Privacy Policy
AI COMPASS PRIVACY POLICY
AI COMPASS is a company dedicated to training, coaching, and developing AI products focused on sales and marketing. To achieve this, we need to process personal data.
We declare that our activities comply with current privacy legislation, primarily regulated by the General Data Protection Regulation (GDPR).
We aim to inform, respect, and give you control over what happens to your personal data. Below you will find information about the data we collect, why we collect it, how long we retain it, your privacy rights, and how you can exercise them.
WHO WE ARE
We are AI COMPASS bv, a private limited company under Belgian law, with its registered office at Jules Bordetstraat 22 bus 2, 2018 Antwerp (RPR Antwerp), and registered in the KBO under number 0804.187.804 (hereinafter “AI COMPASS” and “we” or “us”). For the data processed through our website, we are the data controller.
APPLICABILITY
This privacy policy, including our cookie policy, applies to all activities of AI COMPASS, including our website, webshop, social media, and all other websites, communications, and services related to AI COMPASS (hereinafter collectively referred to as “website”) unless otherwise specified. Due to changing legislation, technological advancements, or changes in our policies, we may partially or wholly amend this privacy policy, of which we will inform you. In any case, the latest version that we post on the website will apply. If you continue to use the website after we have published or sent a notification about changes to this privacy policy, you acknowledge that this means that the collection, use, and sharing of your personal data are subject to the updated privacy policy from the effective date.
WHAT IS PERSONAL DATA PROCESSING?
By ‘processing of personal data’ we mean any processing of data that can identify you as a natural person. The term ‘processing’ is broad and covers, among other things, collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, distributing, or making available in any way, combining, archiving, deleting, or ultimately destroying that data.
Which Personal Data is Collected and Processed?
We retain and process the personal data provided to us only to the extent necessary for directly initiating and processing business transactions within our company.
The Personal Data You Share with Us
We process the personal data you provide to us. This can be by phone (for example, when you call us), in writing (for example, when you send us a letter or email, or contact us via the website), electronically (for example, when reading your e-ID through a signing application), or verbally (for example, during a meeting). When placing an order or creating an account, you must provide information including your name, email address, and/or mobile number, payment and billing details, and, if applicable, a password. We may then proceed with automated data processing.
The Personal Data We Collect
To run our business, we need to conduct searches in various databases that are either publicly accessible by everyone, have limited access, private databases, or data that is freely available on the internet (for example, websites). In addition, we can also collect data through your visit to our website or your use of our (online) services.
The Personal Data We Obtain from Third Parties
Additionally, we may request data from third parties to perform certain tasks. For example, the company you work for may book training or a course with us that you will attend. In that case, we will only process your first and last name, position, and contact details. We also obtain data through intermediaries (for example, employment agencies).
Categories of Personal Data
We distinguish between different types of personal data that can be combined:
– Identification and contact details: These are the data that allow us to identify and contact you as a customer, employee, participant, independent service provider, etc. (for example, your name, place, and date of birth, nationality, residence status, marital status, and other details mentioned on identification documents, your address, email address, and phone number).
– Billing details: These are the data that allow us to charge for our services correctly, such as billing address, company number, or whether you are subject to VAT.
– Preferences and interests: These are data related to your activities or situation, based on which we can send you newsletters that may be relevant to you and your activities.
– Identification details of your (mobile) device: We record your visit and use of our website. For this, we use cookies, login data, information about your device, and IP addresses. For their use, we refer to our cookie policy. When using mobile devices, we process data about your mobile network and device, including your location, to enable the use of the website via mobile devices.
Why Do We Process Your Personal Data?
When You Contact Us or We Contact You
If you contact us, for example, to schedule an appointment, receive our newsletters, or follow us on social media, we need your identity and contact details. All information we receive about you is used solely to provide you with the requested information in the manner you prefer. If you are active with a service provider or goods supplier (for example, a sales department) on whom we may rely, we also note your identity and contact details.
In the Context of Our Business
In preparing, executing, and terminating our agreements, we need to have data about our customers and other third parties involved in the agreement. We need to be able to identify these individuals and process the data that may be necessary or useful in the context of negotiating, contracting, and executing the agreement. We also use your data for administration (including billing). We may also process your evaluation data to improve and optimize our services and offerings in the future. We may use your data to offer you (in writing, by phone, or electronically) newsletters or new products or services that we believe may be of interest to you, as well as to invite you to events. Additionally, data processing may be pursued for the following purposes to protect our legitimate interests:
– Direct marketing to strengthen existing customer relationships or build new customer relationships, or to approach interested parties;
– Processing and transferring data as part of the implementation and security of the website and software systems.
