Privacy Statement

Introduction

Who are we?

Unpaid (referred to below as "Unpaid", "we" or "us") takes your privacy very seriously and considers it important for your personal data to be treated with the necessary care and confidentiality at all times.

We understand that you would like to know why we request your personal data and that you may be curious about what we do with it. In this privacy statement (hereinafter referred to as the "Privacy Statement"), we will try to provide an answer. If you have any questions after reading this Privacy Statement, you are always welcome to contact us.

This Privacy Statement applies only to the personal data that is processed by Unpaid, Unpaid B.V., CBE no. 728.452.479, VAT no. BE0728.452.479, with registered office at Port Arthurlaan 11e, 9000 GENT, as data controller. This is the case when, as will be described below, we determine the purpose and means (or the "why" and "how") of processing your personal data.

What is the "processing of personal data"?

We understand "processing of personal data" as meaning any processing of data that could identify you as a natural person. Which specific data this concerns will be explained below in this Privacy Statement.

The concept of "processing" is broad and includes the collection, storage, use or distribution of this data.

To whom and to what does this Privacy Statement apply?

This Privacy Statement applies to our website w ww.unpaid.be (hereinafter referred to as the "Website") and to the associated activities and/or (commercial) relationships initiated and maintained through this Website. This includes, for example, if you contact us through the Website with questions or interest in our services, settling the submitted claim(s)/collecting your unpaid invoices, downloading content on our Website, etc.

The data subjects (hereinafter "you", your") to whom this Privacy Statement is addressed may include the following:

Unpaid's clients (e.g. in the case of a sole proprietorship) or their contacts
The business partners or their contacts who assist us in providing our services to our customers, such as bailiffs, lawyers, suppliers, subcontractors and/or partners
The Belgian debtors or their contacts in respect of whom we provide our services on behalf of our clients
The individuals to whom Unpaid sends commercial messages who are not clients or business partners, such as individuals whose personal data we collect as a result of offering our services to clients
Website visitors or visitors to our social media pages, such as individuals who use the Website using cookies or contact us via the contact form on the Website or via our social media
Job applicants and Unpaid's employees

Clients refers to persons or companies with whom we have already had direct contact and (potentially) have or will have a client relationship.

The data of former and potential business contacts (customers, business partners) are also handled and secured as well and carefully as possible, in accordance with this Privacy Statement.

As you may already know, Unpaid offers its services mainly to companies to start collecting their undisputed invoices from their B2B debtors. Although it is therefore mostly companies, this Privacy Statement only applies to the processing of personal data - i.e. data of natural persons - by Unpaid. For companies with whom we are in contact, the processing of personal data of contact persons at our customers, business partners and others will naturally be covered by this Privacy Statement.

In addition, it is possible that 'company' data may in itself constitute personal data. This may be the case, for example, with a sole proprietorship where the name of the company is the name and surname of the person behind the company. To be as comprehensive as possible, we have also brought such data under this Privacy Statement.

Use of personal data

When do we collect your personal data?

We collect and process your data as a data controller when you are involved in the activities or services offered by Unpaid and/or use the Website. For example, we process your data when:

you contact or have contacted us: e.g. in the context of visiting our Website or our social media pages, filling in a contact form on our Website, making an appointment via the Website, using the chatbot function on the Website, downloading content on our Website or keeping a profile on our Website;
you have started creating a collection claim;
we provide or have provided any of our services to you;
we might provide services to you in the future;
you are a debtor of one of our clients;
you are the contact person for one of our clients or suppliers;
you meet us at a physical event (e.g. a trade fair) and give us your details;
you apply for a job with us;
...

Which personal data can we collect?

We may process the data below about you. This does not mean that we have all the data below about you in all cases. This will always depend on the specific situation and your preferences.

Clients

We may process the data below from our (contacts at our) current, former and potential future clients. The specific data we process from you will of course depend on the specific relationship you have with us and the services you purchase, have purchased or may wish to purchase from us as a client.

