Privacy Policy For Clients And Prospects

WHAT IS THE PURPOSE OF THIS PRIVACY POLICY?

We attach great importance to the protection and privacy of your personal data, which represents a guarantee of seriousness and trust.

The purpose of this Privacy Policy is precisely to demonstrate the willingness of Altavia Act to comply with the applicable rules related to personal data protection and, more particularly, to the General Data Protection Regulation ("GDPR") within all of its subsidiaries.

The Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide.

WHO DOES THIS PRIVACY POLICY APPLY TO?

The Privacy Policy applies to you, if you are at least 13 years old, regardless of your location, whether you are a customer, a potential customer (“prospect”) or even a simple visitor of www.altavia-act.com.

If you are an applicant for a position with Altavia Act, we invite you to consult the "Applicant" Privacy Policy reachable on our dedicated recruitment page.

If you are under 13 years old, you are not allowed to use our services without the prior and explicit consent of one of your parents, which must be sent to the address privacy@altavia-act.com. If you believe that we may host information about a child of yours under the age of 13 without your prior consent, you may ask us to erase it at privacy@altavia-act.com.

The policy only addresses the processing that we carry out ourselves and not the processing that may be carried out using the features of our tool by our clients. If you would like information about the data processed by our clients using these features, please contact them directly.

WHY DO WE PROCESS YOUR PERSONAL DATA ?

In the context of the services offered, we are necessarily required to process your personal data for the following purposes and legal basis:

• To let you benefit from our services (e.g. advice, creation of websites and online platforms, print management, organisation of meetings, etc.) and to respond to your requests (e.g. requests for information, complaints, etc.) on the basis of our general terms and conditions of sale, our general terms and conditions of use, and our legitimate interest in providing you with the best possible service.

• To keep you informed of our latest promotional offers and events by email, by phone and post, based on our legitimate interest to retain your loyalty and to contact you, or based on your consent if you are not already one of our customers.

• To follow us on social network and to share your opinions based on the general terms of the platform used (e.g. Facebook, Linkedin...) and our legitimate interest in editing our own page on social networks.

• To subscribe and to receive our newsletters which will inform you about all the news concerning our services based on your consent.

• To ensure and reinforce the security and quality of our services on a daily basis (e.g. statistics, data security, etc.) on the basis of our legal obligations, our general terms and conditions of sales and our legitimate interest in ensuring the proper functioning of our services.

• Finally, we may also install "cookies" on your device. For more information on the use of cookies, please consult our "Cookies Policy".

We undertake to process your data only for the purposes described above. Nevertheless, when you are voluntarily publishing content through our pages on social networks, you acknowledge that you are fully responsible for any personal information you may communicate, regardless of the nature and origin of the information provided.

WHAT PERSONAL DATA DO WE PROCESS AND FOR HOW LONG?

We have summarised the categories of personal data that we collect directly from you or via databases of potential customers, and their respective retention periods.

If you want more details about the retention periods, you can contact us at privacy@altavia-act.com.

• Professional identification and contact data (e.g. surname, first name, personal or professional email address, etc.) stored for the duration of the provision of the service plus the legal limitation periods, which are generally 10 years.

• Only when there is a confusion between your name and the name of your company (e.g. auto-entrepreneurs, SMEs, etc.), economic and financial data (e.g. bank account number, verification code, etc.) stored for the period of the transaction and for the management of the invoicing and payments, plus the legal limitation periods, which are generally 5 to 10 years.

• Marketing, direct marketing and newsletter subscription data (e.g. email address, etc.) stored for a maximum period of 10 years from the last contact we had with you.

• Login data (e.g. logs, IP address, etc.) retained for a period of 1 year.

At the end of the retention periods summarised above, we erase all your personal data to ensure your privacy for future years.

The erasure of your personal data is irreversible and we will no longer be able to communicate it to you after this period. After such erasure, we may only keep anonymous data for statistical purposes.

Please also note that in the event of a dispute, we have the obligation to retain all data we have from you during the case even if the retention periods described previously have expired.

WHAT RIGHTS DO YOU HAVE TO CONTROL THE USE OF YOUR PERSONAL DATA?

The applicable data protection regulations grant you specific rights that you can exercise, at any time and free of charge, to control the use we make of your personal data.

• The right of access to your personal data and to obtain a copy, provided that this request does not conflict with business secrecy, confidentiality or the secrecy of correspondence.

• The right to rectification of inaccurate, obsolete or incomplete personal data.

• The right to object to processing of your personal data for direct marketing purposes.

• The right to obtain the erasure ("right to be forgotten") of your personal data that is not essential to the proper functioning of our services.

• The right to restriction of processing your personal data, which allows you to freeze the use of your data in the event of a dispute over the lawfulness of a processing operation.

• The right to your personal data portability which allows you to transfer some of your personal data from one information system to another.

• The right to give instructions on the fate of your personal data in the event of your death. You can give instructions directly by you or through a trusted third party or a beneficiary.

To be taken into account, the request has to be made directly by you at privacy@altavia-act.com. Any request not made by this means cannot be processed.

Requests may not be made by anyone other than you. Only in this case may we ask you to provide proof of identity if there is any doubt about the identity of the applicant.

We will respond to your request as quickly as possible, up to a maximum of three months from receipt, if the request is technically complex or if we receive many requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.

WHO CAN ACCESS YOUR PERSONAL DATA?

We only share your data with duly authorized persons to perform our services. This may include our staff in charge of the performance of our services, accounting, marketing or even the security of our offices.

We may also share your data with public authorities, external advisors and practitioners, service providers and possibly business partners.

HOW DO WE PROTECT YOUR PERSONAL DATA?

We implement all the technical and organisational measures required to guarantee the security of your data on a daily basis and, in particular, to struggle against risks of destruction, loss, alteration or unauthorised disclosure of your data.

For example, our team's passwords are complex and changed frequently. In addition, their computers have the latest antivirus and firewall and your data has backups renewed regularly.

CAN YOUR PERSONAL DATA BE TRANSFERRED OUTSIDE THE EUROPEAN UNION?

To let you use our services, we have no choice but to transfer some of your personal data to partners located outside the European Union.

Obviously, we scrupulously ensure that they implement the appropriate guarantees to ensure the confidentiality and protection of your personal data.

WHO CAN YOU CONTACT FOR MORE INFORMATION?

Our Data Protection Officer (“DPO”) is always at your disposal to give you a detailed explanation of how we process your personal data and to answer your questions on this subject at the following address privacy@altavia-act.com.

HOW CAN YOU CONTACT THE BELGIAN SUPERVISORY AUTHORITY  (THE “DPA”)?

You may at any time contact the Belgian Supervisory Authority for personal data protection (the "Data Protection Authority" or "DPA") at the following address: contact@apd-gba.be, or by phone on +32 (0)2 274 48 00, or via the forms available on the DPA website: https://www.dataprotectionauthority.be/citizen.

Can the policy be modified?

We may modify our Privacy Policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future. You will of course be informed of any modification of this Privacy Policy.