Privacy Declaration Statement
Applicable from 25th of May 2018
The protection of personal data is important to the Klarrio Group of corporations. As a data controller and data processor we are responsible, through the offering of our products and services (platform provider), and in the context of processing your personal data. The purpose of this Privacy declaration is to inform you about which personal data we are processing, the reasons we process and share, and how long we retain the data and how you can exercise your rights. In case it is necessary we can provide you with additional information when you request an inquiry on a specific product or service of the Klarrio Group.
In summary the Privacy Declaration respects the following:
- 6 principles to protect the privacy of our client’s privacy
- Processed lawfully, fairly and in a transparent manner
- Collected for a specified, explicit and legitimate purpose
- Accurate and, where necessary kept up to date
- Processed in an appropriate manner to maintain security
- Adequate, relevant and limited to what is necessary
- Retained only for as long as necessary
- 7 Rights our client can exercise
- Right to be informed
- Right of access
- Right to rectification
- Right to be forgotten
- Right to data portability
- Right to restrict processing
- Right to object
- Duties of the controller
- Facilitate the exercise of data subject rights
- Data protection by design and by default
- GDPR compliant contract with each of our processors
- Maintain a record of processing activities
- Having a clear view on personal data leaving the EEA
- Personal Data breach notification process
This privacy declaration applies to all personal data processed by full-time and part-time employees, volunteers when acting on behalf of Klarrio, contractors and partners doing business on behalf of Klarrio, as well as all legal entities, all operating locations in all countries, and all business processes conducted by Klarrio.
Which personal data do we use?
We collect and use personal data as needed for our activities and to offer a high standard of personalized products and services.
Hereby we process different categories of personal data, including:
- Identification data (id card number, passport number, nationality, day and place of birth, gender, picture, IP-address)
- Contact information (postal address, email address, phone number)
- Family status (marriage, number of kids)
- Fiscal information (Tax id, VAT nr, fiscal address)
- Information related to education and employment (degree, job role, name of employer)
- Bank details (Bank account number)
- Information related to your habits and preferences (use of our product and services, interaction with our websites, applications, social media, meetings, phone conversations, chats, e-mails and interviews)
- Video Security (CCTV included) and geolocation data
- Data that is provided by official authorities (Tax and Social Security)
Sensitive information we only collect when needed and with explicit consent:
- Biometric data (fingerprint, voice and facial features used in context of identity and access management purposes)
- Healthcare data (in context of insurance contracts)
We never process any data related to your ethnic background, religion, political preferences, philosophical conviction, membership of unions, genetics information, sexual preferences and gender.
The data that we use are either provided by you directly or indirectly thru one of the following data sources, to verify and enrich our databases:
- Official publication by official authorities (Belgian Official Gazette)
- Our partners and service providers
- Public third-party data providers
- Websites, social media and information made public by yourself
Specific cases of data collection?
In certain situations, we can collect and use personal data of an individual, legal persons and corporations, with which we have a direct relationship could have. (sub-contracting, third party supplier, cascading outsourcing…)
In some cases, we collect data, even though we have no direct relationship, for example a service provider or commercial partner has provide us with the information, example in the capacity as:
- Family member
- Legal representative
- Beneficiary in payments, insurance
Why and on which basis we use your personal data?
- To comply with regulatory obligations:
- Compliance with local and national laws and regulations
- Answers on official request of law enforcement, court orders and other official governmental requests
- For contract management or steps required on your request to reach a contractual agreement:
- To provide you with our product and services information
- To be able to help you with your inquiries
- To evaluate if we could provide you our products or services and under which conditions
- Based on our justified interest and corporate benefit:
We are using your personal data to further develop our product and services, to improve our risk management practice and to defend our rights, including:
- Proof of transaction
- Fraud prevention
- Information Security
- Training of our staff
- Personalizing our product offering and services.