Your identification and contact details: e.g. name, name of your company, telephone number, e-mail address, address, type of sector, business activities, company number, country, ...
Your contact history: for example, communications sent and received such as e-mail messages, phone calls, social media, completed contact forms and any other personal data you provide us with that are relevant to answer your query, ...
Your business and financial data: e.g. your account details on our platform, such as your username, password, users, and payment details such as your bank account number, VAT number, invoices and credit notes, ...
Your public data: e.g. publicly available data such as CBE number and other data in public databases, as well as any press coverage, your profile or company page on professional social networks, ...
Your legal data: e.g. data relating to civil proceedings instituted by your debtor to contest the invoice
Your personal characteristics: e.g. your name, photos or other person-related information (e.g. your personal experience with our services) that we post on our Website or social media pages as part of our marketing with your consent, ...
Your identification data: e.g. a copy of your identity card (only in the context of some specific cases e.g. to verify your identity when you wish to exercise one of your rights as a data subject based on the General Data Protection Regulation)
Data you provide to us yourself

Business partners

We may process the data below from our (contacts at our) current, former and potential future business partners. The concrete data we process from you will of course depend on the concrete way in which you assist us as our business partner in providing our services to clients.

Your identification and contact data: e.g. name, name of your company, telephone number, e-mail address, address, type of sector, business activities, company number, country, etc.
Your contact history: for example, communications sent and received such as e-mail messages, telephone calls, social media, completed contact forms and any other personal data you provide us with that are relevant to answer your query, ...
Your financial data: e.g. bank account number, VAT number, invoices and/or credit notes, ... if you make payments in our favour or receive payments from us
Your public data: for example CBE number and other data in public databases, as well as any other publicly available data such as announcements in the press, on your company page on professional social networks, ...
Your identification data: e.g. a copy of your identity card (only in the context of some specific cases e.g. to verify your identity when you wish to exercise one of your rights as a data subject based on the General Data Protection Regulation)
Data you provide to us yourself

Debtors of our clients

We may process the data below from our clients' debtors. The specific data we process from you will of course depend on the specific situation for which we process your data and/or the claim for which our client is using our services in relation to you.

Your identification and contact details: e.g. name, name of your company, telephone number, e-mail address, address, CBE number, ...
Your financial data in the context of a file of our client: for example, your VAT number, invoices and credit notes, other data mentioned in unpaid invoices, ...
Your legal data: e.g. data relating to civil proceedings instituted by you to contest the invoice

Individuals to whom we send commercial messages

The data below may be processed by persons to whom we send commercial messages. The specific data we process will of course depend on the specific way in which we send messages to you and in which capacity this takes place.

Your identification and contact details: e.g. your name, name of your company, e-mail address, address, type of sector, country, etc.
Your contact history: e.g. all communications sent by us by e-mail or by post
Your identification data: e.g. a copy of your identity card (only in the context of some specific cases e.g. possibly to verify your identity when you wish to exercise one of your rights as a data subject based on the General Data Protection Regulation)

Website visitors

If you visit our Website, through the use of cookies and through your use of features we have provided on the Website (e.g. the contact form, chatbot, call scheduler, etc.) we may process the following data from you.

Your electronic identification data: e.g. your IP address, browser type, connection times, location data, preferred language, your surfing behaviour, ...
Your identification and contact data: e.g. your name, name of your company, telephone number, e-mail address, address, ...
Your contact history: e.g. communication sent and received
Your identification data: e.g. a copy of your identity card (only in the context of some specific cases e.g. possibly to verify your identity when you wish to exercise one of your rights as a data subject based on the General Data Protection Regulation)
Data that you provide to us voluntarily: e.g. questions or other information you provide to us when visiting our Website and using certain functions relevant to answering your question

Applicants

If you come to apply for a job with us, we may process the following data from you.

Your identification and contact details: e.g. your name, telephone number, e-mail address, address, ...
Your personal characteristics: e.g. age, gender, date of birth, place of birth, national registration number if necessary for legal reasons, (passport) photos, data on family composition such as marital status, number of dependants, ...
Your public data: e.g. publicly available data such as press releases, your profile on public (professional) social networks, ...
Data that you provide to us for your application or otherwise voluntarily provide to us: e.g. your CV, education, preferences and qualifications such as work experience, professional situation, availabilities, studies, diplomas, language skills, ...
Your contact history: e.g. communications sent and received such as e-mails, telephone calls and any other personal data you provide us with
Your identification data: e.g. a copy of your identity card (only in the context of some specific cases e.g. possibly to verify your identity when you wish to exercise one of your rights as a data subject on the basis of the General Data Protection Regulation)

Special categories of personal data

Generally, we do not process any special categories of personal data - i.e. data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade membership, genetic data, biometric data to unambiguously identify a natural person, health or the sex life or sexual orientation of a natural person - unless they are transmitted to us with your explicit consent, you have manifestly made them public or when explicitly permitted by law.

