- What does Crossuite know about you and what happens to that information?
- What personal data do we process?
- Why do we process your personal data?
- Does Crossuite share my personal data with other parties?
- Is my personal data transmitted to parties outside of the European Economic Area?
- How do I know whether Crossuite is securely storing my personal data?
- How long does Crossuite keep my personal data?
- What are my rights with respect to privacy and how can I exercise them?
- Could this Privacy Statement be amended at a later date?
- What happens if I click a link on Crossuite’s website that takes me to another website?
- If you are unhappy about how we deal with your personal data
- If you have any further queries after reading this Privacy Statement
Why do we need a Privacy Statement?
This Privacy Statement is for everybody (whether or not a client) who shares, in any manner, personal data with us (hereinafter: ‘you’). We wish to inform you in clear-cut language why we require certain information from you and what we do with your personal data – not only because we are obliged by aw to do so, but also because we believe that transparency and privacy are important.
We naturally endeavour to comply as fully as possible with the rules on the protection of data as set out in EU and Belgian laws, which is why we want to always give you the opportunity to consult this Privacy Statement before you share your personal data with us. That means you will always know what to expect and you can make a well-considered decision.
The controller is Crossuite, with its registered office at 2600 Antwerp, Uitbreidingstraat 390/4, enterprise number 0893.863.413.
Before telling you what personal data we collect and why we collect it, we wish to inform you there is a significant difference between:
- persons visiting the website for the first time
- returning visitors to the website.
Are you visiting the website for the first time?
Then we most likely do not (yet) know you nor are able to identify you, and that will remain the case as long as you do not transmit to us any personal data through the website (such as an online form, a webchat, etc). In other words, you determine what Crossuite knows about you.
Please note: this does not necessarily mean that we have never collected personal data about you, as you may have previously shared such information with us through another channel (such as by email, on social media, mail, etc).
You may also have never provided your contact details to Crossuite but still receive marketing communications from us because Crossuite uses, within the limits of the law, publicly available contact details (such as in the Crossroads Bank for Enterprises) in order to contact practices that might be interested. You can inform us that you are uninterested at any time and we will record that and never bother you again.
Are you a returning visitor to the website?
Whether or not we recognise you when you return to our website depends on your previous visits.
If, during a visit, you have never shared personal information with us (using, for example, an online form, chat, etc), we will not be able to identify you. In other words, you determine what Crossuite knows about you.
If we see that you are a regular visitor (and are genuinely interested in our services) and you have provided us with your telephone number in the past, we could give you a call to enquire what is stopping you from trying Crossuite out – unless, of course, you are listed on our Don’t call me again list. It is once gain entirely up to you what you do and don’t tell us during that telephone conversation.
The personal data we process depends on your profile:
1 ) Client and end-user
2 ) End-user
3 ) Prospect for a demo
4 ) Former client
5 ) Business Partner
6 ) Job applicant
Identification data: (profiles 1,2,3,4,5,6)
- given name
- landline/mobile number
- email address
- postal code
- IP address
Profession and position: (profiles 1,2,3,4,5)
Information on your use of our tool and our mobile app (such as heatmaps, the times you log in and out, modules/functions you use the most and least, etc) (profiles 1, 2, 3, 4)
The login details linked to your user profile (don’t worry, these details are always encrypted) (profiles 1, 2, 3, 4)
Preferred method of communication (profiles 1, 2, 3, 4, 5)
All other personal data voluntarily provided to Crossuite (such as information provided when corresponding with Crossuite) (profiles 1, 2, 3, 4, 5, 6)
Calling prospective clients
We could call or email you during the trial period in order to assist you the first time you use Crossuite. This ensures that you have a clear idea of what the tool can do, and you are able to assess whether a Crossuite licence will be an asset for your practice or company. We also retain your personal details for a period of two years if you decide not to acquire a Crossuite licence after the trial period expires. This allows us to ensure, for example, that the free trial periods are not abused by persons who use them multiple times.
Crossuite performs this processing for the purpose of performing the agreement.
