Bluecrux (hereinafter ‘we’, ‘us’ and ‘our’) understands the importance of the privacy of its customers and users of its website visitors and the protection of their personal data. This policy sets out how we handle and process your personal data.
Bluecrux International BV, with its registered office at Korte Keppestraat 19 box 6, 9320 Erembodegem, CBE (Crossroads Bank for Enterprises) number 0728.841.469 manages this website. We act as the data controller when we process our customers’, applicants’ and website users’ personal data. We believe it is important to create and maintain an environment where our customers and website users can be confident that their data will not be misused. We comply with the regulations applicable to data protection such as the Regulation (EU) 2016/679 (also referred to as the General Data Protection Regulation, hereinafter “GDPR”) and the Belgian Data Protection Act. The aforementioned regulations concern the protection of personal data and provide you with rights over the said personal data. The objective of this policy is to indicate what personal data we collect, how we use your data after you have visited our website and to assure you that we process your data appropriately.
2. What type of personal data do we collect?
It is not necessary to provide personal data to use most of our website. We collect and process the following categories of personal data for the purposes stated below:
- Telephone number
- Job title.
Additional or optional data are provided by filling out forms on our website or when we contact you (by telephone, email or at trade fairs or events).
3. Why do we collect these data and on what legal basis?
We collect the aforementioned data to create a profile in order to understand your needs and to provide better service, and for the following specific purposes:
|Data retention period
|Direct marketing (customers)
|Name and contact details (email)
|One year after the termination of the commercial relationship
|Direct marketing (prospect)
|Name and contact details (company, position, email)
|Until contact no longer wants to consent
|Name and contact details (company, position, email, telephone number)
- Required for the execution of the agreement
- Legitimate interest
|Ten years after the termination of the commercial relationship
|Identification and contact data, professional data
|Legitimate interest (valid for 1 year) or consent if stored longer (valid for 3 years). Consent can be given verbally or via an opt-in. Renewal of consent will be asked via e-mail (including an easy option to have your data deleted) and will be automatically given in case we don’t receive a response.
|One year or three years if consent is given
4. How will your data be used and shared?
Based on our legitimate interest, we may share your personal data with third parties that assist us with our products and services. Some examples of third-party activities include the hosting of web servers, data analysis, marketing support providers and customer service. These companies have access to your personal data but only when this is required to perform their activities. They are not permitted to use your data for any other purposes. Your personal data will not be sold or leased to third parties. We may disclose your personal data to comply with our legal obligations or in the interest of safety, in the public interest or for the purposes of legal enforcement in any country where we have entities or subsidiaries. We may follow up a request from a law enforcement agency, regulatory authority or government agency. We may also disclose data for the purposes of current or scheduled court cases or to protect our property, safety, people or other rights and interests.
5. Transmission of your personal data outside the European Economic Area
We may transfer your personal data to third parties in third countries (outside the European Economic Area (EEA)) or other Bluecrux affiliates in third countries (i.e. United States). The said transfer of data outside the EEA is legal if the recipient of the data resides in a country with a level of protection deemed adequate by the European Commission. Some of these countries may not have enacted equivalent data protection legislation to protect the use of your personal data. In such cases, we have researched whether appropriate preventive measures similar to those implemented within the EU are possible, for example by adopting standard contractual clauses.
6. Rights of the data subject
You are entitled to inspect the data we hold on you and to request and receive a copy of the personal data on our records. You are entitled to request that we amend, add to or delete any outdated, incorrect or incomplete personal data relating to you when your personal details change. You are also entitled to limit the processing of your personal data and to object thereto. You are also entitled to receive the personal data you have provided to the data controller in a structured, commonly used, machine-readable format, and to transmit it to another data controller.
a. Right of access/inspection
- You are entitled to receive confirmation from us of whether your personal data is processed by us. If we do process your personal data, you are entitled to request to view your personal data. Should it not be included in this policy, we will provide you with information on:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed;
- the transfer thereof to recipients in third countries or international organizations;
- where possible, the intended period for which the personal data will be retained, or if this is not possible, the criteria used to determine that period;
- your entitlement with regard to your personal data as listed in this section;
- where the personal data are not collected from you, all the information available regarding the source of the data;
- the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the intended consequences of the said processing for the data subject.
