Who are we?
Thinkerbell, Blauwesteenstraat 126, 2550 Kontich, Belgium
Our website address is: www.thinkerbell.be
The public limited company Thinkerbell is the controller of your personal data and the owner of the website.
The terms used in this policy
- The terms “we”, “us” and “our” (or any other similar terms) refer to THINKERBELL NV (registered with the Crossroads Bank for Enterprises under the number 0888.070.632) and/or any other Group company.
- The term “personal data” refers to any information relating to an identified or identifiable natural person (i.e. someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more descriptors).
- The terms “you” and “your” (or any other similar terms) refer to our contacts, current and prospective clients, suppliers, employees and visitors to our website.
- Other terms shall have the meanings set out in the applicable data protection laws (in particular the General Data Protection Regulation (EU) 2016/679).
Protection of privacy
This policy applies to personal data provided to us by individuals as well as organisations. We may use personal data supplied to us for any of the purposes as set out in this policy, or as otherwise disclosed at the point of collection.
Security of your personal data
We have implemented appropriate security measures to prevent the loss, unauthorised use/access, modification or disclosure of your personal data. We have established strict confidentiality agreements (including our data protection obligations) with our external service providers.
We also have procedures to deal with any breach of personal data and will notify you and the relevant authorities where we are legally required to do so.
What data do we collect?
We collect and process the following personal data:
- Identity and contact data, specifically your name, address, telephone number, date of birth, language, marital status, passport number, employment history, education or professional background, tax status, employee number, job title and role, length of time in your job and any other personal data relating to your preferences relevant to our services.
- Financial and payment data, specifically your bank account number and any other data needed to process payments and prevent fraud, credit/debit card numbers, card security codes and all relevant billing information.
- Business information, including information provided as part of the contractual relationship between you (or your organisation) and us, or information voluntarily provided by you or your organisation.
- Profile and usage data, including your preferences for receiving our marketing information, your preferences and information concerning the use of our products and services, our social media pages and websites, as well as the services you have accessed or searched for, page load times, download errors, the duration of your visits to the site and any analyses of your behaviour on our site pages (such as scrolling, clicks and mouse-overs).
- Technical data, including information collected during your visits to our website, IP address, login data, browser type and version, device type, time zone, plug-in type and version, operating system and platform used.
- Physical access data relating to information collected during your visits to our premises.
- Sensitive personal data: where applicable, we may be required by law to collect and use sensitive personal data about you. Where we process sensitive personal data for the purposes of our business, we do so only for the purposes provided for by law.
If you provide us with information about a third party (such as a family member, employer, employees, advisers or suppliers), you must ensure that this third party is aware of how their data will be used and has given you permission to disclose the data to us for use (this authorisation also applies to our outsourced service providers). If we require personal data about individuals related to clients in order to provide certain services, we ask our clients to bring this policy to their attention.
How do we collect your personal data?
In most cases, we will collect personal data (1) from our clients or third parties acting on behalf of our clients or (2) from individuals who express an interest in attending one of our events and/or receiving communications from us. We may also collect your personal data (3) from third parties.
We may collect personal data about you in the following circumstances:
- When you purchase our products
- When you use our services
- When you offer or provide services to us
- When you communicate with us by phone, in writing, by email or other electronic means, or when you provide other information directly to us, including in conversation with our employees, consultants or external suppliers
- When you browse, complete a form, make a request or otherwise interact with our website or other online platforms
- When you attend our events or sign up to receive information from us
- When we request information from your organisation or other organisations with which you have links, such as a former employer or educational institutions
- When we make enquiries of third parties such as government agencies, credit agencies, database and information service providers, whether from publicly available records or non-public records
When we need to collect personal data by law or in order to process your instructions or perform a contract we have with you and you fail to provide said data when requested, we may not be able to carry out your instructions or perform the contract we have with you. In this case, we may have to cancel the commitment or contract with you and we will inform you directly of this cancellation.
How and on what basis will we use your personal data?
We will strive to process your personal data in the most suitable manner possible, limiting use of the data to what we deem reasonably necessary and solely for the following purposes and on the following legal bases:
- Processing is required to execute a contract to which you are a party or in order to take action at your request before entering into a contract with us:
- Quotes and information: to answer your questions or to provide you with information about our services (e.g. demos, quotes)
- Services: to provide services
- Administration: to agree payment plans and to collect amounts due to us
- Client engagement: to register you as a client in our database
- Job applicants: to process job applications
- Supplier management: to manage relationships with our suppliers (and to enable interaction regarding administration, invoicing and payments). If a supplier is helping us provide services to our clients, we will process the personal data needed to manage that relationship.
- Our legal obligations may require us to process data in the following situations:
- Compliance checks, screening and recording (e.g. money laundering, financial and credit controls, fraud and crime prevention and detection, laws on trade sanctions and embargoes)
- Record keeping: we are required, for example, to keep a record of personal data of individuals who have declined our direct marketing communications
- Compliance with accounting, tax and social security requirements
- Where you consent to the processing of your personal data, allowing us to:
- Send you general information, notify you of events we are organising or participating in, and/or provide you with information about our products and services or third-party products and services which we think may be of interest to you;
- Collect information that will enable us to improve the quality of our communications by tailoring them to you.
