Privacy Policy



This policy outlines the undertakings and measures implemented by the Alter Solutions Group in the processing of data transmitted or collected to ensure ongoing compliance with the texts applicable to data protection by the law of 30 July 2018 on the protection of individuals with regard to the processing of personal data and the European General Data Protection Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, these two texts being hereinafter referred to as the "Regulation".

The purpose of this Policy is to provide clear information on the way in which your personal data is collected and used by the Alter Solutions Group.



Processing of personal data: means any organised set of operations carried out on personal data (collection, structuring, storage, modification, communication, etc.).

Personal data: means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Sensitive data: means all data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data, data concerning the health of a natural person or data concerning sexual orientation are all classified as sensitive data.

Processing of sensitive data is strictly prohibited, except in some circumstances such as:

  • The data subject concerned has given explicit consent;
  • The processing forms a necessary part of the execution of the contract with the data subject.

Data subject: means any identifiable natural person who can be identified through the processing of personal data.

Data controller: means the natural or legal person who determines how the processing of personal data shall be undertaken, including the purposes the data will be used for as well as the means of processing to be used.

Subcontractor: any natural person who carries out data processing operations on behalf of the Data controller. By virtue of their agreement with the Data controller they are entrusted with certain tasks and required to provide technical and organisational guarantees relating to their capacity to process the personal data entrusted to them in compliance with the prevailing regulations.

Recipient: means any natural person who receives an authorised communication of personal data.

Cookie: refers to a set of data or collection of data stored on a computer (personal computer or other device connected to the Internet) necessary for the operation of a particular website.

Personal data breach: means a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.



The Alter Solutions Group is a technology consulting group that provides services and expertise to support our customers in the implementation of their technical projects dedicated to software engineering and cybersecurity.

Our ambition is guided by three strategic development axes:

  • Increase our market position as technical experts;
  • Expand our business to include international markets;
  • Develop our employer brand in order to attract the best people.



This general data protection policy applies to the following categories:

  • Professionals, partners within the group
  • Employees of the group
  • Prospective applicants wishing to join the group
  • Natural persons and legal entities who are clients or prospects of the group
  • Internet users browsing
  • All computer and telecommunication resources (in whatever form, tangible or intangible) necessary for the creation, processing, exchange and storage of personal data.



In accordance with the data minimisation principle, only personal data that is strictly necessary shall be collected and processed.

The information that may be collected includes the following:

  • The marital status of the Data Subject:
    • Last name / Maiden name
    • First names
    • Nationality
    • Civil status data (Gender, First and Last name of spouse, Family members, etc.)
    • Address, postal code and town of residence
    • Personal and business telephone number(s)
    • Personal and professional e-mail(s)


  • The professional life of the Data Subject:
    • Position, Grade, Salary
    • Working hours: clock in and out times
    • Photographs, videos
    • Addresses, site plans and technical data relating to buildings or installations (subject to intellectual property and contractual rights)


  • The connection data of the Data Subject:
    • IP address of the terminal or equipment connected to the Internet
    • Data specific to the technical equipment used to access the services provided by the companies within the group (PC, smartphone, web browser, etc.)
    • Personal Data that collected from publicly available databases and/or on social network
    • Cookies
    • Browser history



The documents listed below contain personal data collected or transmitted in the form of PDF attachments:

  • Identity documents (ID cards, passports, residence permits, etc.)
  • Electrical accreditations, driving licenses, CACES (Certificate of Aptitude in Safe Driving)
  • Medical appointments
  • Data provided as part of the Curriculum Vitae, and contained in the attached letters
  • Diplomas, educational qualifications
  • Proof of address
  • Photographic identification
  • Bank statement
  • Recognition of disabled worker status, disability card
  • Partial/Permanent Disability







Processing and administration relating to suppliers/service providers

  • Management and follow-up of orders  
  • Formalisation of contracts 
  • Monitoring of supplier/service provider invoicing