If You Work for Us as an Intern, Employee, or Independent Service Provider
If you work for our company, we need to process a lot of personal data about you in this context, such as your identity and contact details, information mentioned on your CV, family composition, your billing to our company, the performance you register, data to determine your commission, hours worked, absences, and vacation days, etc., to ensure proper collaboration.
On What Basis Do We Process Your Personal Data?
We process personal data for various purposes, where we always only process the data necessary to achieve the intended purpose. We use personal data when necessary:
– To offer our products and services fully;
– To comply with legal and regulatory provisions to which we are subject; and/or
– To protect our legitimate interests, in which case we always strive for a balance between that interest and respecting your privacy.
The processing of personal data is based on the following grounds:
– Where you have given your consent, based on your consent, with the right to withdraw that consent at any time (see further);
– Based on the agreement concluded with us;
– Our legitimate interests and/or those of other involved parties, where you have the right to object (see further). Examples of such legitimate interests include protecting ourselves and third parties (e.g., against fraudulent acts), complying with the law, judicial or administrative orders, our right to conduct business, our right to make claims (e.g., in case of breaches of the agreement), and to defend ourselves.
Sharing of Data
We do not sell personal data to third parties and do not pass them on to third parties unless in the following cases:
– If necessary for the exercise of our activities – To enable the operation of our business (e.g., technical partners for the development, maintenance, and security of the website, commercial partners for marketing, financial partners for payments and accounting processing, speakers at training courses who receive a participant list, etc.). To the extent necessary for the performance of their tasks, they have access to your data. We enter into processor agreements with these partners, where we are designated as the data controller. These processor agreements include provisions to protect your personal data;
– If there is a legal obligation. For example, in case of a tax audit;
– If there is a legitimate interest for our company or a third party involved. We will only pass on your personal data if your interests or fundamental rights and freedoms do not outweigh and you will always be transparently informed (except in case of legal exceptions). For example, your personal data may be passed on to third parties (such as lawyers) we rely on for judicial collection (or other (extra)judicial procedures);
– If you give us permission; If we provide personal data to third parties in other situations, this is done with explicit notification explaining the third party, the purposes of the transfer, and processing. Where legally required, we obtain your explicit consent;
– If we are taken over; We may share your data with the acquirer of our company or part thereof (regardless of the manner of transfer, whether through an asset or share deal, merger, split, transfer of business branch, or otherwise), who will have the right to use this data following this privacy policy.
To the extent that personal data is processed outside the European Union, we ensure through contractual or other measures that these data receive adequate protection comparable to the protection they would receive in the European Union, in accordance with European regulations.
How Long Do We Keep Your Data?
We may not keep personal data longer than necessary to achieve the purpose for which we collect them
. We apply the following retention periods for your data:
– Customer and employee data: 10 years.
– Employee and intern data: 10 years, statutory period for keeping personnel and salary data.
– Applicant and participant data: Maximum 2 years after the last contact.
– Prospect data: Maximum 5 years.
– Contact person data: Maximum 2 years after the last contact.
After the expiry of the retention period, we proceed to delete your personal data unless and to the extent that we need your personal data to:
– Fulfil contractual obligations or enforce our rights under agreements concluded with you for a period corresponding to the limitation period for these obligations or rights;
– Comply with our legal obligations, such as mandatory keeping of accounting data, identifying customers in the context of anti-money laundering legislation, for the duration imposed by law;
– Conduct and/or defend our claims in the context of disputes, for the duration of these disputes, including the investigation phase;
– Cooperate in an ongoing criminal investigation for the duration of that investigation;
– Comply with a judicial or administrative order for the applicable duration.
The deletion of personal data means that it will be erased or permanently anonymized.
How Do We Store and Secure Your Data?
The data in our database is stored on secured and closed (backup) servers, both internally and externally. Our employees are trained to handle confidential data correctly. They are bound by an internal privacy regulation that specifies how they should handle personal data. The way we collect and process personal data is recorded in a data processing register. Our infrastructure and information systems are equipped with appropriate technical measures to protect your personal data against unauthorized access, unauthorized use, and loss or theft of your data, such as: password security, hard disk encryption software, firewalls, antivirus, intrusion and anomaly detection, and access controls for our employees. Our hardware and software are continuously kept up-to-date. For this, we rely on specialized third parties.