- Where processing is necessary for the pursuit of our legitimate interests, allowing us to:
- Manage our relationship with you, including accounting, auditing or implementing measures related to the proper development of our business relationship (e.g. identifying persons authorised to represent our clients, suppliers or service providers);
- Carry out background checks, only when such checks are necessary to prevent fraud;
- Conduct surveys (in connection with trends, market intelligence, marketing effectiveness, and so on);
- Analyse and improve our services and communications and monitor compliance with our policies and standards;
- Manage access to our premises and for security purposes;
- Ensure the security of our network and information systems;
- Prevent or detect security threats, fraud or other criminal or malicious activity;
- Fulfil insurance-related requirements;
- Exercise or defend our legal rights;
- Communicate to you the latest developments, announcements and other information about our products, services, events and initiatives (including a newsletter);
- Collect information that will enable us to improve the quality of our communications by tailoring them to you.
Who else could access your personal data?
On occasion and only when legally permitted to do so, we may share your personal data with third parties.
We share your personal data:
- With our business partners, service providers and other related third parties: to provide you with our services, we may need to share your personal data with our business partners.
We frequently use external service providers in the following areas: IT, the prevention of money laundering and terrorist financing, credit risk management and analysis and other fraud and crime checks, event management, document production, business and legal research, secretarial services, marketing, business development and facilities management.
- When required by law or regulation: please note that under certain circumstances, we may be required by law or regulation to disclose personal data, including to law enforcement authorities or in connection with legal proceedings.
International transfers of information
You have the following rights in relation to our use of your personal data:
- Right of access:You are entitled to obtain a copy of your personal data, helping you understand how and why we use your data and check that we are doing so in accordance with the law. There are, however, certain exceptions to this right, meaning that access to the data provided may be denied. This is the case, for example, if you have provided us with personal data relating to a third party or if we are prohibited by law from disclosing such information.
- Right to rectification:You have the right to request that inaccurate/incorrect personal data be rectified and any incomplete personal data completed. Please contact us using the contact details below so that we can update your personal data if they are incorrect or have been changed. We will not be liable for any losses arising from any inaccurate, false, incomplete or truncated personal data provided by you.
- Right to erasure:You may request the erasure of your personal data. This right is not absolute (e.g. we may be legally required to retain your data) and only applies in certain situations (e.g. if your personal data are no longer necessary for the purposes for which they were collected, so we no longer need to retain them, or when your personal data have been unlawfully processed).
- Right to restriction:Under certain circumstances, you have the right to restrict the processing of your personal data. This means that you can limit the way that we use your personal data where you have a particular reason justifying said restriction, e.g. if you have concerns about the information we hold or the way we process it.
- Right to portability:You are entitled to request that we provide your personal data in a structured, commonly used and machine-readable format. You may also request that we transfer your personal data to another data controller. This right to portability only applies if the legal basis for processing your personal data is consent or for the purposes of a contract, and where we process data by automated means (e.g. not including paper documents).
- Right to object:You have the absolute right to object to the processing of your personal data in the context of direct marketing campaigns. In other specific circumstances, you also have the right to object to the processing of your personal data by asking that we block, erase and restrict access to them.
- Automated individual decision-making: You have the right not to be subject to a decision, which may include an evaluation of certain personal aspects relating to you, based solely on automated processing and which would produce legal effects concerning you or which would similarly affect you significantly. This right is not absolute and only applies in certain circumstances. We will notify you personally should we make such an automated individual decision.
- Complaints:We will make every effort to amicably resolve any concerns about your privacy. If, however, you feel that we have been unable to do so, you may lodge a complaint with the competent supervisory authority either in your country of habitual residence, or where you work, or where you suspect that a violation of data protection laws has occurred (for Belgium, see https://www.dataprotectionauthority.be). You also have the right to seek remedy through the courts.
You may, at any time, exercise any of the above rights, by contacting us using the contact details provided below. In case of doubt regarding your identity, we may ask you to provide us with proof, i.e. a copy of your ID card, passport or any other valid identifying document.
Withdrawal of consent
You may, at any time, withdraw the consent you have given us to process personal data. Once we have been notified that you have withdrawn your consent, we will cease processing the data for the purposes for which you had given us your consent, unless there is another legal basis for continuing to do so.
How long do we hold your personal data?
We hold your personal data for as long as necessary to fulfil the purposes for which we collected the data, including to satisfy legal, accounting or reporting requirements and, where applicable, to defend our interests in legal proceedings, until such proceedings come to an end or the legal retention period has expired.
The usual retention period applicable to personal data whose processing is necessary for the execution of a contract is 10 years, starting from the end of the contract in question or the completion of the project.
Certain legal and regulatory exemptions may require us to hold personal data for shorter or longer periods. If you require further information, please contact us using the contact details provided below.
At the end of the applicable retention period, we will securely destroy your personal data in accordance with applicable laws and regulations.
Adres: Blauwesteenstraat 126 – 2550 Kontich (België)