At Qualifio, we’re committed to protecting and respecting your privacy.
Data protection and protection of your privacy are core values for us and we are committed to processing and protecting your personal data fairly and transparently in accordance with the law.
However, for our customers, we mainly act as Processor. In this case, we process personal data according to the instructions of our customers, who act as Controller. Our processor activities are covered by contractual agreements and Data Protection Agreements (DPA).
By “personal data” or “personal information“, we mean all personal data concerning you, i.e. any information that allows you to be identified, directly or indirectly, as a natural person. These are informations that can be used to identify you on its own or in combination with other data that we collect or have access to. In cases where personal and other data is combined (e.g. personal contact information with account login or demographic information), such information is considered to be personal information.
By “processing“, we mean “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (art. 4, point 2, GDPR).
This Policy is in line with our desire to act transparently and in compliance with the law of 30 July 2018 on the protection of individuals with regard to the processing of personal data (hereinafter referred to as the “Privacy Law”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”).
If you wish to react to any of the practices described below, please do not hesitate to contact us by email to [email protected].
2. What data do we gather and how do we obtain them?
2.1 Context and means of collection
We may combine data that we collect via one method (e.g. a website) with data that we collect via another method (e.g. an offline event). We do this to get a more complete view of our customers, which in turn, allows us to serve you better and with more customization.
We may collect personal via :
- Our website, particularly when you use the “Request a demo” tab, or when you use a contact form;
- When we act as processor for our clients, any consumer-directed websites operated by us and pages that we run on third party social networks;
- Registration forms which we may collect from you, whether online or offline, including by post or other in-person events or contests;
- Any of our contests, events or campaigns;
- Authorised Third Parties; and
- Other sources (e.g. third party data aggregators).
2.2 Categories of personal data you provide us with
2.2.1. When we act as Controller, we strive to limit the amount of personal data we collect and store to only that which is reasonably necessary to provide you with the relevant services.
- Personal contact information: information that would allow us to contact you personally such as your surname, forenames, phone number or email address. In some cases it would include information you give us about someone else (e.g. if you provide a friend’s email address for a tell-a-friend programme).
- Account login information.
- Demographic information if necessary (e.g. date of birth, age etc).
- The city and country in which you live.
- Your position in your company.
- Technical computer information (e.g. IP addresses, type of operating system, web browser type).
- Website Usage Information: information about how you use or navigate our websites, applications, online advertisements including which links you click, which pages you view and for how long, and other similar information and /or statistics such as date and time of visit, which site you came from and site activities).
- Consumer generated content: this includes information that you create and voluntarily share with us (and perhaps others) by uploading it to one of our websites or applications, including on our social network sites such as but not limited to Facebook.
- Social network information: this includes information that is part of your profile on a third party social network (such as but not limited to Facebook or Linkedin) and that you allow the third party social network to share with us.
- Other information which we might need to collect for a specific contest, event or campaign, form, feature or other service that you use or request.
It is possible that we may collect non-personal data. This data is called non-personal data because it does not allow you to be identified directly or indirectly. It may therefore be used for any purpose, for example, to improve our website, our products, target our advertising or improve the services we offer.
2.2.2. When we act as Processor, we process personal data according to the instructions of our customers, who act as Controllers. Our processor activities are covered by contractual agreements and Data Protection Agreements (DPA). The personal data processed by Qualifio on behalf of our customers may be of different categories, such as, but not limited to:
- Personal identification data (surname, first name, postal address, etc.);
- Electronic identification data (e-mail address, telephone number, IP address, terminal used, etc.);
- Leisure and interest data;
- Education, training and work data; etc.
3. For what purposes do we collect your data?
As Controller, Qualifio shall process your data only to the extent necessary for the purposes for which it was collected. In this context, we have identified these purposes and ensure that only personal data that is necessary and relevant in accordance with the data minimisation principle is processed.
In general, we base the processing of your personal data on the following legal basis:
- In order to comply with our legal obligations;
- In order to take prior measures and to execute the contract that binds us when you benefit from our services;
- In order to achieve our legitimate interest (in this case we always take care to respect a balance between our interest and your rights and freedoms);
- Finally, on the basis of your consent.
In the event that we are required to carry out processing operations that are not yet provided for in this Policy, we will contact you before using your personal data. The purpose of this contact will be to inform you about this processing and, where appropriate, to ask for your explicit consent.
3.1 Compliance with our legal obligations
In certain cases, we are required to process your personal data within the framework of legal obligations or when cooperating with the competent authorities. In these cases, we may transfer your personal data in order to comply with our obligations.
3.2 Within the framework of our contractual relationship
When you use our services, a contract exists between you and us. Within this framework, we are required to process personal data in order to meet our contractual obligations.
In order to execute our contract, we process your personal data for the following purposes:
- The preparation, conclusion, execution and termination of the contract you have with us;
- Ensuring a response to your requests;
- Account & membership maintenance;
- Customer service.
