Home
Informacja prawna
PRIVACY POLICY

Privacy policy

Version 3.0 - Date: 12/01/2026

 

Identity and contact details of the Data Controller

This Privacy Statement governs the processing of personal data by Fedrus International NV, with its registered office at 9000 Gent, Geraard de Duivelstraat 1, and company number VAT BE 0630.779.617 (hereinafter “Fedrus International”). 

Contact address: info@fedrusinternational.com

Fedrus International acts as the overarching Data Controller for the entire Fedrus Group, which consists of several subsidiaries active in the production, distribution and development of roofing, façade and building materials, industrial plastics, and related services.

This Privacy Policy also applies to all subsidiaries of Fedrus International NV (hereinafter “Fedrus Group”), including but not limited to:

  • Heli Group NV and its subsidiaries (Heli NV, Heli Trans, High & Safe);
  • VM Building Solutions NV and its subsidiaries (VMBSO Scandinavia, Iberica, USA, China, Hungary, UK, France, India, Slovakia, Deutschland);
  • Apok NV and Apok SAS;
  • Plastivan Invest NV and its subsidiaries, including Plastivan NV, Extruform NV, Van Overstraten NV, Plastivan Ltd., Plastivan Sp. z o.o., and Plastivan SA/NV;
  • Fedrus Growth Capital NV, Aerobel BV, and Bullswap BV.

Each subsidiary within the Fedrus Group acts as a separate Data Controller for the processing of personal data carried out in the context of its specific activities.

Fedrus International NV acts as the central Data Controller for group-wide processing activities, such as customer relationship management, marketing initiatives, human resources administration, IT support, and legal compliance. 

Fedrus International and its subsidiaries are committed to protecting your personal data and process it in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and any applicable national data protection laws. 

Our Privacy Statement explains how we will process your personal data, including when you use our website and when you communicate with us by e-mail, post, telephone or other means, for example by requesting samples or placing an order.

For further questions or comments regarding the way we handle your personal data, you can always contact us either by e-mail at info@fedrusinternational.com or by post at the above-mentioned address.

If you wish to contact our Data Protection Officer (DPO), you can do so via the same e-mail address, with the reference “to the attention of the DPO”.

 

What does “processing personal data” mean?

The processing of personal data (hereinafter “data”) includes any operation performed on data that can identify you as a natural person. You can read in this Privacy Policy which data this concerns. The term “processing” is very broad and covers, among other things, the collection, storage, use of your data, or the sharing thereof with third parties. 

 

Which data do we process?

Below, we list the categories of personal data that may be processed by Fedrus International NV and its subsidiaries, depending on your relationship with the company (e.g. as an employee, customer, supplier, business partner, or website visitor).

Depending on your specific situation, your preferences, and the way you contact us, not all of the categories listed below will apply to you.

 

Human Resources management (applicants, employees, and former employees)

We may process personal data of applicants, employees, and former employees: 

  • Identification data (name, first name, date of birth, nationality);
  • Contact details (address, private and business email address, telephone number);
  • Curriculum vitae, education, qualifications, and work experience;
  • Employment and contractual data (employment contract, job title, department, working hours, performance data, attendance, evaluations);
  • Payroll and administrative data (salary details, bank account, tax and social security data, benefits, expense claims);
  • Mobility and training data (courses attended, certificates, travel records);
  • Access and IT data (login credentials, system logs, badge data, device use);
  • Photos, ID copies, and medical certificates when legally required;
  • Archival and post-employment data (documents related to termination or retirement).

 

Customer management and commercial relationships

We may process personal data of customers, prospects, and business contacts (such as roofers, distributors, contractors, and architects): 

  • Identification data (name, first name, job title, function);
  • Contact details (email address, phone number, address, company name);
  • Company-related data insofar as it can identify a natural person;
  • Contractual and transaction data (orders, quotations, invoices, payments, warranties);
  • Technical and project data (plans, specifications, measurements);
  • Participation data (attendance at trainings, events, or meetings);
  • Preferences, feedback, and communication history;
  • Photos or testimonials related to projects or professional activities.

 

Supplier and service provider management

We may process personal data of suppliers and service providers (such as consultants, IT partners, logistics providers, and payroll agencies): 

  • Identification data (name, first name, gender, function);
  • Contact details (business email address, telephone number, address);
  • Company and financial data (VAT number, company number, bank details);
  • Contractual data (contracts, orders, deliveries, invoices);
  • Communication records and correspondence;
  • Feedback or reference information related to cooperation.

