Parties and purpose

This Privacy Policy is prepared by Trajectoire SPRL, located at Place Georges Brugmann 34-35 1050 Ixelles and registered with the Crossroads Bank for Enterprises under number 0439.905.985 (hereinafter referred to as “the Data Controller”).

The purpose of this Privacy Policy is to inform in a transparent manner the Users of the website hosted at the following address: ausavoy.be, (hereinafter the “Site”) about the way personal data are collected and processed by the Data Controller.

The term “User” refers to any user, i.e. any natural or legal person, who visits or interacts with the Site in any way.

In this regard, the Controller determines all the technical, legal and organizational means and purposes for processing the Users’ personal data. To this end, the Controller undertakes to take all necessary measures to ensure that the processing of personal data complies with the Law of July 30, 2018 on the protection of natural persons with regard to the processing of personal data (hereinafter “the Law”) and the European Regulation of April 26, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “the Regulation”) .

The controller is free to choose a natural or legal person to process, at its request and on its behalf, the personal data of users (hereinafter the “Processor”). Where appropriate, the controller undertakes to choose a processor that provides sufficient guarantees as regards technical and organizational security measures for the processing of personal data, in accordance with the law and the Regulation.

Processing of personal data

Use of the Site by Users may result in the communication of personal data. The processing of such data by the Controller, in its capacity as Controller, or by service providers acting on behalf of and for the account of the Controller, shall be carried out in accordance with the law and the Regulation.
Personal data will be processed by the controller, in accordance with the purposes listed below, through
– the use of cookies;
– The use of a newsletter form.
Purposes of processing personal data
In accordance with Article 13 of the Regulation, the purposes of processing personal data are communicated to the user and are as follows
– To ensure the performance of the services offered and agreed upon on the Site;
– to ensure the control of the implementation of the services offered;
– to carry out marketing activities and promotional information after prior consent of the User and until the revocation of such consent, for example, sending promotions about the products and services of the Data Controller;
– To answer the User’s queries;
– to compile statistics in order to improve the Site, the services offered and the internal organization of its operation;
– to improve the quality of the Site and the products and/or services offered by the Data Processor;
– to enable a better identification of the User’s interests.

Personal data that may be processed

When visiting and using the Site, the User agrees that the Data Controller collects and processes the following personal data according to the methods and principles described in this Privacy Policy:
– Information provided by Users for contractual purposes and to enable the proper performance of mutual obligations, i.e. name, first name, address, IBAN number and bank details and, more generally, any information voluntarily provided by the User
– Information from the User by filling out forms or by contact via telephone, e-mail or other means, for example, the name, e-mail address and telephone number of Users;
– With respect to each of the Users’ visits to the Site, the information collected includes :
IP address, browser type and model, time zone, operating system
– any information regarding the pages consulted by the User on the Site, in particular the URL, the duration of surfing….
Consent
By accessing and using the Site, the User declares that he is aware of and gives his free, specific, informed and unambiguous consent to the processing of his personal data. This agreement relates to the contents of this Privacy Policy.
Consent is given by the affirmative act whereby the User has checked the box offering the Privacy Policy as a hyperlink. This consent is an indispensable condition to perform certain actions on the Site or to allow the User to enter into a contractual relationship with the Controller. Any agreement between the Controller and a User regarding the services and goods offered on the Site is subject to the User’s acceptance of the Privacy Policy.
The User agrees that the Data Controller, in accordance with the methods and principles contained in this Privacy Policy, processes and collects his/her personal data that he/she communicates on the Site or in the context of the services offered by the Data Controller, for the purposes indicated above.
The User has the right to withdraw his/her consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent previously given.

Duration of storage of users’ personal data

In accordance with Article 13(2) of the Regulation and the Act, the controller shall not retain personal data for longer than is reasonably necessary for the purposes for which they are processed.
In any case, this period shall be shorter than 1 year.
Recipients of data and disclosure of data to third parties.
Personal data may be transferred to employees, collaborators, subcontractors or suppliers of the controller who provide adequate data security guarantees and who cooperate with the controller in marketing products or providing services. They act under the direct authority of the data controller and, in particular, are responsible for the collection, processing or outsourcing of such data.
In all cases, the recipients of the data and those to whom the data has been provided must comply with the contents of this privacy policy. The data controller guarantees to process such data only for the intended purposes, in a discreet and secure manner.

If the data is provided to third parties for the purpose of direct marketing or customer acquisition, the user will be notified in advance so that he can express his consent to the use of this personal data.
Data Protection Officer (DPO).

