If you have a question about privacy you should contact us by emailing us at firstname.lastname@example.org.
Capitalised words are defined in the General Terms and Conditions and have the same meaning in this Appendix as in the General Terms and Conditions.
Processing refers to any operation relating to personal data which enables a natural person to be identified, either directly or indirectly; such as collecting, recording, organising, structuring, storing, updating or amending, retrieving, consulting, using, making available, aligning or combining, blocking, erasing or destroying data.
Fairtual undertakes to process the personal data of Users in a legal, correct and transparent manner. In this Privacy Statement, Fairtual explains what personal data is processed and for what purposes, what rights the User has to safeguard and possibly improve his/her privacy.
The Website: the website, which can be found at the URL https://virtualfair.be.
the Regulation: the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also referred to as the “General Data Protection Regulation” or “GDPR”)
Personal data: any information on an identified or identifiable natural person. For example: name, address, family composition, evaluations, testimonials, etc.
Processing: (the whole of) processing(s) of personal data. For example: storage, collection, modification, retrieval, consultation, use, transmission, dissemination, transmission, deletion, destruction, etc.
Controller: the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Data subject: the identified or identifiable natural person to whom the processed data relate.
This Policy applies to the processing of the personal data of the Users of the Website, in particular:
⦁ persons who visit the Website;
⦁ persons who fill in the contact form.
These persons shall together be referred to as the “Data Subjects” and each individually as a “Data Subject”.
The controller, the data protection officer and the processor
⦁ The Controller:
Fairtual Technologies BV, whose registered office is at Cathilleweg 88, 8490 Jabbeke, registered with the Crossroads Bank for Enterprises under the number BE0899.916.411 (hereinafter referred to as “Fairtual”) is responsible for the processing of personal data that it carries out in the context of its activities;
⦁ The Data Protection Officer:
The data and privacy protection officer at Fairtual can be contacted using the following contact details:
⦁ Name: Mike Thevissen
⦁ tel: + 32 (0)472 75 66 22
⦁ E-Mail: email@example.com
Purpose of processing
Fairtual processes personal data as part of the use of its Website. Personal data is used for the following purposes:
⦁ Contacts with Users who are companies or act in a professional capacity (customers or prospects): the personal data is necessary for the correct preparation and execution of the contract concluded with Fairtual. For the conclusion of the contract, Fairtual must have the necessary personal data in order to be able to provide the agreed services;
⦁ Suppliers with whom Fairtual is in contact: the personal data is necessary in order to correctly prepare and execute the contract concluded with Fairtual;
⦁ Any legitimate interest of the Controller;
⦁ Be able to fulfil the request of the User who fills in the contact form (consent).
All personal data collected are processed administratively and possibly later for accounting purposes.
What personal data are collected?
Directly collected information
⦁ Information relating to the data subject: Surname – First name
⦁ Information to contact the Data Subject: telephone number – e-mail address
If the Data Subject makes himself known via the Website (by filling in the contact form), his data will be stored in the database. By registering and/or identifying, the Data Subject gives express consent to be included in the database.
What the Complainant says
If the Data Subject contacts Fairtual by telephone, Fairtual may record his/her identity (surname and first name) and telephone number in order to build up a contact list and to see who uses the service.
Categories of personal data processed
⦁ Identity information
⦁ Contact information
⦁ All the data, documents and media made available to Fairtual by the data subject
Who receives the personal data?
The Controller may transfer the Personal Data of the Data Subject to the following recipients:
⦁ ICT service providers;
⦁ Accountant – bookkeeper;
⦁ Subcontractors who are affiliated with the Controller, such as a designer or programmer.
The Personal Data of the Data Subject will in principle not be transferred to a country that is not part of the European Economic Area.
Fairtual shall process this personal data in accordance with the purposes specified in the section “Data Processing”. Only those employees within the Fairtual organisation who need this personal data in order to perform their duties will be able to consult it.
How long are personal data kept?
The Controller shall store the Personal Data of the Data Subject:
⦁ As long as necessary to fulfil the purposes set out in Article Data Processing;
⦁ As long as necessary to delete the personal data after the retention periods provided for in the regulations have expired;
⦁ As long as necessary to fulfil obligations arising from a legal text, other regulations or agreements concluded by Fairtual, or imposed by a government.
What rights can the data subject exercise?
Right to object
If personal data are processed on the basis of the Data Subject’s consent (see section ‘Who does this policy apply to?’), the Data Subject may withdraw this consent at any time.
If the Data Subject wishes to exercise one or more of the rights set out below, he/she should contact Fairtual’s Data Protection Officer using the contact details set out in clause ‘The Controller and the Data Protection Officer’.
Right of inspection
The Data Subject shall have the right to obtain from Fairtual a decision as to whether or not personal data relating to him/her are being processed and, if necessary, to have access to the personal data concerned and the following information:
⦁ the processing purposes;
⦁ the relevant categories of personal data;
⦁ the recipients or categories of recipients to whom personal data are disclosed;
⦁ if possible, the period for which the personal data is expected to be
⦁ be stored, or if not possible, the criteria for determining that period;
⦁ that the Data Subject has the right to request Fairtual that personal data be deleted from the database
⦁ erased or corrected, or that the processing is restricted;
⦁ that the Data Subject has the right to lodge a complaint with the Data Protection Authority;
⦁ all available information on the source of the data, in the event that the
⦁ personal data are not collected from the Data Subject himself;
⦁ the existence, where applicable, of purely automated decision-making, including profiling, and, where applicable, useful information about the underlying logic, significance and expected consequences of the automated decision-making.
