myDerbigum

Privacy Policy

(Last updated: 2022/06/14)

Purpose of this policy

Information

This policy informs You (in your capacity of data subject) about our processing of your data in the framework of you use of myDerbigum, in our capacity of Controller, in compliance with all applicable personal data protection and privacy laws and regulations, including the “GDPR” - General Data Protection Regulation (EU) 2016/679 (hereunder referred to as the “Data Protection Law”), and, more particularly, pursuant to article 13 and 14 of the GDPR. The purpose of this policy is also to inform you about your rights as regards the processing of your personal data.

Informed consent

In some cases (specified below), the legal basis of our processing is your informed consent. In such cases, this policy’s other purpose is to provide you with the necessary information to get a valid consent from you. Where our personal data processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal. To withdraw your consent, you are invited to use the easy opt out mechanisms that are provided in our communication tools or to send us an email (at the address indicated below). Where our personal data processing is based on your consent, it is our duty to be able to demonstrate that you consented to the processing of your personal data. Therefore, we keep data as regards pertaining to your consent as long as we have the obligation to demonstrate our full compliance with Data Protection Laws.

Information on the data controller

Controller’s Identity: : IMPERBEL NV, incorporated under Belgian law, with registered address at Guido Gezellestraat 123, 1654 Beersel, Belgium, registered with the Belgian Commercial Register (BCE) under n° BE0400484591, and with email address dataprotection@derbigum.com (hereafter referred to as “Derbigum” or “we”).

Information on the different personal data processing activities

In this section 3 we provide information on:

the purposes of the processing for which the personal data are intended (why do we process your data);
the legal basis for the processing (and, if applicable, the legitimate interest pursued by us or by a third party);
the categories of personal data concerned;
the sources where the personal data come from;
the recipients or categories of recipients of the personal data, which are third parties as regards Derbigum, and to whom we transmit the personal data, if any;
the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
where applicable, the personal data transfers to recipients in countries outside EU or to international organisations, and the safeguards provided by the controller in such case;

In order to be as transparent and clear as possible, this information is presented in the table below, and is provided per purpopse:

PURPOSE	LEGAL BASIS	CATEGORIES OF DATA	SOURCES	RECIPIENTS (5) (other than Derbigum employees and subcontractors)	RETENTION PERIOD
Performance and provision of application service functionalities (data processing is necessary for the use of the app)	Processing is necessary for: the execution of pre-contractual contracts or measures. for compliance with legal obligations.	Personal identification data (1) Connection data (2) Location data(3) Internet data (4) Data uploaded by the user (technical data).	The data subject himself or their employers. Data generated by the use of the App.	Companies of the Derbigum group. Derbigum distributors.	The data is kept as long as the user's account is active.	South Africa (the recipient is bound by standard contractual clauses)
Extraction of statistical data (anonymous)	Processing is necessary to pursue DERBIGUM's legitimate interest in analyzing app usage and the market.	(all the above data)	Data generated by the use of the App.	Companies of the Derbigum group. Derbigum distributors.	The data is kept as long as the user's account is active.	South Africa (the recipient is bound by standard contractual clauses)
Operation, optimization, security of services. Attendance measures.	Electronic Communications Act. Tracking devices that are non-technically necessary are installed based on your consent (see our "Cookie Policy")	Internet data	The data subject himself and his communication and information systems.	Companies of the Derbigum group. Derbigum distributors.	For 13 months.	South Africa (the recipient is bound by standard contractual clauses)

PURPOSE

LEGAL BASIS

CATEGORIES OF DATA

SOURCES

RECIPIENTS (5)

(other than Derbigum employees and subcontractors)

RETENTION PERIOD

Performance and provision of application service functionalities (data processing is necessary for the use of the app)

Processing is necessary for:

the execution of pre-contractual contracts or measures.
for compliance with legal obligations.

Personal identification data (1)

Connection data (2)

Location data(3)

Internet data (4)

Data uploaded by the user (technical data).

The data subject himself or their employers. Data generated by the use of the App.

Companies of the Derbigum group. Derbigum distributors.

The data is kept as long as the user's account is active.

South Africa (the recipient is bound by standard contractual clauses)

Extraction of statistical data (anonymous)

Processing is necessary to pursue DERBIGUM's legitimate interest in analyzing app usage and the market.

(all the above data)

Data generated by the use of the App.

Companies of the Derbigum group. Derbigum distributors.

The data is kept as long as the user's account is active.

South Africa (the recipient is bound by standard contractual clauses)

Operation, optimization, security of services. Attendance measures.

Electronic Communications Act. Tracking devices that are non-technically necessary are installed based on your consent (see our "Cookie Policy")

Internet data

The data subject himself and his communication and information systems.

Companies of the Derbigum group. Derbigum distributors.

For 13 months.

South Africa (the recipient is bound by standard contractual clauses)

(1) "Personal identifying data" includes: first name, last name, telephone number, email address and physical address.

(2) "Connection data" includes: IP addresses, logs, terminal identifiers, connection identifiers, time stamp information.

(3) "Location data" includes: travel, GPS and GSM data.

(4) "Internet data" includes: cookies, tracers, navigation data and audience measurement.

(5) The data shall at least be made accessible to Derbigum staff and subcontractors (access rules shall be established on a “need to know” basis). "None" means that the data is not disclosed to any other person or entity.

Your rights as a data subject

The applicable Data Protection Law grants you some rights, on certain grounds, and subject to certain conditions, including the rights to access, correct, object to the use of, or request the deletion or portability of Personal Data, as well as to ask a restriction of processing. To help you to exercise your rights, the application includes some options that you can parameter. Additionally, you always have the liberty to modify or delete your account data. Please contact us as set out in the “Who to Contact About Your Personal Data” section below with any requests to exercise your rights or if you have any questions or concerns about how we process Personal Data. Please note that some Personal Data may be exempt from access, correction, objection, deletion, restriction and/or portability rights in accordance with the applicable Data Protection Law or other laws.

Security

Derbigum will take appropriate technical, physical, legal and organizational measures, which are consistent with applicable privacy and data security laws. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have with us has been compromised), please immediately notify us. See the “Who to Contact About Your Personal Data” section below. When Derbigum provides Personal Data to a service provider, the service provider will be selected carefully and required to use appropriate measures to protect the confidentiality and security of the Personal Data.

Personal Data of other individuals

If you provide us with Personal Data regarding other individuals, you agree: (a) to inform the individual about the content of this Privacy Policy; and (b) if applicable and if necessary, to obtain any legally-required consent for the collection, use, disclosure, and transfer (including cross-border transfer) of Personal Data about the individual in accordance with this Privacy Policy, unless you can demonstrate that you can rely on another legal basis.

Complaints

If you are not happy with our processing of your Personal Data and if you feel that contacting us could not solve the issue, the applicable Data Protection Law provides you with a right to lodge a complaint with the competent supervisory authority (more information is available on its website : https://www.autoriteprotectiondonnees.be/).

Autorité de Protection des Données
Rue de la Presse, 35
1000 Bruxelles
(Belgique)
Tel. : +32 (0)2 274 48 00
Fax : +32 (0)2 274 48 35
Email : contact@apd-gba.be

Who to contact about your Personal Data

If you have any questions about our use of your Personal Data you can send us an e-mail at this address: dataprotection@derbigum.com, or write to DERBIGUM, Data protection, Guido Gezellestraat 123, 1654 Beersel, Belgium.

Changes to This Privacy Policy

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business and legal requirements. To inform you of the changes, we will place updates on our website. Please take a look at the “LAST UPDATED” date at the top of this Privacy Policy to see when it was last revised.