Management of principal and subsidiary accounts and invoicing

  • Posting of entries to the principal and subsidiary accounts and justification of company and subsidiary accounts.
  • Preparation and issuance of invoices to clients (B2B/B2C)
  • Settlement of supplier/service provider invoices



Internal communication activities

  • Creation of mailing lists
  • Dissemination of internal memos and other related notices (IRP minutes, etc.)
  • Dissemination of news relating to the company
  • Management of corporate social media: enrolment onto employee networks; administration of discussion groups; processing of user requests; provision of content; statistical analysis of traffic.
  • Organisation of employee events (internal competitions; Christmas for Children event; staff party; etc.)
  • Organisation of events for third parties: management and follow-up of bookings; webinars etc.

External communication activities

  • External communication of non-sales related information (news; updates)
  • External social network promotions and marketing
  • Management of the company website and statistical analysis of traffic

Management of copyright and permissions relating to images

  • Compilation and storage of all image related copyright and signed use permissions



IT asset management

  • Management and monitoring of allocation of individual computer equipment
  • Creation of email addresses
  • Allocation of laptop computers
  • Setting-up of direct telephone lines for employees


Management of data hosting

  • Hosting and provision of company data for the benefit of the employees
  • Safeguarding of company data by scheduled back-ups

Management of computer directories and definition of IS access rights

  • Creation/deletion of user accounts
  • Allocation/revocation of access rights and permissions to applications and networks

Administration of Guest WiFi

  • Provision of a WiFi network within private premises for use by visitors
  • User authentication
  • Retention of connection and access logs to satisfy statutory obligations



Administration of all legal affairs on behalf of the company

  • Organisation of general meetings and meetings of the boards of directors
  • Maintenance of a register of partners and other statutory registers and records
  • Administration of financial benefits due to partners in the company

Administration of delegated authority and signatories within the company

  • Identification of necessary powers and authority
  • Drafting, execution and recording of delegated authority

Administration of contractual relations with corporate partners

  • Formalisation of contracts with clients, partners and suppliers
  • Preparation, implementation and monitoring of legal proceedings before the relevant competent jurisdictions
  • Management and monitoring of amicable settlements

Management of unpaid invoices

  • Management and monitoring of unpaid invoices: including out-of-court procedures for the collection of unpaid invoices (identification of debtors; issuance of reminders; etc.)
  • Management of accounting reserves
  • Preparation of various statistics and reports for regulatory, accounting, tax and operational purposes

Management of GDPR requests from Data Subjects

Monitoring and management of individual requests made in connection with the exercise of their GDPR rights:

  • Management of a statutory registers and records
  • Preparation of statistical data
  • Internal processing of data breaches
  • Identification of data subjects affected by the data breach
  • Notification of breaches to the appropriate EU member Data Protection Authority (DPA) and to the affected persons who are victims of the data breach, if applicable




Management of fixed lines and mobile telephones

  • Management and allocation of a business telephone number



Direct marketing operations

  • Organisation and management of direct marketing activities
  • Implementation of monitoring and analysis of operations in order to determine their relevance and performance
  • Follow-up activities relating to marketing objections/withdrawal of consent to direct marketing
  • B2B and B2C marketing and distance selling operations conducted by telephone; e-mail; SMS
  • Follow-up relating to services provided by the company/clients thanks to the company's marketing operations

Operation of the website

  • Creation of a profile via a contact form
  • Communication operations directed to web users (Newsletter)


Management of recruitment operations

  • Organisation and management of recruitment operations: intake, review and processing of applications
  • Organisation of job interviews; in person and/or remotely (by phone or video)
  • Collection of information relating to the identity and contact information of references; provided by the candidate; to the extent necessary to assess the candidate's skills accordingly

Direct contact with potential candidates

  • Conduct profile searches on social networks
  • Direct contact operations with potential candidates on social networks and/or by recommendation
  • Creation of a profile on HR tools

Offer of employment

  • Collection of data necessary to establish the offer of employment
  • Establishment of the employment contract
  • Retrieval of administrative documents as part of the formation of the administrative personnel file*
  • Provision of documents (internal regulations; GDPR notices; various forms including the one for affiliation to the mutual insurance company; etc.)

