Privacy Policy

Purpose

This Policy is established by Behaven SRL located at 23 Rue de Tenbosch, 1050 Brussels, under registration number BE 0703.924.545 (hereinafter referred to as "the data controller").

This privacy policy (the Policy) aims to inform visitors to the website hosted at the following address: www.behaven.com (hereinafter referred to as the "website") about how data is collected and processed by the data controller.

This Policy is part of the data controller's commitment to act with full transparency, in compliance with its national provisions and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "General Data Protection Regulation" or "GDPR").

The data controller pays particular attention to protecting the privacy of its users and therefore undertakes to take reasonable precautions to protect personal data collected against loss, theft, disclosure or unauthorized use.

"Personal data" means the personal data of the website user, i.e. any information relating to an identified or identifiable user.

If the user wishes to respond to any of the practices described below, they can contact the data controller at the postal address or email address specified in the "contact details" section of this policy.

What data do we process?

The data controller collects and processes the following personal data according to the methods and principles described below:

  • their domain (automatically detected by the data controller's server), including the dynamic IP address;
  • their email address if the user has previously disclosed it, for example by sending messages or questions on the website, communicating with the data controller by email, participating in discussion forums, etc.;
  • all information regarding the pages that the user has viewed on the website;
  • any information that the user has voluntarily provided, for example in the context of information surveys and/or registrations on the website.

The data controller may also collect non-personal data. This data is considered non-personal because it does not allow direct or indirect identification of a particular person. It may then be used for any purpose, for example to improve the website, products and services offered, or the data controller's advertising.

In the event that non-personal data is combined with personal data, so that identification of the persons concerned is possible, this data will be treated as personal data until it becomes impossible to link it to a particular person.

Collection methods

The data controller collects personal data as follows:

  • an online contact form.

Processing purposes

Personal data is collected and processed only for the purposes mentioned below:

  • ensuring the management and control of the execution of the services offered;
  • sending and tracking orders and invoices;
  • sending promotional information about the data controller's products and services;
  • sending promotional material;
  • responding to user questions;
  • compiling statistics;
  • improving the quality of the website and products and/or services offered by the data controller;
  • transmitting information about new products and/or services of the data controller;
  • for commercial prospecting actions;
  • enabling better identification of user interests.

The data controller may need to carry out processing not yet provided for by this policy. In this case, the data controller will contact the user before reusing their personal data, in order to inform them of the changes and give them the opportunity, if necessary, to refuse this reuse.

Legitimate interest

Certain data processing activities are based on the legitimate interest of the data controller. The legitimate interest is proportionate to the rights of users. For more details concerning the purpose of processing based on the legitimate interest of the data controller, users can contact the data controller directly (see contact details in this policy).

Retention period

In general, the data controller only retains personal data for as long as reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.

The personal data of a customer is retained for a maximum period of 10 years after the end of the contractual relationship between the customer and the data controller.

Shorter retention periods apply to certain categories of data, such as traffic data, which is only retained for 12 months.

At the end of the retention period, the data controller makes every effort to ensure that personal data has been made unavailable and inaccessible.

Exercise of rights

For all rights mentioned below, the data controller may verify the user's identity before granting the right.

The request for additional information by the data controller must be made within 1 month of the request made by the user.

Access to data and copy

The user can obtain free written communication or a copy of the personal data concerning them that has been collected by the data controller.

The data controller may charge a reasonable fee based on administrative costs for any additional copy requested by the user.

When the user makes such a request electronically, the information is provided in a commonly used electronic form, unless the user requests otherwise.

A copy of their data will be communicated to the user no later than one month after receipt of the request, unless otherwise provided by GDPR.

Right to rectification

The user can obtain free of charge, as soon as possible and no later than one month, the rectification of their personal data that is inaccurate, incomplete or irrelevant, as well as complete it if it proves to be incomplete.

Unless otherwise provided by GDPR, this request will be processed within one month of submitting the request.

Right to object to processing

The user can at any time, for reasons relating to their particular situation, object free of charge to the processing of their personal data, when:

  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  • processing is necessary for the legitimate interests pursued by the data controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail.

