- What does Crossuite know about you and what happens to that information?
- What personal data do we process?
- Why do we process your personal data?
- Does Crossuite share my personal data with other parties?
- Is my personal data transmitted to parties outside of the European Economic Area?
- How do I know whether Crossuite is securely storing my personal data?
- How long does Crossuite keep my personal data?
- What are my rights with respect to privacy and how can I exercise them?
- Could this Privacy Statement be amended at a later date?
- What happens if I click a link on Crossuite’s website that takes me to another website?
- If you are unhappy about how we deal with your personal data
- If you have any further queries after reading this Privacy Statement
Why do we need a Privacy Statement?
This Privacy Statement is for everybody (whether or not a client) who shares, in any manner, personal data with us (hereinafter: ‘you’). We wish to inform you in clear-cut language why we require certain information from you and what we do with your personal data – not only because we are obliged by aw to do so, but also because we believe that transparency and privacy are important.
We naturally endeavour to comply as fully as possible with the rules on the protection of data as set out in EU and Belgian laws, which is why we want to always give you the opportunity to consult this Privacy Statement before you share your personal data with us. That means you will always know what to expect and you can make a well-considered decision.
The controller is Crossuite, with its registered office at 2600 Antwerp, Uitbreidingstraat 390/4, enterprise number 0893.863.413.
Before telling you what personal data we collect and why we collect it, we wish to inform you there is a significant difference between:
- persons visiting the website for the first time
- returning visitors to the website.
Are you visiting the website for the first time?
Then we most likely do not (yet) know you nor are able to identify you, and that will remain the case as long as you do not transmit to us any personal data through the website (such as an online form, a webchat, etc). In other words, you determine what Crossuite knows about you.
Please note: this does not necessarily mean that we have never collected personal data about you, as you may have previously shared such information with us through another channel (such as by email, on social media, mail, etc).
You may also have never provided your contact details to Crossuite but still receive marketing communications from us because Crossuite uses, within the limits of the law, publicly available contact details (such as in the Crossroads Bank for Enterprises) in order to contact practices that might be interested. You can inform us that you are uninterested at any time and we will record that and never bother you again.
Are you a returning visitor to the website?
Whether or not we recognise you when you return to our website depends on your previous visits.
If, during a visit, you have never shared personal information with us (using, for example, an online form, chat, etc), we will not be able to identify you. In other words, you determine what Crossuite knows about you.
If we see that you are a regular visitor (and are genuinely interested in our services) and you have provided us with your telephone number in the past, we could give you a call to enquire what is stopping you from trying Crossuite out – unless, of course, you are listed on our Don’t call me again list. It is once gain entirely up to you what you do and don’t tell us during that telephone conversation.
The personal data we process depends on your profile:
1 ) Client and end-user
2 ) End-user
3 ) Prospect for a demo
4 ) Former client
5 ) Business Partner
6 ) Job applicant
Identification data: (profiles 1,2,3,4,5,6)
- given name
- landline/mobile number
- email address
- postal code
- IP address
Profession and position: (profiles 1,2,3,4,5)
Information on your use of our tool and our mobile app (such as heatmaps, the times you log in and out, modules/functions you use the most and least, etc) (profiles 1, 2, 3, 4)
The login details linked to your user profile (don’t worry, these details are always encrypted) (profiles 1, 2, 3, 4)
Preferred method of communication (profiles 1, 2, 3, 4, 5)
All other personal data voluntarily provided to Crossuite (such as information provided when corresponding with Crossuite) (profiles 1, 2, 3, 4, 5, 6)
Calling prospective clients
We could call or email you during the trial period in order to assist you the first time you use Crossuite. This ensures that you have a clear idea of what the tool can do, and you are able to assess whether a Crossuite licence will be an asset for your practice or company. We also retain your personal details for a period of two years if you decide not to acquire a Crossuite licence after the trial period expires. This allows us to ensure, for example, that the free trial periods are not abused by persons who use them multiple times.
Crossuite performs this processing for the purpose of performing the agreement.
During your first months as a client of Crossuite we will send you useful onboarding emails on a regular basis, which will help you to quickly learn how to properly use our tool. While you are a Crossuite client you will also receive our product updates so that you remain aware of the latest applications for our tool and app, such as when we launch a new feature. You will also receive a monthly newsletter containing useful tips, blogs and the latest news.
Crossuite performs this processing on the basis of its legitimate interests.
Creating a Crossuite account
As a Crossuite user, we firstly require your personal data in order to create your personal account on the tool. We also require that information so that our staff can quickly and accurately respond to any queries you have.
