Privacy policy

Last update: June 3rd, 2024

Who we are
Our website address is: https://www.insitely.eu.
This privacy policy applies to all personal data processed on this website. We highly value your privacy and believe it is important that your personal data is always treated with the necessary care and confidentiality.

The following parties act as data controllers for the processing of your personal data:

The provider of the overarching platform used by this website:
INSITELY BV, with its registered office at Hoefijzerlaan 6, 8450 Bredene, registered under the company number VAT BE 0716.657.081.

What does “Processing personal data” mean?
Processing personal data (hereinafter “data”) encompasses any operation performed on data that can identify you as an individual. You can read about which data is involved in this Privacy Statement. The concept of ‘processing’ is very broad and includes, among other things, collecting, storing, using, or sharing your data with third parties.

Which data do we process?
Below we clarify which data the provider of this website and any directly linked stakeholders (such as physical offices, foreign branches, etc.) may process from you:

Main Activity
For our marketing purposes, we may process the following data from our customers and prospects. The data controller of these messages is always either the point of sale or the overarching platform. This specific company acts as the sole data controller for these messages. The following data may be involved:

• Electronic identification and usage data (e.g., IP address, browser type, location data);
• Contact data, social media data via our social media profiles, preferences, for example, regarding your interests or the specific newsletters you wish to receive;
• Feedback, testimonials, and promotional content such as photos and videos (e.g., reviews, NPS score);
• Action or event-related data (e.g., registration or submission, event progress or outcome).
• Service Providers

We may process the following data from our service providers:

• Electronic identification and usage data (e.g., IP address, browser type, location data);
• Identification data;
• Contact data (e.g., name, first name, address, email address, etc.);
• Contact history (e.g., emails, messages sent via web forms, etc.);
• Contractual data (e.g., company name, address, VAT number, agreement, etc.);
• Payment and billing data (e.g., payment card details, invoices, etc.);
• After-sales, feedback, testimonials, and promotional content such as photos and videos (e.g., reviews and experiences related to our (co)operation, testimonials, quotes, attendance at events, etc.).

For what purposes do we process your data?
We process your data for the purposes described below and do not collect or process more data than necessary for these purposes.

Operational purposes
We process data, for example, to optimize our website; for statistical purposes and market research; to keep our services user-friendly; to respond to your inquiry.

Business purposes
We process data, for example, in the context of our main activity, such as delivering the requested service, like delivering the ordered goods; to communicate with you about our services and the delivery of your ordered products; to inform you about our policies, general terms and conditions, and usage terms; to develop and manage relationships with our potential and existing contacts and partners.

Commercial purposes
We process data, for example, to send marketing communications by email; to send newsletters; or to register and process your registration for events or promotions.

Legal or regulatory purposes
We process data for legal reasons and procedures, for example, to comply with legislation and government orders; or to comply with our internal and external audit requirements, information security, or to protect or enforce our rights, privacy, safety, or property or those of other persons.

On what legal grounds do we process your data?
We only process your data based on one of the legal grounds listed in the GDPR, as outlined below.

Legal obligation
Certain data is processed by us to comply with legal or regulatory obligations that apply to us. For example, in the context of tax and accounting obligations or in the field of data protection.

Necessary for the conclusion/performance of an Agreement
Certain data is processed by us because it is necessary for entering into, performing, or terminating an agreement with you as the data subject. For example, for contacting, scheduling, responding to a request, or requesting information in the context of entering into a contractual relationship with us, but also the actual performance of the contractual assignment in the context of our main activity, to provide you with our services, and to enable the delivery of our products through the network of suppliers we can call upon via Connect+.

Legitimate interest
Certain data is processed by us based on our legitimate interest, which in specific cases outweighs any possible disadvantage to your rights. For example, to promote our activities for commercial purposes to our existing customers; to improve the quality of our services; to train employees and to evaluate and keep track of data and statistics related to our activities in a broad sense; to store and use evidence in the context of liability, procedures, or disputes and with a view to archiving activities; and to ensure security, both online on our website and in our store.

Consent
Certain data is processed by us based on your consent. For example, to promote our activities to non-customers; the use of certain analytical or marketing cookies; posting photos or other publications containing personal data on our website and our social media pages.

