Privacy Statement everyoneINVESTED BV
This Privacy Statement applies as of March 26, 2020
Table of contents
- Part 1: We must work together to safeguard your privacy
- Part 2: Your right to privacy
- Part 3: everyoneINVESTED has many reasons for processing your personal data
- Part 4: everyoneINVESTED may process different types of data depending on the intended purpose
- Part 5: Security and confidentiality
Part 1: We must work together to safeguard your privacy
Your privacy is very important to us. Our aim is to process your personal data in a manner that is lawful, appropriate and transparent. In this Privacy Statement, we explain which of your personal details we collect from you as a natural person and then process. Throughout this document, this means details of you as a client, a possible future client or other affected party. Regardless of what capacity you act in, your rights do not change and everyoneINVESTED BV (hereinafter ‘everyoneINVESTED’) will treat your data with equal care.
1.1 Make sure you read all of this information and look at what action is open to you
We recommend that you read this information carefully, so that you know the purposes for which everyoneINVESTED uses your data. This Privacy Statement also contains more information about your privacy rights and how you can exercise them.
everyoneINVESTED may amend this Privacy Statement. The most recent version can always be found at https://everyoneinvested.com.
everyoneINVESTED will inform you of all substantive changes to the terms of the Privacy Statement via its website. You will also find more information about Belgian privacy legislation on the website of the Belgian Data Protection Authority (previously called the Privacy Commission) at https://www.dataprotectionauthority.be/.
1.2 everyoneINVESTED treats your personal details with care
everyoneINVESTED is a wealthtech company which is active in Belgium and selected other countries. everyoneINVESTED has its head office at Havenlaan 2, 1080 Brussels, Belgium. everyoneINVESTED is part of KBC Group (hereinafter ‘KBC’), which is an ‘integrated bank-insurance and asset management group’ (a group of companies that, through close cooperation, create and distribute banking, investment and insurance products and provide financial services). You can find more information about KBC’s different companies and activities at www.kbc.com.
everyoneINVESTED is responsible for processing personal data.
Contact everyoneINVESTED if you have any questions about the processing of your data.
If you have any questions about privacy or would like to adjust your privacy settings or exercise your rights, you can contact everyoneINVESTED via a dedicated mailbox: email@example.com.
Part 2: Your right to privacy
You have a lot of rights when it comes to the processing of your data. When everyoneINVESTED asks for your permission to process your data, you can revoke that permission whenever you wish.
There are no data processing operations and processes that are fully automated, without any human intervention.
2.1. You can inspect your data
If you would like to inspect the data that everyoneINVESTED processes about you, let us know.
If you exercise your right of inspection, everyoneINVESTED will give you as complete a list as possible of your data. It can happen that some personal data from back-up files, logs and stored records is not included in that list. Such data is not within scope of the data processed on an ongoing basis and it is not therefore immediately available. For that reason, it will also not be communicated to you. However, it is removed from those files in accordance with standard maintenance procedures.
2.2. You can have your data corrected
It can happen that certain information held on you by everyoneINVESTED is not (or is no longer) correct. You can ask for the data to be corrected or completed at any time.
2.3. You can have your data deleted
You can ask everyoneINVESTED to erase your personal data. If everyoneINVESTED no longer has an overriding ground for processing your personal data, it will erase it. Statutory duties can preclude erasure.
2.4. You can object to your data being used for certain purposes
If you disagree with how everyoneINVESTED invokes its legitimate interests to process certain data, you can object. We will heed objections unless there are overriding grounds not to do so.
2.5. You can ask for your data to be transferred to a third party.
You are entitled to ask for personal data that you yourself have provided to everyoneINVESTED to be transferred back to you or to a third party. The data protection laws place a number of restrictions on the exercise of this right, which means it is not applicable to all data.
2.6. You may exercise your rights.
Be as specific as possible any time you wish to exercise your rights. everyoneINVESTED can only properly answer queries for which sufficient detail is provided. everyoneINVESTED will need to verify your identity in as much detail as possible in case someone else tries to exercise your rights.
You may therefore be asked to provide ID when making such a request.
Do you have a question or a comment? If so, you can contact everyoneINVESTED via a mailbox: firstname.lastname@example.org.
