Privacy statement

Intouch with registered office at Lichtenberglaan 1090 /204, with company number BE0425029452 (hereinafter “we”, “us” or “our”) processes personal data in accordance with this privacy statement.

For further information, questions or comments regarding our privacy policy, please contact the administrator of the site Intouch (hereinafter “Website”) at info@intouch.be.

Introduction

InTouch Solutions NV collects and processes personal information from its customers, suppliers, staff, job applicants, independent contractors ...
For InTouch Solutions NV, protecting privacy is an important strategic goal and InTouch Solutions NV is committed to respecting privacy and protecting personal data appropriately. Ensuring compliance with the General Data Protection Regulation forms the basis of trusted business relationships and is essential to InTouch Solutions NV's reputation as an attractive business partner and employer. Effective May 25, 2018, the General Data Protection Regulation (AVG) is in force and applies to InTouch Solutions NV and anyone processing personal data on behalf of InTouch Solutions NV. The Privacy Policy (“Policy”) defines InTouch Solutions NV's approach to ensuring the protection and management of personal data in accordance with the AVG and provides clear guidelines for anyone engaged in the processing of personal data on behalf of InTouch Solutions NV. The purpose of this Policy is to protect personal data by providing instructions to data subjects on the collection and processing of such personal data. This Policy is ancillary to, and neither replaces nor nullifies, specific data protection requirements or rules regarding confidentiality that may be applicable to a specific business domain or function, pursuant to applicable law.

Scope

This Policy is written for InTouch Solutions NV and for anyone processing personal data on behalf of InTouch Solutions NV, including employees, students, interns, temporary workers, independent workers, subcontractors, freelancers, partners and associates. This Policy is intended for anyone from any discipline providing professional services to clients as well as for anyone providing internal services.

Definitions

Personal data is any data relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a piece of data such as a name, an identification number, location data, online data, or one or more elements characterizing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Sensitive Personal Data are personal data related to a natural person revealing their race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual behavior, sexual orientation, genetic and biometric data for the sole purpose of identifying the person and for the purpose of criminal convictions.

Processing means any operation or set of operations involving personal data or a set of personal data, whether or not carried out by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of data.

Controller means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

Europe, for the purposes of this Policy, means “the European Economic Area and Switzerland.”

Data Processing Agreement means an agreement or any other type of legal instrument containing terms and conditions relating to the processing of personal data, as part of a professional services agreement.

Personal data breach means a breach of security that results in the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or unauthorized access to, data transmitted, stored or otherwise processed.

Principles for processing personal data

As cited above, the purpose of this Policy is to provide guidelines regarding the proper processing of Personal Data. Regardless of what type of Personal Data is processed and regardless of how that Personal Data is processed, each person must comply with the following 8 basic principles:

Personal data must be processed lawfully and properly

Personal data must be collected and processed in a lawful and proper manner. In practice, this means that InTouch Solutions NV:

- must have a legitimate and legal basis for collecting and using Personal Data;

- must be transparent about how Personal Data will be processed, and adequately inform individuals (customers, employees or others) of their privacy rights when their Personal Data is collected;

- must handle Personal Data in a manner that can reasonably be expected;

- must ensure that Personal Data is not used in an unlawful manner.

Personal data must be adequate, relevant and limited to what is necessary

Personal data must be adequate, relevant and limited to what is necessary. In practice, this means that InTouch Solutions NV must ensure that:

- only Personal Data relevant to a specific purpose is requested and collected;

- no more Personal Data may be maintained than necessary for a specific purpose.

Personal data must be accurate and updated as necessary

Personal data must be accurate and updated as necessary. Inaccurate and outdated data must be removed or modified. In practice, this means that InTouch Solutions NV:

- must ensure that the source of the Personal Data is clear;

- should take reasonable steps to ensure that the Personal Data obtained is accurate;

- must consider the need to update the Personal Data.