 

Organization of trainings and professional events

We may process personal data of participants in technical or commercial trainings, workshops, or events: 

  • Identification and contact data (name, first name, email address, phone number, company, position);
  • Registration and attendance data;
  • Certificates or confirmations of participation;
  • Preferences and communication records regarding trainings or events.

 

Marketing and communication

We process personal data for marketing and communication purposes, including: 

  • Identification and contact data (name, company, position, email address, phone number);
  • Preferences regarding marketing content, communication channels, and language;
  • Interaction and engagement data (newsletter opens, event participation, downloads, survey responses);
  • Content such as photos, testimonials, or social media interactions collected during campaigns or events.

 

Use of our websites and digital platforms

  • When you visit our websites or digital platforms, we may process:
  • Technical data (IP address, device type, browser, operating system, connection data, country/region);
  • Analytical and marketing data (page visits, click behavior, session duration, referrer);
  • Data entered via online forms (name, company, email address, telephone number, message content);
  • Cookie preferences and consent records.

 

Security and access control

In certain cases (e.g. when you visit one of our premises), we process personal data such as: 

  • Camera footage (CCTV recordings in and around company premises);
  • Access registration data (badge logs, visitor logs, vehicle entries);
  • Digital access and IT security data (login records, system monitoring logs, incident reports).

 

Directors and shareholders

From directors and shareholders, we may process: 

  • Identification and contact details (name, address, email address, phone number);
  • Professional details (role, mandate, function);
  • Shareholding and financial data (UBO information, bank account, dividend details);
  • Administrative and governance data (meeting attendance, minutes, correspondence).

Legal obligations and data subject rights

  • Data required to comply with tax, employment, social security, and corporate law obligations;
  • Records related to exercising GDPR rights (access, rectification, erasure, objection, restriction);
  • Copies of identity documents when necessary for verification.

 

For what purposes do we process your data?

Personal data are processed solely within the framework of the Company’s legitimate business activities and operations, and in particular for the following purposes:

Core business activities

  • In the context of our main activities, including the production and distribution of roofing, façade and building materials (such as zinc, copper, plastics and other construction materials);
  • Providing technical support, project guidance, and consultancy services to customers, partners, and architects;
  • Managing product warranties, after-sales service, and quality control;
  • Maintaining central databases and CRM systems for group-wide coordination.

Customer and commercial relationship management

  • Managing customer and prospect data for quotations, contracts, orders, deliveries, invoicing, and payments;
  • Handling information requests, preparing offers and technical documentation;
  • Following up on projects, leads, and professional relationships with roofers, distributors, contractors, and architects;
  • Managing complaints, feedback, or warranty claims;
  • Archiving project and customer files for traceability and documentation purposes.

Supplier and service provider management

  • Managing contracts and communication with suppliers, consultants, and external partners;
  • Processing orders, deliveries, and invoices;
  • Ensuring administrative, accounting, and tax compliance;
  • Monitoring quality, performance, and cooperation with external providers.

Marketing, communication, and events

  • Sending newsletters, product updates, invitations, and promotional materials, based on consent or legitimate interest;
  • Organizing technical trainings, seminars, and events for customers, architects, and industry professionals;
  • Managing participation in trade fairs, exhibitions, and networking events;
  • Conducting market analysis and segmentation to improve customer experience;
  • Publishing or using photos, testimonials, or case studies for professional communication, where appropriate;
  • Managing group communication platforms and online campaigns.

Website and digital platform management

  • Operating, maintaining, and improving our websites and online services;
  • Processing data entered through online forms or registration modules;
  • Managing cookies and analytical tools to improve usability and performance;
  • Securing digital systems and preventing misuse or unauthorized access.

Human Resources management

  • Managing recruitment and selection processes;
  • Executing employment contracts and managing personnel administration;
  • Payroll, time registration, and performance evaluations;
  • Training, development, and mobility management;
  • Managing company vehicles, expense reimbursements, and employee benefits;
  • Internal communication, access control, and IT management;
  • Archiving employee records and complying with post-employment obligations.

Security and access control

  • Protecting company premises, equipment, and people through access registration and CCTV monitoring;
  • Managing IT security, including user authentication, logging, and incident follow-up;
  • Ensuring compliance with health, safety, and security procedures.

