Privacy Policy

This document is applicable for all ThoughtLabs SRL legal entities composing the ThoughtLabs SRL Group (see below)

This document defines how ThoughtLabs SRL entities, acting as data controller, may process, in accordance with the applicable laws, including, the General Data Protection Regulation (the “GDPR“) and for the purposes defined below, information relating to identified or identifiable natural persons (called “data subjects”) collected from time to time (directly or indirectly, on a compulsory or voluntary manner, manually or otherwise) from the data subjects themselves as well as from its clients, third parties (such as potential clients, subcontractors, providers or any stakeholders involved in an engagement with ThoughtLabs) and/or from publicly available sources where applicable.

Why does ThoughtLabs SRL process personal data?

ThoughtLabs SRL process personal data in accordance with applicable laws and solely for the following purposes (together the “Purpose(s)”) :

• To provide professional services including:
  • Analysis, Design, Development, Consultancy, Sales, Delivery, Installation, Services and Support activities related to the provision of IT solutions
• To maintain its administrative and clients/suppliers relationships management systems, including:
  • Bid issuance and contract drafting;
  • Clients/suppliers/alumni follow up and management;
  • Invoicing and payments of invoices;
  • Advertising, communication and public relations;
  • Event organisation;
  • Quality reviews; and
  • Client ou user experience improvement and personalisation of services delivery (for example via authentification, monitoring of the performance and use of Arhs Group applications where applicable).
• To apply acceptance and continuance procedures (including anti-money laundering, anti-bribery and counter-terrorist financing);
• To facilitate compliance with its legal, regulatory, professional and/or contractual obligations (including independence and archiving requirements…);
• To maintain and protect its buildings, equipment, IT infrastructure and data (including access management and authentification, security and performance monitoring…);
• To ensure its business continuity;
• To manage risks and litigations;
• To process the data subjects’ requests; and/or
• To manage its websites.

The Purposes above are based on at least one of the following legal basis:

• The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• The processing is necessary for compliance with a legal obligation to which ThoughtLabs SRL is subject;
• The processing is necessary for the purposes of the legitimate interests pursued by ThoughtLabs SRL or by a third party (such as the protection of ThoughtLabs SRL asset, the understanding of its clients’s needs and expectations or the fulfillment of the ThoughtLabs’s purpose or social interest); and/or
• The data subject has given consent to the processing for one or more specific purposes

What personal data does ThoughtLabs SRL process?

• Depending on, and when necessary for, the Purpose(s) above, ThoughtLabs SRL may process the following categories of personal data:
• Identification data (e.g. name, surname, alias…);
• Professional data (e.g. position, company…);
• Administrative data (e.g. proof of identity documents, birthdate, gender, language …);
• Relation data (e.g. relation history, attendance sheets…);
• Environment data (e.g. characteristics, habits, social media information…);
• Financial data (e.g. tax data, transactional data…);
• Numeric data (e.g. logs, IP address…); and
• Biometric data (e.g. picture and/or sound, video…).