Privacy notice for suppliers, customers and third parties

Version 1.0 – 03.03.2026

Protecting your personal data is very important to us, the Recticel Group. We are fully committed to respecting any and all laws and regulations on the protection of personal data, such as - without being limited to - the General Data Protection Regulation (GDPR).

We would like to use this Privacy Notice to explain to you what personal data we may process about you, how we use such personal data, and with whom we share such personal data.

This Privacy Notice applies to the processing by Recticel Group of all personal data of (contact persons at) suppliers, customers, prospects, end-consumers or any other stakeholder that the Recticel Group may interact with, such as, without being limited to third parties who engage with us at an event or visit us at one of the Recticel Group sites.

  1. Who are we?

We are Recticel Group, a corporate group with headquarters in Belgium. The mother company of the Recticel Group is Recticel NV, a company incorporated under Belgian law, with registered office at Bourgetlaan 42, 1130 Brussels, Belgium and registered in the Belgian Crossroads Bank for Enterprises under the number 0405.666.668.

You can contact Recticel Group for all general issues or questions relating to the processing of your personal data by using the contact details below:

Email: data.protection@recticel.com

Telephone: +32 2 775 18 11 ( Legal Counsel)

More in particular, the subsidiary of the Recticel Group with whom you have a contractual or business relationship is responsible for deciding why and how the personal data we collect from you, is processed. This means that such company is to be considered as the data controller in relation to the processing of your personal data.

  1. Which personal data do we collect and how do we use it?

  1. Types of personal data collected

Personal data is all information relating to you on the basis of which you may be identified or may be identifiable. Anonymous data, without possibility to identify you, are not considered as personal data.

When you engage in a business relationship with Recticel, we may collect the following personal data from you:

  • Identification and contact data, such as name, surname, professional field or responsibility, email address and phone number;

  • Bank account details;

  • History and notes of meetings and communications;

  • Details on (past) employment, education and postings (e.g. when relevant for the contemplated partnership between Recticel and the company your work);

  • Details on enquiries, complaints and requests you have made to Recticel Group;

  • Any additional information you give us when we have contact with you (e.g. at trade fairs);

  • Photographs and/or video images.

Please note that we may not be able to engage in a business relationship with you if you do not wish to provide us with certain of the abovementioned personal data.

  1. Purposes for which your personal data are used

Your personal data are used for the following purposes:

  • Business relationship management and administration, including risk analysis and due diligence checks;

  • Contract management;

  • Order management, both in relation to customers and suppliers;

  • Financial accounting and invoicing;

  • Research;

  • Dealing with enquiries, complaints and requests;

  • Dispute management;

  • Public relations and business development;

  • Event management;

  • (Direct) marketing;

  • Risk analysis and due diligence check, both in relation to customer and suppliers;

  • Access control and security;

  • Regulatory compliance.

Your personal data will not be used for any other purpose than the ones mentioned above.

  1. Legal basis for processing your personal data

We primarily process your personal data in order to establish, execute or terminate a business or contractual relationship with you or your company; to get in touch with you, upon your request/with your consent (e.g. in the framework of enquiries, complaints and requests); or to comply with any legal obligations we would have.

We may also process some of your personal data when we feel this is in the legitimate interest of Recticel Group, for example, to identify you before allowing you access to our building for safety and security reasons. In such case we will always ensure that our legitimate interest is not overridden by your interests, rights and freedoms (in which case we will re-evaluate the data processing activity). The legitimate interest assessment we have made in this regard is available upon request.

In some instances, we may also collect your consent in order to be able to send you marketing email messages. When you receive such email messages you will always have the possibility to unsubscribe by using the unsubscribe-button provided in such email messages.

  1. With whom do we share your personal data?

Your personal data may be shared internally within the company or with another Recticel Group company if necessary for the purposes or processing as mentioned above.

Your personal data may also be shared with external service providers that we use to conduct some internal or external tasks for us which may involve your personal data (e.g. external IT providers, cloud storage providers or other service providers and professional advisors, etc.). Such service providers only act as data processors for us and we will enter into the necessary data processing agreements with these service providers to ensure your personal data remains adequately protected by them and they can only act on our explicit instruction.

Aside from this, we do not transfer any personal data to third parties, unless we are obliged to do so based on mandatory legal provisions (e.g. disclosure to external bodies, such as supervisory or law enforcement bodies and/or parts of the administration) and/or as a result of a court or government order. We may also transfer your personal data after having obtained your consent to do so.

  1. Are your personal data transferred abroad?

We try to limit transfer of your personal data outside the EEA as much as possible.

Insofar as transfers outside the EEA would be necessary – directly or indirectly via a data processor –, we will always take appropriate measures to ensure that your personal data are duly protected and that all transfers of personal data outside the EEA take place in a lawful manner (e.g. by having the recipient sign a copy of the standard contractual clauses of the European Commission or by asking your explicit consent to be able to do so).

  1. How long do we keep your personal data?

We do not keep your personal data any longer than necessary to achieve the intended purpose for which your personal data are collected.

As a general rule, your personal data will be retained during the entire business relationship with Recticel and for ten years following the end of such business relationship. This corresponds to the statute of limitation.

Notwithstanding the foregoing, we may not be able to delete certain personal data if there is a legal retention obligation to keep such personal data, if a statute of limitation is still applicable or if we need this personal data in the context of a legal claim.

  1. How are your personal data secured?

We have taken all reasonable and adequate technical and organisational security measures to protect your personal data as best as possible against accidental or intentional manipulation, modification, publication, loss, abuse, destruction or access by unauthorised persons. Such measures include amongst others a limited access policy and strong password protection.

  1. What are your rights relating to your personal data?

Based on the GDPR you have a right (insofar as the concrete conditions of application for such a right are fulfilled) to:

  • Access and receive information about the personal data processed about you;

  • Be forgotten or ask for deletion of your personal data;

  • Seek the rectification and the completion of inaccurate personal data;

  • Ensure the transferability of personal data;

  • Seek the restriction of processing;

  • Object to the processing of your personal data.

To exercise these rights, you can contact us by email at the following address: data.protection@recticel.com. In order to allow us to verify the legitimacy of your request, we may ask you for further proof of your identity. We will respond to your request as quickly as possible, but in any case within one month following receipt of your request.

  1. Do you have a question or complaint?

If you have a question or complaint about the way in which Recticel Group processes your personal data, you can always inform us via data.protection@recticel.com so that we can deal with the issue together.

You may also file a complaint with the Belgian Data Protection Authority, or any other competent Data Protection Authority, at any time. To this end, please find the contact data of the Belgian Data Protection Authority below:

Website:

https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte

Contact details:

Belgian Data Protection Authority

Rue de la Presse 35, 1000 Brussels, Belgium

+32 (0)2 274 48 00

+32 (0)2 274 48 35

contact@apd-gba.be

  1. What law is applicable to this Privacy Notice?

Any dispute in relation to this Privacy Notice must be interpreted in accordance with Belgian law.

  1. Amendments

We may change, complete or supplement this Privacy Notice from time to time without prior notice. The new version will apply as from its publication date. We therefore invite you to always consult the latest version of this Privacy Notice in the “Privacy Notices” section on the website.