Privacy Policy
Last modified on 22 June 2022.
First of all, we are excited that you are interested in THE APP (the “Application”). We do our utmost to make sure that you do not need to worry about the protection of your Personal Data when you are using the Application.
This privacy policy describes how we use the Personal Data you provide us with whilst using the Application.
We may ask you to share certain Personal Data with us, including but not limited to your first name, last name and e-mail address (identification data). For certain specific obligations you may be required to provide us with additional data, such as billing or payment data.
We only collect Personal Data that is necessary to inform you about the Application and related services, to execute an agreement with you and to contact you.
For this purposes, we base ourselves on the processing grounds of the agreement, our legitimate interest, your vital interests and, in some cases, your consent (see also section 2).
If you do not wish to share any Personal Data with us, you will not be able to use the Application and we suggest you to uninstall it on your mobile device. The processing of your Personal Data is subject to this privacy policy. If you have any questions about this privacy policy and/or the processing of your Personal Data by the Controller, please consult the online privacy page on the Controller’s Intranet and lodge your request via the therein available webform.
1. Definitions
“Affiliated Company” means any company that is affiliated to the Company insofar as it meets the conditions for an “affiliated company” as set out in article 1:20 of the Belgian Code on Companies and Associations.
“Application” means the “THE APP” application that is developed for mobile devices for iOS and Android-operating systems, customized and operated by Recneps NV, with registered offices at 2000 Antwerp (Belgium), Scheldestraat 11 and with VAT number 0667.513.616, which acts as a Processor in this respect.
“Company” means TBWA Belgium, with registered offices at Excelsiorlaan 75/77, 1930 Zaventem and with VAT number 0414.235.827, which acts as a Controller in this respect.
“Controller” means the natural or legal person which alone or jointly with others determines the purpose (the “why”) and the means (the “how”) of the processing of Personal Data, as defined in the General Data Protection Regulation 2016/679. The Company will be qualified as the Controller concerning the Personal Data processed via the Application.
“Personal Data” means any information relating to an identified or identifiable natural person (also referred to as a “data subject”).
“Processor” means the natural or legal person which processes the Personal Data on behalf of the Controller.
2. Purposes and legal grounds
Data of employees
Within the framework of the Application, we collect and process the identification and contact data of our employees. These data may be processed for the purpose of execution of the agreement with our employees. The legal grounds for this processing are the execution of the agreement, our legitimate interest, the protection of the vital interests of our employees and, in some cases, their consent.
Specifically, we may use the Personal Data we collect for the following purposes:
- to identify you as a user of the Application;
- to allow you to make use of the Application and the Application’s functionalities, features and services;
- to process and respond to any possible complaints or requests;
- to help us to evaluate, correct and improve the Application and any related products or services;
- for internal reasons, including business administration and filing purposes.
3. The confidentiality of your Personal Data
Every time you (as a user of the Application) submit Personal Data, we shall handle this information in accordance with the stipulations of this privacy policy and any legal obligations applicable to the processing of Personal Data, including the General Data Protection Regulation (GDPR) 2016/679.
We shall establish appropriate procedures to secure and protect the Personal Data we collect via the Application or via electronic correspondence. This way we undertake, as far as can reasonably be expected, to prevent illegal processing of Personal Data and unintentional loss or removal of your Personal Data.
We seek to optimize the security of your Personal Data by limiting the access to your Personal Data to persons on a “need-to-know” basis (for example: only Controller’s employees, associates Affiliated Companies and subcontractors who need your Personal Data for the purposes as described in section 2 shall receive permission to access the data).
4. How do we collect your Personal Data and for how long is it kept?
Collection of data
We collect your Personal Data – without being exhaustive – in the following cases:
- When you fill in the registration form customized by us to register to the Application;
- When you file a complaint or ask for information via the contact form provided on the Application;
- When you call or mail us or correspond with us via another way than via the Application.
We avoid the collection of Personal Data which are not relevant for the purposes set out in section 2.
Retention of data
We will store and process your Personal Data no longer than necessary in relation to the purposes of the processing. Personal Data of our employees will be removed from our systems one year after the last time you log in to the Application, except for the Personal Data that we have to store for a longer duration based on specific obligations or in case of pending litigation(s). Please note that the removal of the Application from your device does not cause a deletion or anonymization of your Personal Data. You should contact us if you would like your Personal Data to be deleted.
5. Transfer of Personal Data?
We will not transfer your Personal Data to third parties outside the European Economic Area, unless we have Standard Contractual Clauses (as provided by the European Commission) in place.
Furthermore, we will not transfer your Personal Data to third parties inside the European Economic Area without your permission, except:
- when such transfer is necessary to permit associates, agents, subcontractors, suppliers or commercial partners to provide a service or accomplish a task in our name;
- if it is required by law.
