Privacy policy

Privacy policy

Yuma Group takes the protection of personal data seriously. This Privacy Notice explains how YUMA SA/NV (“Yuma Group”, “we”, “us”, “our”) collects and processes personal data through this Website, in compliance with Regulation (EU) 2016/679 of 27 April 2016 (the “GDPR”) and the Belgian Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.

This Privacy Notice is structured as a series of questions and answers. We encourage you to read it carefully.

1.  Who is responsible for processing your personal data?

The data controller is:

YUMA SA/NV
Leuvensesteenweg 325, 1930 Zaventem, Belgium
BCE / VAT: BE 0765.969.210
E-mail: privacy@weareyuma.com

Where subsidiaries or affiliated entities of Yuma Group operate their own recruitment or commercial activities through this Website, those entities may act as separate or joint data controllers, as disclosed at the point of data collection.

2.  What is personal data?

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, your name, professional address, e-mail address, telephone number, organisation, job title, and any other information that allows you to be identified directly or indirectly.

3.  For what purposes and on what legal bases do we process your personal data?

We process personal data collected via this Website for the following purposes:

3.1 Responding to enquiries and contact form submissions

When you contact us through this Website – whether to request information about our services, register for an event, or submit a complaint – we process your name, title, professional address, telephone number, e-mail address, organisation, function, and a description of your request. The legal basis is our legitimate interest in responding to business communications (Article 6(1)(f) GDPR), or, where required, your consent (Article 6(1)(a) GDPR).

3.2 Processing of job applications and spontaneous candidacies

If you submit a job application or a spontaneous candidacy through this Website, we will process the personal data contained in your application file, which typically includes:

  • identification data (name, address, contact details);
  • professional background (CV, work history, qualifications);
  • other data you choose to include in your application (e.g., covering letter, references).

The legal basis for this processing is the performance of pre-contractual measures taken at your request (Article 6(1)(b) GDPR) and, where applicable, our legitimate interest in identifying suitable candidates (Article 6(1)(f) GDPR).

Your application data will be retained for a maximum period of 12 months from the date of receipt. If you wish your application to be kept on file for future vacancies beyond this period, we will ask for your explicit consent. You may withdraw that consent at any time.

We do not make automated decisions (including profiling) that produce legal or similarly significant effects in the context of our recruitment process.

3.3 Direct marketing

If you are an existing client of Yuma Group or a person with whom we maintain a relevant business relationship (e.g., a commercial prospect), we may contact you for direct marketing purposes on the basis of our legitimate interest (Article 6(1)(f) GDPR), unless you object. If you have no prior relationship with us, we will only send you marketing communications with your explicit consent.

You may object to or withdraw consent for direct marketing at any time, without any consequences to other aspects of your relationship with us.

4.  What categories of personal data do we process?

Depending on your interaction with this Website, we may process the following categories of personal data:

  • General identification data: title, first name, last name, professional address;
  • Contact data: telephone number, e-mail address;
  • Professional data: organisation, function, seniority level;
  • Application data (for candidates only): CV, qualifications, career history, covering letter;
  • Technical data: IP address and browsing data collected through cookies (see Section 9).

We do not intentionally collect special categories of sensitive personal data (such as data revealing racial or ethnic origin, health data, or data concerning sexual orientation) through this Website. If you include such data in a free-text field or application document, we will handle it with particular care and will not use it as a basis for any decision.

This Website is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors.

5.  Who has access to your personal data within Yuma Group?

Access to your personal data is restricted on a strict need-to-know basis. The following internal teams may have access, depending on the purpose of the processing:

  • Sales and marketing teams (for contact inquiries and direct marketing);
  • Human resources and recruitment teams (for job applications);
  • IT and operations staff, to the extent required for the maintenance and security of our systems.

All Yuma Group employees who handle personal data are bound by confidentiality obligations.