If this route does not resolve the matter satisfactorily, you can contact the everyoneINVESTED Data Protection Officer: in writing, by sending a letter to everyoneINVESTED BV, Data Protection Officer, 2 Havenlaan, 1080 Brussels, or by e-mail to email@example.com.
If you would like more information or if you do not agree with the standpoint adopted by everyoneINVESTED, make sure to visit the website of the Belgian Data Protection Authority (previously called the Privacy Commission) at https://www.dataprotectionauthority.be/. You can also lodge complaints there.
Part 3: everyoneINVESTED has many reasons for processing your personal data
3.1. everyoneINVESTED’s compliance with laws and legal requirements
The main legal grounds for everyoneINVESTED having to process your data are summed up here.
• everyoneINVESTED must be able to respond correctly when you exercise your rights under privacy legislation. everyoneINVESTED is also required to answer questions from the Data Protection Authority, e.g. in the event of complaints.
• everyoneINVESTED has reporting duties towards company auditors.
• everyoneINVESTED has to answer questions posed by the tax authorities or exchange information spontaneously as required by tax legislation.
• everyoneINVESTED is also required to answer questions from the judicial authorities (police, public prosecutors, investigating magistrates and the courts).
3.2. everyoneINVESTED has to be able to assess whether an agreement or service may be contracted and has to be able to perform its contracts duly and properly
everyoneINVESTED processes the personal data of representatives of legal persons in order to authenticate and communicate with the legal persons and to exercise the company powers for everyoneINVESTED services and products.
3.3. everyoneINVESTED has to be able to function as a business
This is known as its ‘legitimate interests’.
In addition to the purposes set out above, everyoneINVESTED has a number of legitimate interests that form the basis for processing personal data. In that regard, everyoneINVESTED ensures that the impact on your privacy is kept to a minimum and that, in all events, everyoneINVESTED’s legitimate interests remain proportionate to the impact that upholding them has on your privacy. If you nonetheless object to this data being processed, you can exercise your right to object.
There are various situations in which personal data could be processed in everyoneINVESTED on the basis of legitimate interest:
• When applications are developed, tests need to be carried out using personal data, including the final acceptance test before an application can be put into production.
• Personal data may be used as evidence (stored records).
• It may be used to ascertain, exercise and safeguard the rights of everyoneINVESTED (e.g. in disputes).
• For direct marketing based on legitimate interests, further details are given in 3.6.
3.4. everyoneINVESTED uses your personal data for direct marketing
everyoneINVESTED wants to promote and offer its products and services via informing you of and/or inviting you at the webinars or events we organize or more generally for direct marketing purposes. We may do so not only in response to explicit requests but also where everyoneINVESTED feels you might be interested in or could benefit from a given product or service .
This information can reach you in all sorts of ways: via the internet and apps, by e-mail, by post, by phone and through events. everyoneINVESTED will make every effort to communicate the information clearly.
If you do not wish to receive any offers at all, you should exercise your right to object to direct marketing through the mailbox: firstname.lastname@example.org.
3.5. everyoneINVESTED will not sell your personal data
everyoneINVESTED does not sell or hire your personal data to third parties for their own use, unless you opt for this yourself and give your consent.
Anonymised insights into the market derived from your personal data may nevertheless be offered, so long as those receiving the insights are unable to ascertain the identity of the person whose data was processed. You can also object to your personal data being used to generate insights.
Part 4: everyoneINVESTED may process different types of data depending on the intended purpose
everyoneINVESTED processes your personal data for a variety of purposes. The different types of data that can be used are set out below.
4.1. Information to identify you, contact you and offer you the right product or service
Which data everyoneINVESTED uses for these purposes is set out below.
• To identify you: your name, date of birth, nationality, address, identity card, client number and national registration number.
• To contact you: your telephone number, e-mail address and language.
4.2 Information in the public domain and information obtained through third parties
everyoneINVESTED can sometimes process data that is available in the public domain.
Data that can be used is the data you have placed in the public domain yourself, such as information on your website, your blog or via your publicly accessible social media profile, or information about you that everyoneINVESTED has obtained from third parties.
It can also comprise data that is in the public domain, e.g: because it is common knowledge in your area or because it has appeared in the press. Information from sources such as the companies register and Graydon also fall into this category.