Administrative management of personnel

  • Establishment, monitoring and management of the personnel file for each employee during the duration of the employment contract; maintained in accordance with the legal and regulatory provisions; as well as the statutory, collective bargaining or contractual provisions governing the persons concerned
  • Organisation and monitoring of medical appointments
  • Monitoring of fitness for work (only fit/unfit)
  • Organisation of medical appointments
  • Maintenance and updating of personnel register
  • Monitoring the performance of employees in the performance of their respective duties
  • Completion of corresponding declarations to the tax authorities and to social security, retirement and insurance organisations 
  • Maintenance of employee salary change records
  • Scheduling of annual review interviews
  • Preparation; execution and monitoring of disciplinary measures taken against an employee
  • Preparation, execution and monitoring of employment litigation
  • Management of employee terminations

Management of leave, work stoppages / accidents, working time

  • Management and monitoring of leave; including exceptional leave/absence (according to the statutory, collective bargaining or contractual provisions governing the persons concerned)
  • Management of sick leave and work/travel accidents
  • Declarations to the competent bodies (legal obligation to notify)
  • Working time monitoring (statements of attendance; executives on fixed-term contracts; etc.)

Management of internal directories and organisational charts

  • Provision of an internal directory and organisational chart
  • Management of employee objections to the distribution of their photograph

Career and mobility management

  • Management of internal competencies (skills, career path)
  • Monitoring and management of mobility requests
  • Transportation/accommodation booking procedures/resources for business travel
  • Management of business visa applications
  • Monitoring and organisation of training requests

Expense reports

  • Approval of expense reports prior to reimbursement (as part of payroll processing)
  • Undertaking checks to verify compliance with the expenditure commitment procedure (legitimate interest of the company to prevent abuse and fraud)

Payroll management

  • Calculation and payment of remuneration and related items
  • Transfer orders for payment
  • Transmission of payroll entries to the accounting department
  • Creation and provision of electronic pay slips
  • Implementation of the company's remuneration policy
  • Collection and analysis of individual performance data
  • Calculation of the amount of variable remuneration
  • Entry into the payroll software/sent to the payroll manager
  • Retention of pay slips in accordance with applicable statutory and regulatory provisions

Management of the employee savings scheme

  • Calculation and payment of shares as part of profit-sharing
  • Management of employees' decisions (investment in the company savings plan or immediate payment)
  • Subsequent use of the data within the framework of payroll management for the calculation of CSG (Contributions to the General Social Security Scheme) and CRDS (Contributions to the Social Security Deficit)

Other benefits

  • Provision of meal card supplied every month
  • Management and allocation of gift and holiday vouchers to employees
  • Coverage of a mutual health insurance and retirement plan

Organisation and management of professional elections

  • Establishment of the electoral list
  • Management of candidatures
  • Organisation of the elections
  • Management of challenges to the election results
  • Regular activity of the IRP: convocation; preparatory documents; minutes
  • Negotiation of company collective agreements


Data shall be kept in a form that allows the identification of the Data Subjects for no longer than is necessary for the purposes for which they are processed or for any obligation mentioned in GDPR.

The retention period shall be defined in a way that is appropriate, precise and proportional to the purpose of each processing operation.



The data processors shall only collect and process the personal data that is voluntarily transmitted to them, or provided by the various software or hardware resources (ERP, Time & Attendance, Internet routers, etc.).

The Alter Solutions Group has put in place an organisation that relies on the skills and accountability of those involved in all operations related to the processing of personal data. We raise awareness and take steps to implement dedicated data protection training to increase everyone's awareness and knowledge of the subject.



In accordance with the above, and unless it is necessary to communicate personal data to companies whose intervention as third party service providers on behalf and under the control of the responsible party is required for the aforementioned purposes, the Group shall not pass on any personal data collected nor sell, license or otherwise exchange the data with any organisation or entity, unless the corresponding data subjects have been duly informed thereof in advance and have provided their explicit consent, unless required by law, for example in the context of legal proceedings.