Corporate governance and legal compliance

  • Managing data of directors, shareholders, and company officers for corporate administration and UBO registration;
  • Drafting and storing meeting minutes and governance documents;
  • Managing communication with the Board of Directors and shareholders;
  • Ensuring compliance with legal, social, tax, and regulatory obligations applicable to the Company;
  • Responding to official requests from public or judicial authorities;
  • Managing and documenting requests from data subjects in accordance with the GDPR (such as access, rectification, erasure, or objection).

Archiving and document management

  • Retaining and managing documentation relating to contracts, projects, training sessions, and legal records;
  • Ensuring proper data retention and deletion in line with statutory and operational requirements.

 

On what legal grounds do we process your data?

We process your data for the purposes described below and do not collect or process more or other types of data than those necessary for these purposes.

We only process your data insofar as this is based on one of the legal grounds listed in the GDPR, as set out below. 

 

  •  
  •  

Legal obligation

Certain data are processed by us in order to comply with legal or regulatory obligations that apply to us. For example, in the context of tax and accounting obligations or data protection requirements.

 

Necessary for the performance of a contract

Certain data are processed by us because it is necessary for entering into, performing, or terminating a contract with you as the data subject. For example, to contact you, schedule appointments, respond to a request, or obtain information in the context of establishing a contractual relationship, as well as for the effective performance of the contractual assignment within the framework of our main activity, in order to provide our services to you or to receive services from you. 

 

Legitimate interest

Certain data are processed by us on the basis of our legitimate interest, which in specific cases outweighs any potential disadvantage to your rights. For example, for promoting our activities to business contacts; improving the quality of our services; training employees; evaluating and maintaining data and statistics related to our activities in the broad sense; retaining and using evidence in the context of liability, procedures, or disputes and for archiving purposes; and ensuring security, both online on this website and within our company premises.

 

Consent

Certain data are processed by us on the basis of your consent. For example, for promoting activities to potential business contacts; the use of certain analytical or marketing cookies; or publishing photos containing personal data on our website and social media channels. 

 

Source of the data

Most of the personal data we process about you have been obtained directly from you, for example when you:

  • contact us by email, telephone, or through our website;
  • register for trainings, events, or newsletters;
  • request quotations, documentation, or product information;
  • enter into a contractual relationship with us (as a customer, supplier, or partner); or
  • provide your information during professional interactions or trade fairs.

In some cases, we may also receive or collect personal data from external sources, such as:

  • Public sources, including official company registers, professional directories, LinkedIn, or publicly available websites;
  • External service providers that support our business operations (for example, marketing platforms, CRM or event management tools);
  • Data enrichment partners, such as Bizzy, with whom we collaborate to complete or update professional contact data of business customers, architects, or other professionals in the construction industry.

Where applicable, such partners act as independent data controllers, and their own privacy policies apply to the processing they carry out.

If you have any questions about the origin of your personal data or would like to know from which source your information was obtained, you can always contact us at info@fedrusinternational.com

 

With whom do we share your data?

With other entities within the Fedrus Group 

The personal information we hold may be transferred within the Fedrus Group, solely for the purpose of managing and maintaining the group’s central databases and digital tools.

For example, product updates or invitations to professional or architectural events may be distributed via a platform located in another EU country (for instance, France or the Netherlands).

This internal data sharing is always carried out in accordance with the General Data Protection Regulation (GDPR) and based on a joint controllership arrangement or data processing agreement, as applicable. Appropriate safeguards have been implemented to ensure that your personal data remains protected at all times.

Data shared within the group is handled strictly on a need-to-know basis and limited to what is necessary to fulfil the relevant business purposes. All entities within the Fedrus Group are contractually bound to maintain the confidentiality of your personal data and to comply with applicable data protection laws.

With third parties outside the Fedrus Group

We do not disclose your personal data to third parties outside the Fedrus Group, unless such disclosure is strictly necessary to achieve the purposes described in this Privacy Policy or where required by law.

Where necessary, we may engage external service providers (processors) to support our operational activities, such as managing our IT infrastructure, websites, and marketing campaigns. These third parties may process personal data on our behalf and only in accordance with our written instructions.

We will only share your data with these processors to the extent necessary for the relevant purpose. They are not permitted to use your data for their own purposes and are contractually required to ensure the confidentiality and security of your data through a data processing agreement.