Personal data must be collected for explicitly defined purposes and nothing else

Persoonsgegevens moeten verzameld worden voor uitdrukkelijk omschreven doeleinden. In de praktijk betekent dit dat InTouch Solutions NV :

- should be clear from the outset about what Personal Data is being collected and for what purposes it will be used;

- must ensure that, if the Personal Data is used for purposes other than those initially described, the individual concerned is notified and the use is justified.

Personal data should not be kept longer than necessary

Personal Data must not be kept longer than necessary. As soon as the Personal Data is no longer necessary for the purpose for which it was collected, this information should be deleted, unless there is another basis for retaining this Personal Data. In practice, this means that InTouch Solutions NV :

- will need to verify the duration for maintaining Personal Data;

- will need to consider the purpose for which the Personal Data is maintained and how long the Personal Data should be maintained for this purpose;

- must securely delete the Personal Data if it is no longer necessary for its intended purpose.

Personal data must be processed by individual rights

Personal data must be processed taking into account the rights of natural persons, in particular:

- the right to be informed;

- the right to inspect;

- the right to rectification;

- the right to erasure of data;

- the right to limited Processing;

- the right to data portability;

- the right to object;

- rights based on automatic decisions and profiling.

Any data subject whose Personal Data are processed has these rights. For further clarification in this regard, please refer to Chapter 6.

Personal data must be kept in a secure manner

Personal data must be kept in a secure manner. In practice, this means that InTouch Solutions NV :

- must organize security in accordance with the nature of the Personal Data (employees, partners, customers or others) being kept and the potential damage that may result from a security breach.

Personal data should not be transferred to third countries without adequate protection

Personal data may not be transferred to other countries outside Europe without adequate protection. This means thatInTouch Solutions NV :

- carefully consider whether transfer to a country outside Europe is necessary and whether there will be adequate protection before transferring the Personal Data.

- shall ensure adequate protection when transferring Personal Data outside Europe.

Personal data at InTouch solutions NV and guidelines to protect it

Customer data

We collect and process our customers' Personal Data, distinguishing 3 types of “Processing”:

- To provide our services;

- For administrative purposes (invoicing, agreements,...);

- for commercial purposes.

Personal Data obtained from our customers for the provision of our services.
Personal Data is processed in the context of the agreement entered into by the customer with us.
When we provide services to our clients, we receive and process Personal Data from citizens who make traffic violations and citizens with parking permits. The following are processed:

- personal data;
- car type;
- national registration number;
- natural person;
- language;
- gender;
- date of birth;
- phone;
- e-mail;
- name of business manager;
- identity director;
- identity holder;
- identification of fixer,
- photographs;
- location of offense, GPS coordinates;
- time;
- description;
- applicable article of law;
- creation date;
- notes;
- file number;
- determination number;
- charges;
- date of sending previous letters (to whom, by whom, when);
- amount of fine;
- payment information;
- contact time;
- defense, if any;
- license plate number
- bank account number;
- family situation.

When we process Personal Data from our customers to provide our services, we are a so-called “processor” of Personal Data. Consequently, the Data Processing Agreement should clearly define the roles and responsibilities with respect to the Processing of Personal Data. This Data Processing Agreement is added by default to the general terms and conditions of our agreements with our customers.
Only those responsible for the customer are granted access to and can access the customer's Personal Data in the context of providing services to the customer. Access to customer data will be recorded and “unauthorized access” to Personal Data will be reported to the DPO.
Furthermore, we must ensure that Personal Data is handled with care. Specifically, this means that:

- Anyone who has access to our customers' personal data expressly undertakes to respect confidentiality. The person concerned undertakes to use the information to which he has access in the performance of his duties only for the purpose for which it is intended and under no circumstances to transfer it to unauthorized third parties.

- The data should be properly protected: adequate protection measures should be taken to ensure that only “authorized” persons have access to the data and that no unauthorized access is possible.

