Privacy Policy

1. Introduction

1.1. General

WeGroup (hereinafter referred to as "We" or "Our" or "Us") understands that your privacy is important to you and that you are concerned about how your personal data are used. We respect and value the privacy of everyone who visits our website (https://www.wegroup.be) or makes use of our services. When you use our services or visit our website, we shall only collect and use personal data in a manner described herein and in a manner consistent with our obligations and rights under applicable privacy laws.

This Privacy Policy applies when we act as the controller for the processing of the personal data of our website and our services, in other words when we determine the purpose and means of the processing of those personal data.

Transparency in the processing of personal data is a crucial part of the General Data Protection Regulation (GDPR, EU Regulation 2016/679). The basic principle of this Privacy Policy is that your personal data are processed in accordance with the relevant laws and regulations. Principles such as proper and careful processing are also taken into account.

Please read this Privacy Policy carefully and make sure you understand it. In the event that you do not agree with or consent to this Privacy Policy, you must immediately stop using our services.

1.2. What are personal data?

Personal data are defined in the GDPR as "any information relating to an identified or identifiable natural person... who can be identified, directly or indirectly." Personal data are, in simpler terms, any information about you that makes it possible to identify you. Personal data refers to obvious information, such as your name and contact details, but also to less obvious information, such as identification numbers, electronic location data and other online identifiers.

1.3. Principles in the processing of personal data

In order to comply with the above, the following principles apply:

  • All processing of personal data is based on one of the grounds set out in Article 6 of the GDPR and the Framework Law of 30 July 2018;
  • The legitimate purposes are formulated prior to processing. The purposes for which the personal data are processed are explicitly described in simple language;
  • The processing of personal data is relevant given the purpose. This means that the amount and type of personal data is limited to the personal data considered necessary for the specified purpose;
  • The processing of personal data is in reasonable proportion to the intended purpose. As a consequence, the processing of personal data takes place in the least intrusive manner;
  • Technical and organisational measures shall be taken to ensure that the personal data to be processed are accurate and up to date;
  • Personal data are adequately protected in accordance with the applicable security standards;
  • Personal data are not further processed in a way that is incompatible with the purposes for which they were originally obtained;
  • Personal data are not processed for longer than is considered necessary for the specified purposes of the processing;
  • The rights of data subjects are respected and observed;
  • To the extent applicable and technically possible, the data subject shall be offered an opt-out option when the registration of the personal data is not strictly necessary.

2. Contact data

Our website and services are offered and managed by WeGroup NV. We are registered in Belgium under registration number 0680.957.816, and our registered office is located at Ottergemsesteenweg-Zuid 808 Bus 372 in Ghent.

You can contact us:

  1. by post to the above postal address;
  2. via the contact form on our website;
  3. by email, through hello@wegroup.be

3. Which personal data are processed, and how are these data used?

3.1. Which personal data are processed, and for what purposes?

In this section, we explain the following topics:

  1. The general categories of personal data we can process;
  2. in the case of personal data that we have not obtained directly from you, the source and specific categories of such data;
  3. the purposes for which we may process personal data; and
  4. the legal bases of the processing.

We may process any of your personal data identified in this Privacy Policy when necessary to establish, exercise or defend legal claims, whether in judicial proceedings or in administrative or out-of-court proceedings. The legal basis for this processing is our legitimate interests, namely the protection and exercise of our legal rights, your legal rights and the legal rights of others.

In addition, we may process your personal data where necessary to comply with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.

3.1.1. Usage data

We may process data relating to your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, duration of your visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of the service. The source of the usage data is our analytical tracking system. These usage data may be processed to analyse the use of the website and services. The legal basis for this processing is consent (for the IP address) and/or our legitimate interests (for the other personal data), namely monitoring and improving our website and services. We do this by using cookies. See our cookie policy in this regard.

3.1.2. Account data

We may process your account data ("account data"). Account data may include your name and email address. The source of the account data is you or your employer. Account data may be processed to manage our website, provide our services, ensure the security of our website and services, maintain backups of our databases and communicate with you. The legal basis for this processing is the execution of the agreement, namely the correct administration of our website and the provision of our services and/or entering into an agreement.

