Privacy Policy

Privacy Law

Type of data subjects Data collected Legal grounds Use of data
Website visitor
  • First name
  • Last name
  • Email address
  • Company name
  • IP address
  • Domain
  • Browser
  • Cookies + other information analyzing surfing behavior
Consent
  • To reply to questions
  • To analyze your surfing behavior in order to improve the usability of our website
  • To follow legal requirements and to block activities that may breach our policies
Client / prospect

(employees, agents, consultants, independent contractors, former personnel)

Sales, Administration, Accounting, Marketing

  • First name
  • Last name
  • Email
  • Phone
  • Company address

App users

  • User ID
  • Customer Support
  • Other usage data
Accounting

In the context of the cooperation

Consent

Administration, marketing

In the context of the (potential) cooperation

Consent

Sales

In the context of the (potential) cooperation

Consent

App users

When using our mobile application

Consent

To follow-up on invoice related matters

 

 

For administrative and marketing purposes

 

 

For sales purposes. To follow up on sent offers/contracts

 

 

We may use the collected data for the following objectives:

  • Used for analytical purposes and app functionality
  • Linked to the user’s identity in order to be able to use the application
Client’s customers

(customers, potential new customers, former customers)

Identifying data (personal data)

  • Email
  • Phone
  • Company address

Communication data

  • Communication preferences, such as communication language, settings, channel preference, consent settings
  • Contact history, such as complaints, service requests, incident logs, inquiries via email or chat etc.)

Demographic data

  • Particular consumer habits

Contract data

  • Authentication details (username, password)
  • Payment and billing details (invoice details, payment method, payment history, etc.)
  • Commercial information on products and services
  • Account and technical information for the use of the products and services

Data subject intelligence

  • Customer DNA
We have a GDPR contract with our client. Our client has a GDPR agreement with their customer. In case we provide support to our client about our product.
Supplier
  • First name
  • Last name
  • Email
  • Phone
  • Company address
In the context of the cooperation

 

Consent

To follow up on invoice/ payment matters.

 

To schedule the agreed interventions like maintenance etc.

 

In case a problem may occur and we need assistance

Job Applicant
  • First name
  • Last name
  • Email
  • Phone
  • Work experience
In the context of an interview for potential future cooperation

Consent

In order to get to know better the job applicant and to get a clear view on his work experience

 

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The regulation is an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens.

The regulation came into force on 24 May 2016 and will apply from 25 May 2018.

Your privacy is important to us, therefore at ideal systems we make sure that your personal data is well protected.

Data confidentiality

“Confidential Information” means non-public or sensitive information. Confidential information will not include information that is:

  • already part of the public domain, other than by a breach of the agreement;
  • legitimately received from a third party respecting the requirements of confidentiality;
  • individually developed by any employees or agents of one party without use of or referral to the Confidential Information of the other party; or
  • proven to be already known to the Receiving Party at the time of revelation.

Definitions

Personal data
In case ideal systems, in the context of above mentioned cases/ context, gets in touch with personal data, below mentioned measures and regulations will be taken and respected:

  • Data will be processed lawfully, fairly and in a transparent manner in relation to the data subject
  • Data will be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Saved data will be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  • Data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Controller
The party who transfers the personal data, also known as data exporter

Processor
The party who receives the personal data from the controller, intended for processing, also known as data importer. The processor takes all the necessary measures in order to protect the personal data in accordance with the GDPR regulation.

Sub-processor
Subcontractor(s) engaged by the processor in order to process personal data on behalf of the controller and in accordance with its instructions.

Rights of the Data Subject

We would like to inform you about your rights regarding the personal data we collect or you send us.

  • The right to access
    You have the right to access your personal data. We must provide you your data within 1 month.
  • The right to correct and/or delete
    You have the right to ask us to correct inaccurate or incomplete personal data. You also have the right to ask us to delete your personal data in case it is not necessary any more for the purposes for which it was collected.
  • The right to object
    You have the right to refuse that we use your data for direct marketing purposes.
  • The right to restrict processing
    You have the right to ask us to restrict the processing of your data:

    • when you argue the correctness of the data;
    • when you disagree to the data being deleted and demand instead that it will be used in a restricted manner;
    • when we no longer need to process your personal data, but you still require it for the purposes of establishing, exercising or defending legal claims.
  • The controller has the right, after consultation with the processor, to conduct inspections or to have them carried out by an auditor.

Duties of the Processor

The processor complies with the following regulations:

  • Confidentiality: the processor assigns only employees, with the data processing outlined in this policy, who have been bound to confidentiality and are aware of the data protection regulations and measurements relevant to their work. The Processor and any person acting under its authority who has authorised access to personal data, shall not process that data unless on instructions from the Controller, unless required to do so by law.
  • The processor needs to inform the controller in case they are subject to an inspection or measures conducted by the supervisory authority.
  • In case the controller is subject to an inspection by the supervisory authority, a liability claim by a data subject,… in the context of the processing as part of the cooperation, the processor should assist and support the controller.
  • The processor will evaluate on a regular basis the internal processes and technical measures regarding the protection of your personal data.
  • In case a data breach would occur, the processor will report the data breach immediately to the controller in order that the controller is able to fulfil its legal obligations. The processor needs to document the data breach and provide this information to the controller.
  • The processor will assist the controller in its area of responsibility in the context of the occurred data breach.
  • In case the controller needs to execute a data protection impact assessment, the processor will support the controller.

Sub-processing

The processor will not subcontract any of its processing operations performed on behalf of the controller without the prior written authorization from the controller.

The subcontracting between the processor and a third party is based on a contractual agreement in accordance with the GDPR regulations.

The processor will make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the controller’s data

In case the subcontractor provides the agreed services outside the EU, the processor needs to ensure compliance with EU Data Protection Regulations by appropriate measures.

Revelation

ideal systems will not reveal personal data to a third party, except as the customer directs or as stipulated in the agreement.

If the client instructs ideal systems to transfer personal data to a third party stakeholder, the client is and remains solely responsible to enter into written agreements with such third party regarding the protection of personal data. ideal systems will not be held responsible for all losses arising from a transfer of personal data between ideal systems and the third party. Unless it has been proven that the loss of personal data is caused by ideal systems.

ideal systems represents and warrants that employees who are authorized to process personal data, have committed themselves to maintain the security and confidentiality of personal data. Therefore, ideal systems has informed its employees about the applicable requirements and will ensure their compliance with such requirements through contractual or statutory confidentiality obligations.

Retention, removal and return of personal data

ideal systems takes every technical and organizational measures needed in order to protect personal data. We have implemented the appropriate safeguards to protect personal data from unauthorized access, misuse, loss, adjustment or destruction. For example, personal information is stored in password-controlled servers with limited access. We make good faith efforts to provide the security measures necessary to keep the integrity and confidentiality of your information safe.

Personal data of our clients’ customers are not stored on our servers/files. ideal systems’ employees only may access them through the clients electronic systems.

All personal data will be saved for the time needed in order to process for the purposes for which it was collected, which may vary according to the purpose of its collection.

Personal data can be returned in a secure way.

Data breach

In case of a data breach, ideal systems will notify the affected party promptly after having discovered the data breach. Both parties agree to fully assist with an investigation and to help each other in complying with any notification requirements and procedures.

Contact details Data Controller Representative

In case you would have questions with regards to your personal data, please do contact our Data Controller Representative Noémi Van Rymenant, via email privacy@idealsystems.be

Last update: 29/07/2022