What are the legal grounds that we apply for processing your personal data?

We only process your data for legitimate purposes, and it will always be processed according to the grounds for processing as listed in the General Data Protection Regulation (GDPR).

We justify the processing of personal data on the following grounds:

The processing is necessary for entering into, performing or terminating an agreement with our clients and/or business partners and in order to provide you with our services or cooperate with you. For example, when you submit an unpaid invoice to us, you fill in a form with your and your debtor's details. With that data, our system performs a solvency check of your client, among other things. As a client, you can create an account on the Unpaid platform so that you can check the status of your collection claims. In addition, under this legal basis, we transfer your data - and the relevant data of your debtor - to a bailiff who takes further steps within this procedure to obtain payment of your invoice by your debtor. Furthermore, we also manage and maintain our client and supplier files under this legal basis. Personal data may also be processed at a pre-contractual stage, in preparation for the purchase of services by or from Unpaid.
The processing is necessary for the fulfilment of a legal or regulatory obligation incumbent upon us or on behalf of one of the parties with whom we cooperate.
The processing is based on our legitimate interests which in specific cases outweigh any possible prejudice to your rights and provided specific conditions are met. We think here, for example, of compiling and sharing general statistics and insights about the claims we handle on behalf of our clients in order to improve our services by better responding to their interests, obtaining valuable feedback from our clients and business partners, investigating interest in services not yet offered with a view to possibly expanding the range of services offered, conducting quality interviews via e-mail or telephone, combating fraud and abuse of our services or defending our interests in court. In addition, we rely on this legal basis to, when you are or want to become a client and complete our form online to initiate a collection procedure but you have not completed or submitted the form, temporarily store your completed data and notify you via the contact details you have filled in so that you have the opportunity to complete and/or submit the claim. Since we do not use this data for any other purposes, we believe that any possible prejudice to your rights is very minor, while we believe that it may be of interest to you so that you can continue to recover your invoices quickly and easily. Where we rely on this legal processing ground, we will limit the effects it may have on your privacy by minimising our use of it and putting in place adequate access and security safeguards to prevent unauthorised use. Where we rely on this legal processing ground, you can always object to the processing of your data for this purpose (see 'data subject rights').
The processing is based on your consent, for example to provide you with the newsletter to which you have subscribed yourself, to respond to your query when you contact us via, for example, a contact form or our chatbot on our Website or via our social media. If you are satisfied with our service, we may also potentially ask you if we may share your positive experience with Unpaid on our Website or on our social media. This consent is derived, inter alia, from the voluntary and direct provision of your data to us whether or not verbally, in writing or via an electronic contact form/message. You may withdraw your consent at any time by contacting us. We ask that you always confirm a withdrawal of your consent by telephone in writing, or withdraw your consent by e-mail or letter.

What are the purposes for which we process your personal data?

We use your personal data for the purposes described below or for which you have otherwise given specific permission. We always ensure that we only collect and process the data that is strictly necessary for the intended purposes.

We collect your data for the following purposes:

Operational purposes: for example, the optimisation of our Website, statistical purposes and market research, to keep our services user-friendly, to answer your contact question, etc., to consider an application;
Business purposes: for example, to identify you as our client, business partner or other party, to communicate with you about our services and to provide them and have them used by you or to utilise services of our business partners, to inform you online or physically about our operation, our policies and our conditions of use, to develop and manage relationships with our potential and existing clients, execute the agreement we have entered into with you as a client or business partner and the administration related to it, to evaluate work, follow up an application and the selection and recruitment process;
Commercial purposes: for example, to send you marketing communications by email or post or to provide you with downloads of content on our Website, to verify and test new potential clients or business partners and establish new business relationships, to verify satisfaction as our client, business partner, website visitor or job applicant;
Legal or statutory purposes: for example, we may use and retain personal data for legal reasons and procedures, to comply with legislation and governmental orders; or to comply with our internal and external audit requirements, information security or to protect or enforce our rights, privacy, security or property or those of other persons.