This data can be relevant and may be used for the purposes given by everyoneINVESTED in this privacy statement.
4.3. Information you give to everyoneINVESTED staff may also be processed
Whenever you contact a member of everyoneINVESTED staff, this is generally recorded in order to build a contact list, to have a report of the contact or as a reminder of tasks that our staff member has yet to carry out.
Even if you are not a client, everyoneINVESTED may store such information disclosed by you. This information can be used later if you do become a client. By adopting this approach, everyoneINVESTED seeks to avoid you having to repeatedly provide the same information. It also allows us to improve the continuity of our service to you.
4.4. Written everyoneINVESTED correspondence is carefully monitored
Correspondence with members of staff in their capacity as everyoneINVESTED employee (office address, job-linked or personal everyoneINVESTED e-mail address, etc.) is deemed to be business-related and may thus be examined in the context of their duties, the production of evidence, workplace checks, security and service optimization and/or continuity.
4.5. More than just your own personal details may be involved
If you have a company, you agree that everyoneINVESTED can also keep a record and process the details of any associated persons.
Please note that legal entities may only provide us with personal details of natural persons associated with them if those persons are sufficiently informed of this and, where necessary, have given their consent.
Furthermore, the company is responsible for complying with the data protection legislation when it submits lists of users for online applications. The legal entity accordingly indemnifies everyoneINVESTED in respect of all liability in this regard (vis-à-vis those concerned).
Part 5: Security and confidentiality
5.1. Not everyone gets to see your data at everyoneINVESTED
Only those with appropriate authorization can access personal data, and then only if it is relevant to the performance of their duties.
In principle, within everyoneINVESTED, your personal data will only be processed and consulted by certain departments:
• with which you currently have a contractual relationship or are in contact, or where this has been the case in the past or you would like it to be so in the future;
• the involvement of which is required for the provision or aftercare of services.
The individuals who are authorized to consult your data are moreover bound by a strict professional duty of confidentiality and must abide by all technical instructions to ensure the confidentiality of your personal data and the security of the systems in which the data is held.
5.2. Your data is processed at a limited number of locations
everyoneINVESTED uses the services of processors to process personal data. These are companies that process data on the instructions of everyoneINVESTED.
everyoneINVESTED may engage the services of other processors, such as:
• lawyers and consultants;
• ICT service providers and specialist fintech companies.
5.3. everyoneINVESTED takes specific measures to protect your data
everyoneINVESTED ensures that strict rules are followed and that the processors concerned:
• only have the data they need in order to perform their tasks;
• have provided everyoneINVESTED with an undertaking that they will process this data securely and confidentially and only use it to carry out the instructions given to them.
everyoneINVESTED will not be liable if these processors lawfully disclose personal data to local authorities or if incidents occur at those processors despite the measures they have taken.
everyoneINVESTED takes internal technical and organizational measures to prevent personal data finding its way into the hands of, or being processed by, unauthorized parties or being accidentally altered or deleted.
Strict security measures are in place to protect premises, servers, the network, data transfers and the data itself, and extra checks are also carried out in this regard.
You and us together need to be aware that information shared by e-mail can sometimes be intercepted and, where possible, we must aim to use a different means of communication or to limit the amount of information sent.
5.4 everyoneINVESTED does not keep your data forever
everyoneINVESTED uses your personal data where everyoneINVESTED has a clear aim in mind. Once that aim no longer exists, we delete the data.
The starting point for storing your personal data is the statutory retention period. The period can be longer where needed for the exercise of our rights. If no retention period is stipulated by law, it can be shorter.
5.5. everyoneINVESTED thinks before it answers queries from external parties
As everyoneINVESTED has to comply with its confidentiality obligations and with the privacy legislation, it may only answer queries from third parties if (i) they arise pursuant to a legal requirement or a legitimate interest; (ii) doing so is a prerequisite for performing the contract; or (iii) the data subject has given their permission.
In the last case, everyoneINVESTED actually advises third parties to request the information direct from the relevant person.
everyoneINVESTED declines liability if, under applicable (foreign) legal obligations, the lawful recipients of personal data are required to pass personal data about clients on to the local authorities or process it without an adequate level of security.
More legal information of everyoneINVESTED BV can be found here.