No incidentsNo incidents

Privacy notice

Contact us
Open netwerk

1. Scope of application 

This Privacy Notice describes how Eurofiber (hereafter: “Eurofiber”, “we”, “our”, and/or “us”) processes personal data of its professional customers, suppliers, website visitors, and of employees and applicants. In these activities,  Eurofiber acts as the data controller, as defined in the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679). It concerns the processing of personal data relating to: 

  • Professional clients and prospects;
  • Suppliers and subcontractors (and their representatives);
  • Visitors to our website(s);
  • Our employees, temporary staff, and job applicants. 

 2. Personal data 

Personal data refers to any information that can identify or be linked to a natural person. This includes, for example: 

  • Name, job title, and contact details (email, phone, address); 
  • Contractual and billing information; 
  • IP addresses and behaviour while browsing our websites;
  • Visual material (e.g. photos of intervention on sites);
  • Diplomas, criminal records extracts. 

 We only process data that is relevant, adequate, and limited to what is necessary for the intended purpose, in accordance with the principles of lawfulness, fairness, transparency, and data minimization (article 5.1.c GDPR).  

3. Data subjects and categories of data processed 

a. Customers and prospects  

We process the personal data of representatives of our existing or potential customers (companies or public authorities), such as:  

  • Name, professional contact details, address, phone number;
  • Contents of written or verbal communications with our teams, including any information shared in the context of preparing  or performing an agreement;
  • Agreement(s) concluded with Eurofiber;
  • Invoice and payment details including IBAN and the contact person’s role;
  • Technical notes and reports from field engineers (installers) or contractors, including photos of the installation site and location (e.g. fibre optic) ;
  • Responses to customer satisfaction surveys or other commercial queries;
  • Website(s) navigation data, including IP addresses and click behaviour. 

 

b. Suppliers/contractors 

From our suppliers/contractors and their personnel, we process: 

  • Professional contact details of the contact person (e.g. address, phone number, etc.);
  • Technical reports and comments from engineers/installers/suppliers on completed work;
  • Required qualifications, such as diplomas, recent criminal record extracts, and any disqualifications. 

 We do not process special categories of personal data concerning customers or contractors/suppliers. 

 

c. Employees and applicants 

We process personal data of our own employees, temporary staff, freelancers, and applicants in the context of: 

  • Human resources management (recruitment, evaluation, training);
  • Contract management;
  • Workspace safety;
  • Employer branding and internal communication.  

 

4. Purposes and bases of data processing 

Certain legal provisions apply to the processing of personal data. We process personal data in line with the principles of lawfulness, transparency, and data minimization. 

We process personal data primarily for two main purposes: business operations and marketing. Each of these purposes includes specific data processing activities. We rely on four legal bases as defined in article 6 of the GDPR: consent, performance of a contract, legal obligation, and legitimate interest. 

a. Consent (article 6.1.a GDPR) 

We request your explicit consent for: 

  • Sending newsletters;
  • Storing named responses to customer satisfaction surveys for two years;
  • Personalized communication based on previously viewed or downloaded content;
  • Contact by our commercial team;
  • Setting tracking cookies and similar techniques. 

 b. Necessary for the performance of a contract (article 6.1.b GDPR) 

When processing is necessary for the conclusion or performance of a contract, we process your data for the following purposes: 

  • Concluding and performing agreements;
  • Providing the requested services, including addressing customer needs and personalizing our offering;
  • Managing services and infrastructure, including ensuring their security and continuity;
  • Performing necessary repairs and technical interventions;
  • Implementing both digital and physical security measures;
  • Communicating with existing customers, including the sending of service messages and business-related communications;
  • Detecting or preventing damage or fraud. 

c. Legal obligation (article 6.1.c GDPR) 

Processing may be necessary to: 

  • Comply with tax, social, or legal obligations;
  • Respond to legitimate requests from competent authorities;
  • Handle legal disputes or audits. 

 d. Legitimate interest (article 6.1.f GDPR) 

We rely on legitimate interests to: 

  • Manage customer and prospect database, including former customers;
  • Conduct market analyses, strategic planning, and satisfaction surveys;
  • Develop and improve products or services;
  • Send targeted offers to existing customers;
  • Analyse and secure our website(s) (including remembering previously entered fields or preferences, for which we ask consent via tracking cookies).
  • Perform internal profiling to enhance customer experience – not for automated decision-making or unwanted tracking.  