In this case, the data controller ceases to process personal data, unless it demonstrates that there are compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

Right to restriction of processing

The user can obtain from the data controller the restriction of processing, when one of the following cases applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data;
  • processing is unlawful and the data subject opposes their erasure and requests instead the restriction of their use;
  • the data controller no longer needs the personal data for the purposes of processing but they are still needed by the data subject for the establishment, exercise or defense of legal claims;
  • the data subject has objected to processing, i.e. for the data controller to verify the balance of interests between the legitimate interests of the data controller and those of the user.

The data controller informs the user when the restriction of processing is lifted.

Right to erasure (right to be forgotten)

The user can obtain the erasure of personal data concerning them, when one of the following grounds applies:

  • the data is no longer necessary for the purposes of processing;
  • the user has withdrawn their consent to the processing of their data and there is no other legal basis for processing;
  • the user objects to processing and there is no overriding legitimate ground for processing and/or the user exercises their specific right to object with regard to direct marketing (including profiling);
  • personal data has been processed unlawfully;
  • personal data must be erased to comply with a legal obligation (under Union law or Member State law) to which the data controller is subject;
  • personal data has been collected in the context of the provision of information society services to children.

However, erasure of data is not applicable in the following 5 cases:

  • when processing is necessary for exercising the right to freedom of expression and information;
  • when processing is necessary for compliance with a legal obligation requiring processing under Union law or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  • when processing is necessary for reasons of public health;
  • when processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of such processing;
  • when processing is necessary for the establishment, exercise or defense of legal claims.

The data controller is required to respond to the user's request as soon as possible and no later than one month and to justify their response if they intend not to comply with such a request, unless otherwise provided by GDPR.

Right to "data portability"

The user can at any time request to receive free of charge their personal data in a structured, commonly used and machine-readable format, in particular with a view to transmitting it to another data controller, when:

  • data processing is carried out using automated processes;
  • and when processing is based on the user's consent or on a contract concluded between the user and the data controller.

Under the same conditions and according to the same procedures, the user has the right to obtain from the data controller that personal data concerning them be transmitted directly to another personal data controller, insofar as this is technically possible.

The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Data recipients and disclosure to third parties

The recipients of the collected and processed data are, in addition to the data controller itself, its employees or other subcontractors, its carefully selected business partners, located in Belgium or in the European Union, and who collaborate with the data controller in the context of marketing products or providing services.

In the event that data is communicated to third parties for commercial prospecting purposes, the user will be informed beforehand so that they can choose to accept or refuse this transfer of data to third parties.

The transfer being based on the user's consent, they can at any time withdraw their consent regarding this exact purpose.

The data controller respects the legal and regulatory provisions in force and will ensure in all cases that its partners, employees, subcontractors or other third parties having access to this personal data respect this Policy.

The data controller reserves the right to disclose the user's personal data in the event that a law, legal proceeding or order from a public authority makes such disclosure necessary.

No personal data will be transferred outside the European Union.

Security

The data controller implements appropriate technical and organizational measures to ensure a level of security of processing and data collected with regard to the risks presented by processing and the nature of the data to be protected adapted to the risk. It takes into account the state of knowledge, implementation costs and the nature, scope, context and purposes of processing as well as the risks to the rights and freedoms of users.

The data controller has implemented appropriate security measures to protect and prevent the loss, misuse or alteration of information received on the website.

In the event of a personal data breach, the data controller takes prompt action to identify the cause and take appropriate measures to remedy the situation.

The data controller informs the user of this breach when required by law.

Complaints and grievances

If the user has a complaint, it is advisable to contact the data controller directly.

The user can also file a complaint with their national supervisory authority, whose contact details appear on the official European Commission website.

In addition, action can be taken before the competent national courts.

Contact details

For any questions and/or complaints, particularly regarding the clarity and accessibility of this Policy, the user can contact the data controller:

  • By email: info@behaven.com
  • By mail: Behaven SRL, 23 Rue de Tenbosch, 1050 Brussels

Applicable law and competent jurisdiction

This policy is governed by the national law of the place of the data controller's main establishment.

Any dispute concerning the interpretation or execution of this Policy will be submitted to the courts of this national law.

Miscellaneous provisions

The data controller reserves the right to modify the provisions of this Policy at any time. Modifications will be published with a warning as to their entry into force.

This version of the Policy is dated 22/08/2022.