Data Privacy Policy
Befimmo is committed to protecting and respecting your privacy.
The term "Befimmo" includes the following entities:
- Befimmo Group SA (institutional Sicaf under Belgian law, with FIIS status), with registered office at Cantersteen 47, 1000 Brussels, registered with the Crossroads Bank for Enterprises under number 0804.033.097, and its subsidiaries, as well as AlexandriteF SA FIIS, with registered office at Cantersteen 47, 1000 Brussels, registered with the Crossroads Bank for Enterprises under number 0804.051.905 (together the "Real Estate Companies"),
- FinDvp SRL, with its registered office at Cantersteen 47, 1000 Brussels, registered with the Crossroads Bank for Enterprises under number 0804.080.015, and its subsidiaries, PachecoDvp SRL, with its registered office at Cantersteen 47, 1000 Brussels, registered with the Crossroads Bank for Enterprises under number 0804.149.004, and EmpereurDvp SRL, with its registered office at Cantersteen 47, 1000 Brussels, registered with the Crossroads Bank for Enterprises under number 1025.545.564 (together the "Developers"),
- Befimmo Real Estate Group SRL, with registered office at Cantersteen 47, 1000 Brussels, registered with the Crossroads Bank for Enterprises under number 0794.148.007, and
- Befimmo Property Services SA, with registered office at Cantersteen 47, 1000 Brussels, registered with the Crossroads Bank for Enterprises under number 0444.052.241.
Within the framework of Befimmo's activities, one or other entity of the group – each for its own relations – acts as data controller depending on the type of Data and processing involved. More specifically:
|
Processing in question |
Data controller(s) |
|
Processing referred to in section 2.1 |
Real Estate Companies, provided they own a building, PachecoDvp SRL |
|
Processing referred to in section 2.2 |
Real Estate Companies, provided they own a building, PachecoDvp SRL, Befimmo Property Services SA |
|
Processing referred to in section 2.3 |
Real Estate Companies, Developers, Befimmo Property Services SA, Befimmo Real Estate Group SRL |
|
Processing referred to in section 2.4 |
Real Estate Companies, Developers, Befimmo Property Services SA, Befimmo Real Estate Group SRL |
|
Processing referred to in section 2.5 |
Befimmo Property Services SA, Befimmo Real Estate Group SRL |
|
Processing referred to in section 2.6 |
Real Estate Companies, Developers, Befimmo Property Services SA, Befimmo Real Estate Group SRL |
|
Processing referred to in section 2.7 |
Befimmo Real Estate Group SRL |
In order to identify the data controller responsible for processing your Data, please refer to the section corresponding to your status. For example, if you are a tenant, section 2.1 applies to the processing of your Data and the data controller will be the Real Estate Company with which you have entered into a lease agreement.
This data privacy policy sets out the basis on which Befimmo processes the personal data it collects from you or that you provide to it.
Personal data is any information relating to an identified or identifiable natural person (e.g. a name, an identification number, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity) (hereinafter "Data").
Data processing refers to any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Data.
Befimmo may amend this data privacy policy from time to time. Any future amendments to this policy will be published and will replace the previous version. Please check regularly for updates or amendments to this policy.
This data privacy policy was updated on 6 November 2025.
Table of contents:
- Scope
- Data collected by Befimmo and how it is used
- Transfer of your Data outside the EEA
- Your rights
- How do we protect your Data?
- What happens if you do not provide Befimmo with the requested Data or if you request that Befimmo stop processing your Data?
- Contact details
1. Scope
This policy applies to all of Befimmo's activities, including its prospecting activities, the conclusion of lease agreements or any other type of agreement for the provision of all or part of buildings and services to its customers and/or in the context of the conclusion and management of agreements with third parties such as suppliers, commercial/financial partners and/or subcontractors and/or in the context of its relations with its candidates, shareholders, (potential) buyers/sellers, analysts, visitors to the website www.befimmo.be (the "website"), etc.
The types of Data processed are described in more detail below, by activity.
