Privacy Statement

 

1. Introduction

 

We are committed to respecting your privacy and pay particular attention to protecting any of your personal data that we may process in the course of our activities, whether through the use of our web platforms (https://my.syndic4you.be, https://app.meeting4you.be, https://survey.syndic4you.be), the use of our website (https://syndic4you.be/en/) or in the course of our electronic exchanges with you.

 

We undertake to process your personal data lawfully, fairly and transparently in accordance with the relevant legal provisions, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”) and the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data.

 

With this privacy statement we would like to provide you with clear and comprehensive information about how your personal data is or will be processed.

 

For the purposes of this privacy statement, the following definitions apply:

 

  • “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (...);
  • “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not (...);
  • “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

 

 

2. Who is responsible for processing your personal data?

 

REALAB, a “Société à responsabilité limitée”, hereinafter referred to as “we”, “us”, “Syndic4you” or “Meeting4you”, whose company number is 0729.545.809 (Nivelles RPM) and whose registered office is at  Rue François Dubois 2, 1310 La Hulpe, is responsible for processing your personal data.

 

 

3. What categories of personal data are processed by Syndic4you?

 

In the course of our activities, we may process the following personal data and/or categories of personal data:

 

  • Personal identification data (for example: your first name, your surname, your email address, your postal address, your telephone number etc.);
  • Content of exchanges and related technical information (recipients, date and time sent etc.);
  • Technical information associated with the device you are using, such as your IP address, browser, geographic location and operating system;
  • Data from the use of social media (public profile pictures/images, introductory message, posts, messages exchanged, other data made public by the user, social media usage data, social contacts etc.);
  • Insurance details (insurance policy number);
  • Ownership information;
  • Other personal data that you choose to share with us.

 

This data is processed in accordance with this privacy statement and in accordance with the provisions of the European Data Protection Regulation (GDPR).

           

In all circumstances, we undertake to collect and process your personal data only to the extent that this is strictly necessary for the fulfilment of one of the purposes set out in this privacy statement.

 

Therefore, the provision of personal data on our various media is generally mandatory. In some cases however, certain personal data collected may be optional and does not have to be communicated to us (for example: certain computer data associated with the use of the website, your date of birth etc.). Where appropriate, specific mention of this is provided to tell you whether the collection of the data in question is mandatory or optional.

 

In these cases, the failure to provide and/or the inaccuracy of the personal data on the different media could, in some circumstances, make it impossible for us to execute the contract properly, make certain elements of the website or web platforms inaccessible or quite simply, make it impossible for us to respond favourably to your requests.

 

4. What are the sources of your personal data?

 

In general, we collect the personal data mentioned above directly from you. In some specific cases, we may collect personal data about you from the following sources:

 

  • External partners;
  • People who have freely communicated your details (family members, friends etc.);
  • Co-ownership associations;
  • Publicly available sources (websites, social media etc.).

 

We may also collect your personal data when you browse our website or use online services without your providing it to us.

 

 

5. For what purposes do we, as a data controller, process your personal data and on what legal basis?

 

With your prior consent, your personal data is collected and processed for the following purposes:

 

  • Managing Syndic4you’s external communication and contacts with the media;
  • Managing newsletter mailing lists and sending newsletters to subscribers;
  • Putting together statistics related to the services offered by Syndic4you;
  • Getting back to people following their inquiries about proposals and/or information about Syndic4you’s services;
  • Checking accessibility conditions for “insurance” promotions;
  • Making sure that a co-ownership association is complying with the legal provisions applicable to co-owners, carrying out a mini compliance audit and sending the audit report by email;
  • Managing cookies in order to make browsing our website faster and more efficient, measuring the audiences of the different content and sections of the website and sharing content from our website on social media.

In order to manage your “owner” user account on our platforms, you are first invited to join by one of our customers, and then you voluntarily give us your personal data. We collect and process this data so that we can fulfil the following purposes:

 

  • Confirming and completing user profiles for “owner” user accounts on the platforms;
  • Granting “user” rights according to roles/groups;
  • Managing user accounts (editing/disabling/deleting).

Within the context of fulfilling our contractual commitments or implementing pre-contractual measures, your personal data is collected and processed for the following purposes:

 

  • Managing clients insured under the Syndic group public liability policy (including transferral to the broker);
  • Managing claims;
  • Generating user profiles for “building manager” user accounts on the platforms;
  • Granting “user” rights for “building manager” users according to roles/groups;
  • Managing user accounts for “building manager” users (editing/disabling/deleting)

For the purposes of our legitimate interests as a data controller in order to offer our subscribers an interesting online space and to interact with our subscribers, your personal data is collected and processed for the following purposes:

 

  • Administering the Syndic4you company pages on social media (creating pages, posting articles, carrying out surveys etc.);
  • Engaging, communicating with subscribers and users of social media;
  • Improving the content of the pages via usage and audience statistics.