3.3 On the basis of our legitimate interest
In some cases, it is in our legitimate interest to process your personal data insofar as it prevails over your interests, fundamental rights and freedoms, such as, but not limited to, ensuring security, preventing fraud, etc.
To this end, we always ensure that we maintain a fair balance between the need to process your personal data and the respect of your rights and freedoms, including the protection of your privacy.
Your personal data are processed for the following purposes:
- The improvement and personalisation of our services and products;
- Commercial prospecting and management of prospects (updating prospecting files, organisation of promotional operations, etc.);
- The preparation of studies, models (risk, marketing and other) and statistics, using anonymisation and/or pseudonymisation techniques whenever possible;
- The preservation of the security of goods and persons, the fight against fraud or attempts at intrusion, abuse or other offences;
- Maintaining a list of clients and prospects who no longer wish to be contacted;
- The improvement of the experience of the users (website improvement and personalisation);
- The management of your requests related to the application of your rights;
- The establishment, exercise, defence and preservation of our rights.
3.4 On the basis of your consent
If necessary, where we do not have a binding contractual relationship with you or where processing is not necessary for the performance of a contract, you have the possibility to give us your consent to process your personal data.
When you create an account, register for a newsletter or when you give us your consent to send your data to our partners, we ask you to acknowledge and agree that we process your personal data in accordance with this Policy.
We process your personal data on the basis of your consent for the following purposes:
- When you give us your consent to do so, we send you by electronic means offers and services offered by us (newsletter) and/or our partners, knowing that you can subscribe or unsubscribe at any time;
- Transfer your data to third parties for direct marketing purposes: you will be informed in advance so that you can give your consent or not to this processing.
Please note that you have the right to withdraw your consent to the processing of personal data at any time.
4. How long do we keep your data for?
We keep your data only for as long as it is reasonably necessary for the purposes for which it was collected, taking into consideration our need to answer queries or resolve problems, provide improved and new services and comply with legal requirements under applicable law(s).
This means that we may retain your personal information for a reasonable period after you stop using our services or stop using our websites. After this period, your personal information will be deleted from all our systems.
As part of the execution of a contract, we archive your contract and your personal data for a period of 10 years after the end of the contract.
Within the framework of commercial prospecting, if you no longer respond to any solicitation 3 years after the last contact, your information will be deleted.
At the end of the retention period, we do everything we can to ensure that the personal data has been made unavailable and inaccessible.
5. Who can we send your data to?
In order to provide our services effectively, we may need to subcontract some tasks, in whole or in part, to technical subcontractors with whom we have entered into contracts (e.g. the subcontractors responsible for maintaining our infrastructure, IT security, hosting, marketing tools, helpdesk and others).
Qualifio requires its subcontractors to adhere to data protection legislation and to submit satisfactory guarantees on the implementation of appropriate technical and organisational measures. They are required to demonstrate that their processing system complies with current data protection legislation and that your rights are guaranteed.
We do not sell or in any way disclose to third parties the data that we gather about you. However, if we have a legal obligation, or if a court ruling requires us to do so, we shall pass on your data to the extent necessary to comply with this law or court ruling.
Under certain circumstances, our website and our apps will provide you with plug-ins for various social networks. If you choose to interact with social network sites such as Facebook or Twitter (for example by setting up an account), your activity on our site or via our apps will also be accessible on that social network site. If you are logged onto one of these social network sites during your visit to any of our sites or apps, or if you interact with any of the social network plug-ins, the social network site may also add this information to your profile on that network, depending on your privacy protection settings. If you want to prevent this type of data transfer, please log off your social network site before logging on to any of our sites or apps, or change the app privacy protection settings, if possible. Please read these social networks’ own privacy protection policies for further details on the collection and transmission of personal data, on your rights, and on how you can achieve a satisfactory degree of privacy protection.
6. Your rights under the GDPR
These rights allow you to remain in control of what we do with your personal data.
6.1 Right of access and to obtain a copy
The right of access applies for all the purposes we have listed above. In particular, this right allows you to ask us whether we process your personal data, for what purposes, the categories of personal data concerned and the recipients of your data. You can also request a copy of all your personal data we process.
You have the right to, at any time and free of charge, view your data or request a copy by sending an e-mail to [email protected] or a letter to Qualifio’s registered office at Place de l’Université 25, 1348 Louvain-la-Neuve, Belgium.
6.2 Right of correction
You have the right to demand the correction or deletion of any data that is incorrect, inappropriate or no longer required by sending an e-mail to [email protected] or by sending a written request by post to Qualifio’s registered office at Place de l’Université 25, 1348 Louvain-la-Neuve, Belgium.
Please note that you are at all times obliged to ensure that the data you send us is accurate.
6.3 Right to be forgotten
When you no longer want your data to be processed and you meet the conditions to invoke the right of deletion under data protection law, we shall delete your data from our database.
The right to be forgotten applies when one of the following reasons is fulfilled:
- The data are no longer necessary for the purposes of the processing operation;
- You withdraw your consent to the processing of your data and we base this processing only on the legal basis of your consent;
- You object to the processing;
- We have processed your personal data unlawfully;
- In the event that the data in our possession is incomplete, inaccurate or obsolete;
- We need to delete your personal data in order to comply with a legal obligation (under Union law or the law of the Member State) to which we are subject.
