- GENERAL WARNING
1.1 Cresta SC SCRL, with registered office at Place Flagey Plein, 18 – 1050 Brussels, CBE n° 0655.746.526 (hereinafter: “Cresta“) respects the privacy of its clients, prospects and the users of its website (hereinafter jointly: the “Users“).
1.2 Cresta processes the personal data transmitted to it in accordance with the legislation in force, and, in particular, Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation“).
1.4 The User acknowledges having read the information below and authorizes Cresta to process, in accordance with the provisions of the Policy, the personal data that he/she communicates (either on the Website or otherwise) as part of the services offered by Cresta (hereinafter: the “Service“).
1.5 The Policy is valid for all pages hosted on the Website and for the registrations of this Website. It is not valid for the pages hosted by third parties to which Cresta may refer and whose privacy policies may differ. Cresta cannot therefore be held responsible for any data processed on these websites or by them.
- DATA CONTROLLER AND DATA PROTECTION OFFICER
2.1 Simply visiting the Website shall take place without having to provide any personal data, such as first name, surname, postal address, e-mail address, etc.
2.2 As part of the Service, the User may be required to provide certain personal data. In this case, the data controller is:
Cresta SC SCRL
Place Flagey Plein 18
Crossroads Bank for Enterprises number: 0655.746.526
2.3 Any question regarding the processing of this data may be sent to the following address: [email protected]
- DATA COLLECTED
3.1 By requesting the Service, the User allows, in particular, Cresta to record and store, for the purposes mentioned in point 4, the following information:
identifying data, such as the first name and surname, marital status, e-mail address, date of birth, address employer, department, position and telephone number;
– the banking information necessary for the Service, such as bank account numbers, IBAN and BIC/SWIFT;
– invoicing information;
– communications between the User and Cresta;
– Any other personal data required to provide the Service you requested.
In the course of providing the Service, we may also process special categories of personal data, including:
– trade union membership;
– data concerning health;
– data concerning criminal proceedings involving the data subject.
3.2 The User also authorizes Cresta to record and store the following data for the purposes mentioned in point 4:
– additional information requested by Cresta to the User in order to identify him or to prevent him from violating any of the provisions of the Policy;
3.3 In order to facilitate browsing the Website as well as to optimize technical management, the Website may use “cookies”. These “cookies” record, in particular:
– the User’s browsing preferences;
– the date and time of access to the Website and other data related to traffic;
– the pages visited;
3.4 When the User accesses the Website, the servers consulted automatically record certain data, such as:
– the type of domain with which the User connects to the Internet;
– the IP address assigned to the User (when connected);
– the date and time of access to the Website and other data related to traffic;
– location data or other data relating to the communication;
– the pages visited;
– the type of browser used;
– the platform and/or operating system used;
– the search engine as well as the keywords used to find the Website.
3.5 No nominative data identifying the User is collected through the cookies and servers consulted. This information is kept for statistical purposes only and to improve the Website.
3.6 We may also collect some of your data through other companies, including from the following sources:
– other companies that have requested our services relating to a case that involves you (for example as a third party, opposing party, etc.);
– bailiffs or notary publics.
- PURPOSES OF PROCESSING THE DATA
4.1 We process your data for various purposes. For each purpose, only the data relevant to the pursuit of the purpose in question are processed. The processing consists of any operation (manual or automated) on a personal data. Cresta collects, stores and uses its Users’ data for the following purposes, in particular:
– to establish, carry out and conduct the contractual relationship with the User;
– to analyse, adapt and improve the content of the Website;
– to provide the Service;
– to allow the User to receive messages;
– to facilitate the availability and use of the Website;
– to personalize the User’s experience on the Website;
– to respond to requests for information;
– for any marketing activities and promotions proposed by Cresta to Users who have given their consent;
– to inform them about any changes on the Website and its features;
– for any other purpose to which the User has expressly consented.
