1 Who is responsible for the data processing?
The Privacy Act draws a distinction between a ‘data controller’ and a ‘data processor’. We provide you with a clear notice of this distinction, as this is extremely important to avoid some ambiguity about responsibilities.
1.1 Data controller
The data controller is every natural person and/or legal entity that determines the purposes and the means (legal and technical) of the processing of personal data. This determination can be done alone or jointly with others.
The data controller is identifiable as:
P/O Box: 33 3500 Hasselt ( Belgium )
Company number: BE 0506.735.522 (Belgium)
1.2 Data processors
Mystique uses a number of online data processors that collect, store and process your data. These data processors are natural persons or legal entities that process the personal data on behalf of the data controller Mystique. The natural persons who, under the direct authority of the party responsible for the processing, are authorised to process the data do not fall within this category.
We have carefully selected these processors.. The selected processors offer notably all the adequate guarantees with regard to technical and organizational security measures regarding the processing of your personal data. They also satisfy all the other requirements of Article 16, §1 Privacy Act.
The controller is not responsible for any loss or corruption of personal data, identity theft, data theft, viruses or Trojans, SQL injections or other attacks on computer systems or online cloud portals. The processors have gained professional expertise in their domain and decide therefore in an autonomous manner over the most technically appropriate application to process the data. The data controller is not expected to have the same expertise and specialty.
2 What information do we collect about you?
We may collect, store and use the following kinds of personal information:
· Information about your computer such as hardware and software, and about your visits to and use of this website (including your IP address, geographical location, operating system and browser type).
· Information that you provide to us for the purpose of registration. The collected information includes personal contact information, such as your name, company name and email address, selected password, etc. In addition, we also require certain financial information that will be managed by our payment providers.
· Any other information arising from communications with the User, such as support, inquiries and FAQ.
The collection of personal data may be more extensive dependant on whether the user makes intensive use of the website or relies on certain services.
The website also collects anonymous data, this is corresponding technical data that is used solely for internal purposes to get information on user navigation. Since these data are not used to identify users, they do fall outside this Privacy Statement.
3 The purposes of data processing.
We process your personal information for an overarching goal: we want to offer you the best-personalised experience when visiting our website.
1) The information we collect about you is primarily processed to help us ensure the proper technical functioning of the website and to provide you access to the application in a secure, effective and user-related manner. Our aim is to provide you with the best possible service by better understanding how you access and use our website and services. This information allows us improve and respond to your wishes, questions and criticism.
2) We may use your personal information to tailor the content we send or display to you, to offer personalized help and instructions, and to otherwise personalize your experiences while using the website or our services. That way we can offer a personalized service.
3) We may also use your information internally for marketing and promotional purposes. For example, we may use it to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. The User can always unsubscribe from such e-mails.
The way we offer you the application and its related services remains subject of constant changes as we are still evolving. It is therefore important that you give us permission to use your personal information in a manner that allows us to develop new innovative features and services. These new developments remain within our original objectives.
4 How long will we hold your data?
We only process your personal information as long as necessary. We do keep a record of your data as long as your account is active, or if your personal data is necessary to offer you a particular service. We promise to delete your personal data as soon as this data is no longer required for the aforementioned purposes. The deletion is comparable to deleting files on your computer using the ‘trash bin’, allowing us to recover the data to a certain extent for some time.
5 Do we share your information?
We, at Mystique, consider mutual confidence very important. That’s why we would like to ensure you that we process your personal information only for internal use. We neither rent nor sell your personal information or those of your visitors in personally identifiable form to anyone but the trusted and reputable third party processors listed hereunder.
To help us deliver our Service, we use various third party apps:
We want to make sure our website is optimal and for that we need analytics and insight. We use the following third-party web analytics services to help us understand your usage of our website and services and improve your user experience:
· Google Analytics
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. At no point Google stores personal information, it only stores anonymous data such as connection time, device used, location...
We carefully select external service providers and review them regularly to ensure that your privacy is preserved. All such third party processors are contractually bound by us to keep your information confidential. All information provided to third party processors is used by them only to carry out the service they are providing for us.
We will not transfer your data to any other third parties without letting you know in advance or asking for your prior permission. We may only transfer your data to other third parties without informing you separately beforehand in the exceptional cases legally provided in the Privacy Act, notably when such transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims.
6 My rights as a data subject?
Each user can be assured that his personal data will be processed in a fair and lawfully manner. This means that the data will only be processed for the above explicit and legitimate purposes. Mystique also ensures that the personal data are always adequate, relevant and not excessive in relation to the purposes for which they are processed.
6.1 Right to access
The user shall exercise his right through a signed, written request to Mystique, by post or e-mail to email@example.com. Mystique undertakes the appropriate action following a request within 15 days.
6.2 Right to correct
Mystique attaches a great importance to an accurate data collection. Inaccurate or incomplete personal data can therefore always be improved or even obliterated. For it is impossible for us to be on a continuous basis aware of any mistakes, incompleteness or falseness of your personal data, it is up to the user to report inaccuracies or omissions and to perform the necessary adjustments where possible.
If your personal actions seem not enough, feel free to contact us using a signed, written request directed at firstname.lastname@example.org. Mystique performs the necessary actions within 15 days by making additions, correcting or deleting the personal data. The removal is mainly related to the visibility, so it is possible that the deleted personal data remains temporarily stored.
6.3 Right to object
Each user can oppose the processing of his personal data. This right to object exists only if there are sufficient legitimate and weighty grounds relating to his particular situation. The exceptions provided in the Privacy Act are also applicable to this right of objection. You may at any time, free of charge and without further ado oppose the proposed processing of your personal data if those data were obtained for the purpose of direct marketing.
You are also entitled to obtain the removal and/or the ban on the use of all your personal data which have been obtained and which are incomplete or irrelevant, regarded from the view of the purpose of the processing. This is also applicable to any personal data of which the registration, disclosure, and retention are prohibited, or personal data preserved after expiry of the authorized period. This right can be used at any time, free of charge and without further justification.
You shall exercise this right through a signed, written request to Mystique, by post or e-mail to email@example.com. Mystique undertakes the appropriate action following a request within 15 days.
© 2017 theJurists – Intellectual Property and IT Law. (http://www.ictrecht.be). The information presented is protected by copyright law. This means that the information may not be reproduced or transmitted without prior written consent of theJurists (firstname.lastname@example.org). All applicable intellectual property rights are thus preserved.