General terms & conditions

Latest update 2024-04-12

General terms and conditions

Only complaints received within 10 days of invoice date will be taken into consideration. The service provider needs to be notified of these complaints by a registered letter.

Should the service provider not have received payment on the expiry date of the invoice a monthly interest of 1% will be charged by law and without proof of default. Furthermore the due amount will legally be increased by a claim of 10% with a minimum of 100 euro, all this without abatement of reminder, recovery or legal cost.

Should the client omit to comply with the stipulated commitment, the service provider has the right to stop all services and this without prior notification nor compensation.

This agreement is governed by Belgian law and falls exclusively within the jurisdiction of Belgian courts. Any disputes relating to this agreement shall fall exclusively within the jurisdiction of the Courts of Brussels.

Confidentiality and discretion

All the service provider’s employees shall keep confidential all the confidential information gathered during the execution of their profession.

The service provider shall ensure that all parties concerned exercise the utmost discretion towards the parties involved and the candidates. It is forbidden to divulge personal details, other than in the context of an assignment. The service provider must ensure compliance with the legislation on the protection of personal data.

The service provider shall exercise utmost discretion and care when approaching candidates in their professional activities.

All the service provider’s commitments in the framework of this agreement constitute an obligation of means. If no suitable candidate is found within the agreed timeframe, the contractually agreed fee in this agreement remains due, in accordance with Articles 3 and 5.

The nullity of one or more obligations stipulated in this agreement in no way affects the validity and enforceability of the other clauses in this agreement.

Article 1. Definitions

The following terms used in this Addendum should be interpreted in the same way as in Regulation (EU) 2016/679, hereinafter the “General Data Protection Regulation” or “GDPR”: “Data Subject,” “Recipient,” “Personal Data,” “Supervisory Authority,” “Processor,” “Controller.”

“Addendum” means this agreement by which the Parties regulate their joint responsibility for the processing of Personal Data in the context of the Main Agreement. As far as the processing of Personal Data is concerned, the provisions in this Addendum to the Main Agreement shall take precedence.

"Main Agreement" means the agreement between the Parties to regulate a specific recruitment and selection assignment.

“Prospective Employee” means the Data Subject whose Personal Data will be processed in the context of the Main Agreement.

“Client” means the (legal) entity mentioned in the Main Agreement to whom Key4nova will provide the products and/or services in accordance with the Main Agreement.

Article 2. Scope

Both Parties acknowledge their roles as Controllers and in that capacity undertake to comply with the applicable law, in particular, but not exclusively, the General Data Protection Regulation.

Article 3. Processing in the context of the Main Agreement

This Addendum covers the processing of Personal Data by the Parties in the context of the Main Agreement. The Client has instructed Key4nova to supervise the recruitment and selection of Prospective Employees.

Article 4. Categories of data subjects

In the context of this Addendum, the Parties will process the Personal Data of Prospective Employees of the Client.

Article 5. Categories of Personal Data

In the context of this Addendum, the Parties will process the following categories of Personal Data of the Prospective Employees of the Client:

- Identification and contact details: Name and e-mail address of the Prospective Employee,

- Personal characteristics: Gender and age group, reasoning and skill characteristics, biographical characteristics,

- Psychological data about the Prospective Employee: Test results,

- Educational data: Educational level,⎯ Professional data: Industry, position, salary,

-  Information provided on a voluntary basis by the Prospective Employee.

Article 6. Purpose of the processing

In the context of this Addendum, the Personal Data of Prospective Employees will be processed for the following purposes:

- By the Client for the recruitment and selection of Prospective Employees,

- By Key4nova for the recruitment and selection of Prospective Employees,

- By Key4nova to improve the quality of the Competency Scan Online platform, the testing on the platform, and the quality of the service,

-  By Key4nova as part of the general scientific research to be reported in the Key4nova White Papers.

Article 7. Grounds of admissibility

Each Party will be obliged, each for its own distinct role under the Main Agreement, to have the necessary permissions in place to process the Personal Data of the Prospective Employees. The Parties will be obliged to have the necessary ground(s) for admissibility in Article 6.1 of the General Data Protection Regulation in place to process the Personal Data of the Prospective Employees. The Parties acknowledge that the processing of the Personal Data of the Prospective Employees for the purposes described in Article 6 of this Addendum can only be justified on the basis of Article 6.1, a, b, c, and f of the General Data Protection Regulation. The agreement with the Prospective Employee will be established for both Parties upon commencement of the use of the Competency Scan Online platform.

Article 8. Purpose limitation and retention period

The Parties undertake not to process more Personal Data than are necessary for the purposes set out above.

Key4nova will not keep the Personal Data for longer than is necessary for these purposes. With a view to the further development of Key4nova's services, this period has been set at ten years from the time of the data collection. In exceptional cases and after internal assessment, Key4nova may shorten this period at the request of the Client or the Prospective Employee.

