Beebonds and your data
Introduction and presentation of the data controller
This Privacy Policy is established by the company BeeBonds hereinafter "BeeBonds", "we", "us"), having its registered office at Avenue des Volontaires, 19 (Vrijwilligerslaan, 19) in 1160 Auderghem (Oudergem) which manages the site www.beebonds.com (hereinafter the "Website").
BeeBonds is a crowdlending platform approved by the FSMA allowing private individuals to invest in various projects. This authorisation enables it to offer a project owner the opportunity to make a public offering so that the project owner or Issuer can finance the project.
As part of our activities, we may process personal data concerning our customers, individuals, or any individual in contact with us. We are therefore responsible for processing the personal data of our users.
The purpose of this policy is to explain how we collect, use and store your personal data.
Data protection and respect for your privacy are essential values for us and we are committed to processing and protecting the personal data of the users of our services in a fair and transparent manner in compliance with the law.
By "personal data" we mean all personal data about you, i.e. any information that enables you to be identified directly or indirectly as a natural person.
This policy is part of our desire to act transparently, in compliance with the Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data (hereinafter referred to as the "Privacy Act") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").
If you would like to respond to any of the practices described in the policy, please feel free to contact us.
What categories of personal data do we process and how do we obtain them?
We therefore process your data as part of our activities and this data may be collected in several ways.
The two ways in which we collect data within BeeBonds
| Express communication on your part | Automatic collection when you use our services |
|---|---|
| When you register on the platform, we collect personal data directly from you. | When you surf our website, we collect information via cookies and pixels. |
The personal data you provide
Personal identification data - Name
- First name
- Civility
- Address abroad
- Copy of proof of residenceIdentification data issued by public services, other than the national register number - Copy of identity card
- identity card number
- VATPersonal characteristics - Age
- Gender
- Date of birth
- languageElectronic identification data - IP addresses
- emails
- cookies
- password to access your accountFinancial identification data - Bank account numbers
- BIC
Marriage or current form of cohabitation
/ Details of goods and services provided, lent or hired to the person on file - Loans via the platform Level of education / Professional activity - Professional status
- Sector of activityData collected automatically through the use of cookies and other technologies (pixels)
Connection information IP address Browser information Type of browser, time, frequency and duration of use Device used or application used Personal configuration Language preference Use of the website Via the hodjar system, we can see how you interact on our website Cookies
A cookie is a small text file containing fragments of information.
When you visit websites, information collected by various cookies is stored on your terminal (e.g. your language preference for a website). The cookie contains a unique code that enables the sender to recognise the terminal concerned (your computer or mobile device) each time the website is visited.
The cookie identifies your terminal's browser but never you personally. In addition, a website's server can only read the cookies it has placed itself and has no access to any other information on your computer or mobile device.
Cookies may either be placed by the server of the website you are visiting ("original cookies") or by partners with which this website collaborates ("third-party cookies").
Cookies generally have an expiry date. Some cookies expire when you close your browser ("session cookies"), while others remain on your terminal for longer, sometimes even until you delete them manually ("permanent cookies").
Cookie management
Some cookies require your prior and explicit consent. The banner on the home page of the website allows you to express your consent to this "cookies policy".
What's more, most browsers use cookies.
You can also delete these cookies or refuse their installation at any time and free of charge by changing the options in your browser software. The configuration of each browser is different. Each procedure is described in your browser's help menu. To do this, go to each browser via the following links:
- – Firefox
- – Chrome
- – Safari
- – Internet Explorer
- – Microsoft Edge
- – Opera
If you refuse the use of cookies, you can still access the website. However, certain functions will be limited or even impossible.
Cookies on our website
List of technical and necessary cookies :
| ARRAffinity | ASP.NET_SessionId | CookieInfoScript3 |
|---|---|---|
| - 365 days - Cookie used to associate a client with an instance of an Azure web application. It is used for load balancing to ensure that visitor page requests are routed to the same server during any browsing session. | - Closing your browser - This cookie is essential for use of the website, as it creates an anonymous "session" which enables the website to respond to your requests. | - No expiry date - Alerts users when cookies are used on the website. |
List of functional and performance cookies :
| ai_session | ai_user |
|---|---|
| -Closing your browser -This cookie name is associated with the Microsoft Application Insights software, which collects statistical information on the usage and telemetry of applications built on the Azure cloud platform. It is a unique anonymous session identification cookie. | -365 days -This cookie name is associated with the Microsoft Application Insights software, which collects statistical information on the use and telemetry of applications built on the Azure cloud platform. It is a unique user identification cookie that counts the number of users accessing the application over time. |
List of analytical cookies :
List of social network cookies :
These cookies enable content to be shared when you use the application buttons belonging to social networks. When you use these buttons, a third-party cookie is installed on your terminal and if you are connected to the social network, this information will be added to your profile.
