top of page

Privacy Policy

Data Controller

Brightspace Leuven          Brightspace Brussels
Deparco Group NV             BCBW NV
Interleuvenlaan 74               Interleuvenlaan 74
3001 Heverlee                      3001 Heverlee
Belgium                                Belgium

 

Contact email: hello@brightspace.be 

Deparco Group NV is the data controller regarding personal data relating to Brightspace Leuven and BCBW NV is the data controller regarding personal data relating to Brightspace Brussels. They are collectively referred to as 'Brightspace' or 'we' in this document.

General

Brightspace attaches great importance to protecting and respecting your personal data.

Brightspace will only collect, store, process and transfer personal data in accordance with the applicable Belgian and European privacy laws and regulations, including but not limited to the General Data Protection Regulation 2016/679 (‘GDPR’).

We will respect the following principles in order to protect your privacy:

  • We do not collect more information than is necessary

  • We do not use your personal data for purposes other than those specified

  • We do not keep your personal data if it is no longer needed

  • We only provide your personal data to selected third parties for the specific purposes listed below

 

In this privacy policy we describe how we process your personal data, which personal data we process, why we process it, what we do with your personal data, with whom we share it, how we protect it, and the choices you can make about your personal data.

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as your name, telephone number, email address, location, etc.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

When and which personal data do we process?

You conclude/want to conclude a contract with us:

  • Identification data such as first name, last name, address, birth data and place, (mobile) phone number, email address, ID card

  • Company information such as company name and VAT number, identity of ultimate beneficial owners and directors; and other legally required information (f.e. to comply with anti-money laundering legislation)

  • Financial data: banking or payment details

 

Camera surveillance in our buildings:

  • Camera images of you

 

You fill in the contact form on our website:

  • First name

  • Last name

  • Email

  • Phone

  • Company

  • Any other personal data you provide to us through the contact form

 

You visit our website:

  • IP address

  • Usage Data

  • Cookies (we refer to our Cookie Policy for a more detailed explanation)

 

Contact us e.g. by phone, mail or any other way of interaction with us:

  • Name

  • Phone

  • Email

  • Any other personal data you provide to us when you contact us

  • Identification data such as first name, last name, address, birth data and place, (mobile) phone number, email address, ID card

  • Company information such as company name and VAT number, identity of ultimate beneficial owners and directors; and other legally required information (f.e. to comply with anti-money laundering legislation)

  • Financial data: banking or payment details

 

Camera surveillance in our buildings:

  • Camera images of you

 

You fill in the contact form on our website:

  • First name

  • Last name

  • Email

  • Phone

  • Company

  • Any other personal data you provide to us through the contact form

 

You visit our website:

  • IP address

  • Usage Data

  • Cookies (we refer to our Cookie Policy for a more detailed explanation)

Contact us e.g. by phone, mail or any other way of interaction with us:

  • Name

  • Phone

  • Email

  • Any other personal data you provide to us when you contact us

Protection of your personal data

We take the necessary administrative, technical and organizational measures to ensure the security and confidentiality of your personal data and protect your personal data against destruction, loss, abuse, unlawful granting of unauthorized access, to the transmitted, stored or otherwise processed data, either by accident or unlawfully, which more in particular may lead to physical, material or immaterial damage.

 

These measures take into account the state of technology, the implementation costs, as well as the nature, the size, the context and the processing purposes and also the probability and severity of the various risks for the rights and freedoms of natural persons that are related to the processing.

Purpose and legal basis of processing

We may process your personal data if one of the following applies: 

  • You have given your consent for one or more specific purposes.

  • The provision of personal data is necessary for the performance of an agreement and/or for any pre-contractual obligations thereof. 

  • The processing is necessary for compliance with a legal obligation to which we are subject. 

  • The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. 

 

Your personal data may be processed for the following purposes on the following legal basis: (Purpose of processing // Legal basis)

  • To perform the contractual relationship we have: provide our services/products, handling payments, contact you if necessary to provide our services, customer/supplier administration // Performance of an agreement and/or for any pre-contractual obligations thereof

  • Direct marketing purposes, inform you about our (new) services and those of our affiliated companies // Legitimate interest (for customers) or consent (for non-customers)

  • Market studies, improve our services, promotion, statistical purposes, analytics // Legitimate interest

  • Management/hosting of the website // Legitimate interest

  • To guarantee everyone’s safety, prevent and detect misuse, fraud or crime // Legitimate interest

  • Compliance with laws and regulations // Compliance with a legal obligation

 

Detailed information on the processing of personal data through the website

Personal data is collected through the website for the following purposes and using the following services: 

  • Infrastructure monitoring
    This type of service allows this website to monitor the use and behaviour of its components so its performance, operation, maintenance and troubleshooting can be improved. Which personal data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of this website. 
    Sentry (Functional Software, Inc.)
    Sentry is a monitoring service provided by Functional Software, Inc.
    Personal data processed: various types of personal data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy
      

