Privacy policy

Effective date: May 3rd, 2018

GENERAL INFORMATION

QTREE SOLUTIONS BVBA, with registered office at Willebroek (Belgium), Mechelsesteenweg 303, Business registration no. BE846.278.775 (hereinafter referred to as “Boabee”, “we” or “us”), in its capacity as data controller regarding the processing of Personal Data, is committed to protecting and respecting the privacy of its users, customers and suppliers, even prospective (hereinafter singularly and collectively referred to as the “you” or “your”), pursuant to the applicable Belgian Law on data protection (hereinafter referred to as the “National Law”) and the European Regulation no. 679/2016 (hereinafter referred to as the “GDPR”) (hereinafter the National Law and the GDPR will be referred to as the “Applicable Law”).

This policy (hereinafter referred to as the “Privacy Policy”) is aimed to inform you about our practices related to our collection and use of your Personal Data through our website www.boabee.com or our software application “Boabee” or any of our product or service (hereinafter the website, the application and any related product or service will be collectively referred to as the “Platform”).

“Personal Data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We invite you to read this Privacy Policy carefully to understand our considerations and practices regarding the processing of your Personal Data.

1. PERSONAL DATA WE PROCESS

By means of the Platform, we may collect the following Personal Data:

1.1. Information you provide us. You may, through our Platform or any other contact channel (e.g., e-mail, etc.), voluntarily provide us Personal Data and/or information and documents containing Personal Data. Boabee will process these data in accordance with the Applicable Law and on the assumption they refer to you or to third parties who have authorised you to provide them pursuant to an appropriate legal basis which legitimise the processing at stake. In this case, you act as independent data controller, assuming all relevant obligations and responsibilities according to the Applicable Law. In this regard, you hence waive, in the full sense of the term, the right to all disputes, claims, claims for damages due to processing, etc., which may be submitted to Boabee by the said third parties whose Personal Data have been processed through your use of the Platform in breach of the Applicable Law.

1.2. Browsing data. Computer systems and software procedures used to operate the Platform collect some Personal Data, the transmission of which is an integral part of internet communication protocols. This information is not collected to be associated with you but, by its very nature, it may allow you to be identified by processing and associating it with data held by third parties. Among collected Personal Data there are: (i) IP addresses or domain names of the devices used by you to connect to the Platform; (ii) the URI (Uniform Resource Identifier) of requested resources; (iii) the time of the request, the method used to submit the request to the server; (iv) the size of the file received as a reply; (v) the numeric code indicating the status of the reply given by the server (successful, error, etc.); (vi) other parameters regarding your operating system and device environment.

1.3. Cookies and similar technologies. Boabee may collect Personal Data using cookies. You can find further information on the use of cookie and similar technologies here https://boabee.com/cookie-policy/.

2. PURPOSES AND LEGAL BASIS OF THE PROCESSING

2.1. Purposes. Personal Data provided by you will be processed by us for the purposes and legal basis specified below

Purposes

Legal basis

To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you requested from us (e.g., user account information, contact requests, requests for subscription to our newsletter, etc.)

This processing is necessary for the performance of our mutual contractual obligations and/or carried out with your consent

To send you service-related information by email or any other communication means

This processing is necessary for the performance of our mutual contractual obligations and/or carried out with your consent

To give you access to our support services and to enable you to communicate with our team

This processing is necessary for the performance of our mutual contractual obligations, carried out with your consent and/or necessary for the establishment, exercise or defence of legal claims

To ensure compliance with any applicable laws, our Terms and Conditions, and our Privacy Policy

This processing is necessary for the performance of our mutual contractual obligations and/or for the establishment, exercise or defence of legal claims

To send information to authorized third-parties (e.g., customers, end-users, etc.)

This processing is necessary for the performance of our mutual contractual obligations and/or carried out with your consent

To send marketing materials, as well as suggestions and recommendations on our services that may be of interest to you

This processing is based on your consent

To carry on statistical research / analysis of aggregated or anonymous data, without identifying you, as well as to measure and evaluate the operation of our Platform, its traffic and usability

This processing does not involve the processing of Personal Data

To fulfill a legal obligation to which Boabee is subject or to ascertain, exercise or defend a right in Court or whenever an authority exercises its jurisdiction.

This processing is necessary for the establishment, exercise or defence of legal claims.

2. Voluntary nature of the processing. Providing your Personal Data for the above-mentioned purposes is voluntary and not mandatory. However, any refusal to provide any of such data may not allow Boabee to establish and/or continue a contractual relationship with you, or to fulfill your requests, or to comply with legal obligations to which we are subject.

3. WHAT IS DATA RETENTION PERIOD AND WHAT SECURITY MEASURES HAVE BEEN TAKEN FOR YOUR PERSONAL DATA SAFEGUARD

3.1. Data retention. Personal Data collected by us will be processed for the time strictly necessary to achieve the purposes referred to in above. In particular:

3.1.a.Personal Data collected through the Platform in relation to an event (e.g., a fair, a company event, etc.), will be deleted or anonymized for statistical purposes after 45 (forty five) days from such event or, if earlier, after your cancellation request or your account deletion;

3.1.b.Personal Data needed for the provision of our newsletter service will be processed until you decide to unsubscribe.