4.2 The legal basis of the processing of your personal data is:
(i) the User’s consent; or
(ii) the execution of any request from the User or the necessity for the performance of a contract with the User (Cresta does need to collect some of the User’s data to answer any of their requests. If the User chooses not to share this data with Cresta, it may render the performance of the contract impossible); or
(iii) a legal obligation imposed on Cresta (Cresta does need to collect and store some of the User’s data to meet various legal requirements, including tax and accounting); or
(iv) Cresta’s legitimate interest, provided that it is in accordance with the User’s interests, freedoms and fundamental rights (Cresta has a legitimate interest in providing its Users with this information and interacting with them, especially to respond to their requests or improve the Services, prevent abuse and fraud, control the regularity of the operations, exercise, defend and preserve Cresta’s rights, for example in litigation, as well as evidence of a possible violation of its rights, manage and improve its relations with their Users, continually improve the Website and the Services, unless such interests are supplanted by the User’s interests or their fundamental rights and freedoms requiring the protection of their personal data. Cresta takes care in any case to maintain a proportionate balance between its legitimate interest and respect for the privacy of their Users).
If the legal basis of our processing is the User’s consent, the User has the right to withdraw it at any time without prejudice to the lawfulness of the processing performed prior to withdrawal.
In the context of direct marketing, this means that Users can unsubscribe at any time from newsletters and other commercial communications from Cresta. Such Users will be put in “opt-out”. Users can unsubscribe by sending an email to the following address: [email protected] or by clicking on the unsubscribe link at the bottom of each email.
In the course of providing the Service, we may also process special categories of personal data as described above in point 3. The processing of such special categories of personal data is based on the following legal ground(s):
(i) explicit consent of the data subject;
(ii) the personal data has manifestly been made public by the data subject;
(iii) the processing is necessary for the establishment, exercise or defence of legal claims.
- RIGHTS OF THE DATA SUBJECT
5.1 According to the regulations on the processing of personal data, the User has the following rights:
- Right to be informed about the purposes of the processing (see above) and the identity of the data controller;
- Right of access: the User may at any time have access to the data that Cresta has on him or check if it is included in the database of Cresta;
- Right to rectification: we take all reasonable steps to ensure that the data we kept is up to date. We encourage Users from time to time to consult us to check that their data is still up to date. If data is inaccurate or incomplete, Users have the right to ask us to correct it;
- Right to object: the User may, at any time, object to the use of his data by Cresta;
- Right to erasure: the User may, at any time request the deletion of his personal data, except those which Cresta has a legal obligation to keep on record;
- Right of limitation of processing: the User may, in particular, obtain a limitation of processing when he has objected to the processing, when he disputes the accuracy of the data, or when he considers that the processing is illegal;
- Right of portability: The User has the right to receive the personal data that he has communicated to Cresta and may also ask said company to send this data to another data controller.
5.2 In order to exercise his rights, the User sends a written request, accompanied by a copy of his identity card or his passport, to the data controller:
– by e-mail: [email protected]
– by post: Cresta SC SCRL, Place Flagey Plein, 18 – 1050 Brussels (Belgium)
5.3 Cresta will then take the necessary steps to satisfy this request as soon as possible and in any case within one month of receipt of the application. If necessary, this period can be extended by two months, given the complexity and the number of requests.
- PERIOD OF STORAGE
6.1 Cresta will keep the personal data of its Users for the duration necessary to achieve the objectives pursued (see point 4).
6.2 Cresta may also continue to keep personal data after the conclusion of the Service, including all correspondence or request for assistance sent to Cresta in order to be in a position to reply to all questions or complaints that may be sent to it after the Service, and in order to comply with all applicable laws, namely in tax matters or as part of other legal requirements. Cresta has in this respect a professional duty to store any relevant data (including personal data) it has received in the context of a matter or case in which it performed legal services for a term of at least five years following the date on which the relevant mission has been terminated.
