PRIVACY POLICY AND PROCESSING AGREEMENT OF TUNIFY NV
1. Processing of personal data
1.1 In order to provide its services, Tunify SA with registered office at 3583 Paal (Beringen), De Weven 14 bus 2 and company number 0501662719 (hereinafter referred to as “Tunify”) must necessarily have certain Personal Data that must be provided directly or indirectly by the Data Subject or the Customer (as defined below).
1.2 Tunify attaches a lot of importance to the protection of privacy. In the context of acting in a legally responsible manner, Tunify undertakes to comply with the applicable legislation and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC.
1.3 With this Privacy Policy and Processing Agreement (hereinafter referred to as the “Privacy Policy”), Tunify informs about its Processing Activities relating to Personal Data, the rights of the Data Subject and the measures it has taken to protect privacy, in particular in the context of the use of the Website (as defined below).
1.4 This document must be read together with and is applicable in combination with Tunify’s general terms and conditions, which can be found under https://www.tunify.com/general-terms/
and which are also an integral part of the Agreement (as defined below). The General Terms and Conditions apply to this Privacy Policy, unless otherwise indicated. This Privacy Policy applies to all services provided by Tunify and replaces all discussions, agreements and understandings of any kind with Tunify regarding these services.
1.5 Customers and Data Subjects are requested to read this Privacy Policy carefully, provided that it may be amended from time to time in the light of feedback or changes to services, terms or legal or regulatory provisions.
Please note that acceptance of this Privacy Policy, together with the General Terms and Conditions, is a necessary condition for the provision of services by Tunify. By accepting this document, the Customer unconditionally accepts this document as binding, notwithstanding any provisions to the contrary in a document issued by the Customer or a third party. In the event of any conflict between this document and any terms and conditions of the Customer or a third party, this document shall prevail, notwithstanding any provision to the contrary.
2. Definitions
In order to understand the terminology used in the context of this Privacy Policy, a number of terms are defined below, as the case may be in accordance with the GDPR:
“General Terms and Conditions” means Tunify’s General Terms and Conditions, which can be found under https://www.tunify.com/general-terms/;
“GDPR”
means Regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
“Data Subject”
means a natural person whose Personal Data are processed by Tunify;
“Data breach”
has the same meaning as defined in GDPR;
“Service”
means the service provided by Tunify through the Website within the framework of the Agreement, as defined in the Agreement;
“Customer”
means a legal or natural person who wishes to make use of the Service or to contact Tunify for the provision of Services;
“Agreement”
means the agreement concluded between the Parties with regard to the Service under the conditions laid down in the General Terms and Conditions and supplemented by other conditions that may be agreed between the Parties;
“Personal Data”
means all information relating to an identified or identifiable Data Subject in the meaning of GDPR;
“Processing”
means any operation or set of operations which is performed upon Personal data or sets of Personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or reception, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, alignment or restriction, deletion or destruction;
“Controller”
means the natural or legal person, public authority, service or other body which, alone or together with others, determines the purpose and means of the Processing of Personal Data, namely the Customer or, if the Data Subject is the Customer, Tunify.
“Representative”
means with regard to Tunify, its employees, officers, agents and advisors;
“Processor”
means a natural or legal person, government body, agency or other body that processes Personal Data on behalf of the Controller, namely Tunify;
“Website”
means the website and the application developed, operated and maintained by Tunify, available at www.tunify.be, www.tunify.com, or on any other website or application through which the Service is offered.
3. Authorization for the Processing
By using the Service of Tunify within the framework of the Agreement and/or by visiting the Website and/or transferring Personal Data to Tunify via the Website or in any other way, and insofar as the Processing is not based on any other grounds for Processing as referred to in Article 6 of the GDPR:
– the Data Subject, if he provides his Personal Data, agrees that Tunify processes his Personal Data in accordance with the purposes described below;
– the Customer, if he provides the Personal Data of the Data Subject, agrees that Tunify processes his Personal Data in accordance with the purposes described below and guarantees that he has the consent of the Data Subject and/or has another legal basis for granting Tunify permission to process Personal Data in accordance with the purposes described below.
4. Collection of Personal Data
4.1 Tunify collects Personal Data by means of their transmission by the Data Subject or the Customer who is legally authorised to do so within the framework of the Agreement, in particular via the Website.
4.2 In addition, when when visiting the Website, registering with Tunify or registering to receive Tunify’s e-newsletters or information about Tunify’s products or services , Tunify may collect, store and use certain Personal Data on the Data Subject.
4.3 Like most website providers, Tunify also analyzes server logs to gather statistical information on how the Website is only used at an aggregated level and includes browser types, operating systems, IP addresses, referring/exit pages, platform types and date/time stamps.
