This Charter has been drawn up by the private limited liability company (“société privée à responsabilité limitée” abbreviated into “SPRL”) AUSTIN BRIGHT, with registered office located at 1000 Brussels, avenue du Port, 86C, registered in the Crossroads Bank of Enterprises under No. 0600.938.952 (hereinafter the “Controller”).
The purpose of this Charter is to inform the Users of website www.austinbright.com about how data are collected and processed by the Controller.
The term “User” refers to any user, i.e., any natural person who consults the website or its content, registers via any form available on the website, communicates with the Data Controller via the various contact forms or enters into a contract with the Controller.
This Charter addresses the wish of the Controller to act in a fully transparent manner in accordance with the law of 8 December 1992 on the protection of privacy with regard to the processing of personal data and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “General Data Protection Regulation”).
The Controller shall pay particular attention to protecting the privacy of its Users and agrees, consequently, to take the required reasonable precautions to protect the personal data that have been collected against loss, theft, disclosure or unauthorised use.
If the User wishes to react to one of the practices described below, he may contact the Controller at the address indicated under the “contact data” section of this Charter.
In accessing and using the website, the User declares that he has read the information described below, agrees with this Charter and expressly consents to the Controller collecting and processing, in accordance with the terms and conditions and principles described in this Charter, his personal data, which he communicates via the website and/or within the framework of services proposed, for the purposes described below.
The User may withdraw his consent at any time. Withdrawal of consent shall not compromise the lawfulness of the processing performed on the basis of the previously granted consent.
In visiting and using the website, the User expressly consents to the Controller collecting and processing, in accordance with the terms and conditions and principles described below, the following personal data:
His domain (detected automatically by the sever of the Controller), including the dynamic IP address;
His email address if the User has previously disclosed it in any way whatsoever, including by communicating with the Controller by email or by communicating it via the website of the Controller, etc.
All of the information relating to the pages that the User has consulted on the website;
Any information that the User has given freely, including his surname and first name, home address and/or professional address, telephone number, email address, geo-location, age and sex, etc.
The Controller may also have to collect non-personal data. These data are regarded as non-personal data, as they do not allow for a specific natural person to be identified directly or indirectly. They may henceforth be used for any purposes whatsoever, for example, to improve the website, the products and services proposed or the advertising of the Controller.
In the event that non-personal data were to be combined with personal data, with the effect that it would be possible to identify the relevant persons, these data shall be regarded as personal data until such time as they can no longer be associated with a specific natural person.
The Controller shall collect the personal data via:
Any data entered manually by the User via the contact form or other data collection forms present on the website;
The receipt of emails;
Orally, primarily by telephone.
Purposes of the processing
The personal data shall be collected and processed solely for the purposes listed below:
Managing and controlling performance of the services proposed;
Sending promotional information (via newsletters) about the services of the Controller;
Answering the User’s questions;
Improving the quality of the website and the services proposed by the Controller;
Transmitting information about new services proposed by the Controller;
Better identifying the areas of interest of the User,
Enabling invoices to be sent and payments for services to be settled.
The Controller may have to process data for purposes not yet provided for in this Charter. In such cases, the Controller shall contact the User prior to re-using his personal data in order to notify him of the changes and to give him to option, where necessary, to refuse this re-use.
Period of retention
The Controller shall only retain the personal data for a period of time that is reasonably needed for the purposes pursued and in accordance with the legal and regulatory requirements.
The personal data of a User shall be retained for a maximum of 2 years after the end of the contractual relationship between him and the Controller or the last update of the User’s data. However, the Controller reserves the right to retain, for a period of 10 years after its establishment, any document of an accounting nature, such as invoices, which may contain personal data. In such cases, the data contained in these documents shall not be re-used by the Controller.
Shorter retention periods shall apply to certain data categories, such as traffic data, which shall only be retained for 12 months.
At the end of the retention period, the Controller shall take all steps to ensure that the personal data are rendered unavailable.
Access to data and copies
Subject to a dated and signed written request sent to the Controller at the address mentioned in the “contact data” section of this Charter, the User may, after proving his identity (by appending a copy of his identity card), obtain free-of-charge a written declaration or a copy of the personal data relating to him that have been collected.
The Controller may require the payment of reasonable fees based on the administrative costs for any additional copy requested by the User.
When the User submits this request electronically, as stipulated in the “contact data” section of this Charter, the information shall be provided in a commonly used electronic format, unless the User requests otherwise.