- The data should be handled with due care, measures should be taken to prevent data loss (for example: the loss of USB stick, laptops, paper files,...).

- Data should be copied onto other systems, devices (e.g., laptops) or locations only when actually required. Copied data should also be protected.

- We do not share this data with other parties (external or within our network) except with the explicit consent of the customer.

- We only request and collect Personal Data from our customers that is truly necessary for the purposes to be achieved, we inform the customer of these purposes and will only use the Personal Data for these purposes.

- We retain Personal Data only as long as we need it. The archiving policy will be reviewed in this regard.

It should be noted that some of these principles are relevant not only to “Personal Data” but to “data in general” that we receive from our customers.
Personal data collected from our customers for administrative purposes
Before we provide services to new customers, pursuant to our acceptance procedures, we are required to collect certain data from the customer. Some of these data are Personal Data, such as contact details, information related to governance,... These data are maintained in our underwriting systems. Given its sensitivity, this data must be properly protected.
Once we provide our services, this data is used for billing and administrative purposes and is maintained in our internal ERP systems and databases. Our clients expect us to maintain this data in order to provide our services to them. This data is primarily administrative data. Therefore, the level of sensitivity is rather limited. However, we must ensure that we keep this data up-to-date and must prevent it from becoming publicly available.
Personal data collected for commercial purposes for existing customers and prospects
We also store customer data for commercial purposes in our CRM system. This includes data from our existing customers, former customers and prospects. This data is used to follow up on commercial opportunities, as well as for direct marketing and mailings.
The customer must be informed regarding the use of his/her data for commercial purposes. If the customer does not consent to the use of his/her data for commercial purposes, the data can no longer be used for this purpose. The best practice is that consent requires a positive action by the person concerned (for example: checking a box in a form). It is not sufficient if consent is inferred from a lack of action (for example, unchecking a box that is already checked).
For existing customers, we are permitted to use contact information for direct marketing purposes since we already have a contractual agreement with them. The main point of attention is that we no longer send messages to customers if they have opted out of receiving direct marketing messages (a so-called 'opt-out'). When customers opt out, they may no longer be contacted.
Personal data of prospects and former customers may only be processed on the basis of their consent.
Personal data left by individuals on the website may be processed in order to provide them with relevant information about our services. If we wish to send them direct marketing messages that are not linked to their requests, we must obtain their explicit consent.

Data of employees

We collect and process Personal Data from our own employees for HR purposes. The employee privacy statement clarifies the data processed byInTouch Solutions NV , as well as their purposes and the rights of data subjects. Specific guidelines have been provided to the external HR provider to manage this data appropriately.

Data breach

As an organization processing Personal Data, InTouch Solutions NV has an obligation to report certain Personal Data Breaches to the appropriate supervisory authority no later than 72 hours after becoming aware of them. InTouch Solutions NV must also keep a register of Personal Data Breaches.

A Personal Data Breach includes more than the mere loss of Personal Data. A Personal Data breach means a breach of security that accidentally or unlawfully results in the destruction, loss, alteration or unauthorized disclosure of, or unauthorized access to, transmitted, stored or otherwise processed data.

Examples of Personal Data breaches include:
- the loss of a USB flash drive, documents or cell phone (considering that you can access your e-mail via your cell phone, we wish to know);
- sending Personal Data to an incorrect address (e.g., via e-mail);
- computer equipment containing Personal Data that is lost or stolen;
- losing a hard copy file;
- opening an email attachment containing a virus that results in the computer equipment becoming unavailable;
- Reacting incorrectly to fishing attempts leading to password disclosure;
- ...

For this purpose, we need your help. If you are aware of a Personal Data breach, please contact the Data Protection Officer (DPO) of InTouch Solutions NV as soon as possible .

Whom to contact for questions and concerns

If you have any questions or concerns regarding this Policy, please contact our DPO at dpo@intouchtribe.com

We value your privacy