1. IN GENERAL
1.1. Your Personal Data is Processed by Together Connected NV, with registered seat at Brusselsesteenweg 115, B-9090 Melle, Belgium, registered with the Crossroadsbank of Enterprises under number 0720.810.265, RLE Ghent (division Ghent). You can contact us via e-mail at email@example.com.
To make sure we have the same understanding of what is written here, it is important that certain notions are interpreted in the same way by you and by us.
1.3. Where reference is made to certain laws or regulations, such reference shall also include any change, replacement or annulment of said laws or regulations, including any related executive decisions.
2. TYPES OF PERSONAL DATA WE PROCESS
2.1. Whenever you use our Website and Social Media Channels, we may collect: • technical information associated with the device you use, such as your IP address, browser type, geographical location and operating system.
Here we explain which types of Personal Data we collect in any case whenever you visit our Website and Social Media Channels.
2.2. When you use our services, fill out the contact form on our Website, or contact us via e-mail, telephone, fax or Social Media Channels, we may collect: • the basic identity information you provide us with, such as name, company name, company type, e-mail address, postal address, telephone number, the company you work for, your function; • account information, such as username and password; • the content of your communication and the technical details of the communication itself (with whom you correspond at our end, date and time, etc.); • your preferences regarding receiving our e-mail communications, such as newsletters, promotions, advertisements, etc. • publicly available information of your profile on Social Media Channels; • financial information, such as • any other Personal Data you choose to provide to us.
Here we explain which types of Personal Data we collect when you use our services, when you actively seek to contact us or want us to contact you.
2.3. Whenever you leave us your business card or interact with us at fairs and events at which we are present, we may collect: • the basic identity information you provide us with, such as name, e-mail address, postal address, telephone number, the company you work for, your function (i.e. when such information is provided by you or shown on your business card); • your image.
Here we explain which types of Personal Data we collect when you actively seek to contact us at fairs and events.
2.4. TOCO will in principle never ask you for sensitive Personal Data. However, the invoices you upload to TOCO may contain sensitive Personal Data. For the purposes of this provision, sensitive Personal Data must be interpreted as: • data revealing racial or ethnic origin; • political opinions; • religious or philosophical beliefs; • trade union membership; • genetic or biometric data; • data concerning health; or • data concerning a natural person’s sex life or sexual orientation.
Here we explain that TOCO will not ask you for sensitive Personal Data. However, you may deliver sensitive Personal Data yourself through the invoices uploaded to TOCO.
3. PURPOSES FOR WHICH TOCO USES YOUR PERSONAL DATA
3.1. TOCO Processes your Personal Data to provide you in a personalized and efficient way with the Services – including payment initiation services and account information services – you request via the Website, e-mail, telephone, Social Media Channels and fairs and events, and for overall customer management.
We first and foremost collect and Process your Personal Data to provide you with the things you request by surfing to our Website, log in once registered, or when you interact with us.
3.2. We will also Process your Personal Data you submit to us for evidence purposes, so that we may defend ourselves in possible ensuing legal or other proceedings.
This provision is self-explanatory.
3.3. TOCO Processes your Personal Data to perform statistical analyses so that we may improve our Website, our products and services or develop new products and services.
This provision is self-explanatory.
3.4. TOCO Processes your Personal Data to comply with legal obligations or to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities. Your Personal Data may be transferred upon TOCO’s own initiative to the police or the judicial authorities as evidence or if there are justified suspicions of an unlawful act or crime committed by you through your registration with or use of the Website, our Social Media Channels or other communication with us.
From time to time we may be legally required to transfer your Personal Data to governmental authorities.
3.5. TOCO may Process your Personal Data for informing any third party in the context of a possible merger with, acquisition from/by or demerger by that third party, even if that third party is located outside the EU.
This provision is self-explanatory.
Here we reserve the right to Process your Personal Data if you use our Website in any way that may harm TOCO or someone else or is illegal.
3.7. TOCO Processes your Personal Data mentioned under clauses 2.1, 2.2 and 2.3 above for marketing purposes, i.e. to provide you with targeted communications, promotions, offerings and other advertisements of TOCO and selected partners. Unless you are an existing customer who has already purchased similar goods or services from us and who we wish to target with our own marketing material, TOCO will only send you communications, promotions, offerings, newsletters and other advertisements via e-mail or other person-to-person electronic communications channels if you have explicitly consented to receiving such communications, promotions, offerings, newsletters and other advertisements.
We want to use your Personal Data for marketing purposes. This means that we collect information regarding your preferences and interests and use this information to make our marketing material more relevant to you. When we want to send you marketing material via e-mail, or Social Media Channels and unless you are a pre-existing customer, we will first seek your prior approval with receiving our marketing via such channels.
4. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
4.1. The Processing of your Personal Data for the purpose described in clause 3.1 is necessary for the performance of our agreement with you. – In any event, the Processing of your Personal Data will occur in accordance with the Data Protection Legislation (EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation) together with the codes of practice, codes of conduct, regulatory guidance and standard clauses and other related legislation resulting from such Directive or Regulation, as updated from time to time.)
The law requires us to state precisely which legal basis we use to Process your Personal Data, considering the purposes we have listed in the previous article. In order to provide our Website and services to you, certain Personal Data must be Processed.
4.2. When you provide any of the sensitive Personal Data as referenced in provision 2.4, you agree with the Processing of that Personal Data. The Processing ground for this is the explicit consent of the Data Subject. When this Processing relates to a minor below the age of thirteen (13) years consent must be provided by the holder of parental responsibility of that minor.
It may occur that an invoice contains sensitive Personal Data. In such case, explicit consent to the Processing of that data must be provided.