- We will produce a copy of the personal data relating to you in our records upon request. Should you make repeated and disproportionate requests for copies of the said data, we reserve the right to charge you a reasonable fee.
b. Right to rectification
- Should you determine that the personal data on our records is incomplete or incorrect, you are entitled to notify us in order for the necessary steps to be taken to rectify or add to the said data.
c. Right to be forgotten
- You are entitled to request we delete your personal data should the processing not be in accordance with the data protection legislation or should the said processing not fall within the limitations laid down by law.
d. Right to restriction of processing
- You are entitled to request we limit the processing of your personal data if:
- the accuracy of the personal data has been called into question during the period required to check the accuracy thereof;
- the processing is unlawful and you do not wish the data to be deleted;
- we no longer require the data but you do not request we delete the data because the data is required for the pursuance or defense of legal claims;
- an objection is made to the processing pending an explanation of the legitimate interests that outweigh your interests.
e. Right to data portability
- You are entitled to receive the data you have provided to us in a structured, standard and machine-readable format. You are entitled to request we transfer the personal data to another data controller (directly from us). This is an option when the processing is based on your consent and processing via an automated procedure.
f. Right to object
- Where your personal data is processed for direct marketing purposes, you remain entitled to object to the said processing. You are entitled to object to the processing based on a specific situation related to the data subject. The organization will no longer process the personal data unless the organization demonstrates compelling legitimate grounds for the processing which outweigh your interests or the interests of the pursuance or defense of legal claims.
g. Automated individual decision-making
- Bluecrux does not process your personal data with the purpose of automated decision making nor profiling.
h. Right to withdraw consent
- If you have consented to the processing of your personal data for a specific purpose of processing, you are entitled to withdraw your consent by sending an email or via your account. If you opted in to receiving email messages, newsletters, etc. from Bluecrux when you registered on the website, you can unsubscribe if you change your mind.
i. Procedure to exercise rights and other provisions
- We can request you verify your identity to ensure your request is lawful and that we are sending the reply to a person entitled to make such a request and to receive the data. Please note that we may refuse access to your personal data or may not be able to grant your request under specific circumstances when we are entitled to do so under the applicable data protection legislation.
- Our privacy team can be contacted by email (email@example.com) to answer questions regarding the processing of your personal data and will respond to your requests to exercise your rights.
- You are entitled to file a complaint with the competent supervising authority (for data protection). In Belgium, the Data Protection Authority, Drukpersstraat 35, 1000 Brussels (firstname.lastname@example.org).
We make every effort to guarantee the security of your data. We have implemented reasonable technical and organizational measures to guarantee your personal data against accidental or unlawful destruction, loss, modification, unauthorized disclosure and/or unauthorized access to the data transmitted, saved or otherwise processed. Please note that the internet is an open network; we cannot therefore guarantee that unauthorized third parties will not be able to circumvent these measures or use your personal data for inappropriate purposes. This website may include links to third-party websites. We will not be held liable for the content of these websites, nor for the privacy standards and practices of the corresponding third party. You must read and understand the relevant third-party and website privacy policies before accepting cookies and visiting a website, to ensure your personal data is sufficiently protected.
8. Amendments to this policy
Bluecrux may amend or update this policy to ensure the provision of information on how we process your personal data at that time. The updated version of this policy is available on the same website and will take effect upon publication. Please visit this webpage regularly to ensure you remain up-to-date on how we collect and process personal data, how and under what circumstances we use your personal data and when we share your personal data with third parties.
Version July 26, 2023