When subcontracting, we take all reasonable steps to ensure that the subcontractors provide sufficient guarantees regarding the protection of personal data; we ensure that appropriate technical and organisational measures have been implemented in order to guarantee the protection of personal data and the rights of the Data Subject.

We structure the relationship with the subcontractor through contractual GDPR liability clauses as part of the proper execution of the terms of the contract.



ALTER SOLUTIONS strives to keep the Personal Data in France, or at least within the European Economic Area (EEA).

However, it is possible that the Data we collect when you use our platform or services may be transferred to other countries. This is for example the case if some of our service providers are located outside the European Economic Area.

In the event of such a transfer, we guarantee that it will be carried out:
  • To a country ensuring an adequate level of protection, i.e. a level of protection equivalent to what the European Regulations require.
  • Within the framework of standard contractual clauses.
  • Within the framework of internal company rules.



For more information about cookies, their categorisation and detail, please refer to our Cookie Policy.



ALTER SOLUTIONS is committed to protecting the Personal Data we collect, or that we process, from loss, destruction, alteration, unauthorized access, or disclosure.

We have implemented a set of security measures proportionate to the risks relating to data loss, data disclosure and illegitimate access to data. These measures shall ensure the confidentiality, integrity and availability of personal data processed by the Alter Solutions Group.




In the event of a personal data breach relating to processing operations that represents a high risk to data subjects and falls within the scope of a privacy impact assessment, the Alter Solutions Group undertakes to:

  • Notify the supervisory authority within a period of no more than 72 hours from the discovery of the breach;
  • Identify and inform those affected by the breach, as appropriate.



Alter Solutions Group shall ensure that data subjects have the ability to exercise their rights in connection with their personal data.

Right to information

The right to have clear, precise, and complete information on the use of Personal Data by Alter Solutions Group.

Right of access

This right is intended to ensure that the Data Subject has access to all data and details of the processing that concerns them in order to determine the information held by Alter Solutions Group or to verify the accuracy of the same.

Right to rectification

This right allows a Data Subject to request the correction of any inaccurate, obsolete and/or incomplete personal data.

Right to erasure / right to be forgotten

This right allows a Data Subject to request the erasure or deletion of personal data held by Alter Solutions Group, unless Alter Solutions Group has a legitimate interest in keeping it.

Right to restriction of processing

This right allows a Data Subject, under certain conditions, to request that Alter Solutions Group restrict the processing of personal data processed by the company.

Right to data portability

This right allows a Data Subject to retrieve personal data in order to store or transmit said data from one information system to another.

Right to object

This right allows a Data Subject to object to the processing of any personal data for reasons related to the particular situation of the Data Subject (under conditions).

Right to Withdraw Consent

The right at any time to withdraw Consent where Processing is based on Consent.

Right not to be subject to an automated processing decision

The Data Subject shall have the right not to be subject to a decision which may include a measure involving the assessment of certain personal aspects relating to them which is taken solely on the basis of automated processing and which produces legal effects concerning them or which similarly significantly affects them, including profiling.

Right to define post-mortem directives

The right for the applicant to define directives concerning the fate of Personal Data after his/her death.


The above rights can be exercised at any time:

  • By sending an e-mail to the following address:
  • Or by writing to: ALTER SOLUTIONS - Data Protection Officer (DPO) – Boulevard Brand Whitlock 87, St-Lambrechts-Woluwe, 1200 Brussels, Belgium.
  • You also have the right to file a complaint with the Autorité de la protection des données - Gegevensbeschermingsautoriteit (APD-GBA), accessible via the following website:

  • Regarding any processing of data undertaken to ensure appropriate monitoring of the risks of money laundering and terrorist financing, pursuant to law of 18 September 2017 on the prevention of money laundering and terrorist financing and the restriction of the use of cash, , your requests for access to these files should be addressed to the SPF Economie – City Atrium C, Rue du Progrès, 50, 1210 Brussels.

  • In terms of direct marketing, you may choose at any time not to receive it by using the unsubscribe link included in the message.