Thus, during a visit to the Website and the use of the Service, small files of ‘cookies’ can be placed on the hard disk of the device by which the Customer visits the Website or uses the Service, and this for the sole purpose of better attuning the Website to the needs of the returning user or to optimise the operation of the Service. The cookies are not used to monitor the customer’s surfing behaviour on other websites. The internet browser allows the Customer to prevent the use of cookies or to receive a warning when a cookie is installed or to remove the cookies from the hard disk. Tunify cannot be held liable for any malfunctioning of the Website or the Service if the Customer does not accept, restrict or obstruct the use of cookies.
5. Nature of the Personal Data
Personal Data processed by Tunify are the data that it needs for the purposes described in this Privacy Policy, including for the proper execution of the Agreement. Such information may include, inter alia, surname and first name, contact details (such as address, telephone number, e-mail address), identification details such as VAT number and national registration number, date and place of birth details, employment details, professional activities and personal experience.
The Service is related to and the Website contains business content and is specifically targeted at and designed for adult use. Tunify does not knowingly solicit or process personal information about minors or sensitive categories of Personal Data, such as racial or ethnic origin, religious or philosophical beliefs, trade union membership, political beliefs or preferences and health data.
6. Purpose of the Processing
Tunify Processes Personal Data exclusively within the framework of the Agreement for the provision of the Service (including the maintenance and support of a registered account held by the Data Subject or the Customer with Tunify and the facilitation of access to and the provision of resources, tools and other materials available to the Customer), and for any related purpose for which the Data Subject has given its consent for the Processing or where there are other grounds for lawful Processing.
Tunify also processes Personal Data in order to respond to queries submitted by Users of the Website via the Website, for technical management of the Website, for research and analysis in order to maintain and improve the Service, in order to develop new services, based, among other things, on the opinions of the Data Subjects on Tunify’s products and services and for customer satisfaction purposes.
Tunify may also use Personal Data to efficiently manage its customers and to contact the Data Subject about promotions, surveys and exclusive opportunities offered by Tunify, its distributors, partners and affiliates, including information about other products and services that the Data Subject may be interested in. If the Data Subject does not wish the Personal Data to be processed for the aforementioned purposes, he may withdraw his consent at any time by means of a simple request to Tunify, as referred to in Article 16 of this Privacy Policy, or by means provided for in the relevant communication.
All Personal Data is processed solely for the purpose for which it was collected and to the extent necessary to achieve that purpose. This limitation applies both to the amount of Personal Data and to the scope of the Processing, the retention period and the accessibility.
If Personal Data are Processed for a purpose other than that for which they were originally collected, Tunify will ensure that the Processing does not take place in a way that is incompatible with the purpose for which the Personal Data were provided. If the desired purpose is incompatible with the original purpose for which the Personal Data were provided, Tunify will ask the Data Subject for permission to Process his Personal Data in the light of this new purpose, provided that this permission is given freely.
Tunify will not make any decisions based solely on automated Processing, including profiling, which have legal consequences for the Data Subject or which significantly affect him or her in a similar way.
7. The lawfulness of the Processing
Tunify processes Personal Data when this is necessary (a) for the execution of the Agreement or for the execution of the pre-contractual measures requested by the Customer or the Data Subject, (b) to comply with its legal obligations, (c) for advertising and marketing purposes aimed at implementing a policy of providing information to Customers and/or Data Subjects and pursuing a policy of customer-binding policy and/or (d) for the representation of Tunify’s legitimate interests.
If the Processing cannot be justified by any of the above legal grounds, Tunify may request the consent of the Data Subject, provided that such consent is freely given.
8. Receivers and (sub)Processors
Tunify may transfer Personal Data (or be obliged to transfer Personal Data) to government agencies and may transfer Personal Data to (sub-)Processors so that they can Process this data on behalf of Tunify, provided that (sub-)processors guarantee an adequate level of protection of Personal Data and are contractually obliged to comply with the applicable rules, including the GDPR. Personal data will not be transferred to countries that do not provide at least equivalent protection to that provided within the EEA.
Personal data can be communicated to the Representatives for internal use, but only and as far as this is necessary for the execution of their tasks, such as the execution of the Agreement, the administrative follow-up and the follow-up of the customer relations.
Tunify may also transfer (or be obliged to transfer) Personal Data in connection with its use of external (sub-)processors (such as suppliers of IT services, including services relating to software for Processing and collaborating partners and other persons involved in the follow-up of the Agreement), provided that they provide sufficient guarantees as to the implementation of appropriate technical and organisational measures to ensure that the Processing complies with the requirements of the applicable rules, including the GDPR, and the protection of personal data rights, and when the transfer is necessary within the applicable legal or regulatory framework, taking into account the objectives of the Processing.
To the extent required by the GDPR, Tunify has concluded an agreement with the (sub)Processors in which the purpose of the Processing is determined, whereby the (sub)Processor undertakes, among other things, to guarantee the confidentiality of the Personal Data, to limit the Processing to what is in accordance with Tunify’s instructions or what is legally permitted, and to cooperate in the exercise by the Customer and/or the Complainant of the rights granted to them by the GDPR.