During your first months as a client of Crossuite we will send you useful onboarding emails on a regular basis, which will help you to quickly learn how to properly use our tool. While you are a Crossuite client you will also receive our product updates so that you remain aware of the latest applications for our tool and app, such as when we launch a new feature. You will also receive a monthly newsletter containing useful tips, blogs and the latest news.
Crossuite performs this processing on the basis of its legitimate interests.
Creating a Crossuite account
As a Crossuite user, we firstly require your personal data in order to create your personal account on the tool. We also require that information so that our staff can quickly and accurately respond to any queries you have.
Invoicing, collecting payments
For the purpose of performing the agreement, we use your data in order to accurately compile your invoice and send it to you, as well as in order to follow-up on any payment issues. This information is also required for bookkeeping purposes, as required by law. We are also legally obliged to retain this personal data for seven years.
Client satisfaction surveys
You are never obliged to participate in a survey. Data is collected from a survey to improve our services. Crossuite performs this processing on the basis of its legitimate interests.
Monitoring the use of the tool
We monitor your use of our tool and app. Firstly, we do this so that we can optimise our tool. In most cases we only use this data on an aggregated and anonymous basis for the purpose of user research and statistical analysis. On occasion, we may scrutinise your individual use, but only in order to provide you as a Crossuite client with better support. Crossuite performs this processing on the basis of its legitimate interests.
When you enter into a commercial partnership with Crossuite you will share certain personal data with us, whether your own and/or that of employees. This data will naturally solely be used within the context of that partnership and it will only be processed for the purpose of performing the agreement. When that partnership comes to an end we will only retain the relevant documentation (such as the partnership agreement) for a specific period of time.
Retaining correspondence with job applicants, their CVs and motivating letters
For the purpose of recruitment we collect the data of people who have sent us job applications, whether solicited or unsolicited. We process this data on the basis of the consent of the parties involved.
Your personal data is only processed for internal business purposes. In that context we do however use external parties, but those external parties may only process your personal data in accordance with very clearly defined instructions.
In concrete terms, we use the following categories of data processors:
- Companies that we have contracted for marketing purposes:
We could transmit the contact details of prospects to outbound marketing agencies. They could call these prospects when we have determined that they have shown a genuine interest in our services and have never objected (for example, during an initial call) to being contacted in such a manner. As always, the prospect can state during the call that he/she is not interested and does not wish to be called, which we will record.
If the prospect is (still) not sure that Crossuite is a suitable tool for him/her or is too busy at the time, then they may be called at a later time. In any event, the contact details of prospects are not retained for longer than two years.
- Companies that we have contracted for IT support, database management, software integration and hosting purposes (such as hosting partners, cloud partners, data centres, software suppliers, external consultants, etc).
- Companies we have contracted for communication purposes (such as for the website’s live chat function).
- Companies we have contracted for analytical purposes.
- Companies we have contracted for payment purposes.
When it comes to paying your Crossuite invoices, we rely on an external payment provider. That party processes your bank details solely for the purpose of the required payments. The required security measures are provided by means of SSL encryption. We have no access whatsoever to your banking details.
We also use an external party for collecting payments on unpaid invoices, and in that context the personal data of a nonpayer can be transmitted.
In order to guarantee the best possible protection for your personal data we have entered into the required contractual agreements with all these external parties, ensuring that they have taken the required technical and organisational measures and that they use this personal data solely for the purposes of Crossuite (and not for their own purposes).
Furthermore, your personal data will never be sold, transmitted or communicated to third parties that wish to use it for their own purposes. Such will however naturally be done when it is necessary for the performance of the agreement or when you have granted us explicit consent in advance to do so. We do wish to inform you that personal data can be collected by social networks when you use a social plugin on our website (such as the Facebook ‘like’ button).
We could also disclose your personal data:
- To the competent authorities (i) when we are required to do so by law or as a result of legal proceedings or pending legal proceedings and (ii) for the purposes of indemnification and defending our rights.
- When all (or effectively all) our assets are acquired by a third party, in which event the personal data that Crossuite has collected shall constitute one of the transferred assets.
This is not presently the case.
We will only transmit your personal data to parties located outside of the European Economic Area under one of the following conditions:
The European Commission has ruled that the destination country has an adequate level of protection.
