Last update: 5th January 2021
“Garvis” (“we”, “our”) takes data protection very seriously and respects the privacy of users our Websites, Platform and/or Services. We are committed to protecting and respecting your privacy, in accordance with the General Data Protection Regulation ("GDPR").
If you have any questions or remarks, please contact us by email at firstname.lastname@example.org.
Who we are
For the purpose of the GDPR, we are the ‘data controller’.
General e-mail: email@example.com
Privacy-related questions: firstname.lastname@example.org
Data protection principles
We will comply with the data protection principles of the GDPR, according to which Personal Data must be:
- Processed fairly, lawfully and in a transparent manner.
- Obtained for specified, explicit and lawful purposes and processed compatibly with those purposes.
- Adequate, relevant and not excessive for the purpose(s) for which it is processed.
- Accurate and up-to-date.
- Kept in a form which enables identification of individuals no longer than necessary for the purposes for which it is processed.
- Processed subject to appropriate security measures.
"Personal Data" is information that can be used to identify you directly or indirectly. It can include your name, date of birth, email address, postal address, telephone number, location and other personal information.
"Processing" means doing anything with the data, such as accessing, disclosing erasing, transmitting, profiling or using the data in any way.
"Special category of personal data" includes Personal Data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Criminal offences data is not included within the definition of special category of personal data, but we will process criminal data using the same safeguards we operate in respect of special category personal data.
"Profiling" means any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person.
Information we collect from you
We may collect and process the following data about you:
- Information you give us. You may give us information about you by completing forms on our Websites or Platforms, or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our Websites and when you report a problem with our Websites. The information you give us may include your name, address, e-mail address, phone number, credit card information, VAT info, details of your company or business;
- Information we collect about you. With regard to each of your visits to our Websites or Platforms, we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your log-in information, browser used, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call us; and
- transactional information including information in respect of the products or services we provide to you and our communications with you.
- Information we receive from other sources. We are also working closely with third parties (including partners, sub-contractors in technical, hosting and payment services, analytics providers, search information providers) and may receive information about you from them. In some cases, we may receive information which comes from publicly accessible sources.
How and why we use your information
- How we make sure processing of your Personal Data is fair and lawful?
We will usually only process your Personal Data where this is required for the execution of our agreement, where this is necessary to comply with our legal obligations or for our legitimate interests or the legitimate interests of third parties or where you have given your consent. We do not sell or rent personal information which you provide to us through the Websites or Platform.
- What are our legitimate interests or the legitimate interests of a third party?
We consider that in some circumstances the processing of your Personal Data is necessary for our legitimate interests. These include the efficient management of our systems to ensure the proper payment of sums due to us, the updating of our suppliers details, to create a better understanding of our commercial relationships, transmission of personal data with our group of companies for internal administration purposes and processing for the purposes of ensuring network and information security.
How we use your Personal Data
- Information you give to us. We will use this information:
- to carry out our obligations arising from any contracts which we entered into with you;
- to communicate with you;
- to maintain your Websites or Platform accounts and records;
- to provide to group companies which are involved in any transaction you make by using the Websites or Platform;
- to notify you about changes; and
- to ensure that content from our or Websites or Platform is presented in the most effective manner for you and for your device.
- Information we collect about you. We will use this information:
- to administer our Websites or Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Websites or Platform to ensure that content is presented in the most effective manner for you and for your device;
- to allow you to participate in interactive features of our services, when you choose to do so;
- as part of our efforts to keep our Websites and Platform safe and secure; and
- to measure or understand the effectiveness of the Websites and Platform.
- Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Your Personal Data will only be processed to the extent that it is necessary for the specific purposes notified to you.
Ensuring your Personal Data is accurate
We will keep the Personal Data we store about you accurate and up to date. We will take every reasonable step to erase or rectify inaccurate data without delay. Please notify us at email@example.com if your personal details change or if you become aware of any inaccuracies in the Personal Data we hold about you.
