Privacy Policy

1. Who We Are

TALENT on demand is a consultancy and technology company specialising in Strategic Workforce Planning, skill and competence management, and workforce analytics. We are headquartered in Belgium and operate across the European Union and internationally.

Data Controller: TALENT on demand
Information Security Officer: Philip De Neve
Contact: hello@talentod.com  ·  philip.de_neve@talentod.com
Phone: +32 (0) 472 229 756

2. What Data We Collect

We collect personal data only when you actively provide it to us, or when it is generated through your use of our website and tools. This includes:

Contact and enquiry data

• Name, job title, and company name
• Email address and telephone number
• The content of messages you send via our contact form
• Demo request details and preferences

Website usage data

• Pages visited and time spent on the site
• Browser type, device type, and operating system
• Referring URL and approximate geographic location (country/region level)
• Interaction data such as clicks and scroll depth

Assessment and tool data

• Responses submitted through our self-assessment tools (TSCM Maturity Assessment, SWP Maturity Quiz, AI Readiness Quiz, and similar interactive tools)
• Quiz and test results from interactive tools on the site
• Data submitted during consultancy engagements, including workforce and organisational information provided by client organisations

3. How We Use Your Data

We use personal data only for the purposes described below, on the legal bases indicated. In line with our Information Security Policy, customer data is used exclusively for activities directly related to the operation and delivery of contracted services. Any use outside that scope requires your explicit written consent.

• Responding to enquiries (legal basis: legitimate interest / contract performance) - to reply to contact form submissions and demo requests
• Providing our services (legal basis: contract performance) - to deliver assessments, consultancy engagements, and tool access you have requested
• Improving our website and tools (legal basis: legitimate interest) - to understand how visitors use the site and improve content and functionality
• Marketing communications (legal basis: consent) - to send newsletters or product updates, only where you have explicitly opted in
• Legal compliance (legal basis: legal obligation) - to meet our obligations under applicable law, including responding to lawful authority requests

4. Data Ownership

You retain full ownership of all personal and proprietary data you provide to us. TALENT on demand does not claim any ownership rights over your data. All rights to access, modify, and control your data remain exclusively with you. In the event of any dispute, we commit to never withholding your data as leverage. All disputes are handled transparently and in accordance with agreed contractual terms and applicable legal frameworks.

5. How Long We Keep Your Data

All documentation is retained for at least 6 years after initial creation in accordance with our Information Security Policy. Specific retention periods are as follows:

• Contact and enquiry data: retained for up to 3 years from last contact, or until you request deletion
• Client engagement data: retained for 7 years in line with Belgian accounting and legal requirements
• Website analytics data: retained in aggregated or anonymised form; individual-level data retained for up to 13 months
• Assessment responses: retained for up to 12 months unless you request earlier deletion

6. Data Deletion and Return

Upon conclusion of a contract or business relationship, we follow a structured data deletion procedure:

• We determine whether data should be returned to you or securely destroyed, considering legal requirements, contractual terms, and your preferences
• If data is to be returned, it is transferred securely using encrypted methods; we obtain written confirmation of safe receipt
• If data is to be destroyed, secure destruction methods are employed (shredding for paper records, certified erasure for digital files) and destruction is documented
• If no decision is reached within 30 days of contract termination, we will notify you of our intent to destroy the data; destruction takes place within 10 working days of that notice
• All communications, notifications, and acknowledgements relating to data deletion are documented and retained for compliance purposes

7. Who We Share Your Data With

We do not sell your personal data. We maintain an inventory of all third-party vendors, classified by risk level, and conduct annual reviews of high-risk vendors. We may share data with trusted third-party service providers who act as data processors on our behalf, including:

• Email and CRM platforms used to manage communications
• Website hosting and analytics providers
• Professional advisers (lawyers, accountants) where legally required

All processors are contractually required to include minimum security requirements and breach notification clauses. Where processors are located outside the EU, appropriate transfer safeguards (such as Standard Contractual Clauses) are in place.

8. Legal Requests and Subpoenas

If we receive a subpoena, court order, or other lawful legal request for your data, we follow a formal procedure:

• We verify the authenticity and legal validity of the request before taking any action
• Our legal team assesses the scope of the request and any conflicts with data protection law
• Where legally permissible, we will notify you of the request before responding
• We apply the minimisation principle - only the specifically requested data is disclosed; unrelated information is redacted or withheld
• All disclosures are made via secure, encrypted transmission methods
• Full records of all legal requests and our responses are maintained for audit purposes

9. Cookies

Our website uses cookies and similar technologies to improve functionality and analyse usage. Categories of cookies we use:

• Strictly necessary cookies: required for the site to function. These cannot be disabled.
• Analytics cookies: help us understand how visitors interact with the site (e.g. pages viewed, session duration). Used only with your consent.
• Preference cookies: remember settings such as language or region. Used only with your consent.

You can manage your cookie preferences at any time through your browser settings. Withdrawing consent for non-essential cookies will not affect your ability to use the site.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights. We have formal procedures in place to receive, log, verify, and respond to all data subject requests:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion of your personal data ("right to be forgotten")
• Right to restriction: request that we limit how we use your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interest, including direct marketing
• Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at hello@talentod.com. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be) or your local supervisory authority.

11. Data Security

We maintain a formal Information Security Policy (currently v1.7) and implement appropriate technical and organisational measures to protect your personal data. These include:

• Encrypted data transmission (HTTPS) and encryption of data in storage where appropriate
• Access controls based on need-to-know, with unique user identification and authentication required for all systems handling confidential data
• Multi-factor authentication (MFA) for remote and privileged access
• Automatic session timeouts after a maximum of 15 minutes of inactivity
• Endpoint protection (antivirus, firewall) kept up to date on all devices
• Monthly patching of software and operating systems (sooner for critical vulnerabilities)
• Quarterly vulnerability scanning and annual self-assessment
• A Clean Desk Policy requiring removal of confidential documents from workspaces at end of day
• Physical access restrictions for areas where information processing takes place
• Regular staff training on data protection and information security
• A documented disaster recovery plan, including off-site data backups, with annual tabletop testing

In the event of a personal data breach, incidents are classified by severity (Low, Medium, High, or Critical). Breaches that are likely to result in a risk to your rights and freedoms will be reported to the relevant supervisory authority within 72 hours, and affected individuals will be informed without undue delay.

12. Third-Party Links

Our website contains links to third-party websites and services. This Privacy Policy applies only to talentod.com. We are not responsible for the privacy practices of external sites and encourage you to review their policies before providing personal data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of our website after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

TALENT on demand
Email: hello@talentod.com
Information Security Officer: philip.de_neve@talentod.com
Phone: +32 (0) 472 229 756