Privacy policy
Last updated: 10/01/2026
1. Company Identity
This privacy statement concerns:
Phonecom SA
Address: Av. du Roi 73, 1060 Brussels
Company number (BCE): BE0453646828
E-mail: info@phonecom.be
Where applicable, you may contact our Data Protection Officer via: stephane.vandenneste@phonecom.be
2. Role of Phonecom SA under the GDPR
Phonecom SA processes personal data exclusively on behalf of its clients in the context of participant recruitment, user testing, and market research.
In this context, Phonecom SA acts as a “Processor” within the meaning of the General Data Protection Regulation (“GDPR”).
The client of Phonecom SA determines the purposes and means of the processing and acts as the Data Controller.
Phonecom SA processes personal data only in accordance with its clients’ instructions and the applicable data processing agreement.
3. What Personal Data May Be Processed
Depending on the assignment concerned, the following personal data may be processed:
- first name
- last name
- e-mail address
- telephone number
- gender
- participation or contact status (only for clients with whom we have had a telephone conversation)
- communication data in the context of participant recruitment (only for clients who agreed to participate)
Phonecom SA does not process any special categories of personal data (within the meaning of Article 9 of the GDPR). The data collected is limited to the information strictly necessary for participant recruitment.
4. Purposes of the Processing
Personal data is processed exclusively for:
- contacting potential participants
- participant recruitment
Phonecom SA does not use personal data for its own commercial purposes.
5. Legal Basis for Processing
The Data Controller is responsible for determining the legal basis (e.g. consent, legitimate interest) and for informing the data subjects.
Phonecom SA ensures that the processing carried out on behalf of its clients complies with the principles of the GDPR, including data minimization, security, and transparency. Phonecom SA only processes data in accordance with the documented instructions of the Data Controller and the agreed purposes.
6. Disclosure to Third Parties
As part of the performance of its services, Phonecom SA may use external IT and communication service providers.
These parties are contractually required to comply with appropriate technical and organizational measures as well as confidentiality obligations.
Personal data is not transferred outside the European Economic Area (EEA), unless appropriate safeguards are provided in accordance with the GDPR.
7. Retention Periods
Personal data is not retained longer than necessary for the performance of the client’s assignment or in accordance with the contractual agreements concluded with the Data Controller.
At the end of the assignment, personal data is deleted in accordance with the agreements concluded with the Data Controller.
8. Security Measures
Phonecom SA implements appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, or destruction.
These measures include in particular:
- individual user accounts
- access management based on roles and needs
- activity logging
- antivirus solutions and infrastructure security measures
- secure data transfers
- physical access control
- restricting access to personal data to authorized personnel only
9. Rights of Data Subjects
When Phonecom SA processes personal data on behalf of a client, the data subject must first contact the relevant Data Controller in order to exercise their rights under the GDPR.
This includes in particular the right:
- of access
- to rectification
- to erasure
- to restriction of processing
- to object
- to data portability
When a request relating to data subject rights is received directly by Phonecom SA, it is recorded and forwarded without undue delay to the relevant Data Controller. Requests are forwarded within an internal period not exceeding 72 business hours from receipt, except in exceptional circumstances.
10. Data Breaches and Security Incidents
Any suspected or confirmed incident is immediately reported to the IT manager or the designated person responsible for information systems security. An initial analysis is carried out to assess the nature of the incident, its potential impact, and the necessary containment measures.
In the event of a personal data breach likely to result in a risk to the rights and freedoms of data subjects, the Data Controller is informed without undue delay and, where applicable, within a maximum period of 72 hours after identification of the incident.
11. Amendments to this Privacy Statement
Phonecom SA reserves the right to amend this privacy statement if necessary due to changes in legislation, services, or internal processes.
The most recent version of this privacy statement is available upon request or via the Phonecom SA website.
12. Contact and Complaints
For any questions regarding this privacy statement or the processing of personal data, you may contact us via: info@phonecom.be
You also have the right to lodge a complaint with the competent supervisory authority:
Data Protection Authority
Rue de la Presse 35
1000 Brussels
Belgium