If we wish to process your personal data for any purpose other than the one for which the data was obtained, we will contact you before proceeding with further processing.

How long do we store your personal data?

We do not store your personal data for longer than is necessary in order to achieve the purpose for which the data has been collected or processed.

Since the period for which the data can be stored depends on the purposes for which the data has been collected, the storage period will vary according to the individual situation. Sometimes specific legislation will require that we store certain data for a certain period. Our storage periods for personal data are based on legal requirements and a consideration of your rights and expectations in light of what may be useful and necessary to enable us to provide our services.

When it is no longer necessary to process your personal data, we will delete your personal data or render them anonymous. If this is not (technically or practically) possible, for example because your data is stored in backup archives or because we need it to a limited extent for the administration containing information about data subjects who do not wish us to contact them again in the future, we will store your data but we will not process it further and we will delete it as soon as this becomes possible.

From whom do we receive your personal data?

We may obtain personal data from you directly, from public sources (e.g. Crossroads Bank for Enterprises, but if necessary also data that you yourself have made public on (professional) social media, among others) or from third parties (e.g. if you are a debtor of one of our clients).

In addition, certain data is collected automatically when you use our Website through the use of cookies or similar technologies. For more explanation about this, please see our Cookie Statement.

How do we protect your personal data?

We place great importance on data security and have taken the necessary physical and appropriate technical and organisational (precautionary) measures in order to secure your personal data against any form of unlawful processing. We restrict access to personal data to individuals and third parties who need access to this data for legitimate, relevant business purposes. As a law firm, we are also bound by professional secrecy with regard to the information that we obtain in the execution of our assignment.

In the event of a personal data breach, we will comply with all applicable reporting obligations regarding such a breach.

Where do we store your personal data?

We store your personal data on IT systems in Belgium. In case the management of some of our IT systems are outsourced to third parties, the data will be stored in the European Economic Area ("EEA"). If this is not the case, we will always comply with the requirements of the General Data Protection Regulation to ensure adequate protection of the processing of your data in these third countries.

With whom do we share your personal data?

We will not pass on your personal data to third parties, unless we are required to do so by law, you consent to it, or if it is necessary to achieve one of our aforementioned purposes.

We share your personal data with the following categories of recipients, including:

Cooperating partners

For the collection of your unpaid invoices, we regularly work with a select group of bailiffs with whom we have long-term agreements, as well as with BVBA De Groote - De Man, KBOnr. 878.001.735, with registered office Heernislaan 91, 9000 GENT, VAT no. BE0878.001.735.

External service providers (processors)

Where necessary, we use external service providers, so-called "processors", who, where appropriate, carry out certain processing of personal data on our behalf.

Examples of third parties who act as processors on our behalf in certain cases or to whom personal data may be disclosed include:

processors who assist us in the IT field in carrying out our activities and, inter alia, in support of our operational and business purposes, such as providing our services, marketing and business software, managing our CRM or IT systems or performing any other (internal) business processes for the purpose of efficient (digital) data management;
government bodies and practitioners of regulated professions such as notaries and lawyers, for the purpose of complying with our legal obligations as a company, and the efficient defence of our interests in the context of any legal dispute, as regards the data strictly necessary for this purpose.

We will only share your personal data with these external service providers to the extent that it is necessary for the purpose concerned. They may not use the data for other purposes. These service providers are contractually bound to guarantee the confidentiality of your personal data and they only have access to the data they need to perform their work.

When one of our external service providers is outside the European Economic Area (EEA), we ensure that the transfer (security and processing) of personal data takes place in accordance with the relevant legislation and that there is an adequate level of protection.

Transfer of personal data outside the EEA to countries other than those that the European Commission considers to offer an equivalent level of data protection (see: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), takes place on the basis of agreements with model contract provisions adopted by the European Commission (see: https://commission.europa.eu/law/law-topic/data-protection/internationa…) or other appropriate safeguards in accordance with applicable law.

Government, police, regulators or judicial authorities

If we are required to do so by law, we may share your personal information with the government, police, regulators or law enforcement authorities.