3.1.3. Profile data

We may process your information contained in your personal profile on our website ("profile data"). Profile data may include your name, address, phone number, email address, chosen avatar, gender, date of birth and employment information. Profile data may be processed to enable and monitor your use of our website and services. The legal basis for this processing is the execution of the agreement, namely the proper administration of our website and our company and for the execution of an agreement between you and us and/or the taking of measures, at your request, to enter into such an agreement.

3.1.4. Customer contact details

We may process information relating to our customer relationships, including customer contact details ("customer contact details"). The customer's details may include your name, your employer, your position or function, your contact details and information in the communication between us and you. The source of the customer relationship data is you or your employer. Customer relationship data may be processed to manage our customer relationships, communicate with customers, keep track of this communication and promote our relevant products and services to customers. The legal basis for this processing is our legitimate interests, namely the proper management of our customer relationships.

3.1.5. Survey data

We may process information contained in any survey you submit to us relating to goods and/or services ("survey data"). The survey data may be processed for the purpose of offering, placing on the market and selling relevant goods and/or services to you. The legal basis for this processing is our legitimate interests.

3.1.6. Transaction data

We may process information relating to transactions, including purchases of services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of providing the goods and services purchased and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or the taking of steps, upon your request, to enter into such a contract and our legitimate interests, namely the sound management of our website and our company.

3.1.7. Communication data (as well as direct marketing data)

We may process information that you provide to us to subscribe to our email messages and/or newsletters ("communication data"). The communication data can be processed to send you relevant notifications and/or newsletters. The legal basis for this processing is consent.

3.1.8. Correspondence data

We may process information contained in or relating to any communication you send us ("correspondence data"). The correspondence data may include the content of the communication and the metadata related to the communication. Our website shall generate the metadata related to the communication obtained using the contact forms on the website. Correspondence data may be processed for the purpose of communicating with you and of tracking data. The legal basis for this processing is our legitimate interests, namely the sound management of our website and our business and communication with users.

3.2. Processors

A processor is a natural or legal person who processes personal data at the request of or on behalf of us. We may sometimes enter into a contract with this party to provide certain products and/or services. In other words, we rely on processors because this is necessary for the provision of services. In this case, we shall enter into a written agreement with the processor whereby the security of your personal data is guaranteed by the processor. The processor always acts in accordance with our instructions.

We use processors for IT technical, administrative and analytical purposes (e.g. CRM system), hosting, communication purposes, (e.g. live chat on the website).

4. Automated decision-making

We shall not use your personal data for automated decision-making.

5. International (non-EEA) transfer of your personal data

We shall store or transfer your personal data within the European Economic Area ("EEA") as much as possible. The EEA consists of all EU Member States plus Norway, Iceland and Liechtenstein. In such cases, your personal data is fully protected by the GDPR or equivalent legal standards. When you use our services (and in particular our virtual assistant Louise), we may store or transfer personal data outside of the EEA. In such cases, we shall only transfer them:

  • to countries which, in the opinion of the European Commission, provide an adequate level of protection of personal data. Further information is available from the European Commission.
  • where there are specific contracts with external third parties that have been approved by the European Commission for the transfer of personal data to third countries. These contracts guarantee the same level of personal data protection as would apply under the GDPR. Further information is available from the European Commission.

6. Retention and deletion of your personal data

Personal data that we process for the purposes described in Section 3.2 shall not be stored for longer than is necessary for that purpose or those purposes.

In some cases, it is not possible for us to determine in advance the periods for which your personal data shall be kept. In such cases, we shall determine the retention periods on the basis of the following criteria:

  1. The retention period of account data, profile data and transaction data is determined based on the period of use of our services and shall only be applied when using our services.

Without prejudice to the above, we may retain your personal data where necessary to comply with a legal obligation to which we are subject or to protect your vital interests or the vital interests of other natural persons.

7. Security of your personal data

We shall take appropriate technical and organisational measures to protect your personal data and to prevent the loss, misuse or alteration of your personal data.

We store your personal data on secure servers, PCs and mobile devices. Password(s) are stored encrypted by us.

You must ensure that your password cannot be guessed, whether by a human or a computer program. You are responsible for keeping the password you use for accessing our services confidential, and in this connection we shall not ask you for your password (except when you log into our platform).

8. Changes

We may update this policy from time to time by posting a new version on our website. This may be necessary, for example, if the law changes, or if we change things in a way that affects the protection of personal data. We recommend that you check this page occasionally to ensure that you are satisfied with any changes to this Privacy Policy.