6.4 Right of portability
If we process your personal data on the basis of a contract or your consent, you can ask us to transfer all your personal data to you or to transfer them to another data controller.
6.5 Right of objection
You have the right to object to any use of your data for marketing purposes, including profiling. You can exercise your right to object, at any time, either via the automated procedures provided for that purpose in the email sent to you or, failing that, by sending an e-mail to the following address: [email protected]
In addition, where we base the processing of your personal data on the legal basis of our legitimate interests, you may object to the processing of your data if you demonstrate that your particular situation justifies it.
6.6 Right of restriction of processing
In some cases, you may also ask us to limit the processing of your personal data.
The situations in which you may ask us to limit the processing of your personal data are as follows:
- If you challenge the accuracy of a personal data while we can verify the accuracy of that data;
- If we process your personal data unlawfully and you would prefer us to limit such processing rather than delete your personal data.
Of course, we will inform you when the limitation of processing no longer applies.
6.7 How to exercise your rights?
6.7.1 Identification. In order to help you enforce your rights, and where the context justifies it, we must take all reasonable steps to verify your identity.
To this end, where there is reasonable doubt as to your identity, we may ask you to prove your identity by providing us with additional information, including, if necessary, a photocopy of the front of your identity card.
If you do not provide us with this additional information enabling us to identify you, we are not compelled to comply with your requests to exercise your rights if we are unable to identify you.
6.7.2 When do we reply ? We undertake to get back to you as soon as possible and, at the latest, within one month of your request. We may be required to extend this period to two months in the event that your request is complex and we are faced with an excess of requests. If this happens, we will inform you of the reasons for the delay.
7. Information regarding children
We believe that it is highly important to protect the privacy of children and we encourage parents or guardians to spend time with their children to participate in and monitor their activities, including e-activities.
As a general rule, we do not intentionally gather personal information relating to children under 13 years of age. If we discover that we have inadvertently gathered information on children aged under 13 years of age, we shall take steps to delete the information as soon as possible, unless applicable law requires us to retain it.
8. Links to other websites and services
Our websites may contain links to third-party sites, and some of our services give you access to third-party services such as social networks.
We have no control over the way in which those sites and services process your data. We do not check these third-party sites and services, and we are not responsible for these third-party sites or services or their privacy protection practices. Please read the privacy statements on the third-party sites or services that you access via our sites or services.
Qualifio is not responsible legally or otherwise for the activities, privacy policies or levels of compliance of these third Parties, neither does Qualifio endorse the practices and content of any third party websites.
We implement appropriate technical and organisational measures to guarantee an adequate level of security with regard to the processing of your personal data. This level of security is established on the basis of the risks presented by the processing and the nature of the data to be protected.
We have implemented appropriate security measures to protect your personal data, in particular, against loss, theft, falsification, misuse or alteration of the information received, unauthorised disclosure or use of your personal data.
If your personal data under our control is compromised due to a security breach, we will act promptly to identify the cause of the breach and take appropriate corrective measures.
If necessary, in accordance with the applicable law, we will inform you of the incident.
10. Limitation of liability clause
Qualifio’s liability shall be restricted to direct harm, to the exclusion of any indirect loss. Qualifio can never be held liable for harm deemed to be indirect such as, without this list being exhaustive, loss of data, financial or commercial loss, loss of profits, increased general costs, or disruption of planning or scheduling.
Moreover, Qualifio cannot be held liable for any harm arising from any unlawful manipulation of the data by third parties, such as data theft, introduction of viruses, hacking or any other IT malpractices.
11. Claims and complaints
If you wish to react to any of the practices described in this Policy, please send us an e-mail to [email protected]. We shall do everything we can to follow it up as soon as possible. All complaints, claims or grievances should be submitted to Qualifio’s registered office.
If you are not satisfied with your response, you can also file a complaint to the Data Protection Authority at the following address:
Data Protection Authority
Rue de la Presse, 35
Phone + 32 2 274 48 00
Fax + 32 2 274 48 35
In addition, you always have the possibility to file a complaint before the Court of First Instance in Brussels.
For more information on complaints and possible means of redress, please consult the information available on the website of the Data Protection Authority: https://www.autoriteprotectiondonnees.be.
12. How to contact us?
If you have any questions and/or complaints regarding this policy, please do not hesitate to contact us :
Place de l’Université 25,
13. Applicable law and competent courts
These provisions are to be governed, interpreted and fulfilled in accordance with the laws of Belgium. Belgian law alone shall apply in the event of disputes.
All disputes that cannot be settled amicably within a time limit of one month from their occurrence, unless this limit is extended by mutual agreement, may be brought by either party before the French language courts of the Walloon Brabant region (Belgium). Those courts alone shall have jurisdiction.
14. Effective date and modification
This policy was created and brought into force on November 10, 2020.