Each social network has its own policy on cookies.
Non-personal data
We may sometimes collect data of a non-personal nature. These data are qualified as non-personal data because they do not allow you to be identified directly or indirectly.
This information may then be used for any purpose whatsoever, for example to improve our website, our products, target our advertising or improve the services we offer.
Processing of personal data
What is a treatment?
Processing is defined as "any operation or set of operations which is performed upon personal data or sets of data, whether or not by automatic means".
This processing covers the following actions that we carry out within BeeBonds.
Legality of processing
The GDPR authorises the processing of personal data provided that it is based on one of the legal grounds set out in the GDPR.
In the case of Beebonds, there are four legal bases for processing personal data.
The purposes of processing
We collect and process your personal data for certain purposes, which we describe below. We have identified these purposes and ensure that only necessary and relevant personal data - in line with the data minimisation principle (Based on this principle, we must ensure that all data we collect is adequate, relevant and limited to what is necessary for the purposes for which we process your data) - is processed. - are processed.
Compliance with our legal obligations
In certain cases, we are obliged to process your personal data in order to comply with legal obligations or when collaborating with the competent authorities.
By way of example, in the case of the processing operations required by the law on the prevention of money laundering and terrorist financing and the restriction of the use of cash, we are obliged to process your data in order to fulfil our obligations "to identify and verify, to identify the characteristics of the customer and the purpose and nature of the business relationship or occasional transaction, to exercise continuous and increased vigilance, as referred to in the articles, and our obligations to analyse atypical transactions".
As part of our contractual relationship
In order to perform our contract, we process your personal data for the following purposes:
The processing of your identification data, email address, etc. is therefore necessary for us to fulfil our contractual obligations.
Consent
When you give us your consent to process your personal data, we process it for the precise purposes to which you have consented. On our site, obtaining your consent takes the form of a tick box.
We will therefore process your personal data on the basis of your consent for the following purposes:
- - Sending newsletters
- - Analytical and statistical processing using cookies on our website
- - Organising games and competitions
- - Contact after collecting your business card at an event,...
- - Analysis of behaviour on our website
Withdrawal of consent
You are of course free to withdraw your consent at any time. You can withdraw your consent either via our cookie management tool or by unchecking the subscription box for our newsletter, which can be found under the "My user account" tab on our site.
As part of our legitimate interests
Legitimate interests are not defined in the RGPD, so each company must define them on the basis of its activity and its needs, while maintaining a balance between its legitimate interests and your rights and freedoms as data subjects.
Balancing our legitimate interests against your rights and freedoms
The GDPR requires that when we process your personal data, we balance your rights and interests against our legitimate interests.
It is important that you understand the criteria we use to determine our legitimate interests.
Purposes for which we process your data on the basis of our legitimate interests
Unplanned treatments and compatibility with current treatments
In the event that we carry out processing for purposes that are not yet provided for in this document, we may use your personal data as long as these purposes are compatible with the purposes for which we initially collected the data.
In this case, we take particular account of any link between the initial purposes, the subsequent purposes and the context (our relationship, the nature of the data and the consequences for you) in which the data was collected.
If we consider that the purposes are not compatible with the initial purposes, we will contact you before processing the data for these other purposes.
How long do we keep your personal data?
As a general rule, we do not keep your personal data longer than is necessary for the purposes for which it was collected.
More specifically, several situations should be distinguished in order to determine how long your personal data will be retained. These are set out in the table below.
Once the retention period has elapsed, we will delete your personal data as required by the law governing the recognition and supervision of crowdfunding.
The length of time cookies are kept is indicated below each type of cookie.
Your rights under the RGPD
Access, withdrawal, rectification, deletion, portability, limitation and opposition
Your rights under the regulations allow you to retain control over what we do with your personal data.
Right of access and copying
This right of access to the data we hold about you applies to all the purposes listed above.
In particular, this right allows you to ask us whether we process your personal data, for what purposes, the categories of data concerned and the recipients of your data.
You can also ask us for a copy of all the personal data we process concerning you.
Right of rectification
You also have the right to rectify any information that is inaccurate, incomplete or obsolete, enabling you to ask us to do so at any time.
Right to be forgotten
You may obtain the erasure of your personal data where one of the following grounds applies:
- The data are no longer necessary for the purposes of the processing;
- You withdraw your consent to the processing of your data and we will only process your data on the legal basis of your consent;
- You are oppose treatment ;
- We have processed your personal data unlawfully;
- If the data we hold is incomplete, inaccurate or obsolete ;
- We must delete your personal data in order to comply with a legal obligation (under EU or Member State law) to which we are subject.