3.2. Security measures. We use appropriate measures to protect the security of your Personal Data. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur. Notwithstanding the preceding, we operate with the aim of mitigating the risks associated with processing your Personal Data through several measures, including:

3.2.a.Data Minimisation. We only ever obtain, retain, process and share Personal Data that is essential to carry out our services and legal obligations: only that which is relevant and necessary is collected. In particular, by way of example, our electronic collections (i.e., via the Platform, etc.), have only fields that are relevant to the purpose of collection and subsequent processing, while the physical collection (i.e., face-to-face contacts, phone calls, etc.) is supported using scripts and internal forms using predefined fields.

3.2.b.Pseudonymisation. Whenever possible, we utilise pseudonymisation to record and store Personal Data in a way that ensures that such data can no longer be attributed to a specific data subject without the use of separate additional information (i.e., personal identifiers) which are protected with technical and operational measures of risk reduction and data protection.

3.2.c.Access restriction. We use company-wide restriction methods for restricting access into the foundation of our processes, systems and structure, in order to ensure that only those with authorisation and/or a relevant purpose, have access to Personal Data. Special category data is restricted at all levels and can only be accessed by the authorized Boabee personnel.

3.2.d.No hard copy data. We never store any Personal Data in hard copy format.

4. WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA

4.1. Third-party service providers or consultants. We may share your Personal Data with third-party service providers or consultants who need access to such data to perform their work on our behalf (e.g., sharing data with our storage provider for the purposes of storing your data on our behalf, etc.). These third-party service providers are limited to only accessing or using this data to provide services to us, such as: (i) IT systems and services; (ii) communication services; (iii) Customer Relations Management; (iv) support tools; (v) accounting and financing services.

4.2. Aggregated or de-identified data. We might share data with third parties if that data has been de-identified or aggregated in a way that does not directly identify you.

4.3. Third parties required by laws or authorities. We may disclose your data to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If we are required by law to disclose any of your Personal Data, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.

5. WHERE YOUR PERSONAL DATA MAY BE TRANSFERRED

5.1. Place of processing. Personal Data will be processed in Ireland and Belgium.

5.2. Transfer. If a transfer of any of such Personal Data out of the European Economic Area is necessary to achieve the purposes mentioned in this policy, we will acquire your previous consent, after having informed you about any appropriate or suitable safeguard implemented by us or about the existence of an adequacy decision by the European Commission.

6. YOUR RIGHTS

6.1. Right of access. You are always entitled to receive confirmation as to whether or not your Personal Data are being processed and, where that is the case, access and receive copy of such Personal Data in an intelligible form. Furthermore, you are also entitled to receive information concerning: the purposes of the processing; the categories of Personal Data concerned; the recipients (or categories thereof) to whom the Personal Data have been or will be disclosed; where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of personal data or restriction of processing of your Personal Data or to object to such processing; the right to lodge a complaint with a supervisory authority; the source of the Personal Data; the existence of automated decision-making; where Personal Data are transferred to a third country or to an international organization, the appropriate safeguards relating to the transfer.

6.2. Right to withdraw consent. You are always entitled to withdraw, at any time, your consent to the processing of your Personal Data, both on legitimate grounds (even though they are relevant to the purpose of the collection) and if the processing is carried out for direct marketing purpose. The preceding will not affect the lawfulness of processing based on consent before the withdrawal.

6.3. Right to rectification, erasure and restriction. You are always entitled to obtain from us, without undue delay: the rectification or integration of your Personal Data that are inaccurate or incomplete; the erasure of your Personal Data that have been processed unlawfully or whose retention is unnecessary for the Purposes; the restriction of processing, in case you challenge either the accuracy of your Personal data or the lawfulness of the processing, or in case we no longer need the Personal Data for the Purposes, but they are required by you for the establishment, exercise or defense of a legal claim.

6.4. Right to data portability. You have the right to receive your Personal Data in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller without hindrance from us, where technically feasible.

6.5. Right to lodge a complaint before an European supervisory authority. In any case, pursuant to the Applicable Law, the Data Subject has the right to lodge a complaint with the relevant Supervisory Authority, if he believes that the processing of his Personal Data is against the Applicable Law. Such relevant Supervisory Authority is the Commission for the Protection of Privacy, Rue de la Presse 35, 1000 Brussels (Belgium), Telephone: +32 (0)2 274 48 00, Fax: +32 (0)2 274 48 35, Email: commission@privacycommission.be.

6.6. Contacts. Requests to exercise the rights above must be sent to QTREE SOLUTIONS BVBA, Mosten 13, Lokeren (Belgium), or by e-mail to legal@boabee.com. Any access request is always completed within one month; however, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to the individual within one month and keep him/her informed of the delay and the reasons thereof.

7. AMENDMENTS TO THIS POLICY

This Privacy Policy came into force on the date specified above. We reserve the right to amend or to update its content, whether in whole or in part, also following changes in the legal and regulatory obligations regarding data protection. We will inform you on such amendments and updates through their publication on the Platform as soon as they are adopted, and they will be binding from the moment of their publication. Therefore, we invite you to visit this section of the website regularly, in order to be aware of the most recent and updated version thereof, so that you are always updated on the processing activities that we carry out.