The following person is appointed Data Protection Officer (hereinafter referred to as “DPO”): Mr. Frédéric Niels
The role of the DPO is to ensure the correct implementation of national and supranational provisions on the collection and processing of personal data.
The Data Protection Officer can be contacted as follows:
Place du Grand Sablon 38 1000 Brussels
at +32 (0)2 8976877

Rights of Users

Users may exercise their rights at any time by sending a message by e-mail to the following address: ausavoy.be, or a letter by post, enclosing a copy of their identity card, to the following address: Place du Grand Sablon 38, 1000 Brussels.

a. Right of access
In accordance with Article 15 of the Regulation, the controller guarantees the user the right of access to his personal data. The user has the right to access the said personal data, as well as the following information
– the purposes of the processing ;
– the categories of personal data concerned;
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients located in third countries or international organizations;
– if possible, the period for which the personal data are to be kept or, if this is not possible, the criteria used to determine that period
– the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in such cases, relevant information on the underlying logic and the significance and intended effects of such processing on the data subject
The controller may require payment of a reasonable fee based on administrative costs for additional copies requested by the User.
If the User submits such a request electronically (e.g. via the e-mail address), the information will be provided in a common electronic form, unless the User requests otherwise.
The User will receive a copy of his or her information no later than one month after receiving the request.

b. Right to correction
The controller guarantees the User the right to correct and delete personal data.
In accordance with Article 16 of the Regulation, incorrect, inaccurate or irrelevant data may be corrected or deleted at any time. The user must first make the necessary changes himself from his user/other account, unless they cannot be made independently, in which case the request can be addressed to the controller.
In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom personal data have been disclosed of any rectification of the personal data, unless such disclosure proves impossible or would involve a disproportionate effort. Upon request, the controller shall provide the data subject with information about such recipients.

c. Right to erase (“right to be forgotten”)
The user has the right to have his personal data erased as soon as possible in the cases referred to in Article 17 of the Regulation.
Where the controller has disclosed the personal data and is required to erase it under the previous paragraph, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical steps, to notify the other controllers processing such personal data that the data subject has requested erasure by those controllers of any link to, or copy or reproduction of, such personal data.
The two preceding paragraphs shall not apply insofar as such processing is necessary
– to exercise the right to freedom of expression and information;
– for compliance with a legal obligation which requires the processing and which is provided for in Union law or in the law of the Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
– for the establishment, exercise or defense of legal claims.
In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom personal data have been disclosed of the erasure of personal data, unless this proves impossible or involves a disproportionate effort. Upon request, the controller shall provide the data subject with information about such recipients.

d. Right to restrict processing
Users have the right to obtain restriction of processing of their personal data in the cases mentioned in Article 18 of the Regulation.
In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom personal data have been disclosed of any restriction on processing, unless such disclosure proves impossible or would involve a disproportionate effort. Upon request, the controller shall provide the data subject with information about such recipients.

e. Right to data portability
In accordance with Article 20 of the Regulation, users have the right to receive from the controller their personal data in a structured, commonly used and machine-readable format. Users have the right to transfer such data to another controller without being prevented from doing so by the controller in the cases provided for in the Regulation.
When the User exercises his right to data portability in accordance with the previous paragraph, he has the right to have his personal data transferred directly from one controller to another, insofar as this is technically possible.
The exercise of the right to data portability shall not affect the right to data erasure. This right shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right to data portability shall not affect the rights and freedoms of third parties.

f. Right of objection and automated individual decision-making
Users have the right to object at any time to the processing of their personal data on account of their particular situation, including the automation of data by the data controller. In accordance with Article 21 of the Regulation, the controller shall no longer process personal data unless there are compelling legitimate grounds for the processing which override the interests and rights and freedoms of the user, or for the establishment, exercise or defense of legal claims.
Where personal data are processed for the purpose of customer acquisition, the user shall have the right to object at any time to the processing of personal data concerning him/her for such purposes, including profiling insofar as it relates to such customer acquisition.
If the data subject objects to the processing for customer acquisition purposes, the personal data shall no longer be processed for such purposes.

g. Right of complaint
The User has the right to lodge a complaint regarding the processing of his personal data by the controller with the Data Protection Authority, competent for the Belgian territory. More information can be found on the website:
https://www.autoriteprotectiondonnees.be.
Complaints may be filed at the following address
Data Protection Authority
Rue du Presse 35, 1000 Brussels
Telephone + 32 2 274 48 00
Fax: + 32 2 274 48 35
E-mail: [email protected]
The User may also file a complaint with the Court of First Instance of his/her place of residence.