6.  With whom may your personal data be shared?

Yuma Group does not sell, rent, or trade your personal data. Your data may, however, be shared in the following circumstances:

  • With subsidiaries and affiliated entities of Yuma Group, where necessary to fulfil the purposes described above. Yuma Group operates entities in Belgium, the Netherlands, Luxembourg, and Tunisia. Transfers to Tunisia (a country not subject to an EU adequacy decision) are governed by appropriate safeguards, including the standard contractual clauses approved by the European Commission.
  • With trusted IT service providers acting as data processors on our behalf (e.g., cloud hosting providers, e-mail platform operators). Such providers process data only on our documented instructions and are bound by appropriate data processing agreements.
  • Where required by law or by an order of a competent authority.

We will not share your data for any purpose incompatible with those described in this Privacy Notice without your prior consent.

7.  Automated decision-making

Yuma Group does not make decisions based solely on automated processing – including profiling – that produce legal effects or similarly significantly affect you.

8.  How long do we retain your personal data?

We retain your personal data only for as long as necessary for the purposes described in this Privacy Notice, subject to the following indicative retention periods:

  • Contact form submissions and general enquiries: up to 3 years from the date of last contact;
  • Job applications and candidacy files: up to 12 months from receipt, unless you consent to a longer retention period for the purpose of future vacancies;
  • Client and prospect data processed for direct marketing: up to 3 years from the last meaningful interaction;
  • Cookie data: as specified in Section 9 below.

After the applicable retention period, we will securely delete or anonymise your personal data, unless a longer retention period is required by law.

9.  Cookie policy

9.1 What are cookies?

A cookie is a small text file placed on your device when you visit a website. Cookies enable the website to recognise your browser and, if you have a registered account, associate it with your account. They serve various purposes, such as keeping you signed in, remembering your preferences, understanding how you use the site, and, where applicable, personalising content.

9.2 What cookies do we use?

We use strictly necessary cookies, functional cookies, analytical cookies (Google Analytics), and third-party cookies activated by embedded YouTube content. A complete and up-to-date description of each cookie – including its name, provider, purpose, and retention period – is set out in our Cookie Policy, available at: www.weareyuma.com/en/cookie-policy.

9.3  Managing your cookie preferences

When you first visit this Website, a cookie banner will ask for your consent to the use of non-essential cookies. You may modify your preferences at any time via the cookie settings available on the Website.

You may also block or delete cookies at any time through your browser settings. Please note that blocking certain cookies may impair the functionality of the Website. Instructions for commonly used browsers are linked from our Cookie Policy.

10.  How do we protect your personal data?

Yuma Group has implemented appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include, among others, access controls, encryption of data in transit, and regular security reviews.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with our obligations under Article 34 GDPR.

11.  What are your rights and how can you exercise them?

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): you may ask us to delete your personal data, subject to applicable legal obligations.
  • Right to restriction of processing: you may ask us to limit how we use your data in certain circumstances.
  • Right to object: you may object at any time to the processing of your data based on our legitimate interests, including for direct marketing purposes.
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, you may ask us to transmit your data to you or to another controller in a structured, commonly used, machine-readable format.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: you have the right to submit a complaint to the Belgian Data Protection Authority (Autoriteit Gegevensbescherming / Autorité de protection des données) at www.dataprotectionauthority.be.

To exercise any of the above rights, or for any question regarding this Privacy Notice, please contact us at:

YUMA SA/NV
Att: Data Protection Officer
Leuvensesteenweg 325, 1930 Zaventem, Belgium
E-mail: privacy@weareyuma.com

We will respond to your request within 30 days of receipt. This period may be extended by a further two months where requests are complex or numerous, in which case we will inform you accordingly.

12.  Amendments to this Privacy Notice

We reserve the right to update this Privacy Notice at any time to reflect changes in our practices, applicable law, or our Website’s features. The date of the latest revision is shown at the top of this page. Where material changes are made, we will take appropriate steps to bring them to your attention.