Specifically, this means that we may share your data, where relevant, with the following categories of recipients: 

  • Postal companies, transport and delivery companies if we need to send you something by mail;
  • Payment service providers if we receive payments from you, or vice versa;
  • External representatives and consultants or any other parties involved in the context of our main or secondary activities;
  • The processors who assist us in the field of IT in operating our organization, with the aim of ensuring secure and efficient digital data management within our organization;
  • Government bodies, judicial authorities, and practitioners of regulated professions such as accountants and lawyers, for the purpose of complying with our legal obligations and defending our interests, as required.

 

How long do we retain your data?

We do not retain your personal data for longer than is necessary for the purpose for which it was collected or processed.

Since the retention period depends on the specific purposes for which the data was collected, the storage duration may vary in each case.

In some instances, specific legislation may require us to retain certain data for a defined period.

Our retention periods are always based on legal requirements and on a careful assessment of your rights and expectations, balanced against what is useful and necessary to fulfil the relevant purposes.

Once the applicable retention period has expired, your personal data will be deleted or anonymised.  

 

Where do we store your data and how are they protected?

We implement appropriate technical and organizational security measures within the scope of our activities to prevent the destruction, loss, falsification, alteration, unauthorized access, or unlawful disclosure of your data to third parties, as well as any other unauthorized processing of such data.

In addition, we ensure that the processors we engage also take appropriate security measures to minimize the risk of incidents as much as possible.

If your data are processed outside the European Economic Area (EEA) when using specific services or software tools, this will only occur in or to countries that the European Commission has confirmed to provide an adequate level of protection for your data, or measures will be taken to ensure the lawful processing of your data in such third countries.

The Company can under no circumstances be held liable for any direct or indirect damage resulting from the incorrect or unlawful use of your personal data by a third party.

You must at all times comply with the security instructions, including preventing any unauthorized access to your login details and password. You are personally responsible for the use of the website on your computer, the IP address, and your identification data, as well as for the confidentiality thereof.

 

What are your rights?

You have various rights regarding the data that we process about you. If you wish to exercise any of the rights listed below, please contact our GDPR officer using the contact details provided in the first section of this Privacy Policy.

  • Right of access and copy: You have the right to access your data and obtain a copy thereof. This right also includes the possibility to request further information about the processing of your data, including the categories of data being processed and the purposes of such processing.
  • Right of correction or rectification: You have the right to have your data corrected if you believe that we hold incorrect information about you.
  • Right to erasure (right to be forgotten): You have the right to request that we erase your data without undue delay. However, we may not always be able to comply with such a request, for example when we still need the data for the performance of an ongoing agreement, or when retaining certain data for a specific period is required by law.
  • Right to restriction of processing: You have the right to restrict the processing of your data. This means that processing will be temporarily suspended, for example until the accuracy of the data has been verified.
  • Right to withdraw consent: When processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive by email based on your consent, you can easily withdraw this consent by clicking the unsubscribe link at the bottom of such messages.
  • Right to object: You have the right to object to the processing of your data based on legitimate interest. This must be done for reasons specifically related to your situation. You may also object to the use of your data for direct marketing purposes. An opt-out will always be provided in email marketing messages.
  • Right to data portability: You have the right to obtain the data you have provided to us, with your consent or in performance of a contract, in electronic form. This allows the data to be easily transferred to another organization. You also have the right to request that we transfer your data directly to another organization, if technically feasible.
  • Right to lodge a complaint with your supervisory authority: If you believe that we are processing your data incorrectly, you always have the right to lodge a complaint with your supervisory authority for data protection.

Belgian Data Protection Authority (GBA)

Drukpersstraat 35

1000 Brussels

contact@apd-gba.be

 

How can you exercise your rights?

You can exercise your rights by contacting us, either by email at info@fedrusinternational.com or by post at the above-mentioned address, including a copy of the front side of your identity card or another document allowing us to identify you. The copy will be used solely to verify your identity in accordance with the GDPR.

 

Changes

We reserve the right to amend this Privacy Policy. The most recent version is always available on our websites. The date on which this Privacy Policy was last modified can be found at the top of the document. In the event of a substantial change to the Privacy Policy, we will, where possible, inform the individuals concerned directly if this change may have an impact on them. 

 

Legal information

Learn more

Cookies

Learn more