1 2 3 4 5 6 7 8 9 0
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0

Privacy Policy

Toba HR Solution’s Privacy Statement

Toba HR Solution’s Privacy Statement

The protection of your privacy is of the utmost importance to Toba HR Solutions. We undertake to protect and process your personal data in strict compliance with EU General Data Protection Regulation 2016/679 (“GDPR”) and with transparency and fairness to you.

Our data processing activities are conducted: 1) with your consent; 2) in order to fulfil our obligations to you; 3) for the legitimate purposes of operating our business, or 4) otherwise in accordance with the law.

The purpose of this privacy statement is to adequately inform you and to explain how we collect, use and store your personal data. You may object to the processing of your data, as explained in Chapter 6 of this notice.

1. Scope of this privacy statement

A. Context and Who is Who?

We are Toba HR Solutions NV, a company incorporated under Belgian law, having its registered office at Bellevue Toren, Bellevue 5/901, 9050 Gent-Ledeberg, Belgium, (“Toba HR Solutions", “we”) and registered with the Crossroads Bank for Enterprises under enterprise number 0476.252.776.

"Processing" means any operation or set of operations which is performed upon personal data such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by means of transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data.

The “controller” as defined by the GDPR means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data as described above. Toba HR Solutions will be the controller with regard to the processing of your personal data.

The “processor” as defined by the GDPR means the legal or a natural person, agency, public authority, or any other body who processes personal data on behalf of a data controller.

B. Audience of this privacy statement

Those affected by this privacy statement are:

Customers, contractors, candidates, etc. using the TobaCube web application and mobile application of Toba HR Solutions (“Application”) who are identified or identifiable natural persons;

C. Out of scope of this privacy statement

The personal data that we process for your employer as a Toba HR Solutions customer regarding personnel scheduling, work time registration and other HR-related services is governed by a separate Data Processing Agreement concluded with your employer. Such a Data Processing Agreement is an integral part of each contract and guarantees you that we process your personal data only as instructed by our customer (your employer).

For questions on the personal information that your employer provides to us as part of the services we deliver or your privacy rights as an employee, please contact your employer’s HR department or Data Protection Officer (DPO).

D. Extent of data

The data covered by this privacy statement are personal data, i.e., any information in relation to an identified or identifiable natural person. We may collect personal data from you directly, from your employer or from other sources, such as:

Identification data such as your name and user name

Contact information such as your email address and phone number

Information for secure access such as your password or other authentication information

Other information that you provided to us connected to your account such as communication preferences or support requests.

Data relating to your behavior and habits when using our Application.

Security information: user activity is logged to be able to detect unauthorized or malicious behaviour, including user logon and logoff events, password resets, changes in access rights or data create, modify and delete events.

Such personal data will be collected:

from data you enter yourself (such as registration information);

from your employer, as set forth in your employer’s (internal) privacy policy;

from data we receive from integrated applications and systems;

from data through your use of our Application (such as IP address);

through the cookies, as set out in our Cookie Statement.

2. Purposes of data processing

Your personal data may be processed for any of the following purposes:

1) To create an account on our Application;

2) To improve our websites and our services;

3) To fulfil legal and contractual obligations;

4) To market our services (including sending you promotional messages about our products and services);

5) To maintain our business relationship, where you are a user of our services, a client or a candidate;

6) To comply with legal, regulatory and judicial requirements and reasonable requests; and

7) To defend ourselves in the event of a legal claim.

8) To give access to our secured services and keep those services secure and operational.

In accordance with the GDPR, we process your personal data based on the following legal grounds:

We base the processing of personal data for (2) on the necessity for the exercise of our legitimate interests (art. 6.1 f) GDPR), in particular to enhance the quality of our Application.

We base the processing of personal data for (3), (5) and (8) on the necessity for the performance of the contract or pre-contractual obligations we have concluded with the data subject, in particular the Terms of Use (art. 6.1 b) GDPR).

We base the processing of personal data for (6) and (7) on the necessity for compliance with a legal obligation (art. 6.1 c) GDPR).

We base the processing of personal data for (1) and (4) on the explicit consent from the data subject (art. 9.2 a) GDPR).

3. Sharing your personal data

We may disclose your personal data to the following parties:

Other users of the Application: you share information with other users when you disclose information on the Application. Please be careful with your information and make sure you are comfortable with the visibility of the content you share.