We shall inform you in advance of any important changes to this Privacy Policy by email or via our website.

9. Your rights

Some rights are complex and not all details are included here. Therefore, please read the relevant provisions and guidelines of supervisory authorities for a full explanation of these rights.

Your main rights under the GDPR are:

  1. right of access;
  2. right to correction;
  3. right to erasure (to be forgotten);
  4. right to restrict processing;
  5. right to object to processing;
  6. right to data portability;
  7. right to lodge a complaint with a supervisory authority; and
  8. right to withdraw your consent.

You may exercise your rights in relation to your personal data by giving us written notice. See Section 2 for contact details.

We shall respond to your request within 14 days and in any event no more than one month after receiving your request. We usually aim to provide a full answer within that time. However, in some cases, especially if your request is more complex, more time may be required, up to a maximum of three months from the date on which we receive your request. You shall be kept fully informed of the progress.

9.1. Right of access

You have the right to confirm whether or not we may process your personal data and, where we may, to have access to the personal data, along with certain additional information. This additional information includes data on the purpose of the processing, the categories of personal data concerned and the recipients of the personal data. Provided that the rights and freedoms of others are not affected, we shall provide you with a copy of your personal data. The first copy is provided free of charge, but additional copies may be provided for a reasonable fee.

9.2. Right of correction

You have the right to have incorrect personal data about you corrected and, taking into account the purposes of the processing, to have incomplete personal data about you filled in.

9.3. Right of erasure (to be forgotten)

In some cases, you have the right to have your personal data erased without undue delay. These circumstances include: the personal data are no longer necessary in connection with the purposes for which they were collected or otherwise processed; you withdraw your consent for processing based on consent; you object to the processing under certain provisions of the applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions from the right to erase data. General exclusions include where processing is necessary: to exercise the right to freedom of expression and information; to comply with a legal obligation; or to establish, exercise or defend legal claims.

9.4. Right to restrict processing

In some cases, you have the right to restrict the processing of your personal data. These circumstances are: you dispute the accuracy of the personal data; the processing is unlawful, but you object to the erasure; we no longer need the personal data for our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to the processing, pending the verification of that objection. If the processing on this basis is limited, we may continue to store your personal data. However, we shall only process these in other ways: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of overriding public interest.

9.5. Right to object to processing

You have the right to object to our processing of your personal data for reasons related to your specific situation, but only to the extent that the legal basis for the processing is that the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we shall cease processing the personal data unless we can demonstrate that there are compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or that the processing is intended to establish, exercise or defend legal claims.

In addition, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you object to this, we shall cease processing your personal data for this purpose.

Furthermore, you have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes for reasons related to your specific situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

9.6. Right to data portability

To the extent that the legal basis for our processing of your personal data is based on:

  1. consent; or
  2. that the processing is necessary for the performance of a contract to which you are a party or to take measures at your request before concluding a contract, and this processing is carried out automatically, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would compromise the rights and freedoms of others.

9.7. Right to lodge a complaint with a supervisory authority

If you believe that our processing of your personal data violates data protection legislation (GDPR), you have the right to lodge a complaint with a data protection supervisory authority. In Belgium, the supervisory authority is the Data Protection Authority (DPA).

DPA contact details

Data Protection Authority

Rue de la Presse / Drukpersstraat 35, 1000 Brussels

+32 (0)2 274 48 00

contact@apd-gba.be

https://www.gegevensbeschermingsautoriteit.be

To the extent that the legal basis for our processing of your personal data is consent, you have the right to revoke this consent at any time. Revocation does not affect the lawfulness of the processing prior to the revocation.

10. Updating your personal data

Please let us know if the personal data that we hold about you needs to be corrected or updated.

11. WeGroup as processor

As part of our services, we provide a virtual assistant, Louise, which allows our users to communicate with their customers digitally. For the processing of personal data within the scope of this service, WeGroup does not act as a controller for the processing of personal data, but as a processor of personal data.

To the extent that we act as a processor and not as a controller, this policy does not apply. Our legal obligations as a processor are instead laid down in the agreement between us and the controller.

12. Data Protection Officer

Contact

Name: Sebastiaan Van Hoecke

Email: security@wegroup.be

Postal address: Ottergemsesteenweg-Zuid 808 Bus 372, 9000 Ghent, Belgium