Subscribe to the BBP Newsletter now!

* Mandatory fields
This information is required to send the newsletter.


Privacy Policy

If you have any questions about this notice, please contact the data protection officer (DPO)


For the purpose of conducting its professional activities, Blue Box Partners EEIG (“BBP”), as Data Controller, needs to Process Personal and professional Data regarding staff, applicants, Customers and suppliers. BBP shall take all adequate measures to make sure these processing activities adhere to the European General Data Protection Regulation (“GDPR”) and other legislations regarding the Processing of Data.


Consent: a legally binding expression of will, given voluntarily, in which the Data Subject declares his/her agreement to the Processing of data.

Customers: all companies who place orders with BBP for products or services.

Data Controller: The Data Controller is the person or organisation that determines when, why and how to Process Personal Data. The Data Controller is responsible for establishing practices and policies in line with the GDPR.

Data Subject: a natural person, meaning an identified or identifiable individual about whom BBP holds Personal Data. This does not include companies or other legal entities.

Personal Data: any information identifying a Data Subject or information relating to a Data Subject by means of which the Data Subject can be identified (directly or indirectly) from that data alone or in combination with other identifiers BBP possesses or can reasonably access. Personal Data includes Sensitive Personal Data but excludes anonymous data or data that has had the identity of a Data Subject permanently removed. Personal data can be factual (for example a name, email address, location or date of birth) or an opinion about that person's actions or behaviour. Personal Data specifically includes, but is not limited to, Data Subject’s contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, and curriculum vitae (CV).

Processing of data/To Process data: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.


BBP adheres to the general principles relating to Processing of Personal Data set out in the GDPR, which require Personal Data to be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected only for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed
  • Accurate, complete, where necessary kept up to date and relevant for the purpose of collection
  • Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed
  • Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing, accidental loss, destruction or damage
  • Not transferred without appropriate safeguards being in place
  • Made available to Data Subjects, who are allowed to exercise certain rights in relation to their Personal Data

Purposes of data collection

The Personal Data collected usually concern the following items: name, nationality, job title, address, telephone number, e-mail address, financial and pay details, educational background, marital status and curriculum vitae (CV).

BBP Processes Personal Data solely for the purpose of conducting its professional activities. In this regard, BBP primarily collects Personal Data for the following business purposes (without limitation):

  • Personnel and Payroll
  • Compliance with legal, regulatory and corporate governance obligations and good practice
  • Implementation of agreements
  • Execution of shared services (ICT, finance,…)
  • Administrative purposes
  • Financial purposes
  • Recruitment and selection
  • Disciplinary matters
  • Monitoring of staff (access to systems/facilities, absence, compliance with policies,…)
  • Investigation of complaints
  • Research and development
  • Health and safety purposes
  • Disciplinary and grievance issues
  • Quality control
  • Marketing
  • Improving services

The Personal Data obtained via the contact form on this website will only be used to provide you with the information you have requested. The Personal Data obtained via the newsletter subscription on this website will only be used to provide you with the newsletter. Should you want BBP to stop sending you the requested information or the newsletter, please contact the webmaster.

This website also automatically keeps log files concerning the use by visitors to generate statistics for an anonymous analysis of this use.

Legal grounds for processing

BBP applies all reasonable means to ensure that Personal Data is collected as prescribed by the GDPR. This applies to all Personal Data, irrespective of the means of collection: collected in person, electronically or by submitting through the BBP website.

For most of the Processing activities mentioned in section 4 BBP can rely on one of the following legal Processing grounds as foreseen by the GDPR: contractual necessity or legal obligation. If these legal grounds do not apply, BBP will request the Data Subject’s Consent to Process the Personal Data. Consent will be requested if the Personal Data being Processed relate to, among other things, the taking and use of pictures, sending of newsletters, research and development and marketing.

The Personal Data of external parties, such as Customers and suppliers, to be Processed will generally concern name, e-mail address and phone number of employees or representatives of these Customers and suppliers. The legal ground based on which the Processing activity takes place is contractual necessity. The GDPR confirms that, in order to enter in a contract or perform a contract, it is needed and agreed that Personal Data Processing happens within this contractual scope.

Data transfer

Any information which falls under the definition of Personal Data will remain confidential and will only be disclosed to third parties with appropriate Consent of the Data Subject, unless BBP can rely on a Processing ground as foreseen by the GDPR and mentioned in section 5.

A brief overview of the categories of recipients: members of BBP, partner entities, distributors, service providers, financial partners, insurance companies, payroll processors, IT services providers and other companies that BBP may use for support. BBP shall not share Personal Data to non-business related third parties, except in case required by law or as permitted under the GDPR.

