Privacy Policy - Pilario

Welcome to Pilario.

This Privacy Policy explains what we do with your personal data when you are visiting and using the Pilario Platform (the “Platform“). It describes how we collect, use, and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your rights.

For the purpose of the applicable data protection legislation, PILARIO SA, a company incorporated under Belgian law, with its office at Gustave Demeylaan 57, 1160 Auderghem (Belgium) and registered in the Crossroads Bank for Enterprises with enterprise number 0792.493.463 (“we”, “our”, “us” or “Pilario”) is the ‘controller’ of your personal data. This means we decide why and how your personal data is used and are responsible for protecting it. Please refer to the end of this notice for our contact and company information.

We may amend this Privacy Policy from time to time. Please visit this page regularly as we will post any changes here. Where appropriate, we may also notify you of the changes by email. Please see further the section Changes below.

If you are dissatisfied with any aspect of this Privacy Policy, you may have legal rights which we have described below where relevant.

CONTENTS

Information we collect about you
How we use your information
Use of device and software usage information
Sharing your information with third parties
Where we store your information
How we safeguard your information
How long we keep your information
Your rights
Changes
How to contact us

1. INFORMATION WE COLLECT ABOUT YOU

When you use the Platform or interact with us offline, we collect and use information about you in the course of providing you with our products and services and with customer support. We may collect some or all of the information listed below to help us with this:

information that you submit online via the Platform, including your name, contact details, [OTHER PERSONAL DATA?], and login credentials. We collect this in a number of ways, including when you register for an account with us;
information that you submit via any contact forms on the Platform and any correspondence we have with you over email, phone or on the Platform;
extra personal data that you choose to upload on the Platform;
technical information about your visit, including details of your visits to the Platform and your navigation around the Platform, traffic data, communication data, information about the device you use to access the Platform, your Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

Depending on the type of personal data in question and the legal grounds (i.e. the ‘lawful bases’) on which we may be processing your personal data, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship with you.

For details of the lawful bases that we rely on to be able to use and process your personal data, please see How we use your information.

2. HOW WE USE YOUR INFORMATION

Personal data

The purposes for which we use your personal data and the lawful basis under data protection laws on which we rely to do this are explained below.

Where it is required to complete the License conditions

The use of your personal data may be necessary to perform the License conditions. For example, when you make use of the Platform, we need to use your personal data to grant you access to our software, to generate the modules regarding life cycle analysis, for billing purposes, to respond to any requests you may have, and to notify you about changes to our services.

Where there is a legal obligation

We will use your personal data to comply with our legal obligations, including where the law requires us:

to respond or assist the public authorities or the police and other criminal investigation bodies;
to identify you when you contact us or to authenticate you when logging into your account;
to verify the accuracy of data we hold about you;
to comply with a request from you in connection with the exercise of your rights.

Where there is a legitimate interest

We may use and process your personal data where it is necessary for us to pursue legitimate interests (whether ours, in connection with our business, or that of a third party), except where such interests are overridden by your interests or fundamental rights and freedoms, e.g. in the following events:

Processing necessary for provision of the Platform

provision and demand-oriented design of the Platform and to ensure that the Platform’s content is presented as effectively as possible for you;

Processing necessary for us to support Platform visitors with their enquiries

to respond to correspondence you send to us and fulfil the requests you make to us relating to our services;

Processing necessary for us to respond to changing market conditions and the needs of our guests and visitors

to analyse, evaluate and improve our services so that your visit and use of the Platform are more useful (we will generally use data amalgamated from many people so that it does not identify you personally);

Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively

to notify you about changes to our services regarding the Platform;
to administer the Platform and for internal operations, including troubleshooting, testing, statistical purposes;
for the prevention of fraud and other criminal activities;
to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder;
for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
to correspond or communicate with you in relation to administrative, legal and business matters;
for the purposes of corporate restructure or reorganisation or sale of our business or assets;
for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
to inform you of updates to our terms and conditions and policies;
for our internal purposes, such as quality control, Platform performance, system administration and to evaluate use of the Platform, so that we can provide you with enhanced services;

