Privacy Policy


This privacy statement is provided to you by B&S Europe S.A. (hereafter in this text often abbreviated as B&S or "we") a company which is part of the GOPA Consulting Group, one of the leading European private and independent consulting groups in the area of development cooperation. Our clients are national and supranational institutions and organisations, such as national ministries or organisations like the European Commission or the World Bank. We are implementing projects for our clients by deploying own staff or by hiring and deploying freelance experts. Many of the projects are implemented by us alone, while others are implemented together with partner organisations and companies.

Data protection terminology used in this privacy policy

Our personal data processing activities are governed by the European Union General Data Protection Regulation (Regulation (EU) 2016/679) which makes use of the following terminology.

  • 'Personal data' is any information that can be used to identify you, including your name, email address, IP address, or any other data that could reveal your physical, physiological, generic, mental, economic, cultural or social identity.
  • For the purpose of the EU GDPR, we are the 'data controller' of all personal data obtained by us as set out in this policy, because we ultimately determine how your personal data will be handled by us or our sub-contractors, who would be our 'data processors'.
  • If we handle your personal data then you are a 'data subject'. This means you have certain rights under the EU GDPR in relation to how your personal data is processed, which are set out in this privacy policy.

Name and address of the data controller

The responsible controller of your personal data is

B&S Europe S.A.

Boulevard de la Woluwe 2

B – 1150 Brussels




Data protection officer

You as data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection. The contact data of our Data Protection Officer is

Data Protection Officer (Veri Koruma Görevlisi)

B&S Europe S.A.

Boulevard de la Woluwe 2

B – 1150 Brussels




How we store and process your personal data

Within the scope of our Grow Civic Support Programme process, we store your data (address, email, telephone number, etc.) and any documentary evidence you may have supplied in electronic form. In rare cases, we may also keep paper-based versions of your data, for instance if this is required by statutory obligations.

We process these data exclusively for the purpose of identification and for compliance check.

The storage space for your data (such as address, phone number, request for action, etc.) is our Grow Civic database. Besides this, we may store your data on our file servers, for instance when we rephrase and/or translate.

How long we keep your personal data

On a regular basis, we keep your data in our database until 6 months after the end of our project. We keep this data in our database longer only (i) after obtaining renewed consent from you, i.e. by contacting you through email prior to the expiration of your expression of consent

If we cannot obtain your renewed consent for any reason, we will delete your data, or we block access to them if we are required by statutory obligations to keep them for a longer period (for instance for audit purposes obligatory in services provided through public procurement).

Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a EU GDPR in case the user has given his consent to the processing. In case we have to fulfil a contractual obligation to you, the legal basis is Art. 6 para. 1 lit. b GDPR. In case we are subject to statutory obligations the legal basis can be found in Art. 6 para. 1 lit. c GDPR.

Your rights in terms of data protection

As data subject you have the following rights in relation to your personal data:

  • Right to confirmation - you can ask us to confirm whether we are processing data concerning you or your CSO.
  • Right to be informed - this is information on the data we are processing and the purpose for which we are processing them.
  • Right of access - you have the right to be provided with copies of your data that we are processing.
  • Right to rectification - if you think the data that we hold on you is inaccurate or incomplete you can request us to correct this.
  • Right to erasure - if you want us to delete the data we are holding for you then you can request us to do so.
  • Right to restrict processing - if you oppose the way how we are processing your data then you have the right to inform us accordingly and we will restrict the processing on the basis of your right.
  • Right to data portability - if you want us to forward your data to a different organisation or person then you have the right to inform us and we will transfer your data respectively (without adversely affecting the rights of others).
  • •Right to withdraw your consent - you can withdraw your previously given consent to the processing of your data at any time by contacting us using the contact form provided.

If you want to exercise one or more of these rights, please contact one of our staff or use the general contact address provided above. You can request your rights free of charge unless your request is clearly unfounded, repetitive or excessive. Alternatively, in these circumstances we may refuse to comply with your request. In accordance with the GDPR, we will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

In addition to the above rights, as a data subject you have the right to lodge a complaint with your local data protection authority within the European Union. Please note that you can use whichever local data protection authority within the European Union that is most convenient for you.

Transfer of data

In the course of our Grow Civic Support Programme process we may transmit your data also to other CSOs or formal/informal initiatives, i.e. for networking purposes. Yet, before we would share your information with other CSOs, we will contact you again.

Automated decision making and profiling

As a responsible company, we neither use automated decision making nor profiling.

Further information on personal data protection

For further aspects on how we process your data outside the recruitment process described in this privacy policy, please refer to our general privacy policy published on our website.

Deleting your personal data

We delete your data on a regular basis in accordance with the requirements of the GDPR.

As mentioned above, we delete your data after a period of 3 years, unless we receive a renewed expression of consent from you, after we have contacted you again.

If we have to keep your data longer due to statutory obligations, we delete them as soon as the statutory obligations allow. In the meantime, i.e. between the end of a 3-year storage period and the end of the storage period required by statutory obligations, we block access to your data.