Who are we?
Unpaid (referred to below as "Unpaid", "we" or "us") takes your privacy very seriously and considers it important for your personal data to be treated with the necessary care and confidentiality at all times.
We understand that you would like to know why we request your personal data and that you may be curious about what we do with it. In this privacy statement (hereinafter referred to as the "Privacy Statement"), we will try to provide an answer. If you have any questions after reading this Privacy Statement, you are always welcome to contact us.
This Privacy Statement applies only to the personal data that is processed by Unpaid, Unpaid B.V., CBE no. 713.022.546, VAT no. BE0813022546, with registered office at Port Arthurlaan 11e, 9000 GENT, as data controller. This is the case when, as will be described below, we determine the purpose and means (or the "why" and "how") of processing your personal data.
What is the "processing of personal data"?
We understand "processing of personal data" as meaning any processing of data that could identify you as a natural person. Which specific data this concerns will be explained below in this Privacy Statement.
The concept of "processing" is broad and includes the collection, storage, use or distribution of this data.
To whom and to what does this Privacy Statement apply?
This Privacy Statement applies to our website w ww.unpaid.be (hereinafter referred to as the "Website") and to the associated activities and/or (commercial) relationships initiated and maintained through this Website. This includes, for example, if you contact us through the Website with questions or interest in our services, settling the submitted claim(s)/collecting your unpaid invoices, downloading content on our Website, etc.
The data subjects (hereinafter referred to as "you" or "your") for whom this Privacy Statement is intended may include visitors to the Website, prospects, clients, suppliers and, to the extent that these are not natural persons, contacts at any such organisations or any other individuals who come into contact with us.
Processing of personal data
When do we collect your personal data?
We collect and process your data when:
- you contact us, or have contacted us:
e.g. a visit to our Website;
e.g. filling in a contact form on our Website;
e.g. downloading content from our Website;
e.g. creating a profile on our Website;
- we are providing or have provided you with one of our services;
- we may provide you with services in the future;
- you are a debtor to one of our clients;
- you are the contact for one of our clients or suppliers.
Which personal data can we collect?
We may process the following data from you. However, depending on the situation, we will not necessarily possess all of the data below:
- Your electronic identification data: IP address, browser type, connection times, …
- Your contact information: name, telephone number, e-mail address, address, …
- Your financial information: payment details, …
- Your contact history: communication sent and received (e.g. telephone calls, e-mail messages, social media, contact forms), ...
In the case of a job application, we may have access to your identification data (e.g. copy of your identity card), your personal characteristics (e.g. your age, date and place of birth, ...) and your work-related data (e.g. CV, training, language skills, ...).
What are the legal grounds that we apply for processing your personal data?
We only process your data for legitimate purposes, and it will always be processed according to the grounds for processing as listed in the General Data Protection Regulation (GDPR).
We justify the processing of personal data on the following grounds:
- The processing is necessary for entering into, executing or terminating an agreement with our clients and/or suppliers and in order to be able to provide you with our services.
- The processing is necessary for compliance with a legal or regulatory obligation to which we are subject.
- The processing is based on our legitimate interests, which in specific cases outweigh any potential harm to your rights and provided that specific conditions are met. If we apply these legal grounds for processing data, we will limit the effects that this may have on your privacy by minimising our use and establishing appropriate access and security safeguards in order to prevent unauthorised use.
- The processing is based on your consent. This consent is derived, among other things, from the voluntary and direct provision of your data to us orally or in writing, or via an electronic web form/message.
You may withdraw your consent at any time by contacting us. We request that you always confirm a withdrawal of consent made by telephone in writing, or notify us of your withdrawal of consent by e-mail or letter.
What are the purposes for which we process your personal data?
We use your personal data for the purposes described below or for which you have otherwise given specific permission. We always ensure that we only collect and process the data that is strictly necessary for the intended purposes.
We collect your data for the following purposes:
- operational purposes: for example, the optimisation of our Website, statistical purposes and market research, to keep our services user-friendly, to answer your contact request, etc.;
- commercial purposes: for example for sending marketing communication by e-mail or by post or to be able to deliver the downloads of content on our Website;
- judicial or legal purposes: for example, we may use and store personal data for legal reasons and procedures, in order to comply with legislation and government orders; or to be able to meet our internal and external audit requirements, information security purposes or to protect or execute our rights, privacy, security or property or that of others.
If we wish to process your personal data for any purpose other than the one for which the data was obtained, we will contact you before proceeding with further processing.
How long do we store your personal data?
We do not store your personal data for longer than is necessary in order to achieve the purpose for which the data has been collected or processed.
Since the period for which the data can be stored depends on the purposes for which the data has been collected, the storage period will vary according to the individual situation. Sometimes specific legislation will require that we store certain data for a certain period. Our storage periods for personal data are based on legal requirements and a consideration of your rights and expectations in light of what may be useful and necessary to enable us to provide our services.
When it is no longer necessary to process your personal data, we will delete your personal data or render them anonymous. If this is not (technically or practically) possible, for example because your data is stored in backup archives or because we need it to a limited extent for the administration containing information about data subjects who do not wish us to contact them again in the future, we will store your data but we will not process it further and we will delete it as soon as this becomes possible.