If you are in the EU, the following applies to you in addition to (and, in case of any inconsistencies, takes precedence over) the other provisions of this section:

If processing of your personal data is based on your consent, the legal basis is Art. 6(1)(a) GDPR. You can withdraw your consent at any time (Art. 7(3) GPDR), effective for the future. This will not affect the legality of processing that took place before you withdrew your consent.
If processing of your personal data is based on a contract (including the License conditions) between us and you, the legal basis is Art. 6(1)(b) GDPR.
If processing of your personal data is based on legal obligations that we must fulfil, the legal basis is Art. 6(1)(c) GDPR.
If processing of your personal data is based on our legitimate interests, the legal basis is Art. 6(1)(f) GDPR. If you are interested in detailed information on the balancing of your and our interests, please contact us as described in the section How to contact us. Insofar as the processing is based on our legitimate interests, you have the right to object to the processing (Art. 21 GDPR).

3. USE OF DEVICE AND SOFTWARE USAGE INFORMATION

We may monitor your use of the Platform and record your IP address, operating system and browser type, browser version, previously visited Platform, monitor resolution, operating system, if applicable device information (e.g. device type) etc. for system administration purposes.

We collect aggregated statistics data about visitors to the Platform and traffic patterns. This information does not identify users in any personal capacity, and we do not use this information to build profiles on individual users: it just contains generalised information about the users of the Platform.

4. SHARING YOUR INFORMATION WITH THIRD PARTIES

We will transfer personal data to third parties only where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes contractual obligations as a processor (in accordance with requirements of Art. 28 GDPR). We may share your information with any of the following groups:

tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
lawyers who provide us with legal and regulatory advice;
external consultants who provide industry insights, market research and technical support;
auditors and accountants who prepare and examine financial records, assess financial operations and assist in becoming more efficient;
IT technical support functions, IT consultants and third-party analytics service providers who carry out testing, research and development work on our business technology systems (including the Platform);
third party outsourced IT providers where we have an appropriate data processing agreement (or similar protections) in place;
if Pilario merges with or is acquired by another business or company in the future, we may share your personal data with the new owners of the business or company, as well as with any administrators or insolvency practitioners, where they are involved (and provide you with notice of this disclosure); and
if we have to share your information to comply with legal obligations or regulatory requirements (for example, for age verification purposes), or if we have to enforce or apply our License conditions or any other agreements or to protect our rights, property or our customers, etc. This may involve exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
[OTHER THIRD PARTIES]

5. WHERE WE STORE YOUR INFORMATION

Your personal data shall not be transferred to any affiliate or third party located in any country outside the European Economic Area or made accessible from any such country without your express prior written approval.

6. HOW WE SAFEGUARD YOUR INFORMATION

We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.

We are committed to taking all reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans.

If you suspect any misuse or loss of or unauthorised access to your personal data please let us know immediately by using the contact details provided at the end of this Privacy Policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will apply our normal procedures and comply with legal obligations to protect your information, we cannot guarantee the security of your information transmitted to the Platform and any transmission is at your own risk.

The Platform may from time to time contain links to and from other websites. If you follow a link to any of those websites, please note that those sites ought to have their own privacy policies and that we do not accept any responsibility or liability for those sites or for their privacy policies. Please check those privacy policies before you submit your information to those Platforms.

7. HOW LONG WE KEEP YOUR INFORMATION

We will keep your information as required by law or other regulation (for example, because of a request by a tax authority or in connection with any anticipated litigation).

If you have registered an account with us: we will store your personal data for as long as your account is open.

If you have contacted us with a complaint or query: we will store your personal data for as long as is reasonably required to resolve your complaint or query.

The exceptions to the above are where:

we have carefully considered whether we need to retain your personal data after the periods described above to potentially establish, bring or defend legal proceedings or to comply with a legal or regulatory requirement;
we actually bring or defend a legal claim or other proceedings during the period we retain your personal data, in which case we will retain your personal data until those proceedings have concluded and no further appeals are possible;
you exercise your right to require us to retain your personal data for a period longer than our stated retention period (see further Right to restrict processing below);
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Right to erasure below); or
in limited cases, a court or regulator requires us to keep your personal data for a longer or shorter period.

