Privacy Policy
Last Updated: 27/03/2023
1. Introduction
This privacy policy describes how SEQUESTO BV (“we”, “us”, “our” or “SEQUESTO”) collects and processes your personal data in its qualification as controller under the applicable Belgian and European data protection legislation (including the General Data Protection Regulation (“GDPR”).
SEQUESTO respects your privacy and is committed to protecting your personal data in accordance with the applicable data protection legislation.
Please read this privacy policy carefully. It describes not only your rights, but also the way in which you can exercise them.
2. Controller vs. Processor
This privacy policy only describes our data processing activities as controller. Under the GDPR, controllers are the main decision-makers: they exercise overall control over the purposes and means of the processing of personal data.
However, in some circumstances, we may also act as a processor for our clients. Processors act on behalf of and under the instructions of the controller. We act as a processor of our clients when we process personal data as part of the operations of our platform. We process this personal data in accordance with the data processing agreement we have concluded with our clients.
Controllers are obliged to inform the persons of whom they process personal data. If you wish to receive more information regarding the personal data we process on behalf of our clients, we recommend contacting our clients directly.
3. Who we are and how to contact us
SEQUESTO is a limited liability company, having its registered office at Emiel Fleerackerslaan 25, 9120 Beveren, Belgium and with company number 0751.734.261.
We have appointed a contact person, whom you can contact for questions about this privacy policy, your privacy and the processing of your personal data. E-mail address contact person: support@sequesto.com.
4. What Categories of personal data do we collect?
Depending on which data you choose to share with us, how you use our website and which consents you provide us, we collect different types of personal data.
In general, if we process your personal data, it will be personal data of one of the following categories:
– identification and contact details;
– technical information and usage data;
– any other personal information provided to us.
Section 5 below further describes which personal data we process for which processing activity.
5. For which purposes do wo process your personal data, on which legal basis and for how long?
5.1 General
We can process your personal data for the purposes specified in this section 5 (if and to the extent applicable to your situation). This list may evolve and will be updated as necessary in accordance with section 16. For certain processing purposes, we ask for your consent. The consent you give is always free and you have the right to withdraw it at any time. You can withdraw your consent by sending an email to: support@sequesto.com. However, withdrawal of your consent does not affect the processing of personal data prior to such withdrawal or our processing activities which are based on any other legal basis.
5.2 Data Processing Activities
| Purpose | Type of personal data | Legal basis | Retention period |
|---|---|---|---|
| Booking of demos and responding to your questions | Identification and contact details of the person contacting us, and any other personal data mentioned in the message | Legitimate interests (i.e. the interest of contacting prospects and of informing them of our business offering) | As long as necessary to book the demo or to respond to your questions and for a maximum of 1 year thereafter. |
| Direct marketing | Identification and contact details of subscribers | Consent | For as long as we are sending you relevant mailings and for a maximum of 1 year thereafter. As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your unsubscribe right, we will no longer keep your personal data for these purposes. |
| Business administration and legal compliance | Identification and contact details of contact persons with clients, and any other personal data provided to us (for example related to a data subject request and/or judicial investigation or lawsuit) | Necessity for the performance of a contract | – For 10 years after the termination of the agreement with the client; or – As long as required by law. |
| Customer complaint handling | Identification and contact details of contact persons with clients, and any other personal data provided to us | Necessity for the performance of a contract | This data will be deleted (or anonymised) as soon as the complaint is closed. |
| Invoicing and collection | Identification and contact details of contact persons with clients | Necessity for the performance of a contract | During the agreement with the client and during 10 years after the termination of the agreement or the date of the last invoice. |
| Operation of our website | Technical information (collected via cookies and similar technologies – for more information, we refer to our cookie policy) | Legitimate interests | The retention period varies from as long as the duration of a session/website visit, to as long as necessary for SEQUESTO’s legitimate interest. Technical information will in any event be deleted or pseudonymized 12 months after the collection of the data. For information on the retention period of personal data processed through cookies, we refer to our cookie policy. |
| Analytical purposes | Technical information (collected via cookies and similar technologies – for more information we refer to our cookie policy) | Consent | The retention period varies from as long as the duration of a session/website visit, to as long as your consent is not withdrawn (as applicable). Technical information will in any event be deleted or pseudonymized (i) upon your withdrawal of consent; and (ii) 12 months after the collection of the data. For information on the retention period of personal data processed through cookies, we refer to our cookie policy. |
| Recruitment | Identification and contact details and other personal data mentioned in a CV or cover letter of a candidate, and any additional information shared with us in relation to the job application | – Performance of a contract (if the candidate is selected) – Legitimate interests (if the candidate is not selected) | – If candidates are selected, this information is added to their personal file. – If candidates are not selected, SEQUESTO shall inform them that they will be included on a list for future recruitment. SEQUESTO will keep these data for 3 years after the application. – Where SEQUESTO keeps these data to defend itself against a possible (discrimination) claim in the recruitment process, these data will also be stored for 5 years after the candidate was informed of the fact that he/she was not selected. |
6. Personal Data of Third Parties
If you share any personal data of third parties with us, you guarantee that you have informed those third parties and you have received all necessary consents to communicate their personal data to SEQUESTO.
7. Cookies
Our website uses cookies and similar technologies. For more information, we refer to our cookie policy.
8. Who do we share your personal data with?
If and as required for the purposes set forth in section 5, your personal data may be shared with:
– third party service providers (such as IT service providers, security providers, payment procurement providers or hosting providers);
– professional advisers (such as lawyers or auditors);
– and third parties to whom we intend or choose to sell, transfer or merge (parts of) our shares, business or assets.