We achieve this by:
- Segmenting our potential clients and existing clients
- Applying big data sciences on your behavior, preferences based on your interactions with our product and services, office visits, email, visit to our website, etc…
- Sharing your data with other entities of the Klarrio group
- To respect your choice when you ask for a permission for a specific processing of data:
In some cases, we need to request your consent for the processing of your personal data for example:
- When the above data processing leads to automated decisions where there are legal consequences attached or directly impacts you. In this specific case we inform you about the logic behind the decision and the importance of the expected consequences of such kind of processing.
- In case we conduct additional processing for different purposes as stated in the section 3, we will inform you and ask for your permission.
- To process electronic communication data:
Aside the recording of electronic communication which are legally authorized, or mandated, or recordings you have authorized, we could record electronic communication, with the associated and related data, in the context of our legitimate corporate goals and more specific:
- Training our staff
- Quality control of our services, to improve our services
- To provide the proof of a business transaction or electronic communication and associated data
We can retain these data as long it is legally required or authorized, and during the dispute could raise due to the electronic communication recorded between you and Klarrio.
The above is applicable to all types of electronic communications, example email, SMS, chat, instant messaging services,… with all our entities, representatives of Klarrio at large.
With who we share your data?
To achieve above mentioned goals, we share your personal data only with:
- Entities of the Klarrio Group
- Third parties that offer on our behalf services
- Financial and legal authorities, public authorities with a legal request.
- Regulated professions like Notary, Lawyers, auditors
Share your data beyond the European Economic Area (EER)?
In the case that data is shared from the EER towards a country outside the EER, that the European Commission has recognized as a country with adequate level of data protection legislation, your data will be shared on this basis.
Data shared with countries outside the EER and which there is NOT an adequate level of data protection legislation, we will consult on the specific deviations and implement additional controls and guarantees to preserve that your personal data will be protected.
- Data protection policies approved by the European Commission
- Binding corporate policies
To receive a copy of the details of these additional controls and guarantees you can request a description from our CDO contact point for all data related topics.
How long do we retain your data?
We will retain your data as long as it is required by the current laws and regulation, or longer when this is operationally required as in context of accountancy, or customer management, or legal claims, or inquiries of the public authorities.
Customer data will be retained for the duration of the contract and till 10 years after the ending of the contractual relationship.
Data on potential clients (prospects) will be retained for a maximum period of 1 year.
What are your rights and how can you exercise them?
In accordance with the applicable regulations you have the following (7) rights to:
- Inspection: “Right to be informed”
- You can receive information on the processing of your personal data and receive a copy of your personal data retained
- Rectification: “Right to rectify”
- You can request to rectify your personal data in the case is incorrect or incomplete
- Erasure: “ Right to be forgotten”
- You can request the erasure of your personal data
- Restriction: “Right to restrict processing”
- You can request a restriction on the processing of your personal data
- Objection: “Right to object”
- You can file an objection against the processing of your personal data for reasons that effect your personal situation.
- You have the right to file an objection against the processing of your personal data for direct marketing purposes.
- Abrogation/Revocation: “Right to access”
- You have always the right to revoke your authorization on processing your personal data
- Portable export: “Right to data portability”
- As far legally applicable and technical feasible, you have the right to transfer your personal data to a third party on your request.
If you want to execute one of the above rights, please contact the Privacy department CDO office stated in this Privacy Declaration.
How can you follow-up on changes of this Privacy Declaration?
We will continuously update the Privacy Declaration due to the nature of the changing world of technological changes. We invite you to consult the website for the latest version and we will notify of important changes on our website or through our usual communication channels like email.
How to contact our Privacy department (CDO office)?
In case you have questions in relation to the processing and storage of your personal data as described in the privacy declaration, you can address your inquiry to our data protection officer at our CDO office.
firstname.lastname@example.org or per letter to our corporate HQ in the corresponding country to the attention of the Data Protection and Privacy Office.
Your inquiry will be processed within the legally term of maximum 2 months.
 Klarrio Group of corporation: Klarrio Belgium, Klarrio Netherlands, Klarrio US, Klarrio APAC.
Last update: May 2018
© 2016 – Klarrio BVBA
Web Site Privacy Terms
All Rights Reserved