The copy of his data shall be communicated to the User at the latest one month after receipt of the request.
Right of rectification
Subject to a dated and signed written request sent to the Controller at the address mentioned in the “contact data” section of this Charter, the User may, after proving his identity (by appending a copy of his identity card), obtain free-of-charge, as soon as possible and at the latest within one month, the rectification of the personal data that the User claims are inaccurate, incomplete or irrelevant, and complete the data if the latter turn out to be incomplete.
Right of objection
Subject to a dated and signed written request sent to the Controller at the address mentioned in the “contact data” section of this Charter, the User may, at any time, for reasons relating to his personal situation and after proving his identity (by appending a copy of his identity card), object to the processing of his personal data, except when:
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
The processing is necessary for the purposes of the legitimate interests of the Controller or of a third party, unless the interests or fundamental freedoms and rights of the data subject take precedence and require the protection of their personal data (particularly when the data subject is a child).
The Controller may refuse to agree to the User’s right to object where it proves the existence of overriding and legitimate reasons justifying the processing, which take precedence over the interests or rights and freedoms of the User, or in order to establish, exercise or defend a legal claim. In the event of a dispute, the User may lodge an appeal in accordance with the “complaints and grievances” section of this Charter.
Subject to a dated and signed written request sent to the Controller at the address mentioned in the “contact data” section of this Charter, the User may, at any time and after proving his identity (by appending a copy of his identity card), object, without justification and free of charge, to the processing of his personal data when his data are collected for direct marketing purposes (including for profiling).
When personal data are processed for scientific or historic purposes or for statistical purposes pursuant to the General Data Protection Regulation, the User shall be entitled to object, for reasons relating to his personal situation, to the processing of his personal data, unless the processing is necessary for the performance of a public interest mission.
The Controller shall respond to the User’s request as soon as possible and, at the latest, within one month and justify its response when it intends not to accede to such a request.
Right to restriction of processing
Subject to a dated and signed written request sent to the Controller at the address mentioned in the “contact data” section of this Charter, the User may, after proving his identity (by appending a copy of his identity card), obtain restriction of processing of his personal data in the cases listed below:
When the User contests the accuracy of a data item and only for the period enabling the Controller to verify this data item;
When the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
When the controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
While the substance of an objection filed by the User is being examined, in other words pending verification by the Controller of whether its legitimate grounds override those of the User.
The Controller shall notify the User when the restriction of processing has been lifted.
Right to erasure (right to be forgotten)
Subject to a dated and signed written request sent to the Controller at the address mentioned in the “contact data” section of this Charter, the User may, after proving his identity (by appending a copy of his identity card), obtain the erasure of his personal data where one of the following grounds applies:
The personal data are no longer necessary in relation to the purposes for which they were processed;
The User withdraws his consent to the processing of his data and where there is no other legal ground for the processing;
The User objects to the processing and there are no overriding legitimate grounds for the processing and/or the User exercises his specific right of objection to the processing of his data for direct marketing purposes (including profiling);
The personal data have been unlawfully processed;
The personal data have to be erased for compliance with a legal obligation (in Union or Member State law) to which the Controller is subject;
The Controller may object to the erasure of the personal data in the cases foreseen in the General Data Protection Regulation and by any legal standard applicable at the time of the data erasure request.
The Controller shall respond to the User’s request as soon as possible and, at the latest, within one month and justify its response when it intends not to accede to such a request.
The User shall also be entitled, subject to the same terms and conditions, to obtain free of charge the erasure or the complete ban on the use of any of his personal data that, in light of the purpose of the processing, he claims to be incomplete or irrelevant or whose recording, communication or retention he claims to be prohibited or which have been retained for longer than necessary or authorised.
Right to data portability
Subject to a dated and signed written request sent to the Controller at the address mentioned in the “contact data” section of this Charter and after proving his identity (by appending a copy of his identity card), the User may, at any time, ask to receive, free of charge, his personal data in a structured, commonly used and machine-readable format with a view to transmitting them to another Controller where:
The processing is carried out by automated means; and where
The processing is based on the consent of the User or on a contract concluded by the latter and the Controller.
Subject to the same terms and conditions, the User shall have the right to have the personal data transmitted directly from one Controller to another, where technically feasible.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Recipients of the data and disclosure to third parties
The recipients of data collected and processed shall, in addition to the Controller, be its agents or other processors, its carefully chosen commercial partners located in Belgium or in the European Union, and which jointly provide services with the Controller.