In any case, your personal data will only be shared with processors, employees and other third parties on a “need-to-know” basis, limited to the extent necessary to perform their services to us and we will implement appropriate safeguards to ensure the integrity and confidentiality of your personal data.
If SEQUESTO engages processors, they will always act under the responsibility of SEQUESTO and this will be done in accordance with a data processing agreement that meets the requirements of the GDPR. We require all our processors to take appropriate technical and organizational (including security) measures to protect your personal data in line with our policies. We do not allow our processors to use your personal data for their own purposes.
Upon request, we shall, as soon as possible after your request, inform you of the third parties with whom your personal data have been shared by providing you a more detailed list.
Additionally, we may disclose your personal data if this is required by law, or if we determine in good faith that such disclosure is required in order to comply with any pending judicial inquiry, judicial order or litigation and/or to safeguard our rights.
9. International Transfers
In principle, SEQUESTO does not transfer your personal data to third countries located outside the European Economic Area (EEA). However, it is possible that SEQUESTO – through its processors – transfers your personal data to countries outside the EEA. In this event, SEQUESTO will only do so in accordance with the applicable data protection legislation and subject to appropriate safeguards.
Please contact us if you want further information on the specific mechanism(s) used by us when transferring personal data out of the EEA.
10. Direct Marketing
If you give us your consent, we can use your personal data for direct marketing purposes. It is possible that your personal data will be subject to profiling for marketing purposes. This enables SEQUESTO to keep you informed about its services, updates, events, etc.
You may at any time withdraw your consent and object to the processing of your personal data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing (free of charge).
You shall have the right at any time to object to the processing of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, free of charge, by sending an email to: marketing@sequesto.com.
11. Data Security
SEQUESTO is committed to make sure that your personal data is secure and makes all reasonable and appropriate efforts to protect the confidentiality of your personal data. We have implemented appropriate technical and organisational measures, safeguards and assurances to process your personal data in accordance with the GDPR, in particular to protect your personal data against loss, misuse, or unauthorised alteration or destruction.
Please contact us if you would like more information on the specific measures taken.
Despite the measures taken by us, you should be aware that there are always risks associated with sending personal data over the internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorised third parties will never be able to defeat those measures or use your personal data for improper purposes.
12. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes determined in section 5 of this privacy policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or the organisation you work for. Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file.
The applicable retention periods that apply to each processing activity are set out in the table above in section 5.
13. Your Legal Rights and how to exercise them
Within the limits defined in Articles 15-22 of the GDPR, you have the following legal rights in relation to your personal data:
Right of access: you have the right to obtain confirmation from us as to whether or not we are processing your personal data, to access that personal data and how and why it is being processed, as well as to receive a copy of that data.
Right to rectification: you have the right to obtain a rectification of your personal data or to request that we complete your personal data when you become aware that we are processing incorrect or incomplete data about you.
Right to erasure (‘right to be forgotten’): you have the right to obtain erasure of your personal data in certain specific cases.
Right to restriction: you have the right to have the processing of your personal data restricted in certain specific cases.
Right to portability: you have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable form, and to transfer (have transferred) that personal data to another controller.
Right to object: you have the right to object to the processing of your personal data on the basis of our legitimate interest for reasons relating to your specific situation.
The exercise of these rights is in principle free of charge. Only in the event of unreasonable or repeated requests we may charge a reasonable administrative fee. We will always inform you of the applicable fee before charging it. You can exercise your rights by sending an e-mail to: support@sequesto.com.
In your request, make sure to clearly specify which right you wish to exercise so we can help you as efficient as possible. Please note that in some case we may require you to give more information about yourself to ensure that we are dealing with the correct person.
If you contact us to exercise your rights we will respond within 1 month. Exceptionally this may take longer (up to 3 months), but then we will inform you within 1 month of the reasons why.
14. Your Right to lodge a complaint with a Supervisory Authority
If you consider that our processing of personal data infringes the GDPR, you have the right to file a complaint with a supervisory authority, in particular in the member state of your habitual residence, the place of work or the place of alleged infringement.
In Belgium the competent supervisory authority is the Data Protection Authority (“Gegevensbeschermingsauthoriteit” / “Autorité de protection des données”):
http://www.gegevensbeschermingsautoriteit.be
Drukpersstraat 35, 1000 Brussels, Belgium
+32 (0)2 274 48 00
contact@apd-gba.be
However, we would appreciate the chance to deal with your concerns before you approach the authority, so please contact us in first instance.
15. Third Party Links
Our website may contain links to third party websites and/or applications. SEQUESTO is not responsible for the content of these websites and applications and is not responsible for the privacy standards and practices of such third parties. We recommend you to read the relevant privacy policies of these third parties and their websites before you accept their cookies and visit their website to ensure yourself that your personal data is sufficiently protected. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites and/or applications.
16. Liability
If SEQUESTO has legitimately transmitted your personal data to a third party (not being its processor), SEQUESTO shall not be liable for any unlawful processing or unlawful use by that third party.
SEQUESTO is in any case only liable for the damage caused by the processing of personal data if it did not comply with its specific obligations under the GDPR. SEQUESTO shall in no event be liable for any special, incidental, indirect or consequential losses or damages.
The foregoing exclusions and limitations shall only apply to the maximum extent permitted by applicable law.
17. Changes to this Privacy Policy
We may amend this privacy policy from time to time. Any such changes will be notified on our website. The date of the most recent version is shown below or on the top right-hand corner of the privacy policy. Please review our privacy policy periodically to stay informed of changes that may affect you.
Amended versions of this privacy policy take effect ten (10) days after their publication on the website, and/or other form of announcement and, if necessary, will always be submitted for approval, unless such modifications are necessary to comply with a legal requirement. In the latter case, the changes will take effect immediately.