Privacy statement

1. ABOUT THIS PRIVACY STATEMENT

Kappa Data considers the protection of your privacy very important. We strive to process your personal data in a legal, fair and transparent manner.

The current Privacy Statement covers personal data collected and processed by Kappa Data. In this Privacy Statement we explain what information we collect about you, where we use that information and to whom we provide this information. The information here in is given in compliance with article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

For questions regarding this Privacy Statement you can contact us via info@kappadata.be.

2. THE DATA CONTROLLE

Kappa Data BV, with head office at Grote Steenweg 18, 9840 De Pinte, Belgium.

e-mail: info@kappadata.be

3. THE PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED AND THE LEGAL BASIS

Kappa Data processes personal data of natural persons with whom we have, or wish to have a direct or indirect relationship, in the future.

This concerns both the personal data of the contact persons specified by its customers and suppliers, but also the contact persons of its potential customers and suppliers.

The purposes for which your personal data is processed and the legal basis of processing

a. Provision of services and sale of products

The Data Controller process your personal data for purposes related to the sale of products and the provision of services.

In this case, providing of personal data is optional. Failure to provide personal data will make it impossible for the Data Controller to meet purposes as described above (especially to conclude and perform the agreement between you and the Data Controller).

Legal basis of the processing: Article 6 (1) (b) of the GDPR.

Personal data will be processed for the time necessary to meet purposes as described above, and after that period – for the time required by the applicable regulations.

b. Marketing activities

The Data Controller process your personal data for purposes related to marketing, promotion, market surveys and commercial communications.

In this case, providing of personal data is optional. Failure to provide personal data will make it impossible for the Data Controller to conduct marketing activities.

Legal basis of the processing: Article 6 (1) (a) of the GDPR, Article 6 (1) (f) of the GDPR

Personal data obtained for this purpose will be processed:

• for the period of time specified in your consent or until you decide to withdraw the consent (when the personal data is processing on the basis of Article 6 (1) (a) of the GDPR).
• until you decide to object to the processing and/or to obtain termination of the processing at any time (when the personal data is processing on the basis of Article 6 (1) (f) of the GDPR).

c. Exercise of legal claims, defense against the claims

The Data Controller process your personal data for purposes related to exercise of legal claims and defending against claims resulted from the sale of products or provision of services.

In this case, providing of personal data is obligatory. Failure to provide personal data will make it impossible for the Data Controller to conclude and to perform the agreement between you and the Data Controller.

Legal basis of the processing: Article 6 (1) (f) of the GDPR.

Personal data will be processed for the time specified by the applicable regulations.

d. Legal obligations

The Data Controller process your personal data to fulfill legal obligations (resulted from the sale of products and the provision of services) incumbent upon the Data Controller.

In this case, providing of personal data is obligatory. Failure to provide personal data will make it impossible for the Data Controller to conclude and perform the agreement between you and the Data Controller.

Legal basis of the processing: Article 6 (1) (c) of the GDPR.

Personal data will be processed for the time specified by the applicable regulations.

4. SCOPE OF THE PROCESSED PERSONA DATA

Kappa Data may collect or obtain the following personal information from you:

Identity data, such as: name, surname, e-mail address, mobile phone number, user data, tax identification number, home address, mailing address, bank account number, office address, company name.

5. ACCESS BY AND TRANSFER TO THIRD PARTIES

We only provide third parties information that is needed to perform their work. Such recipients of your personal data may only use this information for the execution of the agreed assignment between you and Kappa Data. They do not have the right to use the data for other purposes.

Personal data will be communicated and processed by third parties belonging to the following categories:

1. Companies that manage the Data Controller’s Website
2. Companies that manage the Data Controller’s computer system
3. Companies and consultants providing legal and/or financial advice
4. Authorities and supervisory and control bodies, and in general public or private entities with functions relating to public law
5. Entities used by the Data Controller for various reasons to provide the requested service.

Your personal data will not be made available to a third country (i.e. outside the European Union) or to international organizations. Your personal data will not be processed in the automated way (automated decision-making), including profiling.

6. KAPPA DATA AS A PROCESSOR

Kappa Data can also process Personal Data on behalf of third parties.

Kappa Data is a service provider to its customers. Kappa Data acts as a Processor of Personal Data.

7. CONFIDENTIALITY AND SECURITY

Kappa Data takes all reasonable technical security measures to the best of its ability to ensure the protection of your Personal Data.

The Personal Data provided to Kappa Data will be retained at Kappa Data and if applicable, at servers of the Data Processor on servers in Belgium or the European Union.

You must comply with the safety regulations at all times and ensure that any unauthorized access to your login and password is prevented.

You acknowledge and accept that the forwarding and storage of Personal Data is never without risk and therefore that – in some cases – the damage that you would suffer as a result of the unauthorized use of your Personal Data by third parties can never be recovered from Kappa Data.

8. YOUR RIGHTS

The following rights can be exercised by contacting us via info@kappadata.be:

Right of access and rectification

You have the right to obtain free access to your personal data and to correct any erroneous data.

Right of removal and restriction

You have the right to request that we remove your personal data. You hereby acknowledge that a request for the removal of personal data, may imply that certain services and products are not available to you.

You have the right to obtain of erasure of personal data concerning you, when:

1. The data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
2. You have withdrawn your consent and there is no other legal basis for the processing,
3. You have successfully objected to the processing of personal data,
4. The data has been unlawfully processed,
5. The data must be erased to fulfil a legal obligation,
6. The personal data has been collected in relation to the offer of information society services referred to in article 8 (1) of the GDPR.

You may also request us to limit the processing of your personal data. You have the right to obtain from the Data Controller restriction of processing where one of the following applies:

1. The accuracy of the personal data is contested by you, for a period enabling the Data Controller to verify the accuracy of the personal data;
2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. The Data Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
4. You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Data Controller override those of you.

Right of objection

You always have the right to right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) of the GDPR, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims.

Right of transferability

You have the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the personal data have been provided, where:

1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
2. the processing is carried out by automated means.

Right to file a complaint

In the case of finding that the processing of your personal data violates the provisions of the Regulation, you are entitled to bring a complaint to the supervisory authority, that is to the President of the Office for the Protection of Personal Data (PUODO).

Right to withdraw consent

You have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.