2. Data collected by Befimmo and how it is used
2.1. Data collected from tenants or occupants (including their staff members, where applicable) of Befimmo buildings
2.1.1. Data processing and legal basis
2.1.2. Transfer of Data to recipients
If necessary, the Data may be transferred to the following recipients:
- The authorities responsible for registering the contract;
- Accountants, auditors;
- Lawyers and/or bailiffs, for example in the event of debt collection;
- Befimmo's technical suppliers (architects, contractors) located in the EEA (to enable technical intervention, for example);
- Companies within the Befimmo group acting as processors (within the framework of administrative or property management agreements);
- In the context of a property transaction, to the potential purchaser and to Befimmo's advisers assisting in the transaction.
2.1.3. Retention period
The Data listed above is retained for the following periods:
- 10 years from the end of the lease agreement (end of the contractual liability period);
- 10 years from the end of the financial year or tax period concerned (in accordance with our tax and accounting obligations);
- regarding the promotion of Befimmo's services: 3 years from the last contact;
- with regard to the processing of security camera images: 1 month, unless these images contain evidence of an offence or damage or enable the identification of a victim, witness or suspect. In this case, they will be retained for the necessary period, which may exceed one month.
In the event of a dispute exceeding the above-mentioned periods, the Data will be retained until the end of the dispute.
2.2. Data collected from visitors to Befimmo buildings
2.2.1. Data processing and legal basis
|
Data collected |
Sensitive Data collected |
How is Data collected |
Purpose of processing |
Legal basis |
|
Last name, first name, contact details, company to which the visitor belongs, license plate number, images (security cameras), time of arrival, person with whom the visitor has an appointment. |
No. |
Data may be provided directly by the visitor, captured by security cameras, or transferred by other Befimmo companies. |
To preserve and ensure the security of Befimmo’s building and staff.
|
Befimmo's legitimate interest in ensuring the safety of its staff, occupants and assets. |
2.2.2. Transfer of Data to recipients
Data will only be transferred to the competent authorities in exceptional circumstances, for example if security camera footage contains evidence of a crime or damage, or if it enables the identification of a victim, witness or suspect.
They may also be processed if necessary by:
- a processor specialising in security (e.g. an external security company);
- companies within the Befimmo group acting as processors (within the framework of administrative or property management agreements).
2.2.3. Retention period
For as long as necessary to ensure the security of Befimmo's assets and personnel and for a maximum period of 1 month for security camera images and 1 year after the last visit for other Data.
With regard to security camera footage, if it contains evidence of a crime or damage, or if it allows a victim, witness or suspect to be identified, it will be retained for the necessary period, which may exceed one month.
In the event of a dispute exceeding the above-mentioned periods, the Data will be retained until the end of the dispute.
2.3. Data collected from contractors (including purchasers, suppliers of goods or services and subcontractors)
2.3.1. Data processing and legal basis
|
|
Data collected |
Sensitive Data collected |
How is Data collected |
Purpose of processing |
Legal basis |
|
|
Last name, first name, home address or place of residence, telephone number, e-mail address, bank account number, license plate number, images and sound (security cameras), company/VAT number and any other information that may be useful or necessary for the proper performance of the contract. |
No |
Data may be provided directly by the contractor, by intermediaries involved in the contract, collected from public registers, or transferred by other Befimmo companies. |
To the extent necessary: - To enable Befimmo and the contractor to communicate; - To enable the proper performance of the contract; - For invoicing purposes. |
Processing is necessary for the proper performance of the contract.
|
2.3.2. Transfer of Data to recipients
If necessary, the Data may be transmitted to the following recipients:
- Tax and social security authorities;
- Accountants, auditors;
- Lawyers, for example in the event of a dispute;
- Tenants/occupants and/or Befimmo's architect in connection with the performance of works;
- In the context of a property transaction, to the potential purchaser and to Befimmo's advisers assisting in the transaction;
- Companies within the Befimmo group acting as processors (within the framework of administrative or property management agreements);
2.3.3. Retention period
The Data listed above is retained for the following periods:
- 10 years from the end of the contract (end of the contractual liability period);
- 10 years from the end of the financial year or tax period concerned (in accordance with our tax and accounting obligations).