 

For the purposes of our legitimate interests as a data controller in order to manage our customer portfolio and allow the company to prosper over time, your personal data is collected and processed for the following purposes:

 

  • Targeting potential prospects more accurately and generating reports on the basis of our findings;
  • Responding to electronic messages from different platforms (chat);
  • Following up and reporting on sales leads;
  • Centralising and managing our contact with customers/prospective customers;
  • Managing customer relations and subscriptions;
  • Organising business development and follow-up activities;
  • Putting together statistics on customer feedback.

 

N.B.: we would like to draw your attention to the fact that by visiting our Syndic4you pages on social media, your personal data is or could be processed jointly by the social network in question and us to help the social network improve its advertising system, to obtain audience statistics for the page etc. We suggest reading the privacy policy for the social network in question before visiting our page.

 

As a reminder: We also process data as a processor

 

As a data processor, we process personal data on behalf of data controllers. These are the ACPs (co-ownership associations) who are the customers of our platforms. It is up to them to inform you that we process your personal data on their behalf. This information should normally be given to you when the data is collected.

 

We are committed to respecting your privacy and pay particular attention to protecting your personal data. Nevertheless, we would like to give you – purely for your information and without any commitment on our part – an idea of how your data might be processed via our platforms by an ACP, as a data controller.

 

Illustrative list of purposes for which your personal data is collected and processed by and/or on behalf of data controllers who are clients of our platforms: managing the co-ownership association (general administration); managing the list of suppliers; managing the lists of co-owners and the allocation criteria; keeping the accounts; managing how documents are archived; organising general meetings (agendas, invitations etc.); holding general meetings (physical, virtual or hybrid meetings); using live videos (images and sound); recording attendance at virtual meetings by authenticating participants; recording votes; sending out the minutes of general meetings; drawing up reports (individual statements, interim reports, invoice logs etc.); communicating with co-owners, providing technical support to clients, providing technical support to co-owners, etc.

 

Illustrative list of data that we process on behalf of data controllers who are clients of our platforms: personal identification data (for example: your first name, surname, email address, postal address, telephone number etc.); financial identification data (IBAN etc.); content of exchanges and related technical information (for example: recipients, date and time sent etc.); technical information associated with the device you are using, such as your IP address, browser, geographic location and operating system; personal details (for example: language, communication preferences etc.); ownership information; use of images and sound when meetings are organised – in full or in part – via our platforms; any other personal data processed within the context of the overall management of the co-ownership association and, in particular, when organising and holding meetings of co-ownership associations etc.

 

For more information or if you have any questions about the processing of personal data as described above and the processing that we carry out as a data processor on behalf of ACPs, please contact the ACP that is the data controller directly.

 

 

6. How long will your data be kept?

 

We are currently in the process of determining specific rules for the storage periods for personal data. These periods will vary according to the different purposes and taking into account any legal obligations associated with storing some of your data.

 

The storage periods defined in this way will help us process your requests, ensure the management and follow-up of these requests, fulfil the contractual relationship between us properly and/or carry out our work, while respecting the principle of proportionality according to which personal data must not be kept longer than necessary to achieve the purpose for which it was collected.

 

It is hereby stipulated that all of this data may however be kept for longer than the periods mentioned in this article:

 

  • Either after obtaining your agreement;
  • Or, in the form of archives, to fulfil any legal or regulatory obligations imposed on Syndic4you, or during the legal periods of limitation or opposition.
  • Or, in the form of re-use for historical, statistical or research purposes.

 

 

7. Who are the recipients of your collected data?

 

The data will be sent to the following individuals or bodies, exclusively for the purposes mentioned above:

 

  • Yourself;
  • Our in-house departments responsible for data processing;
  • Our data processors responsible for specific processing (including IT service providers (server hosting, maintenance, renting Cloud space etc.), mobile phone operators, web application developers, the supplier responsible for sending newsletters, the CRM service provider etc.);
  • Partner insurance companies;
  • Our main insurance broker.

 

No personal data is passed on to any third parties other than the above-mentioned recipients or who do not fall within the legal framework indicated, without prejudice to its possible transmission to the bodies responsible for supervision or inspection in accordance with Belgian law, such as an investigating judge.

 

 

8. Will your data be sent abroad?

 

8.1. Transfer of data within the European Economic Area

 

For the purposes of certain processing activities, some data is transferred within the European Economic Area.

 

Within the European Economic Area, you should know that your personal data enjoys the same level of protection.

 

 

8.2. Data transfers outside the European Economic Area

 

For the purposes of certain processing activities, some of your personal data is transferred outside the European Economic Area.

