Privacy Policy
1. Parties and Purpose
HYPE UP - srl
Ten-Eycken 114 - 4850 Plombières - Belgium
BCE / VAT: BE-1006 232 072
Email: erik@hypeup.be
Phone: +32 487 529 626
The Controller establishes this Privacy Policy to inform users of the website hosted at the following address: www.hypeup.be (hereinafter “the Website”), in a transparent manner, about how personal data is collected and processed by the Controller.
The term “User” refers to any user, i.e. any natural or legal person, who visits or interacts in any way with the Website.
As such, the Controller determines all the technical, legal, and organizational means and purposes for processing Users’ personal data. The Controller undertakes to take all necessary measures to ensure that the processing of personal data complies with the Belgian Law of 8 December 1992 on the protection of privacy with regard to the processing of personal data (hereinafter “the Law”) and with the European Regulation of 26 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “the Regulation”).
The Controller is free to choose any natural or legal person who processes users’ personal data at its request and on its behalf (hereinafter “the Processor”). Where applicable, the Controller undertakes to select a Processor that provides sufficient guarantees regarding technical and organizational security measures for the processing of personal data, in compliance with the Law and the Regulation.
2. Processing of Personal Data
The use of the Website by Users may result in the communication of personal data. The processing of this data by the Controller, in its capacity as Data Controller, or by service providers acting in the name and on behalf of the Controller, will comply with the Law and the Regulation.
Personal data will be processed by the Controller, in accordance with the purposes set out below, through:
-
The contact request form.
3. Purposes of Processing Personal Data
In accordance with Article 13 of the Regulation, the purposes of processing personal data are communicated to the User and are as follows:
-
To ensure the performance of the services offered and agreed upon on the Website;
-
To monitor the execution of the services provided;
-
To respond to the User’s questions;
-
To compile statistics in order to improve the Website, the services offered, and internal organization;
-
To improve the quality of the Website and the products and/or services offered;
-
To better identify the User’s interests.
4. Personal Data That May Be Processed
By visiting and using the Website, the User agrees that the Controller collects and processes, in accordance with the methods and principles described in this Privacy Policy, the following personal data:
-
Information provided by Users for contractual purposes and to enable the proper performance of mutual obligations, such as name, first name, address, IBAN number and banking data, and more generally, any information voluntarily provided by the User;
-
Information provided by Users when filling out forms or contacting the Controller by phone, email, or other means (e.g. name, address, email address, and phone number);
-
For each visit to the Website, automatically collected information such as:
a. IP address, browser type and model, time zone, operating system;
b. All information regarding the pages visited by the User on the Website, including URL, browsing time, etc.
5. Consent
By accessing and using the Website, the User acknowledges having read and agreed, freely, specifically, knowingly, and unambiguously, to the processing of their personal data. This consent covers the content of this Privacy Policy.
Consent is given by actively ticking the checkbox linking to the Privacy Policy. This consent is required to carry out certain operations on the Website or to enable the User to enter into a contractual relationship with the Controller. Any contract binding the Controller and a User regarding the services and goods offered on the Website is subject to the User’s acceptance of this Privacy Policy.
The User consents to the Controller collecting and processing their personal data communicated on the Website or during the services provided by the Controller, for the purposes mentioned above.
The User has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
6. Retention Period of Users’ Personal Data
In accordance with Article 13(2) of the Regulation and the Law, the Data Controller retains personal data only for as long as reasonably necessary to fulfil the purposes for which it is processed.
This period is in any case less than: 1 year.
7. Data Recipients and Disclosure to Third Parties
Personal data may be transmitted to the Controller’s employees, collaborators, subcontractors, or suppliers who offer adequate data security guarantees and who cooperate with the Controller in marketing products or providing services. They act under the Controller’s direct authority and are responsible for collecting, processing, or subcontracting this data.
In all cases, the recipients of the data and those to whom it has been disclosed comply with this Privacy Policy. The Controller ensures that they process this data solely for the intended purposes, discreetly and securely.
In the event that data is disclosed to third parties for direct marketing or prospecting purposes, the User will be informed in advance and asked to consent to such use.
8. Users’ Rights
At any time, the User may exercise their rights by sending a letter with a copy of their identity card to the following address:
HYPE UP srl, Ten-Eycken 114, 4850 Plombières, Belgium.
a. Right of Access
Pursuant to Article 15 of the Regulation, the Controller guarantees the User’s right to access their personal data and the following information:
-
The purposes of processing;
-
The categories of personal data concerned;
-
The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
-
Where possible, the envisaged retention period of personal data or, where not possible, the criteria used to determine this period;
-
The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the Regulation, and at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The Data Controller may charge reasonable administrative fees for any additional copies requested by the User.