Any transfer of Personal Data to one of the third parties mentioned in the list above, is in accordance with the stipulations of the General Data Protection Regulation (GDPR) 2016/679.
We ensure that measures are taken to make sure that third parties cannot use your Personal Data for other purposes than and according to the purposes mentioned in section 2, and that these third parties have taken the necessary technical and organizational measures to protect the data involved.
We will have data processing agreements in place with the aforementioned third parties and, if applicable, Standard Contractual Clauses as provided by the European Commission, in order to ensure the security of the Personal Data.
Finally, we shall take all necessary precautionary measures to assure that our employees and associates who have access to Personal Data will process these Personal Data exclusively in accordance with this privacy policy and our obligations under the General Data Protection Regulation 2016/679.
6. Rights of the data subject
By virtue of both Belgian and European legislation concerning data protection, you have the rights as mentioned below.
How do I exercise my privacy rights?
You can exercise your privacy rights via the online privacy page on the Company’s Intranet, using the therein available webform. If there is no reasonable assurance of your identity, we may ask you to send a copy of the front of your identity card.
Are there costs associated with this?
You can exercise your rights free of charge unless your request is manifestly unfounded or disproportionate, in particular due to its repetitive nature. In such a case – in accordance with the concerned legislation – we have the right and choice (i) to charge you a reasonable fee (in which case the administrative costs are taken into account to provide the requested information or communication and the costs, which are associated with taking the requested measures), or (ii) to refuse to follow up your request.
In what format do I receive a reply?
When you submit your request electronically, where possible the information is provided electronically, unless you request it otherwise. In any case we will provide you with a brief, transparent, intelligible and easy-to-access response.
When will I receive an answer?
We will respond as quickly as possible to your request, and in any case within one month of receipt of your request. Depending on the complexity of the requests and the number of requests, this period may be extended for a further two months, if required. In case of an extension of the period, we will notify you of this within one month of receipt of the request.
The right of access to Personal Data
You have the right to instruct us to provide you with any Personal Data we hold about you, providing the rights of other data subjects are not affected.
You also have the right to receive a free copy of the processed data in an intelligible form. The Company may charge reasonable fees to cover its administrative costs for any additional copy you request.
The right to rectification of Personal Data
You have the right to have incomplete, erroneous, inappropriate or outdated Personal Data corrected without delay.
In order to keep your data up-to-date, we ask you to notify us of any changes, such as a change of address, a change in your e-mail address or a renewal of your identity card. These changes can be communicated via the relevant tools.
The right to erasure of Personal Data
In some circumstances you have the right to the erasure of your Personal Data without undue delay. Those circumstances include:
- the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the withdrawing of the consent to consent-based processing;
- the processing that is for direct marketing purposes; and
- in case the Personal Data are unlawfully processed.
Please note, however, that we may not always be able to delete all requested Personal Data. Those general exclusions include where processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation; or
- for the establishment, exercise or defense of legal claims.
The right to restrict the processing of Personal Data
In the following circumstances you have the right to restrict the processing of your Personal Data:
- when you contest the accuracy of the Personal Data;
- when the processing is unlawful but you don’t want the Personal Data to be erased; or
- when you objected to processing, pending the verification of that objection.
Where processing has been restricted on this basis, we may continue to store your Personal Data. However, we will only process it with your explicit consent, for the establishment, exercise or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.
The right to object to processing of Personal Data
You have the right to object to our processing of your Personal Data, under the following circumstances:
- when we process your Personal Data for direct marketing purposes (including profiling for these purposes) based on our legitimate interest; and
- on grounds relating to your particular situation (special personal circumstances).
The right to data portability
If you wish to exercise your right to data portability, we will send the Personal Data in a structured, commonly used and machine-readable format to a controller of your choice.
The right to withdraw consent
To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. However, the withdrawal will not affect the lawfulness of processing before the withdrawal.
The right to complain to a supervisory authority
You can file a complaint with the Data Protection Authority (“Gegevensbeschermingsautoriteit”) by sending an e-mail to contact@apd-gba.be or by sending a written request to the Data Protection Authority with registered address located at 1000 Brussels (Belgium), Drukpersstraat 35.
7. Third Party Links
The Application may contain links to other websites which are not controlled by us. Although we will do our utmost to make sure that the links on the Application lead exclusively to websites which share our safety and confidentiality standards, we are not responsible for the protection and confidentiality of data, among which Personal Data, which you submit on other websites after you have left the Application.
Before submitting personal information on other sites or in other applications we recommend that you proceed carefully and consult the privacy statement which applies on the website or application concerned before submitting Personal Data.
8. Amendments
We have the right to change this privacy policy at any time by publishing a new version on the Application.
We recommend to consult the Application on a regular basis in order to verify that you agree to any changes made to this privacy policy.
In any event, you will be informed of any changes to this privacy policy by e-mail insofar as we have your e-mail address.