When it is no longer necessary to retain your data, we will delete the personal data that we hold about you from our systems (either by erasing or anonymising that data). After that time, we may retain aggregated data (from which you cannot be identified) and retain it for analytical and statistical purposes.

8. YOUR RIGHTS

You have several rights in relation to your information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data. Except in rare cases, we will respond to you within one month from either: (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request.

Right to object

This right enables you to object to us processing your personal data where we do so for one of the following reasons:

where we rely on our legitimate interests to do process your information;
to enable us to perform a task in the public interest or exercise official authority; or
for scientific, historical, research, or statistical purposes.

Except for the purposes for which we are sure we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your personal data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your personal data.

Right to withdraw consent

Where we have obtained your consent to process your personal data for certain activities, you may withdraw this consent at any time and we will cease to use your personal data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. If you withdraw your consent, our use of your personal data before you withdraw is still lawful.

To withdraw your consent to marketing communications, please use the unsubscribe tool in the relevant communication or update your preferences in the account section on the Platform.

Right of access (‘Data Subject Access Requests’)

You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.

If you would like to request access to your information, it would assist us with dealing with your request if you could use the subject heading ‘Data Subject Access Request’, when contacting us. Please note that this is not mandatory and we will still deal with any requests without this reference.

Right to erasure

You have the right to request that we erase your personal data in certain circumstances. Normally, this right exists where:

the data is no longer necessary;
you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
the data has been processed unlawfully;
it is necessary for the data to be erased in order for us to comply with our obligations under law; or
you object to the processing of your data and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.

When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

Right to restrict processing

You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you, you object to our processing of your personal data for our legitimate interests or you require us to keep it in connection with legal proceedings. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

We may only process your information whilst its processing is restricted if we have your consent or are legally permitted to do so to protect the rights of another individual or company or in connection with legal proceedings.

Right to rectification

You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties to whom we have disclosed the inaccurate or incomplete personal data. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

You can access and update certain parts of your information by logging into your account on the Platform.

Right of data portability

If you wish, you have the right to transfer your personal data between service providers where we rely on your consent or the performance of your contract as the lawful basis to use that information. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you if technically possible.

Rights relating to automated decisions

In certain circumstances, you may contest a decision made about you based purely on automated processing and where the processing is not required by law. You may also ask us to stop making such decisions using automated processing alone.

Right to complain

You also have the right to complain to your local supervisory authority, in your case the Data Protection Authority. You can contact them in the following ways:

Telephone: +32 (0)2 274 48 00
Website: https://www.gegevensbeschermingsautoriteit.be/burger (via the contact form on the website)
Email: [email protected]
Address: Drukpersstraat (rue de la Presse) 35, 1000 Brussels

How to exercise your rights

If you would like to exercise any of these rights, please contact us on the details provided under How to contact us. Please note that we may keep a record of your communications to help us resolve any issues that you raise.

If you are in the EU, the following applies in addition to (and, in case of any inconsistencies, takes precedence over) the other provisions of this section:

You have the right to confirmation as to whether personal data relating to you are processed by us and the right to access this personal data or request a copy of it (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), and a right to restrict (block) your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR).
If you have provided the data, you can request the transmission of the data (Art. 20 GDPR).
If the processing is based on consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Pursuant to Art. 77 GDPR, you have a right to lodge a complaint related to our processing of your personal data, which you may exercise by submitting a complaint to the Supervisory Authority of the EU Member State of residence or where the issue that is the subject of the complaint occurred. We hope you will allow us to address your concerns by contacting us at [e-mail address Pilario] before you approach a Supervisory Authority, but otherwise the contact details of the EU Supervisory Authorities are available at https://edpb.europa.eu/about-edpb/board/members_en.

9. CHANGES

We may make changes to this Privacy Policy at any time by posting a copy of the modified notice on the Platform or, where appropriate, by sending you an email with that notice. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on the Platform, whichever is the earlier.

10. HOW TO CONTACT US

Av. Gustave Demey 57, 1160 Auderghem

Version 03/07/2023