In the event of an unexpected data breach with adverse consequences for your personal data, you will be personally notified in the circumstances provided by law. We recommend that you also take the necessary security measures to protect your personal data, such as securing your mailbox, firewalls on your devices, password management, etc. Although we strive to screen our systems regularly for security risks, we cannot guarantee the security of your data.
What Are Your Rights?
You have the right to know at any time whether we process your personal data and, if we do, to access and receive additional information about:
– The processing purposes;
– The categories of personal data involved;
– The recipients or categories of recipients (especially recipients in third countries);
– If possible, the retention period, or if that is not possible, the criteria to determine that period;
– The existence of your privacy rights;
– The right to file a complaint with the supervisory authority;
– The information we have about the source of the data if we obtain personal data via a third party; and
– The existence of automated decision-making.
You also have the right to receive a copy of the processed data in an understandable form. We may charge a reasonable fee to cover our administrative costs for each additional copy you request. You have the right to rectify incomplete, incorrect, inappropriate, or outdated personal data without delay. In the membership conditions, you are also obliged to do so. You have the right to have your personal data erased without undue delay in the following cases:
– Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed by us;
– You withdraw your previous consent for processing, and there is no other legal basis on which we can rely for the (further) processing;
– You object to the processing of your personal data, and there are no overriding legitimate grounds for the (further) processing;
– Your personal data is unlawfully processed;
– Your personal data must be erased to comply with a legal obligation.
Please note that we may not always be able to erase all requested personal data, for example, when their retention and processing are necessary.
You have the right to restrict the processing of your personal data if one of the following elements applies:
– You dispute the accuracy of that personal data: its use is limited for a period that allows us to verify the accuracy of the data;
– The processing of your personal data is unlawful: instead of erasing your data, you request a restriction on its use;
– We no longer need your data for the original processing purposes, but we need it for the establishment, exercise, or defense of legal claims: instead of erasing your data, its use is restricted for the establishment, exercise, or defense of the legal claim;
– As long as no decision has been made regarding the exercise of your right to object to processing, you request a restriction on the use of your personal data.
You have the right to request and have your personal data transferred. This is only possible for the personal data you have provided to us based on consent or agreement. In all other cases, you cannot enjoy this right (for example, when the processing of your data is based on a legal obligation). You can request that we return the personal data in a structured, commonly used, and machine-readable format.
You have the right to object to the processing of your personal data on grounds related to your particular situation if the processing is in our legitimate interest or in the public interest. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing is related to the establishment, exercise, or defense of legal claims (for example, filing a claim in court).
If you do not want to receive any form of commercial communication (such as newsletters, event invitations), you always have the right to object to the use of your personal data for these reasons without having to provide a reason. You can contact us, or you can use the unsubscribe button in our invitations or (electronic) newsletters.
How Can You Exercise Your Rights?
To exercise your right of access and prevent unauthorized disclosure of personal data, we need to verify your identity. In case of doubt or ambiguity, we will first ask for additional information (preferably a copy of the front of your identity card). You can exercise your privacy rights free of charge unless your request is manifestly unfounded or excessive, particularly due to its repetitive nature. In such a case, we have the right and option – in accordance with privacy legislation – to (i) charge you a reasonable fee (considering the administrative costs of providing the requested information or communication and the costs associated with taking the requested measures) or (ii) refuse to comply with your request. We will respond to your request as soon as possible and in any case within one month of receiving your request. Depending on the complexity of the requests and the number of requests, this period may be extended by two months if necessary. In case of an extension of the period, we will inform you within one month of receiving the request.
LIABILITY
If we lawfully provide your data to a third party (other than a processor or sub-processor), we are not liable for unlawful processing or unlawful use by that third party. We are also not liable if third parties unlawfully process or use your data and we have taken appropriate technical and organizational measures to prevent such unlawful processing or use.
Contact Us
For more information about this privacy policy or for complaints regarding the processing of your personal data, you can contact us via the contact page or the following email address: contact@aicompass.ai
Complaints
For complaints regarding the processing of your personal data, you can contact the Data Protection Authority at Drukpersstraat 35, 1000 Brussels / +32 (0)2 274 48 00 / contact@apd-gba.be / www.gegevensbeschermingsautoriteit.be. We kindly request you to first consult with us.