The Controller agrees to comply with all of the ad hoc provisions of the European Regulation on the protection of personal data when it uses the services of a processor, and shall invite the processor to:
Process the data solely for the purpose(s) of the processing,
Process the data in accordance with the documented instructions of the Controller,
Guarantee the confidentiality of the personal data processed within the framework of the agreement between it and the Controller,
Notify the Controller of any personal data breach within 48 hours of becoming aware of said breach,
Agree to take various suitable security measures bearing in mind the objective sought.
Should the data be disclosed to third parties for direct marketing purposes other than those for which the data have been communicated by the User to the Controller, the User shall be notified thereof in advance so as to be able to choose whether or not to accept this processing of his data by third parties.
Subject to a dated and signed written request sent to the Data Controller at the address mentioned in the “contact data” section of this Charter, the User may, at any time, and after proving his identity (by appending a copy of his identity card), object, free of charge, to the transmission of his data to third parties.
The Controller shall comply with the applicable legal and regulatory provisions and shall ensure at all times that its partners, agents, processors or other third parties that have access to these personal data comply with this Charter.
The Controller reserves the right to disclose the User’s personal data in the event that a law, court proceedings or an order by a public authority make such a disclosure necessary.
All data transfers outside the European Union shall take place with co-contractors that comply with the requirements of the European Regulation on the protection of personal data.
Use and management of cookies
This cookie management policy shall apply to AUSTIN BRIGHT. Cookies shall be managed by the Controller.
If the User wishes to personalise his cookie management, he must change his browser settings. He will find additional information about this in the “cookie management” section of this provision.
In browsing the website, the User expressly agrees to the cookie management policy described below.
Definition of cookies A “cookie” is a data or text file that the server of an application or a website saves temporarily or permanently on the User’s device (computer hard drive, tablet, smartphone or any other similar device) via his browser. Cookies can also be installed by third parties with whom the Controller works.
Cookies contain certain items of information, such as the language preferences of the Users. Other cookies collect statistics about the Users or ensure that the graphics are displayed correctly and the applications operate smoothly. Others are used to tailor the content and/or the advertising of an application or a website to the User.
Essential or technical cookies: these are cookies that are essential to the operation of the website, allow for smooth communication and are designed to make browsing easier;
Statistical or analytical cookies: these cookies serve to recognise and count the number of visitors and to observe their browser behaviour when they use and browse this website. This helps to improve the User’s browsing and enables him to find what he is looking for more easily;
Functional cookies: these cookies serve to activate specific features on the website in order to enhance user-friendliness and user experience, for example by remembering his preferences (for example, his language preferences);
Performance cookies: these cookies collect information relating to the way in which visitors use the website. They serve to evaluate and improve the content and performance of the website (for example, by counting the number of visitors, by identifying the most popular pages or clicks), and to better match the commercial offers with the personal preferences of the User;
Advertising or commercial cookies: these are files designed to collect data relating to the profile of the Users and likely to be installed or read by third parties with which the Controller works in order to measure the effectiveness of an advert or a web page and better tailor it to the areas of interest of the User;
Tracking cookies: AUSTIN BRIGHT uses tracking cookies via Google Analytics and Facebook Analytics so as to help the Controller measure the ways in which the Users interact with the website content. They generate the website visit statistics completely anonymously. These statistics allow for the website to be improved on a continuous basis and relevant content to be offered to the User. The Controller uses Google Analytics and Facebook Analytics to obtain an overview of website traffic, the source of this traffic and the pages visited. This means that Google and Facebook act as processors. The information collected by Google Analytics and Facebook Analytics is generated as anonymously as possible. For example, it is not possible to identify the individuals that visit the website. For more information, the User is invited to consult Google’s data protection policy, which is available at the following address: http://www.google.nl/intl/en_uk/policies/privacy/ and Facebook’s data protection policy, which is available at the following address: https://www.facebook.com/policies/cookies/.
A web beacon is an invisible image file that monitors the browsing of the User on one or more websites and/or applications. Other commercial cookies may also be installed by advertisers when their advert is disseminated.
Commercial cookies do not contain any personal data. The information collected by the commercial cookies and web beacons are used to measure the effectiveness of the advertisement and better personalise advertising on the website and on other websites belonging to the advertising network or to which the Controller provides advertising services.
The retention period for cookies varies according to the type of cookie: essential cookies are usually retained until the browser is closed, while functional cookies remain valid for one year and performance cookies for four years.
Cookie management Most browsers are configured to automatically accept cookies, but all allow the User to personalise the settings according to his preferences.