Invoicing, collecting payments
For the purpose of performing the agreement, we use your data in order to accurately compile your invoice and send it to you, as well as in order to follow-up on any payment issues. This information is also required for bookkeeping purposes, as required by law. We are also legally obliged to retain this personal data for seven years.
Client satisfaction surveys
You are never obliged to participate in a survey. Data is collected from a survey to improve our services. Crossuite performs this processing on the basis of its legitimate interests.
Monitoring the use of the tool
We monitor your use of our tool and app. Firstly, we do this so that we can optimise our tool. In most cases we only use this data on an aggregated and anonymous basis for the purpose of user research and statistical analysis. On occasion, we may scrutinise your individual use, but only in order to provide you as a Crossuite client with better support. Crossuite performs this processing on the basis of its legitimate interests.
When you enter into a commercial partnership with Crossuite you will share certain personal data with us, whether your own and/or that of employees. This data will naturally solely be used within the context of that partnership and it will only be processed for the purpose of performing the agreement. When that partnership comes to an end we will only retain the relevant documentation (such as the partnership agreement) for a specific period of time.
Retaining correspondence with job applicants, their CVs and motivating letters
For the purpose of recruitment we collect the data of people who have sent us job applications, whether solicited or unsolicited. We process this data on the basis of the consent of the parties involved.
Your personal data is only processed for internal business purposes. In that context we do however use external parties, but those external parties may only process your personal data in accordance with very clearly defined instructions.
In concrete terms, we use the following categories of data processors:
- Companies that we have contracted for marketing purposes:
We could transmit the contact details of prospects to outbound marketing agencies. They could call these prospects when we have determined that they have shown a genuine interest in our services and have never objected (for example, during an initial call) to being contacted in such a manner. As always, the prospect can state during the call that he/she is not interested and does not wish to be called, which we will record.
If the prospect is (still) not sure that Crossuite is a suitable tool for him/her or is too busy at the time, then they may be called at a later time. In any event, the contact details of prospects are not retained for longer than two years.
- Companies that we have contracted for IT support, database management, software integration and hosting purposes (such as hosting partners, cloud partners, data centres, software suppliers, external consultants, etc).
- Companies we have contracted for communication purposes (such as for the website’s live chat function).
- Companies we have contracted for analytical purposes.
- Companies we have contracted for payment purposes.
When it comes to paying your Crossuite invoices, we rely on an external payment provider. That party processes your bank details solely for the purpose of the required payments. The required security measures are provided by means of SSL encryption. We have no access whatsoever to your banking details.
We also use an external party for collecting payments on unpaid invoices, and in that context the personal data of a nonpayer can be transmitted.
In order to guarantee the best possible protection for your personal data we have entered into the required contractual agreements with all these external parties, ensuring that they have taken the required technical and organisational measures and that they use this personal data solely for the purposes of Crossuite (and not for their own purposes).
Furthermore, your personal data will never be sold, transmitted or communicated to third parties that wish to use it for their own purposes. Such will however naturally be done when it is necessary for the performance of the agreement or when you have granted us explicit consent in advance to do so. We do wish to inform you that personal data can be collected by social networks when you use a social plugin on our website (such as the Facebook ‘like’ button).
We could also disclose your personal data:
- To the competent authorities (i) when we are required to do so by law or as a result of legal proceedings or pending legal proceedings and (ii) for the purposes of indemnification and defending our rights.
- When all (or effectively all) our assets are acquired by a third party, in which event the personal data that Crossuite has collected shall constitute one of the transferred assets.
This is not presently the case.
We will only transmit your personal data to parties located outside of the European Economic Area under one of the following conditions:
The European Commission has ruled that the destination country has an adequate level of protection.
The destination country does not have an adequate level of protection but Crossuite enters into the required contractual agreements with the party in question, with due regard for the standard provisions as imposed by the Belgian Data Protection Authority.
We have taken all reasonable technological and organisational precautions in order to keep to a minimum any unauthorised access to or loss, use or changing of your personal data. If you would like to know more about our information security policy, then please see the Security page on our website.
Of course, it is impossible to guarantee an infallible level of safety, as no online transfer or transmission method nor any electronic data storage method is 100% safe.
The safety of your demo account or paid account also depends on you keeping your login details secret. Remember that our staff will never ask you for your login details. If you do decide to provide your login details to a third party, that party has access to the personal data in your account and we are no longer able to guarantee that your data is secure. If a third party gains unauthorised access to your account, we recommend that you immediately change your password and that you contact us.
8. Wat zijn mijn privacyrechten en hoe kan ik ze uitoefenen?
Worden jouw persoonsgegevens door Crossuite verwerkt, dan beschik je – ten opzichte van ons – over volgende rechten:
- Recht op toegang tot de persoonsgegevens die wij over jou bijhouden;
We zijn altijd bereid om jou een duidelijk en volledig overzicht te bezorgen van de persoonsgegevens die we tot dusver over jou verzameld hebben.