Fairtual shall, upon the express request of the Data Subject, provide, within a reasonable time, the most complete possible overview of the personal data and/or information requested above. The Data Subject has the right to obtain a copy of the requested information free of charge.
If the Data Subject makes his/her request electronically, Fairtual may provide the information by electronic means, such as e-mail.
Fairtual guarantees that the Data Subject, through his/her account as a registered User, has full access to his/her data and can modify, amend, correct or delete such data at any time.
Right of improvement
The Data Subject has the right to have incorrect, inappropriate or outdated personal data removed or corrected. If the Data Subject believes that information stored by Fairtual is incomplete, incorrect, inappropriate or out of date, he/she should contact Fairtual’s Data Protection Officer using the contact details set out in Article 4.
Fairtual garandeert dat de betrokkene, via zijn/haar account als geregistreerde Gebruiker, volledige toegang heeft tot zijn/haar gegevens en deze te allen tijde kan wijzigen, aanpassen, corrigeren of wissen.
Right to erasure of data
The Data Subject has the right to obtain the erasure of certain personal data if one of the following applies:
⦁ the personal data are no longer necessary for the purposes for which they were collected or processed;
⦁ the Data Subject withdraws the consent on which the processing is based, and there is no other legal basis for the processing;
⦁ the Data Subject objects to the processing in accordance with this Policy;
⦁ the personal data have been unlawfully processed;
⦁ personal data must be deleted in order to comply with a legal obligation incumbent on Fairtual.
Fairtual is obliged to delete personal data without unreasonable delay when one of the above cases applies. Fairtual guarantees that the person concerned, through his/her account as a registered User, has full access to his/her data and can modify, amend, correct or delete it at any time.
Right to restriction of processing
The Data Subject has the right to obtain the restriction of the processing of his personal data in certain cases. The following conditions must apply:
⦁ If the stored personal data is not correct, for the period of time necessary for Fairtual to verify the correctness of the personal data and, if necessary, to correct it;
⦁ the processing of personal data is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use;
⦁ Fairtual no longer needs the data for the processing purposes for which the data was stored, but in the context of legal proceedings, for the protection of natural or legal persons or for important reasons of public interest.
Where the processing of personal data has been restricted, Fairtual may continue to store personal data but may not process personal data without the prior consent of the Data Subject.
Fairtual garandeert dat de betrokkene, via zijn account als geregistreerde Gebruiker, volledige toegang heeft tot zijn/haar gegevens en deze te allen tijde kan wijzigen, aanpassen, corrigeren of wissen.
Right to portability of personal data
Subject to the rights and freedoms of third parties and to the restrictions provided for in the Regulation, the Data Subject has the right to obtain the personal data relating to him/her that he/she has provided to Fairtual in a structured, accessible and machine-readable form.
The Data Subject has the right to transfer this data himself to another controller or to request that the personal data be transferred directly by Fairtual to another controller.
Refusal of automated processing and decision making
The data processing and processes are not automated or without human intervention. Nevertheless, the Data Subject may object to the automated processing of his/her personal data if this processing affects him/her significantly.
The following exception applies here, which must be assessed on a case-by-case basis:
⦁ the automated processing is permitted by a legal provision applicable to Fairtual, which also provides for the necessary measures to protect the rights, freedoms and interests of the Data Subject.
The Data Subject also has the right to object to the processing of personal data relating to him in the cases provided for by law or other regulatory texts.
The Data Subject may exercise these rights by making a request to, or contacting, the Data Protection Officer at Fairtual, as mentioned above.
The Data Protection Officer will take the necessary measures to verify the identity of the Data Subject making the request.
The Data Subject also has the right to lodge a complaint with the supervisory authority. In Belgium, since 25 May 2018, this is the Data Protection Authority (formerly the Commission for the Protection of Privacy): see https://www.gegevensbeschermingsautoriteit.be.
What security measures are taken?
As personal data is processed, Fairtual guarantees its confidentiality, integrity and availability at all times. Fairtual maintains a high level of security for the processing and storage of data.
The main principles applied by Fairtual are:
1. Definition of information security roles and responsibilities to ensure that all security activities are carried out.
2. All required documentation, such as policies, standards, procedures and guidelines, is in place to support security. This documentation is reviewed regularly.
3. Fairtual uses a risk-based approach to identify the necessary technical and other security controls. This ensures that the right priorities are set and only efficient and effective security controls are selected and implemented.
4. Fairtual is committed to ensuring that employees throughout the organisation are aware of the importance of information security and data protection and integrates this through regular training and exercises.
5. Fairtual has identity and access controls in place to protect information from unauthorised access, modification or deletion, whether caused intentionally or not.
6. Fairtual has implemented physical controls to ensure fire and theft prevention and access control for its premises.
7. Cyber protection controls have been installed. The applications and technology platforms are designed, configured, maintained and evaluated according to recognised security criteria, such as vulnerabilities and threats are continuously monitored.
8. A Business Continuity programme has been installed to ensure continuity in case of failures or disasters and to restore business processes. During the activation of this programme, the information security principles remain in force.
9. The information security policy and its implementation are regularly reviewed.