4.3. The Processing of your Personal Data for the purposes outlined in clause 3.4 is necessary to allow TOCO to comply with its legal obligations.
Sometimes the law obliges us to Process your Personal Data.
4.4. The Processing of your Personal Data for the purposes outlined in clauses 3.1, 3.2, 3.3, 3.5, and 3.6 is necessary for the purpose of the legitimate interests of TOCO, which are: • being able to appropriately respond to your requests for information and other requests; • allowing us to defend ourselves in legal proceedings; • continuous improvements to TOCO’s Website, Social Media Channels, products and services to ensure that you have the best experience possible; • keeping our Website, Social Media Channels, products and services safe from misuse and illegal activity; • safeguarding our commercial and business interests and needs in light of changing market conditions; • marketing and promotion of our products, services, brands an overall successful commercialization of our products and services.
We may also Process your Personal Data for our own legitimate interests, which are mainly concerned with successfully conducting our business as any other company would do.
This provision is self-explanatory.
5. RECIPIENTS AND TRANSFERS
5.1. TOCO does not send your Personal Data in an identifiable manner to any third party without your explicit permission to do so. You understand, however, that if you use our Social Media Channels, your Personal Data is also Processed by the social media providers. You can find more information on how these social media providers Process your Personal Data in their respective privacy policies.
We do not share your Personal Data with third parties unless you consent to it or unless we have anonymized your Personal Data. You understand however that when you use Facebook for instance to communicate, Facebook also Processes your Personal Data.
5.2. TOCO relies on third party Processors to provide you the Website as well as to Process your Personal Data on our behalf. These third party Processors are only allowed to Process your Personal Data on behalf of TOCO upon explicit written instruction of TOCO. TOCO warrants that all third party Processors are selected with due care and are obliged to observe the safety and integrity of your Personal Data.
Our Website may be developed, maintained or hosted by third parties. Similarly, we rely on the services of third parties such as cloud providers and financial services providers to Process your Personal Data internally.
6. QUALITY ASSURANCES
6.1. TOCO does its utmost to Process only those Personal Data which are necessary to achieve the purposes listed under the purpose for Processing.
We will not Process more Personal Data about you than we really need for the purposes we have communicated to you.
6.2. Your Personal Data are only Processed for as long as needed to achieve the purposes which are described above or up until such time where you withdraw your consent for Processing them. Note that withdrawal of consent may imply that you can no longer use the whole or part of the Website. TOCO will de-identify your Personal Data when they are no longer necessary for the purposes outlined in the purpose for Processing, unless there is: • an overriding interest of TOCO or any other third party in keeping your Personal Data identifiable; • a legal or regulatory obligation or a judicial or administrative order that prevents TOCO from de-identifying them.
Here we explain how long we will keep your Personal Data in a way that allows us to identify you.
6.3. TOCO will take the appropriate technical and organizational measures to keep your Personal Data safe from unauthorized access or theft as well as accidental loss, tampering or destruction. Access by personnel of TOCO or its third party Processors will only be on a need-to-know basis and subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations only, which can never be guaranteed.
We are committed to keeping your Personal Data safe.
7. YOUR RIGHTS
7.1. You have the right to request access to all Personal Data Processed by TOCO pertaining to you. TOCO reserves the right to charge an administrative fee for multiple subsequent requests for access that are clearly submitted for causing nuisance or harm to TOCO.
In this article we explain which rights you have vis-à-vis the Processing of your Personal Data. The rights themselves are self-explanatory.
7.2. You have the right to ask that any Personal Data pertaining to you that are inaccurate, are corrected free of charge. If a request for correction is submitted, such request shall be accompanied of proof of the flawed nature of the data for which correction is asked.
7.3. You have the right to withdraw your earlier given consent under clause 4.5 for Processing your Personal Data.
7.4. You have the right to request that Personal Data pertaining to you will be deleted if they are no longer required in light of the purposes which are outlined above or if you withdraw your consent for Processing them. However, you need to keep in mind that a request for deletion will be evaluated by TOCO against: • overriding interests of TOCO or any other third party; • legal or regulatory obligations or administrative or judicial orders which may contradict such deletion. Instead of deletion you can also ask that TOCO limits the Processing of your Personal Data if and when (a) you contest the accuracy of that data, (b) the Processing is illegitimate or (c) the data are no longer needed for the purposes which are outlined above, but you need them to defend yourself in judicial proceedings.
7.5. You have the right to oppose the Processing of Personal Data if you are able to prove that there are serious and justified reasons connected with his particular circumstances that warrant such opposition. However, if the intended Processing qualifies as direct marketing, you have the right to oppose such Processing free of charge and without justification.
7.6. You have the right to receive from us in a structured, commonly used and machine-readable format all Personal Data you have provided to us.
7.7. If you wish to submit a request to exercise one or more of the rights listed above, you can send an e-mail to firstname.lastname@example.org for all Data Subject rights matters. An e-mail requesting to exercise a right shall not be construed as consent with the Processing of your Personal Data beyond what is required for handling your request. Such request should clearly state and specify which right you wish to exercise and the reasons for it if such is required. It should also be dated and signed, and accompanied by a digitally scanned copy of your valid identity card proving your identity. TOCO will promptly inform you of having received this request. If the request proves valid, TOCO shall notify it as soon as reasonably possible and at the latest thirty (30) days after having received the request. If you have any complaint regarding the Processing of your Personal Data by TOCO, you may always contact TOCO via the e-mail address mentioned in the first paragraph of this clause. If you remain unsatisfied with TOCO’s response, you are free to file a complaint with the competent data protection authority, i.e. the Belgian data protection authority. For more information, visit http://www.privacycommission.be.