If the User does not want the website to place cookies on his mobile device, he can easily manage them or erase them by changing his browser settings. The User can also programme his browser so that it sends him a message when he receives a cookie and he can decide whether to accept it or not.
If the User wants to block and/or manage certain cookies, he can do so by following the link for his browser:
Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies Chrome: https://support.google.com/accounts/answer/61416?hl=en Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-... Safari: http://support.apple.com/kb/PH5042
If the User deactivates certain cookies, it is possible that it may not be possible, or only partially possible, to consult and/or use some parts of the website.
The Controller shall take the appropriate technical and organisational measures to guarantee a level of data collection and processing security that is proportionate to the risks posed by the processing and the type of data to be protected. It shall take account of the state-of-the-art, the implementation costs, the nature, scope, context and purposes of the processing, as well as the risks to the rights and freedoms of the Users.
The Controller shall always use encryption technology that is regarded as state of the art in the IT sector when it transfers or receives data on the website.
The Controller has implemented appropriate security measures to protect and prevent the loss, misuse or corruption of the information received by the website.
Communications by post, email or telephone
Communications by post. If the User communicates his address to the Controller via the website, his data are saved in the controller’s address file in order to respond to its request and to keep him informed of the services offered by the controller and to process the request of the User or any other further actions in respect of their pre-contractual or contractual relationship. Except where the User objects, the Controller may also communicate data concerning the User to third parties (such as groups of companies and commercial partners) in order to propose his profile to third party companies or for direct marketing purposes. If the User does not want his data to be used for these purposes, he may, at any time, notify the Controller at the address mentioned in the “contact data” section of this Charter, stating his name and full address (which must be correctly spelt).
The User may, at any time, consult, correct or have his data erased from the Controller’s file. To do this, he must contact the Controller at the address mentioned in the “contact data” section of this Charter, stating his name and full address (which must be correctly spelt). The Controller agrees to erase his data from the list that it shares with other companies or organisations.
Communication by telephone. If the User communicates his telephone number to the Controller via the website, he may receive a phone call from:
The Controller in order to communicate to him information about its services or forthcoming events:
Groups of companies and commercial partners with which the Controller has a contractual relationship.
If the User does not want, or no longer wants, to receive such telephone calls, he may contact the Controller at the address mentioned in the “contact data” section of this Charter, stating his name and full address (which must be correctly spelt). The Controller agrees to erase his data from the list that it shares with other companies or organisations.
If the User communicates his mobile phone number to the Controller via the website, he will only receive (SMS/MMS) messages from the controller that are necessary in order to respond to his questions.
Communication via email. If the User communicates his email address to the Controller via the website, he may receive:
Emails from the Controller communicating information about its services or forthcoming events (for direct marketing purposes), providing the User has expressly consented to this or he is already a customer of the controller and he has communicated his email to the Controller:
Directing marketing emails from groups of companies and companies /organisations with which the Controller has a contractual relationship, providing the User has expressly consented to this.
If the User does not want, or no longer wants, to receive such emails, he may contact the Controller at the address mentioned in the “contact data” section of this Charter, stating his name and full address (which must be correctly spelt).
The Controller agrees to erase his personal details from the list that it shares with other companies or organisations.
Complaints and grievances
The User can file a complaint with the Belgian Data Protection Authority at the following address:
Data Protection Authority - Rue de la Presse, 35, 1000 Brussels - Tel. + 32 2 274 48 00 - Fax. + 32 2 274 48 35 - contact(at)apd-gba.be
The User may also file a complaint with the court of first instance in the area of their domicile.
For more information about the complaints and remedies possible, the User is invited to consult the following web address of the Data Protection Authority: https://www.dataprotectionauthority.be.
If the User has any questions and/or complaints, including in regard to the clarity and accessibility of this Charter, he may contact the Controller:
By email: [firstname.lastname@example.org]
By post: Austin Bright – Avenue du Port, 86C/102A in 1000 Brussels
The data protection officer of the Controller is Mr Tim Gheysen (email@example.com).
Applicable law and competent courts
This Charter is governed by and construed in accordance with Belgian law. Any dispute over the interpretation or implementation of this Charter shall be governed by Belgian law and shall be exclusively heard by the French-speaking courts of the judicial district in which the registered office of the Controller is located.
The Controller reserves the right to amend the provisions of this Charter at any time. The amendments shall be published along with notice of their date of entry into force.
This version of the Charter is dated 8 May 2018.