- COMPLAINT WITH THE SUPERVISORY AUTHORITY
The User is informed that he has the right to lodge a complaint with the Data Protection Authority:
Rue de la Presse, 35, 1000 Brussels
Tel : +32 (0)2 274 48 00
8.1 In addition, Cresta has taken the appropriate organizational and technical measures to ensure a level of security adapted to the risk and that, to the extent possible, the servers hosting the personal data processed prevent:
– unauthorized access to or modification of this data;
– improper use or disclosure of such data;
– unlawful destruction or accidental loss of such data.
8.2 In this respect, employees, associates or partners of Cresta who have access to this data are subject to a strict confidentiality obligation. Nevertheless, Cresta may in no way be held liable in the event that this data is stolen or hijacked by a third party despite the security measures adopted.
- COMMUNICATION TO THIRD PARTIES
9.1 Cresta treats personal data as confidential information. It will not communicate them to third parties under any condition other than those specified in the Policy, such as to achieve the objectives set out and defined in point 4, or under the conditions in which the law requires it to do so.
9.2 Cresta may communicate its Users’ personal information to third parties to the extent that such information is necessary for the performance of a contract with its Users. In such case, these third parties will not communicate this information to other third parties, except in one of the two following situations:
– the communication of this information by such third parties to their suppliers or subcontractors to the extent necessary for the performance of the contract;
– where such third parties are obliged by the regulations in force to communicate certain information or documents to the competent authorities in the field of combating money laundering, as well as, in general, to any competent public authority.
9.3 The communication of this information to the aforementioned persons shall, in all circumstances, be limited to what is strictly necessary or required by the applicable regulations.
- TRANSFER TO A COUNTRY OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Cresta transfers data to a country outside the European Economic Area only when that country ensures an adequate level of protection within the meaning of the legislation in force and, in particular, within the meaning of the General Data Protection Regulation (for more information on the countries offering an adequate level of protection, please consult this link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en ), or within the limits permitted by the legislation in force, for example by ensuring the protection of data by appropriate contractual provisions.
If you wish, you can obtain a copy of the adapted contractual clauses by contacting us at: [email protected]
- DIRECT MARKETING
11.1 The personal data will not be used for direct marketing purposes for articles or services that would not be identical or similar to those for which the User has already relied upon Cresta, unless the User has previously explicitly consented to such use by ticking the boxes provided for this purpose (“opt-in”).
11.2 When the User has given his consent to the use of this information for direct marketing purposes, the latter retains the right to object to such use at any time, upon request and free of charge. The User may simply communicate his request by writing to the following address: [email protected].
- NOTE CONCERNING MINORS
Persons under the age of 18 and persons who do not have full legal capacity are not allowed to use the Website. Cresta asks them not to provide their personal data. Any infringement found in this provision must be reported without delay to the following address: [email protected].
- UPDATES AND CHANGES TO THE POLICY
By informing Users through the Website or email, Cresta may modify and adapt the Policy, in particular to comply with any new legislation and/or regulations applicable (such as the General Data Protection Regulation applicable from 25 May 2018), the recommendations of the Belgian Data Protection Authority, the guidelines, recommendations and best practices of the European Data Protection Board and the decisions of the courts and tribunals on this issue.
- VALIDITY OF THE CONTRACTUAL CLAUSES
14.1 Failure by Cresta to invoke – at any given time – a provision of this Policy, may not be interpreted as a waiver to subsequently make use of its rights under the said provision.
14.2 The invalidity, expiration or the unenforceable nature of all or part of one of the above or below mentioned provisions shall not give rise to the invalidity of all the Policy. Any fully or partially invalid, lapsed or unenforceable provision shall be deemed not to have been written. Cresta undertakes to substitute this provision with another which, to the extent possible, fulfils the same objective.
- APPLICABLE LAW AND COMPETENT COURT
15.1 The validity, interpretation and/or implementation of the Policy are subject to Belgian law, to the extent permitted by the provisions of applicable private international law.
15.2 In the event of a dispute relating to the validity, interpretation or implementation of the Policy, the courts and tribunals of Brussels have exclusive jurisdiction, to the extent permitted by the provisions of applicable private international law.