Retaining your Personal Data
The period for which we will store Personal Data is based on our need to fulfil our legitimate operational needs, comply with applicable law, resolve disputes, and enforce our agreements. We will not keep your Personal Data for longer than is necessary for the purpose(s) for which we process it. This means that data will be destroyed or erased from our systems when it is no longer required. For guidance on how long certain data is likely to be kept before being destroyed, contact firstname.lastname@example.org.
What rights do you have in respect of your Personal Data?
We may use your personal data for marketing purposes on the basis of our legitimate interests as a company or with your specific consent. When using the legitimate interest legal basis for marketing purposes, be assured that we always make sure that there is a balance between your interests and our own legitimate interest.
Our Websites and Platform may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
You have the right to:
- Request access to any Personal Data we hold about you.
- Have any Personal Data which we hold about you which is inaccurate rectified.
- Have incomplete Personal Data completed.
- Have Personal Data erased, in certain circumstances.
- Have the processing of your Personal Data restricted, in certain circumstances.
- In certain circumstances, be provided with the Personal Data that you have supplied to us, in a portable format that can be transmitted to another data controller without hindrance.
- Object to certain types of processing, including automated processing (which includes profiling) and processing for direct-marketing purposes.
- In certain circumstances, the right not to be subject to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for you.
If you wish to exercise any of the rights set out above, you must make the request in writing to email@example.com.
Withdrawal of consent
We do not intend to rely on consent for our use of your data on the Websites or Platform, as we will process your personal data based on our agreement or on our legitimate interests. However, if you have provided your consent to any of the processing of your Personal Data (where relevant), you have the right to withdraw your consent to that processing at any time. This will not affect the legality of our consent-based use before you withdrew consent. Please contact firstname.lastname@example.org if you wish to do so.
The Right to Object
You have the right to object, at any time, to the processing of your Personal Data which:
- is necessary for the performance or a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- which is necessary for the purposes of the legitimate interests pursued by us or a third party, including Profiling.
If you object to the processing set out above, we must no longer process that Personal Data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims. If you object to our processing of any of your Personal Data, please contact us on email@example.com.
Disclosure of your information
Where we disclose your Personal Data to a third party, we will have regard to the above-mentioned “data protection principles”.
We may share your personal information with any affiliated entity, as defined in article 11 of the Belgian Company Code.
We rely on third parties for certain parts of our operations. We may share your information with these third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- Analytics and search engine providers that assist us in the improvement and optimisation of our Websites.
We may disclose your personal information to third parties:
- If we (or substantially all of our assets) are acquired by a third party, in which case Personal Data held by us about our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our user terms of the websites, platform and services and other agreements; or to protect the rights, property or safety of our customers or others.
If your Personal Data is provided to any third parties, you are entitled to request details of the recipients of your Personal Data or the categories of recipients of your Personal Data.
How we keep your data secure
We use reasonable and up to date security methods to keep your data secure and to prevent unauthorised or unlawful access to your information. All information you provide to us is stored on secure servers. Where you need to establish an account with us you will be given a password to access that account. You are responsible for keeping this password secure. Do not share your password with anyone. Remember to sign out of your account when you finish a session.
Transferring your Personal Data outside the European Economic Area ("EEA")
We will not transfer your Personal Data outside the EEA unless such transfer is compliant with the GDPR. This means that we cannot transfer any of your Personal Data outside the EEA unless:
- The EU Commission has decided that another country or international organisation ensures an adequate level of protection for your Personal Data; or
- The transfer of your Personal Data is subject to appropriate safeguards, which may include:
- Binding corporate rules; or
- Standard data protection clauses adopted by the EU Commission.
- One of the derogations in the GDPR applies (including if you explicitly consent to the proposed transfer).
We currently transfer Personal Data outside the EEA:
- To Microsoft 365 data centers located in the United Kingdom
- To Hubspot product infrastructure hosted on Amazon Web Services (AWS) in the United States East region.
Right to make a complaint
If you have any issues with our processing of your Personal Data and would like to make a complaint, you may contact us by email on firstname.lastname@example.org .