 

We will only transfer and/or grant access to your personal data to a data processor, service provider or third party based in non-European Economic Area member states where:

 

  • They are based in a state which ensures an adequate level of protection by virtue of an adequacy decision made by the European Commission;
  • Appropriate safeguards have been implemented in accordance with the GDPR, such as:
    • The signature of the standard contractual clauses adopted by the European Commission for the transfer of personal data to processors established in third countries (2010/87/EU);
    • The use of approved binding corporate rules; or
    • The application of an approved code of conduct.

 

Today, the personal data that we transfer directly/indirectly outside the European Economic Area is the data processed by various IT service providers (Syndic4you’s data processor subcontractors) based on the one hand in the United States (and/or subject to US legislation) and on the other hand in Kenya.

 

N.B.:

  • In light of the recent decision by the CJEU to invalidate the Privacy Shield (the “Schrems II” case), we are closely monitoring the political developments relating to this decision and the alternatives available to us so that we can carry on transferring data to the US while ensuring an adequate level of protection.
  • With regard to the transfer of data to our partner based in Kenya, Syndic4you undertakes to implement appropriate safeguards within a reasonable time to adequately protect your personal data.

 

For more information and/or a copy of the guarantees made, please send us an email to privacy@syndic4you.be indicating your surname, first name and with the words “transferts hors Union Européenne : DACP” (transferring outside the European Union: personal data) in the subject line. Also, please remember to specify exactly what information you are looking for in the body of your email.

 

 

9. What are your rights?

 

  • Right of access

The right of access is your right to obtain, on request, information about the personal data we hold about you.

 

  • Right of rectification

This is your right to request the rectification, without undue delay, of any personal data that may be inaccurate. If you find that your personal data is incomplete, you also have the right to ask for it to be completed.

 

  • Right to erasure

In some cases, you have the right to ask for your personal data to be deleted. This is particularly the case if:

  • the personal data is no longer necessary for the purposes for which it was collected or processed by the controller;
  • the personal data has been processed unlawfully;
  • the user withdraws their consent and there is no other legitimate basis for the processing;
  • the user, the data subject, objects to the processing, but in certain specific cases. The right to erasure does not exist in all situations.

 

  • Right to restrict processing

In certain cases, you have the right to obtain from us, as data controller, the restriction of the processing of your personal data, in accordance with the applicable data protection legislation. For example, where the accuracy of personal data is contested by the data subject, the processing of the data could be restricted for a period of time allowing the controller to verify the accuracy of the personal data.

 

  • Right to data portability

Where necessary, you also have the right to receive your personal data in a structured, commonly used and machine-readable format in accordance with the applicable data protection legislation. In any case, the right to erasure of data remains applicable. This right only exists if the basis for the processing is based on Article 6(1)(a) or Article 9(2)(a) (consent) or Article 6(1)(b) (performance of a contract) of the GDPR or if the processing is carried out using automated processes.

 

  • Right not to be subject to a decision based solely on automated processing

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you in a similar way. In other words, you have the right to request human intervention in the processing of your personal data. To this end, we undertake to ensure that you will never be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you in a similar way.

 

  • Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data if the processing is based on Article 6(1)(e) (task in the public interest or in the exercise of official authority) or (f) (legitimate interests) of the GDPR. In this case, we must stop processing the personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests and rights and freedoms, or for the establishment, exercise or defence of legal claims.

 

  • Right to withdraw consent

Insofar as processing is based on consent, you have the right to withdraw your consent at any time, without this affecting the lawfulness of the processing based on consent carried out prior to the withdrawal of consent.

 

 

10. How can you exercise your rights?

 

You can send your requests by email to privacy@syndic4you.be or by normal post to the following address

 

REALAB SRL

Rue François Dubois 2

1310 La Hulpe

 

To ensure your privacy and security, we will take steps to verify your identity before allowing you to view, and possibly correct, any data.

 11. Can you lodge a complaint with a supervisory authority

 

If you feel that we have breached any of our obligations, please contact us by sending an email to privacy@syndic4you.be or by post at the above address.

 

We will endeavour to get back to you as quickly as possible.

 

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority of the state in which you reside, work or where the alleged breach occurred.

 

For Belgium, the supervisory authority is the Autorité de Protection des Données (APD, Data Protection Authority).

 

Autorité de Protection des Données (Data Protection Authority)

Rue de la Presse 35

1000 Brussels

 

Tel.: +32 (0)2 274 48 00

Fax: +32 (0)2 274 48 35

Email contact@apd-gba.be  

URL https://www.dataprotectionauthority.be    

 

 

12. Changes to this Privacy Statement

 

The privacy statement may be modified at any time, in particular due to new developments in the processing carried out by Syndic4you or changes in applicable legislation. Any changes to this policy are effective immediately. You are therefore advised to visit this page regularly.

 

*           *

* 

 

Date last modified: 06/01/2020 – v.1.0