5. Sharing and provision of personal data 

a. Internal processing and subcontractors 

Personal data may be shared with authorized internal staff and with processors (e.g. installation partners, marketing agencies) under a data processing agreement in accordance with article 28 of the GDPR. These parties act solely under our instruction and control, in strict confidentiality.  

b. External sharing and authorities 

Data may also be shared with external parties, such as: 

  • Competent authorities, if legally required;
  • External partners for fraud prevention or service continuity;
  • Other entities within our group, based on joint responsibility or transfer agreements. 

c. Transfers outside the EEA 

As a rule, we do not use service providers outside the European Economic Area (EEA). If this becomes necessary, we implement appropriate safeguards in accordance with article 46 of the GDPR, including the use of EU Standard Contractual Clauses (SCCs) approved by the European Commission. 

6. Confidentiality 

Any person processing personal data on behalf or for Eurofiber (employees, temporary employees, freelances, contractors’/suppliers’ staff) is contractually bound by strict confidentiality. 

Our customers are also obliged to treat any access credentials, certificates, security information, and other data provided by Eurofiber as confidential and to assign them only to authorized personnel, ensuring their employees comply with the obligations set forth in this article. 

7. Security measures 

We implement appropriate technical and organizational security measures to protect personal data. These include for example: 

  • Individual user accounts with strong passwords;
  • Role-based access rights;
  • Physical access control to buildings and data centers;
  • Firewall and antivirus protection; 
  • Regular backups and security updates;
  • VPN usage for remote access;
  • Inbound network traffic restrictions.  

All our services and processes are designed to the highest standards and are audited annually. For more details on our certificates, please visit our corporate compliance page

Customers are also expected to take their own precautions, such as encrypting data when using our services. 

8. Data breaches (data breach protocol) 

Despite our precautions, security incidents involving personal data (so-called data breaches) may occur. In such cases, we immediately carry out a risk assessment.  

If the breach poses a risk to individuals, we report it within 72 hours to the relevant supervisory authority: the Data protection authority (GBA or ADP) in Belgium, the Dutch Data protection authority (AP) in the Netherlands, or the French data protection authority (CNIL) in France.  

If the risk is deemed high, we also notify the affected individuals directly, unless: 

  • the data has been encrypted or rendered;
  • existing security measures minimize the risk;
  • individual notification would be unreasonably burdensome. In that case, a general notice (e.g. on our website) will be issued.  

9. Retention periods 

We retain personal data only as long necessary for the purpose(s) for which it was collected, taking into account: 

  • the nature and sensitivity of the data (e.g. sensitive or quickly outdated);
  • legal and tax retention obligations;
  • the frequency of processing (one-time or ongoing);
  • the data subjects’ expectations. 

After the retention period, data is deleted or anonymized.  

10. Analysis and Tracking Tools 

Our website uses the service Leadinfo (Rotterdam, the Netherlands), which identifies business visitors by their IP address. The service displays public company information and places two first-party cookies to gain insight into website use and link form submissions to business visits. More information is available at www.leadinfo.com. Visitors can opt-out via the following link: www.leadinfo.com/en/opt-out. 

11. Cookies 

Our websites use cookies to improve your user experience, analyse performance, and personalize content. Some cookies are essential; others are only used with your consent. For more information, we refer to our cookie policy on our website (cookie statement).  

12. Data subject rights  

Individuals (including all users of our tools and websites) have the following rights under articles 15 to 22 of the GDPR: 

  • Right of access;
  • Right to rectification of incorrect or incomplete data;
  • Right to erasure, subject to legal retention requirements;
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object to processing based on legitimate interest;
  • Right to withdraw consent. 

You may exercise your rights by contacting our Privacy Officer (PO) via email at privacy@eurofiber.com or by post, stating ‘personal data’, at: 

  • Eurofiber Netherlands BV, t.a.v. Afdeling Privacy 

Safariweg 25-31, 3605 MA Maarssen Postbus 7072, 3502 KB Utrecht 

  • Eurofiber Belgium NV 

Belgicastraat 5, postbus 7 1930 Zaventem 

  • Eurofiber France (dpo-fr@eurofiber.com) 

Rue du Gouverneur Général Eboué 24, 92130 Issy-les-Moulineaux 

We are committed to responding within one month, in accordance with the regulations. 

13. Complaint 

If you believe your rights are not being respected, you may file a complaint with the competent supervisory authority:  

14. Modifications 

We reserve the right to amend this Privacy Notice from time to time. In the event of significant changes, or changes requiring renewed consent, we will notify you in advance via our website or another appropriate channel. (last updated (last updated 9th of February 2026).