  • Platform services and hosting  
    These services have the purpose of hosting and running key components of this website, therefore allowing the provision of this website from within a unified platform. Such platforms provide a wide range of tools to us – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of personal data. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data are stored.
    Wix (Wix.com, Ltd.)
    Wix is a platform provided by Wix.com, Ltd. that allows us to build, run and host this website. Wix is highly customisable and can host websites from simple blogs to complex e-commerce platforms. 
    Personal data processed: device information; trackers; usage data.  Place of processing: Israel – Privacy Policy

Usage data is: Information collected automatically through this website (or third-party services employed in this website), which can include: the IP addresses or domain names of the computers utilised by the users who use this website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the user, the various time details per visit (e.g., the time spent on each page within the application) and the details about the path followed within the application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the user's IT environment.

Tracker indicates any technology - e.g cookies (small sets of data stored in the user's browser), unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of users, for example by accessing or storing information on the user’s device.

This privacy policy is subject to modifications. We may change this privacy policy to reflect changes in the law, our personal data handling practices, or the features of our business or services. We will make the updated privacy policy available on our website and/or - as far as technically and legally feasible - sending a notice to you via any contact information available to us. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

 

Latest update: 13 February 2023 

Retention Period

Personal data shall be processed and stored for as long as required by the purpose they have been collected for. 

Therefore: 

  • Personal data collected for purposes related to the performance of a contract shall be retained until such contract has been fully performed. 

  • Personal data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfill such purposes.

  • We may be allowed to retain personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn.

  • We may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation (f.e. Code on Companies and Association, tax law, Code of economic law…) or upon order of an authority or in the context of legal proceedings as evidence (statute of limitations) . 

 
Once the retention period expires, personal data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Transfer of personal data

Depending on the purposes for which we process your personal data, we may disclose it in the following cases, which recipients will then process your personal data only within the framework of these purposes:

  • Within our organisations and our brand environment: our staff members, affiliated and subsidiary companies or organisations, our legal successors, business transfers (in case of reorganisation, restructuring, merger, sale or other transfer of company assets, we reserve the right to transfer personal data as well).

  • To perform our services, we may transfer your personal data to our third party service providers, i.e. companies that provide services for or on behalf of us (for example, external providers of IT related services such as website hosting, software services etc., suppliers, subcontractors, professional service providers such as accountants, lawyers etc., marketing agencies…

  • When required by law or as lawfully necessary to protect us.

  • When you give us permission to do so.

  • When there is a legitimate interest

 

These recipients can only use the personal data for the execution of their specific task, need to act in respect with our privacy policy and they cannot use them for any other purposes. Within the scope of performance of their tasks, the recipients are also obliged to comply with the provisions of the GDPR, as well as their contractual obligations towards us.

Transfer outside the EEA

Your personal data may be transferred to recipients which may be outside the European Economic Area (‘EEA’), and may be processed by us and these recipients outside the EEA. In connection with any transfer of your personal data to countries outside the EEA that do not generally offer the same level of data protection as in the EEA, we will implement appropriate specific measures to ensure an adequate level of protection of your personal data. These measures can for instance consist in agreeing with recipients on the standard contractual clauses launched by virtue of the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

Your rights

You may exercise certain rights regarding your personal data processed by us. 

In particular, you have the right to do the following: 

  • Withdraw your consent at any time. You have the right to withdraw consent where you have previously given your consent to the processing of your personal data.

  • Object to the processing of your personal data. You have the right to object to the processing of your personal data if the processing is carried out on a legal basis other than consent. Where personal data is processed for a public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection.  You must know that, however, should your personal data be processed for direct marketing purposes, you can object to that processing at any time without providing any justification.

  • Access your personal data. You have the right to learn if your personal data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the personal data undergoing processing. 

  • Verify and seek rectification. You have the right to verify the accuracy of your personal data and ask for it to be updated or corrected. 

  • Restrict the processing of your personal data. You have the right, under certain circumstances, to restrict the processing of your personal data. In this case, we will not process your personal data for any purpose other than storing it.  

  • Have your personal data deleted or otherwise removed. You have the right, under certain circumstances, to obtain the erasure of your personal data. 

  • Receive your personal data and have it transferred to another controller. You have the right to receive your personal data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the personal data is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof. 

  • Lodge a complaint. You have the right to bring a claim before the competent data protection authority:

Gegevensbeschermingautoriteit

Drukpersstraat 35, 1000 Brussel

+32 (0)2 274 48 00

contact@apd-gba.be

How to exercise these rights? Any requests to exercise these rights can be directed to us through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by us as early as possible and always within one month.

Modification of the privacy policy
bottom of page