In the event of a dispute exceeding the above-mentioned periods, the Data will be retained until the end of the dispute.
2.4 Data collected from potential buyers, sellers, tenants or occupants, or suppliers
2.4.1. Data processing and legal basis
|
|
Data collected |
Sensitive Data collected |
How is Data collected |
Purpose of processing |
Legal basis |
|
|
Last name, first name, domicile or residence, telephone number, e-mail address, date and place of birth, presence on a sanctions list, company/VAT number, information on financial situation, and any other information that may be useful or necessary. |
No. |
Data may be provided by the Data subject directly, by intermediaries involved in the contract, collected from public registers, or transferred by other Befimmo companies. |
To carry out credit, anti-corruption and sanctions checks. |
Befimmo's legitimate interest in carrying out a risk analysis in order to manage its activities effectively. |
2.4.2. Transfer of Data to recipients
If necessary, the Data may be transferred to the following recipients:
- Befimmo shareholders on an ad hoc basis;
- Companies within the Befimmo group acting as processors (within the framework of administrative or property management agreements).
2.4.3. Retention period
The Data listed above is retained for the following periods:
- 10 years from the end of the contract (end of the contractual liability period) if a contract is concluded.
- 5 years after the last contact if a contract could not be concluded.
- 10 years from the end of the financial year or tax period concerned (in accordance with our tax and accounting obligations).
In the event of a dispute exceeding the above-mentioned periods, the Data will be retained until the end of the dispute.
2.5. Data collected from job applicants
2.5.1. Data processing and legal basis
|
|
Data collected |
Sensitive Data collected |
How is Data collected |
Purpose of processing |
Legal basis |
|
|
Last name, first name, contact details, CV, references, job title, hobbies and interests, references, previous jobs and employers, periods of unemployment, military service, academic background, information relating to the right to work. |
No. |
Data may be provided by the candidate directly or by intermediaries involved in the recruitment process (recruitment agency or consultant). |
To review applications for employment at Befimmo in order to assess the possibility of collaboration. |
For the processing of references, the legal basis is the candidate's consent. For the processing of Data relating to the right to work, the legal basis is Befimmo's compliance with its legal obligations. For the processing of Data after the recruitment process has been completed, when it does not result in the conclusion of an employment contract, the legal basis is Befimmo's legitimate interest in maintaining a pool of relevant profiles for future vacancies. In addition, processing is necessary in order to take the necessary steps to enter into a contract with the candidate or to take pre-contractual measures at their request. |
2.5.2. Transfer of Data to recipients
If necessary, the Data may be transferred to the following recipients:
- Tax and social security authorities, in the event of an audit;
- Befimmo shareholders, for high-responsibility positions.
2.5.3. Retention period
If the recruitment process results in an employment contract, the Data will be retained for the duration of the employment.
If the process does not result in recruitment, the Data will be retained for a period of two years after the end of the recruitment process so that the candidate can be contacted about new opportunities.
In the event of a dispute exceeding the above-mentioned periods, the Data will be retained until the end of the dispute.
2.6. Data collected from Befimmo shareholders, UBOs and directors
2.6.1. Data processing and legal basis
|
|
Data collected |
Sensitive Data collected |
How is Data collected |
Purpose of processing |
Legal basis |
|
|
Last name, first name, role, address, private address, place and date of birth, emoluments, e-mails, telephone numbers, identity document/national register number, number of shares held, roles. |
No. |
The Data may be provided by the director, shareholder or UBO directly or by other companies in the group. |
To do what is necessary for the governance of Befimmo and compliance with its legal obligations (organisation of general meetings, appointment/resignation of directors, UBO declaration, etc.). |
The processing is necessary to comply with Befimmo's legal obligations.
|
2.6.2. Transfer of Data to recipients
If necessary, the Data may be transmitted to the following recipients:
- Tax and social security authorities, in the event of an audit;
- Befimmo shareholders;
- Companies within the Befimmo group acting as processors (within the framework of administrative or property management agreements);
2.6.3. Retention period
The aforementioned documents and Data are retained for five years from the date on which the data subject ceases to be a shareholder, UBO or director of Befimmo.