From whom do we receive your personal data?
We may obtain personal information from you directly, from public sources (e.g. Crossroads Bank for Enterprises) or from third parties (e.g. when you are a debtor of one of our clients).
How do we protect your personal data?
We place great importance on data security and have taken the necessary physical and appropriate technical and organisational (precautionary) measures in order to secure your personal data against any form of unlawful processing. We restrict access to personal data to individuals and third parties who need access to this data for legitimate, relevant business purposes. As a law firm, we are also bound by professional secrecy with regard to the information that we obtain in the execution of our assignment.
In the event of a personal data breach, we will comply with all applicable reporting obligations regarding such a breach.
With whom do we share your personal data?
We will not pass on your personal data to third parties, unless we are required to do so by law, you consent to it, or if it is necessary to achieve one of our aforementioned purposes.
We share your personal data with the following categories of recipients, including:
- Cooperating partners
For the collection of your unpaid invoices we work on a permanent basis with the bailiff's office GDW (BV BVBA GDW-GENT, with registered office at Kortrijksesteenweg 1038, 9051 GENT, and VAT/CBE no. 0808.505.886) as well as BV BVBA De Groote - De Man, CBE no. 878.001.735, with registered office at Heernislaan 91, 9000 GENT, VAT no. BE0878.001.735.
- External service providers
Where necessary, we make use of external service providers, known as "processors", to support our operational objectives such as providing our services, managing our CRM or IT systems or executing any other (internal) business processes.
We will only share your personal data with these external service providers to the extent that it is necessary for the purpose concerned. They may not use the data for other purposes. These service providers are contractually bound to guarantee the confidentiality of your personal data and they only have access to the data they need to perform their work.
When one of our external service providers is outside the European Economic Area (EEA), we ensure that the transfer (security and processing) of personal data takes place in accordance with the relevant legislation and that there is an adequate level of protection.
Transfer of personal data outside the EEA to countries other than those that the European Commission considers to offer an equivalent level of data protection (see: http://ec.europa.eu/justice/data-protection/internationaltransfers/adequ...), takes place on the basis of agreements with model contract provisions adopted by the European Commission (see: http://ec.europa.eu/justice/data-protection/international-transfers/tran...) or other appropriate safeguards in accordance with applicable law.
- Government, police, regulators or judicial authorities
If we are required to do so by law, we may share your personal information with the government, police, regulators or law enforcement authorities.
It is also possible that we may share your personal data if, as part of due diligence regarding (the execution of) a merger, takeover or other business transaction, we are required to disclose your data to the potential buyer or seller or their advisors.
Rights of the data subject
You have various rights concerning the personal data collected about you. If you would like to exercise one of the rights described below, please contact us via the contact details provided (by e-mail, telephone or post).
You have the following rights:
- Right to access and copy: If you wish, you can view your personal data and obtain a copy of it.
- Right to amendment or rectification: If you believe that we have incorrect information about you, you can let us know and we will correct it for you.
- Right to have data deleted (right to be forgotten): If you wish, you can request that we delete your personal data. We may still have to process that data for other purposes.
- Right to limit the processing: If you think that we are processing your personal data unlawfully or incorrectly, you can also limit this processing.
- Right to object: You can also object to the processing of your personal data. If it concerns marketing, then we will stop the processing as soon as possible.
- Right to transferability: If you wish to transfer your personal data, please contact us.
However, the exercise of the above rights can be subject to certain exceptions in order to protect the public interest, our interests and the interests of other individuals.
When you submit a request to exercise your rights, we will first verify your identity by requesting a copy of your identity card. We do this in order to prevent your data from falling into the wrong hands.
Exercising your rights is in principle free of charge. If your request appears to be unfounded or frivolous, we may charge you a reasonable fee in order to cover our own administrative costs. In such cases, however, we may also simply opt to decline your request. You will then be notified of the reasons for this.
In any case, we will always notify you within a period of four weeks (for simple requests) or 3 months (for complex or multiple requests) of the response to your request.
Options for the data subject to file a complaint
Despite all of our efforts to protect your privacy and to comply with the relevant legislation, it is possible that you may not agree with the way in which we collect, use and/or process your personal data.
Naturally, in that case you may always contact us, but you also have other possibilities for filing a complaint:
You can file a complaint with the supervisory authority, which you can contact via the details below:
Data Protection Authority
Rue de la Presse 35
Via e-mail: firstname.lastname@example.org
By telephone: +32 (0)2 274 48 00
By fax: +32 (0)2 274 48 35
If you suffer damage, you can also file a claim for compensation with the competent court.
For more information concerning complaints and legal recourse, we invite you to consult the website of the Data Protection Authority: https://www.dataprotectionauthority.be/submit-request-or-complaint.
We reserve the right to make unilateral changes or modifications to this Privacy Statement. However, the most recent version will always be made available on our Website.
You can address any questions regarding the processing of your personal data and all requests regarding the exercise of your related rights or complaints to us:
Attn. Complaints and Privacy Department
Port Arthurlaan 11e
Via e-mail: email@example.com
By telephone: +32 (0)9 396 34 00