With our service providers and partners: We use third parties to help us operate and improve our services. These third parties assist us with various tasks, including data hosting and maintenance, analytics, customer care, marketing, advertising, payment processing and security operations. We also share information with partners who distribute and assist us in advertising our services. For instance, we may share limited information on you in hashed, non-human readable form to advertising partners

With law enforcement/when required by law: We may disclose your information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.

When transferring personal data to third parties, we always ensure that we implement appropriate technical and organizational protection measures. Where necessary, we will, for example, conclude a transfer agreement or a processor agreement, which sets out restrictions on the use of your personal data and obligations in respect of the security of your personal data.

Your personal data will not be lent or sold to third parties for marketing purposes without your prior express consent.

To the extent that your data is transferred in the context of this article to countries outside the European Union which do not provide an adequate level of protection for your data, Toba HR Solutions will ensure that the companies to which your data is transferred do provide an adequate level of protection. In particular, we have concluded Standard Contractual Clauses (SCC) with them. Toba HR Solutions guarantees to always verify, on a case-by-case basis, whether an adequate level of protection is in place for transfers to third countries.

4. Protection of your data

We have set up technical and organizational adequate standards of security in our own operations when it comes to safeguarding and protecting personal data in accordance with our legal obligations. By doing so, we want to prevent any unauthorized person from gaining access to, processing, altering or deleting personal data and to protect your personal data as best as we can against the destruction and loss. More information on our security measures is available upon request.

5. Retention of your data

We will not keep your personal data for longer than necessary for the processing purposes for which your data were collected (as described above). We will appropriately and securely dispose of your personal data when we no longer need them. We take into account the sensitivity of your personal data, the purpose and the legal requirements in order to use the appropriate retention period.

We keep basic information about our customers and suppliers for up to 10 years for liability, legal, tax and compliance purposes after the end of the contract. In specific cases, we may be required to retain these data for a longer period of time, for example in the event of a legal dispute, if is (i) necessary to cover our liability or (ii) required or permitted by law. All personal data purely for the purpose of scientific research or statistical purposes may be stored for longer periods.

Regarding the data of visitors to our website, we refer to our Cookie Policy.

6. Your rights

We will use reasonable efforts to ensure that your personal data is accurate and up to date. Therefore, please advise us of any changes to your information.

In accordance with the GDPR, you are entitled to request access to the details of personal data we hold about you and to have it rectified or even erased, in certain specific cases. You may also object to the processing of your personal data if the processing is carried out on the legal basis of a legitimate interest. You also have the right to object to the processing of your personal data for direct marketing purposes. This right is absolute – we will always comply with it. Furthermore you have the right to restriction of the processing of your personal data in certain specific cases. If the processing of personal data is based on your explicit consent, you may withdraw your consent at any time without affecting the lawfulness of processing such data prior to such withdrawal.

You have the right to access the personal data you have provided us, in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without consent from us (data portability). This right is however subject to restrictions and conditions.

In relation to exercising your rights, you can send us your signed and dated request. Please be as accurate as possible when formulating requests:

By regular mail to:
Toba HR Solutions NV

Attn. DPO department
Bellevue 5/901​​​​

9050 Gent-Ledeberg


By e-mail to ciso@tobahr.be

We will respond to your request as soon as possible and in any event within four (4) weeks after receipt of your request. The exercise of these rights is in principle free of charge. Only in case of unreasonable or repeated requests may we charge a reasonable administrative fee. It is possible that we will first ask you for proof of identity in order to verify your identity.

In case of disagreement relating to the processing of your personal data, you have the right to contact the competent data protection authority. However, we encourage you to contact us first in order to try to seek a pragmatic and amicable solution regarding the disagreement.

The contact details of the Belgian Data Protection Authority are as follows:

Data Protection Authority
Rue de la Presse/Drukpersstraat 35

B-1000 Brussels

Tel.: +32 2 274 48 00
E-mail: contact@apd-gba.be


7. References to other websites

Our website may contain links to other sites that are not operated by us. If you click on a third-party link, you will be redirected to that third-party site. We strongly recommend that you review the Privacy Policy of each site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party web sites or services

8. Changes to this privacy statement

This privacy statement may be amended from time to time. We invite you to review the latest version of this privacy statement online.

This policy was last reviewed on 10 January 2024.

9. Contact details

If you have any queries about this privacy statement, please contact Toba HR Solutions:

By regular mail to:
Toba HR Solutions NV

Attn. DPO department
Bellevue 5/901​​​​

9050 Gent-Ledeberg


By e-mail to ciso@tobahr.be