It is also possible that we may share your personal data if, as part of due diligence regarding (the execution of) a merger, takeover or other business transaction, we are required to disclose your data to the potential buyer or seller or their advisors.

Rights of the data subject

You have various rights concerning the personal data collected about you. If you would like to exercise one of the rights described below, please contact us via the contact details provided (by e-mail, telephone or post).

You have the following rights:

Right to access and copy: if you wish, you can view your personal data and obtain a copy of it.
Right to amendment or rectification: if you believe that we have incorrect information about you, you can let us know and we will correct it for you.
Right to have data deleted (right to be forgotten): if you wish, you can request that we delete your personal data. However, we will not always be able to comply with such request, including when we strictly need your data in function of a claim (e.g. debtor data as part of a current client claim). We may also still need to process that data for other purposes;
Right to limit the processing: if you believe that we are processing your personal data unlawfully or incorrectly, you may ask us to restrict such processing.
Right to object: you may also object to the processing of your personal data based on our legitimate interests or those of our customers. This should be done because of specific reasons related to your situation. If it concerns marketing then we will stop the processing as soon as possible.
Right to transferability: if you wish to transfer your personal data to another company, please contact us.

However, the exercise of the above rights can be subject to certain exceptions in order to protect the public interest, our interests and the interests of other individuals.

When you submit a request to exercise your rights, we will first verify your identity by requesting - for example - a copy of your identity card. We do this in order to prevent your data from falling into the wrong hands.

Exercising your rights is in principle free of charge. If your request appears to be unfounded or frivolous, we may charge you a reasonable fee in order to cover our own administrative costs. In such cases, however, we may also simply opt to decline your request. You will then be notified of the reasons for this.

In any case, we will always notify you within a period of four weeks (for simple requests) or 3 months (for complex or multiple requests) of the response to your request.

Do you have any questions or concerns?

Despite all of our efforts to protect your privacy and to comply with the relevant legislation, it is possible that you may not agree with the way in which we collect, use and/or process your personal data.

Naturally, in that case you may always contact us, but you also have other possibilities for filing a complaint:

You can file a complaint with the supervisory authority, which you can contact via the details below:

By letter:
Data Protection Authority
Rue de la Presse 35
1000 Brussels
Belgium

Via e-mail: contact@apd-gba.be
By telephone: +32 (0)2 274 48 00
By fax: +32 (0)2 274 48 35

If you suffer damage, you can also file a claim for compensation with the competent court.

For more information concerning complaints and legal recourse, we invite you to consult the website of the Data Protection Authority: https://www.dataprotectionauthority.be/citizen/form-complaint

What about links to other websites and social media?

Links to other websites

The Website may contain references (e.g. hyperlinks) to other websites provided by other companies or social media platforms. Unpaid is not responsible for the processing of personal data through those external websites or platforms. Nor does this Privacy Statement apply to those websites.

Social media

As we have previously indicated, when you interact with us through our social media pages (e.g. Facebook, Twitter or LinkedIn), we obtain your personal data including your name, comments and/or chats. Only insofar as you communicate directly with us or share personal content with us via our company page on social media, we are responsible for processing your data on these social media. We process this personal data based on your consent and will only use this personal data to respond to your comments or questions. You have the option to access and delete your personal data via our social media channels at any time.

If you yourself share content via social media, your personal data will be available to visitors of that social media. Unpaid is not responsible for such processing of personal data by or through those social media. Nor does this Privacy Statement apply to those social media.

Modifications

We reserve the right to make unilateral changes or modifications to this Privacy Statement. However, the most recent version will always be made available on our Website.

In case of a substantial change to this Privacy Statement that is relevant to you, we will - to the extent possible - inform you directly.

The date on which this Privacy Statement was last amended can be found at the bottom of this Privacy Statement.

Contact

You can address any questions regarding the processing of your personal data and all requests regarding the exercise of your related rights or complaints to us:

By letter:
Unpaid
Attn. Complaints and Privacy Department
Port Arthurlaan 11e
9000 Gent

Via e-mail: info@unpaid.be

By telephone: +32 (0)9 396 34 00

This Privacy Statement was last amended on 15/11/2023.