When the User submits this request electronically (e.g. by email), the information is provided in a commonly used electronic format, unless the User requests otherwise. A copy of their data will be communicated to the User no later than one month after receipt of the request.
b. Right to Rectification
The Controller guarantees the User’s right to rectify or erase personal data. In accordance with Article 16 of the Regulation, incorrect, inaccurate, or irrelevant data may be corrected or deleted at any time. The User first makes the necessary changes themselves through their user account or other means; if not possible, they may submit a request to the Controller.
In accordance with Article 19 of the Regulation, the Controller notifies each recipient to whom personal data has been communicated of any rectification, unless this proves impossible or requires disproportionate effort. The Controller provides the data subject with information on these recipients if requested.
c. Right to Erasure
The User has the right to obtain the erasure of their personal data as soon as possible in the cases listed in Article 17 of the Regulation.
Where the Controller has made the personal data public and is required to erase it, it shall take reasonable measures, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure of any links to, or copies or replications of, those data.
The above paragraphs do not apply to processing necessary for:
-
Exercising the right to freedom of expression and information;
-
Compliance with a legal obligation;
-
The establishment, exercise or defence of legal claims.
In accordance with Article 19 of the Regulation, the Data Controller shall notify each recipient to whom the personal data have been disclosed of any erasure of personal data or any restriction of processing carried out, unless such communication proves impossible or involves disproportionate effort. The Data Controller shall provide the data subject with information about those recipients if he or she requests it.
d. Right to Restriction of Processing
The User has the right to obtain the restriction of the processing of his or her personal data in the cases listed in Article 19 of the Regulation.
In accordance with Article 19 of the Regulation, the Data Controller shall notify each recipient to whom the personal data have been disclosed of any restriction of processing carried out, unless such communication proves impossible or involves disproportionate effort. The Data Controller shall provide the data subject with information about those recipients if he or she requests it.
e. Right to Data Portability
In accordance with Article 20 of the Regulation, Users have the right to receive from the Controller the personal data concerning them in a structured, commonly used, and machine-readable format. Users have the right to transmit these data to another controller without hindrance from the Controller in the cases provided for by the Regulation.
When the User exercises his or her right to data portability in accordance with the previous paragraph, he or she has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The exercise of the right to data portability shall be without prejudice to the right to erasure. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
The right to data portability shall not adversely affect the rights and freedoms of others.
f. Right to Object and Automated Individual Decision-Making
The User has the right to object at any time to the processing of his or her personal data for reasons relating to his or her particular situation, including data processing carried out by the Controller.
In accordance with Article 21 of the Regulation, the Controller will no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the User, or for the establishment, exercise, or defence of legal claims.
Where personal data are processed for direct marketing purposes, the User shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
g. Right to Lodge a Complaint
The User has the right to lodge a complaint regarding the processing of his or her personal data by the Controller with the Data Protection Authority, which is competent for the Belgian territory. More information can be found on the website: https://www.autoriteprotectiondonnees.be.
Complaints can be submitted to the following addresses:
Data Protection Authority
Rue de la Presse 35, 1000 Brussels
Tel. +32 2 274 48 00
Fax. +32 2 274 48 35
The User may also lodge a complaint with the court of first instance of his or her place of residence.
9. Limitation of Liability of the Data Controller
The Website may contain links to other websites owned by third parties not associated with the Controller. The content of these websites and their compliance with the Law and the Regulation are not the responsibility of the Controller.
The holder of parental authority must give explicit consent for a minor under 16 years of age to disclose information or personal data on the Website. The Controller strongly encourages those holding parental authority over minors to promote responsible and secure use of the Internet. The Data Controller cannot be held liable for having collected and processed information and personal data from minors under 16 whose consent is not effectively covered by that of their legal parents, or for incorrect data — in particular concerning age — provided by minors. Under no circumstances will personal data be processed by the Data Controller if the User specifies that he or she is under 16 years old.
The Controller is not liable for the loss, corruption, or theft of personal data caused in particular by the presence of viruses or as a result of cyberattacks.
10. Security
The Data Controller implements appropriate organizational and technical measures to ensure a level of security appropriate to the processing and collection of data. These security measures depend on the implementation costs, taking into account the nature, context, and purposes of the processing of personal data.
The Data Controller uses standard encryption technologies within the IT sector when transferring or collecting data on the Website.
11. Amendments to the Privacy Policy
The Controller reserves the right to modify this Privacy Policy in order to comply with legal obligations in this area. Users are therefore invited to consult the Privacy Policy regularly to be informed of any changes or adjustments. Such changes will be displayed on the Website or sent by email for enforceability purposes.
12. Applicable Law and Jurisdiction
This Privacy Policy is exclusively governed by Belgian law. Any dispute will be submitted to the courts of the judicial district of the Controller’s registered office.
13. Contact
For any questions or complaints regarding this Privacy Policy, the User may contact the Data Controller at the following address:
erik@hypeup.be
Hype Up srl, Ten-Eycken 114, 4850 Plombières, Belgium