- Recht op rectificatie, vervollediging of update van jouw persoonsgegevens;
Ben je gebruiker van onze tool en/of app? Dan wijzen wij er jou wel graag op dat jij in de eerste plaats verantwoordelijk bent om de nodige aanpassingen aan te brengen in jouw persoonlijke gebruikersaccount.
- Recht op schrapping van jouw persoonsgegevens (het ‘recht om vergeten te worden’)
Wanneer je bepaalde noodzakelijke persoonsgegevens schrapt of laat schrappen, is het mogelijk dat bepaalde diensten niet meer toegankelijk zullen zijn of verstrekt kunnen worden. Het is mogelijk dat een wettelijke verplichting of de uitvoering van onze overeenkomst met jou ons niet toelaat om bepaalde persoonlijke informatie te verwijderen. Zo zijn wij bijvoorbeeld wettelijk verplicht om facturen gedurende een termijn van zeven jaar (en soms langer) te bewaren.
- Recht op een beperking van de verwerking van jouw persoonsgegevens;
Het kan gebeuren dat we jouw gegevens tijdelijk niet meer mogen gebruiken, maar ook (nog) niet kunnen wissen. Dat kan bijvoorbeeld voorkomen wanneer jij bezwaar aantekent tegen de verwerking van jouw persoonsgegevens op basis van ons gerechtvaardigd belang als onderneming. Zolang wij niet kunnen aantonen dat onze belangen opwegen tegen jouw individuele belangen mogen wij jouw gegevens niet gebruiken.
- Recht om jouw toestemming in te trekken;Verwerken wij jouw persoonsgegevens op basis van jouw toestemming, dan kan je die toestemming op een later ogenblik steeds terug intrekken.
- Recht op overdraagbaarheid van jouw persoonsgegevens;Je hebt het recht om jouw persoonsgegevens in een gestructureerde, gangbare en machineleesbare vorm te verkrijgen. Daarnaast heb je het recht om ons te vragen om deze persoonsgegevens over te dragen aan een andere service provider, tenzij dit technisch onmogelijk is.
- Recht van bezwaar/verzet tegen de verwerking van jouw persoonsgegevens.Je hebt op ieder ogenblik de mogelijkheid om je te verzetten tegen het verwerken van jouw persoonsgegevens voor onze ‘direct marketing’ doeleinden (bijv. door jouw communicatievoorkeuren aan te passen), wanneer deze gebaseerd zijn op ons gerechtvaardigd belang als onderneming.
Je kan jouw privacyrechten kosteloos uitoefenen door contact met ons op te nemen via firstname.lastname@example.org. Wij zullen zo snel mogelijk antwoorden en uiterlijk één maand nadat we jouw verzoek ontvangen hebben.
Wil je jouw recht op toegang, recht op rectificatie, recht op schrapping of recht op overdraagbaarheid uitoefenen? Dan zijn wij genoodzaakt om eerst jouw identiteit te verifiëren. We willen uiteraard geen persoonlijke informatie vrijgeven zonder zeker te zijn dat jij het bent. Om die reden vragen wij minstens dat je ons een kopie van de voorkant van jouw identiteitskaart bezorgt. Wanneer wij redenen hebben om te twijfelen aan jouw identiteit, kunnen wij aanvullende informatie vragen ter bevestiging.
This Privacy Statement could certainly be updated at a later stage, which we shall do whenever there is a (major) change to the way we deal with your personal data. Where that happens, we upload a new version of the Privacy Statement to our website, which is why we recommend that you visit our website at regular intervals and check our Privacy Statement.
10. What happens if I click a link on Crossuite’s website that takes me to another website?
Our website could contain hyperlinks to other websites and when you click on one of those links you will leave our website. These other websites or internet sources could collect information on you using cookies or other technology.
We do not check whether and/or how these external websites or internet sources use your personal data, which is why you should carefully read their privacy statements.
If you have any comments or complaints concerning the way we deal with your personal data, we ask that you first approach us be emailing your complaint to email@example.com. This will allow us to find a solution by means of consulting each other.
If you are still not happy after contacting us, then you have the right to submit a complaint to the competent supervisory authority (in Belgium: https://www.gegevensbeschermingsautoriteit.be/, Drukpersstraat 35, 1000 Brussels, Tel +32 (0)2 274 48 00, Fax +32 (0)2 274 48 35, email: firstname.lastname@example.org.
Then please send an email to email@example.com . Our Data Protection Officer will be happy to respond to any questions you have concerning privacy.