Cookies

The Site uses cookies to distinguish between Users of the Site. This allows us to provide Users with a better browsing experience and to improve the Site and its content. The purposes and conditions of cookies are listed in this section.

a. General Principles
A “Cookie” is a file that is temporarily or permanently placed on the User’s hard drive when consulting the Site, for the purpose of later connection. Thanks to cookies, the server recognizes the User’s computer.
Cookies may also be placed by third parties with whom the Data Controller cooperates.
Some of the cookies used by the Data Controller are necessary for the proper functioning of the Site, while others are used to improve the User’s experience.
The User can personalize or deactivate cookies by configuring his browser.
By using the Site, the User expressly consents to the management of cookies as described in this article.

b. Type of cookies and purpose
Different types of cookies are used on the Website by the Data Controller:
– Technical cookies: these are necessary for the operation of the Website, enable the communication of data entered and are intended to facilitate the browsing of the User;
– Statistical and audience measurement cookies: these cookies allow the User to be recognized and are used to count the number of Users of the Website over a certain period of time. Since they also indicate browsing behavior, they are an effective means of improving the User’s browsing experience, by showing him proposals and offers that are likely to interest him. They also enable the controller to detect and correct any bugs in the Website.
– Functional cookies: these cookies facilitate the use of the Website by storing certain choices entered (for example, the user name or language);
– Tracking cookies: the Data Controller uses tracking cookies via Google Analytics, to measure Users’ interaction with the Website content and to produce anonymous statistics. These statistics allow the Data Controller to improve the Website. Google supports the explanation of these cookies at the following address: http://www.google.nl/intl/en_uk/policies/privacyc.

c. Cookie retention period
Cookies are stored for the time necessary to achieve the intended purpose. The cookies that may be stored on the User’s hard drive and the period for which they are retained are as follows:
The retention period for cookies varies according to their type: essential cookies are usually kept until the browser is closed, while functional cookies remain valid for 1 year and statistical measurement cookies for 4 years.

d. Management of cookies
If the User does not want the Website to place cookies on his hard drive, he can easily manage or delete them by changing his browser settings. Browser programming also allows the User to receive a message or notification when a Website uses cookies and thus decide whether to accept or reject them.
If the User disables certain cookies, the User accepts that the Website may not function optimally. Some parts of the Website may not be usable or only partially usable.
If the User wishes to manage and/or delete certain cookies, he can do so through the following link(s):
For users with :
– Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
– Microsoft Edge: http://windows.microsoft.com/en-gb/windows-10/edge-privacy-faq
– Google Chrome: https://support.google.com/accounts/answer/61416?hl=fr
– Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences
– Safari: https://support.apple.com/kb/ph21411?locale=fr_CA
If the user does not want Google Analytics cookies to be used, they are requested to set their browser to do so at the following website: http://tools.google.com/dlpage/gaoptout/

Limitation of the controller’s liability

The website may contain links to other websites owned by third parties unrelated to the controller. The content of these sites and their compliance with the law and the Regulation are not the responsibility of the controller.
The holder of parental authority must give express consent to allow a minor under 16 years of age to include personal information or data on the website. The controller strongly advises persons exercising parental authority over minors to promote responsible and safe use of the Internet. The Controller cannot be held liable for the collection and processing of personal information and data of minors under 16 years of age whose consent is not effectively covered by that of their legal parents, nor for incorrect data – in particular concerning age – entered by minors. In no case will personal data be processed by the controller if the user indicates that he/she is under 16 years of age.
The controller shall not be responsible for the loss, damage or theft of personal data, in particular due to the presence of viruses or computer attacks.
Security
The controller shall implement organizational and technical measures to ensure an appropriate level of security for the processing and collection of data. These security measures depend on the implementation costs related to the nature, context and purposes of the processing of personal data.
The Data Controller uses encryption technologies according to industry standards when transferring or collecting data on the Site.
Privacy Policy Changes.
The Data Controller reserves the right to modify this Privacy Policy to comply with legal requirements. The user is therefore requested to consult the Privacy Policy regularly in order to be aware of any changes and modifications. Such changes will be posted on the Site or sent by email for enforceability.
Applicable law and competent court
This Privacy Policy is governed exclusively by Belgian law. Any dispute is subject to the exclusive jurisdiction of the courts of the judicial district of Brussels.
Contact
For any question or complaint regarding this Privacy Policy, the User may contact the Controller:
By email: [email protected]
By telephone: +32 (0)2 512 64 76
By post: Place du Grand Sablon 38, 1000 Brussels
This version of the Privacy Policy is dated 1/08/2022