2.7. Data collected from website visitors
2.7.1. Data processing and legal basis
2.7.2. Transfer of Data to recipients
The Data may be transmitted to certain Befimmo processors, namely the website host and the cookie manager.
2.7.3. Retention period
Cookies are stored for a maximum period of 6 months, regardless of the purpose of the processing.
Data processed in connection with the promotion of Befimmo's services is retained for 3 years after the last contact or until consent is withdrawn.
3. Transfer of your Data outside the EEA
Befimmo may transfer your Data to destinations outside the European Economic Area (EEA) if this is appropriate to achieve one of the purposes set out in Article 2 and/or to disclose your Data to recipients in accordance with Article 2.
If your Data is transferred outside the EEA, Befimmo will ensure that it is protected by one of the following safeguards:
- the transfer is based on an approved contractual clauses (Article 46(3) of the GDPR) or on standard data protection clauses adopted by the competent data protection supervisory authority (Article 46(2)(d) of the GDPR); or
- the laws of the country to which your Data is transferred ensures an adequate level of data protection (Article 45 of the GDPR); or
- the transfer is subject to the standard data protection clauses adopted by the European Commission (available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en) (Article 46(2)(c) of the GDPR) and any additional measures as required; or
- the transfer is based on binding corporate rules (Article 47 of the GDPR), an approved code of conduct (Article 46(2)(e) of the GDPR) or an approved certification mechanism (Article 42 of the GDPR).
If you would like to receive more information about transfers of your Data outside the EEA and/or the safeguards put in place, you can contact Befimmo at the address indicated in Section 7 below.
4. Your rights
You have certain rights regarding the Data that Befimmo holds about you. These rights can be exercised by contacting Befimmo as indicated in Article 7 below:
- you have the right to access your Data that Befimmo processes and to obtain information about how Befimmo processes this Data, and to obtain a copy of your Data;
- you have the right, in certain circumstances, to object to the processing of your Data;
- you have the right to obtain the restriction of Data processing in certain cases, for example when you contest the accuracy of your Data;
- if your Data is inaccurate or incomplete, you have the right to request rectification;
- you have the right, in certain circumstances, to request the deletion or removal of your Data from our systems;
- you have the right to lodge a complaint about the way that Befimmo processes your Data with a competent supervisory authority. For Belgium, the competent authority is the Belgian Data Protection Authority (autoriteprotectiondonnees.be);
- where the processing of your Data is based on your consent, you have the right to withdraw that consent at any time, without retroactive effect;
- you have the right, in certain circumstances, to obtain your Data in a structured, commonly used and machine-readable format, so that you can transmit it to another data controller.
For the above requests, please send an email with the subject line "data protection request" using the contact details mentioned in Section 7 of this policy. Your request will be processed as soon as possible.
When exercising one of your rights, Befimmo may ask you for information to confirm your identity and/or to help Befimmo locate the Data you are looking for so that Befimmo can respond to your request.
5. How do we protect your Data?
Befimmo has implemented a set of appropriate technical and organisational measures to protect your Data.
The measures cover various aspects of Data security, including:
- applying minimum requirements for passwords and requiring regular password changes;
- physical access controls to Befimmo's offices;
- firewalls, up-to-date antivirus software and email filtering services;
- providing regular training on Data security and protection for all employees.
These security measures are reviewed periodically.
6. What happens if you do not provide Befimmo with the requested Data or if you request that Befimmo stop processing your Data?
Befimmo's ability to fulfil its obligations with regard to:
- the contract between Befimmo and you;
- the review of a job application; or
- the legal obligations applicable to Befimmo,
sometimes depends on Befimmo's access to certain Data about you and its ability to use it. Consequently, and depending on the circumstances, if you do not provide Befimmo with the requested Data or if you request that Befimmo cease processing your Data, this may result in Befimmo being unable to fulfil its legal or contractual obligations or no longer being able to process the application.
7. Contact details
Questions, comments and requests regarding this policy (including those relating to the above-mentioned Data protection rights) should be sent by email to gdpr@befimmo.be or by post to Cantersteen 47, 1000 Brussels.
This data privacy policy is also available in French and Dutch.