Rights of data subjects

Data Subjects have multiple rights when it comes to their Personal Data. First of all, Data Subjects have the right to access their Personal Data held by BBP. Secondly, Data Subjects can ask what Personal Data is held about them and why, ask questions about how the Personal Data is gathered, how it is kept up-to-date and file a request not to use their Personal Data for direct marketing purposes.

BBP also ensures Data Subjects’ right to be forgotten. This means that Data Subjects can make a request to have their Personal Data removed from any files or databases held by BBP.

For any of these questions or requests, an e-mail can be sent to All e-mails will be answered as soon as reasonably possible.

Data accuracy

BBP, on the one hand, undertakes to keep Data Subjects’ Personal Data as up-to-date and accurate as possible. Data Subjects, on the other hand, are requested to notify BBP of any relevant changes in Personal Data held about them by BBP.

Data storage and security

BBP shall apply all reasonable means not to hold Personal Data of Data Subjects longer than necessary in relation to the purpose for which it is held.

Personal Data is secured by appropriate technical and organisational measures against unauthorised or unlawful Processing and against accidental loss, destruction or damage.

BBP’s ICT-departments have developed and implemented safeguards appropriate to size, scope and business, available resources, the amount of Personal Data and identified risks. Those safeguards are evaluated and tested regularly to ensure security of Personal Data.

Data Subject’s Personal Data can only be accessed by authorized personnel. The BBP member’s staff are aware of the internal Privacy & Data Protection Policy, this privacy notice and the obligations that come with it.

Data protection breach

Any breach of this privacy notice or of the GDPR by BBP can be reported by sending an e-mail to the following e-mail address: All e-mails will be answered as soon as reasonably possible.


This website uses cookies. A cookie is a file sent by the server to the user’s browser and is afterwards stored on the user’s computer.

Why does BBP use cookies? Cookies are only used for the performance or the facilitation of the performance of a service requested. Cookies and similar technologies are used to distinguish one user’s usage preferences from those of other users on the website. This helps to provide the user with a better user experience during the website visit and allows optimization of the website.

A distinction must be made between persistent cookies and session cookies. Persistent cookies: these cookies remain on the user's device for the duration specified in the cookie. They are activated each time the user visits the website that placed the cookie (e.g. cookies placed by social media such as Twitter, Facebook, Google Analytics, etc.). Most non-functional cookies are persistent cookies with a certain retention time that is longer than the browser session. Session cookies: these cookies allow the user's actions to be simplified and linked during a browser session. A browser session starts when a user opens the browser screen and ends when the user closes the browser screen. Session cookies are placed temporarily. Once the user closes his browser, all session cookies are deleted.

When visiting this website, the user will be asked to accept cookies. This can be done in two different ways: by clicking on the 'Accept' button or by simply continuing to browse the website. The user can disable cookies by activating the browser setting that allows him to refuse the placing of cookies. However, if the user uses his browser settings to disable cookies, it is possible that the user will not have access to (certain parts of) the website. If the user wishes to withdraw his consent, he must delete the cookies according to his browser settings.

This website uses Google Analytics, a Web-analysis service from Google Inc. ("Google"). Google Analytics uses what are referred to as "cookies" – text files that are stored on your computer, and which enable your use of the website to be analysed. The information generated by the cookie of your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event of IP anonymisation on this website, your IP address will be shortened in advance by Google within member states of the European Union and in other treaty states of the Agreement on the European Economic Area. The full IP address will be transmitted to a Google server in the USA and shortened there only in exceptional circumstances. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on your website activities and to provide the website operator with additional services associated with website use and Internet usage. The IP address communicated by your browser for the purpose of Google Analytics is not combined with other Google data. You can prevent the storing of cookies through the settings in your browser's software. However, we would advise you that in such an instance you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) at Google and the processing of this data by Google by downloading and installing the browser plugin under the following link. Given the discussion around the use of analysis tools with complete IP addresses, we would like to advise you that this website uses Google Analytics with the extension "_anonymiseIP()" and IP addresses are therefore only further processed when shortened to prevent direct personal references. Please click on this special link or browsers on mobile devices to prevent the anonymised collection by Google Analytics on this website with your browser in the future using a so-called "cookies opt-out ".


This privacy notice will be updated as frequently as necessary to reflect best practices in data management, security and control and to ensure compliance with any legal changes.

BBP will publish the latest version on its website as soon as reasonably possible.

last reviewed on: 15/10/2018


If you have any questions about this notice, please contact the webmaster or the data protection officer (DPO)