised where possible)
- Device and browser information
- Log data

3.6 Location Data
- Approximate location inferred from IP address

3.7 Marketing and Preference Data
- Preferences and interests
- Communication preferences

We do not intentionally process special categories of personal data (e.g. health data, political opinions). If such data is received inadvertently, it will be deleted without delay.

4. Sources of Personal Data

We collect personal data:
- Directly from you
- From your employer or organisation
- From publicly available sources
- From third parties such as credit agencies (for credit checks and fraud prevention)

5. Purposes and Legal Bases for Processing

We process your personal data only where a valid legal basis exists for, amongst others, the purposes referred to in below overview.

Purpose                                                 Legal Basis
Contract management                            Contract performance (Article 6(1)(b))
Order handling, delivery, invoicing           Contract or legal obligation
Accounting and tax                                 Legal obligation (Article 6(1)(c))
Credit checks and fraud prevention          Legitimate interest
Customer communication                       Contract or legitimate interest
Marketing to existing customers              Legitimate interest
Marketing to prospects                           Consent (Article 6(1)(a))
Service improvement and analytics          Legitimate interest
Legal claims and dispute management     Legitimate interest

6. Legitimate Interests

Where processing is based on legitimate interests, these include:
- Maintaining and improving customer relationships
- Preventing fraud and misuse
- Ensuring IT security
- Improving products and services
- Conducting business analytics

We carefully balance these interests against your rights. You may object to such processing at any time.

7. Profiling

We may use profiling to:
- Analyse purchasing behaviour
- Provide personalised offers and communication
- Improve user experience

How profiling works:
- Based on purchase history, interaction data and preferences
- Used to segment customers and tailor communications

Impact:
- No legal or similarly significant effects
- No automated decision-making within the meaning of Article 22 GDPR

You have the right to object to profiling at any time.

8. Recipients of Personal Data

Your data may be shared with:
- Group companies
- Service providers, including:
     o IT and cloud providers
     o CRM and marketing service providers
     o Payment processors
     o Logistics partners
     o Professional advisors

All recipients are bound by contractual obligations to ensure confidentiality and security. We do not sell personal data to third parties.

9. Data Transfers to third countries

We primarily process personal data within the EU or EEA.

If data is transferred or processed outside the EU or EEA, we ensure adequate safeguards such as, amongst others:
- Standard Contractual Clauses (SCCs)
- Explicit consent for the transmission of personal data
- Adequacy decisions by the European Commission

10. Retention Periods

We retain personal data only as long as necessary.

We will delete or anonymize your personal data, in compliance with legal retention periods, as soon as they are no longer required for the respective purpose, for example when the processing of your request is completed.

11. Your Rights

Subject to the requirements stipulated by the GDPR, you have the following rights:
- Access to your personal data
- The rectification of incorrect or incomplete data
- Deletion of your personal data
- Restriction of the processing of your personal data
- The right to receive your personal data in structured, commonly used and machine-readable format and the transfer of that the data to another data controller
- To object to the processing of your personal data

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

12. Exercising Your Rights

You may exercise your rights by sending an e-mail to DPO@facil.be. Please include proof of identity to prevent misuse. Requests are handled within one month upon receipt of the e-mail and the proof of identity, unless legally permitted otherwise.

13. Cookies

We use cookies and similar technologies to:
- Ensure website functionality
- Analyse usage
- Provide personalised content

Where required, we obtain your consent before placing cookies. For more details, please consult the Cookie Policy, available on our website.

14. Data Security

We implement appropriate technical and organizational measures, including:
- Access controls
- Encryption where appropriate
- Secure IT systems
- Staff confidentiality obligations

15. Who to contact in case of questions, requests or complaints

If you have questions about your privacy or wish to exercise your rights, please contact us by e-mail at dpo@facil.be

We take your request very seriously and are committed to address any of your concerns. Nonetheless, you have the right to file a complaint with a competent local data protection authority at any time. In Belgium, the competent supervisory authority is the Belgian Data Protection Authority, Drukpersstraat 35, 1000 Brussels, contact@adp-gba.be 

16. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version of the Privacy Policy is always available on our website. Continued use of our services implies acceptance of the updated policy.

Last updated on 05/06/2026