The right to portability
If we process your personal data on the basis of a contract or your consent and the processing is carried out by automated means, you may ask us to transfer all your personal data to you or to transfer it to another controller.
Right to restrict processing
In certain cases, you may also ask us to limit the processing of your personal data.
The situations in which you can ask us to restrict the processing of your personal data are as follows:
- If you dispute the accuracy of any personal data while we verify the accuracy of that data;
- If we are processing your personal data unlawfully and you would prefer us to restrict such processing rather than erase your personal data.
Obviously, as soon as the processing restriction no longer applies, we will inform you.
Right to object
As explained above, we ask for your consent to send you commercial information (electronic newsletters).
If you do not wish us to send you such communications, or no longer wish us to do so, you have the right to object to the processing of your personal data for these purposes.
In addition, where the processing we carry out is based on our legitimate interests, you may object to such processing if you can justify this on grounds relating to your particular situation. We will assess these grounds and check whether we do not have any compelling legitimate grounds overriding your particular situation. If no compelling legitimate grounds can be found, we will stop processing your data on the basis of our legitimate interests.
Right not to be subject to automated processing, including profiling
If you consider that a decision concerning you has been taken solely on an automated basis, i.e. without any human intervention, and that this decision produces legal effects or affects you significantly, you may contact us as you have the right not to be the subject of such a decision.
Please note that such decisions are possible if they are necessary for the conclusion or performance of a contract between you and us or if you have explicitly consented to them. In addition, if the law authorises us to do so, we may process your data automatically.
How can you exercise your rights?
Identification
In order to help you enforce your rights, we need to check that your request relates to your personal data. We may therefore ask you for additional information if we cannot identify you with certainty from the information we hold.
In this case, we may ask you for additional information and perhaps, if necessary, a copy of your identity card.
How quickly will we get back to you?
We undertake to get back to you as soon as possible and, at the latest, within one month of your request.
We may have to extend this period to two months if your request is complex and we are faced with an excess of requests. Should such a situation arise, we will inform you of the reasons for the delay.
Security, recipients, data transfers and contacts
Data security
We implement appropriate technical and organisational measures to guarantee an adequate level of security for the processing of your personal data. This level of security is established on the basis of the risks presented by the processing and the nature of the data to be protected. We have put in place appropriate security measures to protect your personal data, in particular against loss, theft, misuse or alteration of the information received, disclosure or unauthorised use of your personal data.
In the unlikely and unfortunate event that your personal data under our control is compromised as a result of an information security breach, we undertake to act promptly to identify the cause of the breach and to take appropriate remedial action.
If necessary, in accordance with the law in force, we will inform you of this incident.
Transfer to third parties
Joint responsibility with issuers
In accordance with the law and in order to ensure that you benefit from your investment, we have signed joint liability agreements with all bond issuers. Our responsibilities are clearly defined. Together, we process only the data required to manage your investment (registration in the bondholders' register, etc.).
If you have any questions, please do not hesitate to contact us.
Data localisation
BeeBonds will not generally transfer your personal data outside the European Union and/or the European Economic Area. For example, all our servers are hosted in Ireland and the vast majority of our subcontractors store your data in Europe (Microsoft, Hodjar, etc.).
However, there are some exceptions to this rule, which include data transfers to the United States. Furthermore, if an authority or law requires us to transfer your data outside the EU or the EEA, we will only transfer your personal data when required by law or when ordered to do so by a competent authority.
Whenever BeeBonds transfers your personal data outside the EU or EEA to countries that do not have an adequate level of data protection recognised by the European Commission, we will apply safeguards to adequately protect your personal data. In particular, we will use the standard clauses or one of the derogations provided for in the Regulation to transfer your personal data.
Contact, modification, applicable law and Data Protection Officer
  |  |  | |
BeeBonds is your first point of contact if you have any questions about privacy. Avenue des Volontaires, 19 (Vrijwilligerslaan, 19) in 1160 Auderghem (Oudergem) - BELGIUM | We reserve the right to amend the provisions of this information document at any time. We will publish any changes directly on our website. | This document is governed by Belgian law. Any dispute relating to the interpretation or execution of this document shall be governed by Belgian law and shall fall within the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels. | If you wish, you can contact the Data Protection Officer. |
Complaints to the Data Protection Authority or the Belgian courts
You may also lodge a complaint with the Data Protection Authority at the following address
- Data Protection Authority
- Rue de la Presse, 35 -1000 Brussels
- + 32 2 274 48 00
- contact@apd-gba.be
For further information on complaints and possible remedies, please consult the information available at the Data Protection Authority website.
You can also lodge a complaint with the Brussels Court of First Instance.