Article 9. Security of Personal Data

The Personal Data will be stored securely in a database managed by Key4nova, located within the territory of the European Union.

The Parties undertake to ensure that only authorised persons will have access to the Personal Data. The authority of these persons will be determined on the basis of the need for access for the implementation, follow-up, reporting, and project monitoring of the Main Agreement, and in accordance with the purposes of the processing. Both Parties will be responsible for the training of their own staff in handling Personal Data.

Key4nova will take reasonable administrative, technical, and physical precautions to (i) ensure the security and confidentiality of the Input Material, (ii) protect against anticipated threats to the security or integrity of the Input Material and the Personal Data, and (iii) protect against unauthorised access to or use of Input Material or Personal Data. These precautions are in line with generally accepted industry standards.

Key4nova will (i) maintain commercially reasonable and industry-standard backup, redundancy, disaster recovery, and business continuity measures and procedures in relation to the Online Services, and (ii) implement and enforce these measures and procedures as necessary.

Key4nova will also be responsible for the security of the services in accordance with generally accepted industry standards. This includes custom firewall protection, anti-virus and anti-malware security, as well as IPS, IDS (intrusion prevention and detection system) and reporting tools.

Article 10. Transfer of Personal Data

The Parties agree that the Personal Data, except with regard to the storage of the Personal Data by an entity of  Key4nova, will not be shared with third parties, neither within nor outside the European Union.

The Client will be informed in good time if Key4nova wishes to use an external processor for the transfer or storage of the Personal Data in the future. Key4nova will choose the appropriate Processor on the basis of, among other things, their willingness to comply with the applicable data protection laws.

Article 11. Contact person and communication between the Parties

Each Party will designate a contact person within its organisation who may be contacted by the Data Subjects or by the other Party with questions, comments, or complaints regarding the processing of Personal Data in the context of this Addendum. Data Subjects may submit requests to these contacts to exercise their rights as Data Subjects.

Article 12. Obligations of the Parties concerning the rights of the Data Subjects

The Client undertakes to communicate all necessary Client-specific information, as well as any general information regarding the processing of Personal Data in the context of the Main Agreement, to the Data Subjects on behalf of both Parties.

The Client undertakes to inform Key4nova of any specific legal obligations for the Client at the time of the recruitment and selection of Prospective Employees.

Key4nova will inform the Prospective Employee about the processing of their Personal Data by means of a general Privacy Statement that will be made available to the Data Subject.

Data Subjects may send a request to the Parties to exercise their rights with the contact person.

The Party to whom a Data Subject sends a request to exercise their rights will verify whether the request is valid and legitimate. The other Party will be informed without undue delay of each valid and legitimate request. Each Party will deal with the requests concerning the Personal Data for which they are responsible. The Party receiving the request will inform the Data Subject of the decisions relating to the request.

Article 13. Duty to assist

The Parties have agreed to assist each other and the competent Supervisory Authority in carrying out its tasks.

However, assistance will not take the form of specific consultancy services related to the Parties' internal data protection and/or security policies.

Article 14. Competent Supervisory Authority

The Parties have designated the Belgian Supervisory Authority as the Competent Authority.

Article 15. Duty to report

In the event of a data leak or other breaches of the applicable data protection legislation, the Parties shall inform each other without undue delay, but no later than within 48 hours after they have discovered or become aware of the breach. The Parties shall keep each other informed of new developments concerning the breach, as well as of the measures taken and planned to limit or terminate the breach and to avoid similar incidents in the future. The Parties shall report this breach to the Supervisory Authority and the Data Subjects in accordance with their data protection obligations and provided that the processing can be attributed to the Parties. For data leaks and breaches in the context of the processing for joint purposes, the Parties have agreed to report the data leaks or breaches to the Supervisory Authority if required. The Party that is the first to become aware of the data leak or breach shall take the initiative in this regard.

Article 16. Liability of the Parties

Each Party (“Liable Party”) will be liable and shall:

-  Compensate the other Party for the damage suffered by this Party; and

-  Indemnify the other Party against any claims by the competent data protection authorities or by any Data Subjects or third parties for damages suffered by them,

as a result of a Liable Party’s failure to fulfil its obligations under the GDPR, the binding implementing measures of the GDPR, or this Addendum, to the extent that the damage or claim is solely due to the failure of the Liable Party to fulfil its obligations under the GDPR.

Neither Party will be liable for any indirect or consequential loss or damage suffered by the other Party, such as loss of data, profits, revenues, turnover, or any other financial or commercial disadvantage, irrespective of whether such loss or damage is the result of a violation of this Addendum or an illegal act.

Article 17. Final Provisions

This Addendum will remain in force for the same period as the Main Agreement and shall terminate automatically upon termination of the Main Agreement for any reason whatsoever.

The substantive content of this Addendum will be made available to the Data Subjects.