Source of the data
Most of the data we process from you has also been obtained directly from you. In the context of our services, it is possible that we obtain data from you via external service providers or public sources.

With whom do we share your data?
We do not pass your data on to third parties unless it is strictly necessary for the above-mentioned purposes or if we are legally obliged to do so. With explicit consent, we pass your data on to participating retailers.

Data can be shared between different data controllers.

Where necessary, we use external service providers (processors) to support our operational purposes, such as managing or hosting our website and IT systems. These external service providers may perform certain data processing on our behalf. We will only share your data with these external service providers to the extent necessary for the relevant purpose. The data may not be used by them for other purposes.

Specifically, this means that we share your data, as relevant to your situation, with the following third parties for the following purposes, where these third parties may act as processors on our behalf:

• Postal companies, transport and delivery companies if we need to send you something by mail;
• Payment service providers if we receive payments from you, or vice versa;
• External representatives and consultants or any other parties involved in the context of our main or ancillary activities;
• Companies that assist us in promoting our activities based on the email addresses, postal addresses, or telephone numbers of our customers;
• Processors who assist us in IT to operate our organization, with a view to safe and efficient digital data management within our organization;
• Government bodies, judicial authorities, and regulated professions such as accountants and lawyers, with a view to complying with our legal obligations and defending our interests, as required.

How long do we keep your data?
We do not keep your data longer than necessary for the purpose for which the data was collected or processed. Since the period for which data can be retained depends on the purposes for which the data was collected, the retention period can vary in each situation. Sometimes specific legislation requires us to retain the data for a certain period. Our retention periods are always based on legal requirements and a balancing of your rights and expectations with what is useful and necessary to fulfill the purposes. After the retention period, your data will be deleted or anonymised.

Where do we store your data and how is it protected?
We provide appropriate security measures at a technical and organisational level to avoid the destruction, loss, alteration, unauthorised access, or unlawful notification to third parties of these data, as well as any other unauthorized processing of these data within the context of our activities.

Additionally, we ensure that the processors we use also take appropriate security measures to minimise the risk of incidents as much as possible.

We strive to process the data we handle as much as possible within the European Economic Area (EEA). If your data is processed outside the EEA when using specific services or software tools, this will only occur in countries where the European Commission has confirmed an adequate level of protection of your data, or appropriate safeguards, such as standard contractual clauses, will be put in place to ensure the lawful processing of your data in these third countries.

What are your rights?
You have various rights regarding the data we process about you. If you wish to exercise any of the following rights, please contact our GDPR officer using the contact details provided under the first title of this Privacy Policy. Section 3 of this privacy policy specifies who can be considered the data controller for which specific processing. Please take this into account when exercising your rights. If the exercised right also relates to another data controller than the one you are exercising your rights with (a specific point of sale or overarching platform), the data may be shared with this data controller to answer your request as best as possible.

Right of access and copy
You have the right to access your data and to obtain a copy of it. This right also includes the possibility to request further information regarding the processing of your data, including the categories of data being processed and the purposes of the processing.

Right of rectification
You have the right to have your data rectified if you believe we hold incorrect data.

Right to erasure (Right to be forgotten)
You have the right to request that we erase your data without undue delay. However, we may not always be able to comply with such a request, for example, if we still need the data in connection with an ongoing agreement or if the retention of certain data is legally required for a specific period.

Right to restrict processing
You have the right to restrict the processing of your data. In this way, the processing is temporarily halted until, for example, its accuracy is confirmed.

Right to withdraw consent
When the processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive from us via email based on your consent, you can easily withdraw this consent by clicking the unsubscribe link at the bottom of such messages.

Right to object
You have the right to object to the processing of your data based on legitimate interest. This must be done based on specific reasons related to your situation. You can also object to the use of your data for direct marketing purposes. Marketing emails will always include an opt-out option.

Right to data portability
You have the right to receive your data, which you have provided to us with your consent or in execution of an agreement, in electronic form. This way, it can be easily transferred to another organization. You also have the right to request us to transfer your data directly to another organisation, if technically feasible.

Right to file a complaint
If you believe we are processing your data incorrectly, you always have the right to file a complaint with the supervisory authority for data protection.

Belgian Data Protection Authority (DPA)
Rue de la Presse 35
1000 Brussels
contact@apd-gba.be