The destination country does not have an adequate level of protection but Crossuite enters into the required contractual agreements with the party in question, with due regard for the standard provisions as imposed by the Belgian Data Protection Authority.
We have taken all reasonable technological and organisational precautions in order to keep to a minimum any unauthorised access to or loss, use or changing of your personal data. If you would like to know more about our information security policy, then please see the Security page on our website.
Of course, it is impossible to guarantee an infallible level of safety, as no online transfer or transmission method nor any electronic data storage method is 100% safe.
The safety of your demo account or paid account also depends on you keeping your login details secret. Remember that our staff will never ask you for your login details. If you do decide to provide your login details to a third party, that party has access to the personal data in your account and we are no longer able to guarantee that your data is secure. If a third party gains unauthorised access to your account, we recommend that you immediately change your password and that you contact us.
8. What are my rights with respect to privacy and how can I exercise them?
If your personal data is processed by Crossuite then you have the following rights vis-à-vis us:
- The right of access to the personal data that we keep and that concerns you;
We are always prepared to send you a clear and complete overview of the personal data that we have collected to date that concerns you.
- The right to rectification, of your personal data, to have incomplete information completed and to have it updated;
If you use our tool and/or app, then please be aware that it is your responsibility to make any changes in your personal user account.
- The right to have your personal data deleted (the ‘right to be forgotten’)
When you delete certain required personal data or have such deleted some services may no longer be available or provided. A legal obligation or the performance of our agreement with you could mean that certain personal information cannot be deleted. For example, we are required by law to retain invoices for a period of seven years (and sometimes for even longer).
- The right to restrict the processing of your personal data;
Under certain circumstances we may not be permitted to use your personal data for a period but are also not (yet) permitted to delete it. This could be the case when you object to the processing of your personal data on the basis of our legitimate interest as a company. As long as we are unable to demonstrate that our interests outweigh your individual interests, we may not use your personal data.
- The right to revoke your consent;
If we process your personal data on the basis of your consent, you can revoke that consent at any time.
- The right to the transferability of your personal data;
You have the right to obtain your personal data in a structured, commonly used and machine-readable format. You also have the right to request that we transfer that personal data to another service provider, unless such is impossible on technical grounds.
- The right to object to the processing of your personal data.
You can object at any time to the processing of your personal data for direct marketing purposes (by, for example, chancing your preferred methods of communication), when that processing is based on our legitimate interest as a company.
You can exercise your rights free of charge by contacting us at firstname.lastname@example.org. We shall respond as soon as possible and no later than within a month of receiving your request. If you wish to exercise your right of access, rectification, deletion or transferability, then we shall first have to verify your identity – we do not want to release any personal information before we are certain that you are you. That is why we ask that you at least provide us with a copy of the front side of your identity card. When there are grounds for doubting your identity, we could request further information for the purpose of confirming who you are.
This Privacy Statement could certainly be updated at a later stage, which we shall do whenever there is a (major) change to the way we deal with your personal data. Where that happens, we upload a new version of the Privacy Statement to our website, which is why we recommend that you visit our website at regular intervals and check our Privacy Statement.
10. What happens if I click a link on Crossuite’s website that takes me to another website?
Our website could contain hyperlinks to other websites and when you click on one of those links you will leave our website. These other websites or internet sources could collect information on you using cookies or other technology.
We do not check whether and/or how these external websites or internet sources use your personal data, which is why you should carefully read their privacy statements.
If you have any comments or complaints concerning the way we deal with your personal data, we ask that you first approach us be emailing your complaint to email@example.com. This will allow us to find a solution by means of consulting each other.
If you are still not happy after contacting us, then you have the right to submit a complaint to the competent supervisory authority (in Belgium: https://www.gegevensbeschermingsautoriteit.be/, Drukpersstraat 35, 1000 Brussels, Tel +32 (0)2 274 48 00, Fax +32 (0)2 274 48 35, email: firstname.lastname@example.org.
Then please send an email to email@example.com . Our Data Protection Officer will be happy to respond to any questions you have concerning privacy.