9. Storage of Personal Data
Tunify can store Personal Data on servers located outside Belgium or in a cloud environment. In such a case, Tunify will ensure that the Personal Data is stored in an EU Member State and/or in a country that is recognized as offering an equivalent level of data protection and/or that compliance with the provisions of the GDPR is contractually guaranteed.
10. Registration of processing activities
Insofar as this is required by law, Tunify keeps a register of Processing Activities carried out by Tunify or carried out under its responsibility. In this case, the register will contain the information required by the GDPR, such as the name and contact details of the (joint) data protection officer, the purposes of the Processing, the description of the categories of Data subjects, of the Personal Data and of the recipients, the retention period, etc.
11. Rights of Customers and Data Subjects
The Data Subject may exercise the rights set out below by sending a written notification to the following e-mail address: info@tunify.com.
Tunify points out that if the Data Subject objects to the Processing of his Personal Data or exercises the rights set out below, this may result in Tunify being unable to continue to perform the Agreement and/or the Customer or the Data Subject will no longer be able to use the Service.
11.1 Right to revoke consent
If the Processing is based solely on consent, the Data Subject has the right to withdraw this consent at any time, without prejudice to the lawfulness of the Processing that took place prior to the withdrawal of consent.
11.2 Right of access
The Data Subject may at any time inspect his Personal Data and all information relating to the Processing of his Personal Data.
11.3 Right to rectification
The Data Subject is entitled to have inaccurate or incomplete Personal Data rectified, as far as this is legally possible.
11.4 Right to deletion
Unless Processing is necessary to assert, exercise or substantiate a legal claim or to comply with a legal obligation incumbent upon Tunify, the Data Subject is entitled to have his Personal Data deleted if (a) his Personal Data are no longer necessary for the purposes for which they were Processed, or (b) the consent, insofar as the Processing is based solely on it, is revoked or (c) the Data Subject objects to the Processing and there are no compelling and justifiable reasons for Tunify or (d) Personal Data has been Processed unlawfully, or (e) Personal Data must be deleted in order to comply with a legal obligation.
If the request for deletion forms part of the objection to the Processing for reasons related to the specific situation of the Customer and/or the Data Subject, Tunify will delete the data, except for serious and justified grounds for Processing which outweigh the interests and rights of the Customer and/or the Data Subject concerned or which are related to the assertion, exercise or substantiation of a legal claim.
11.5 Right to restriction of Processing
The Data Subject has the right to obtain the restriction of Processing from Tunify if (a) the correctness of the Personal Data is disputed by him, or (b) the Processing is unlawful and he opposes the deletion of Personal Data, or (c) he needs Personal Data in order to assert, exercise or substantiate a legal claim, while Tunify no longer needs them for Processing, or (d) he has objected to Processing on the basis of the legitimate reasons referred to in Article 21 of the GDPR.
16.6 Right on data transfer
The Data Subject has the right to obtain the Personal Data relating to him in a structured, customary and readable form and to pass it on to another Processor if (a) the Processing is based on permission or (b) the Processing is necessary for the performance of the assignment after the Agreement.
11.7 Right to object
The Customer and/or the Data Subject has the right to submit a complaint to the Data Protection Authority (Drukpersstraat 35, 1000 Brussels (www.gegevensbeschermingsautoriteit.be) if he believes that the Processing is unlawful.
12. Obligation of Tunify
Tunify has taken appropriate measures to protect Personal Data in order to ensure that the Personal Data are used in accordance with the aforementioned purposes and that their accuracy and updating is guaranteed.
13. Security of Personal Data
Tunify ensures that the Personal Data are protected and secured as much as possible to guarantee their confidentiality and to prevent them from being distorted, damaged, destroyed or processed by an unauthorized third party. The specific measures taken by Tunify in this respect are described in the information security policy, a copy of which can be obtained by the Data Subject.
In the event of a Data breach and the associated breach of the availability, integrity or confidentiality of Personal Data, Tunify will ensure that the Personal Data breach is reported to the Data Protection Authority within 72 hours of it becoming known, unless it is unlikely that the breach poses a risk to the rights and freedoms of the Data Subjects. Tunify will also report violations of the Personal Data to the Customers and/or Data Subjects concerned if it is likely that the violation entails an increased risk to the rights and freedoms of the Customers and/or Data Subjects.
Tunify takes appropriate technical and organizational measures to protect Personal Data, but emphasizes that no transmission over the Internet can ever be safely guaranteed. The Data Subject therefore notes that Tunify cannot guarantee the security of the Personal Data during its transmission and that effective security depends in part on the Data Subject (or the Customer) ensuring that the identification data and passwords provided to him/her are confidential and secure.
14. Retention period of Personal data
14.1 Personal Data will not be kept longer than is necessary for the purpose for which they are processed.
14.2 When Processing Personal Data for the purpose of executing the Agreement, the Data Subject (and/or the Customer) may request Tunify to return the Personal Data, upon termination or expiry of the Agreement, to the Data Subject (either the Customer) at the latest within 90 (ninety) days after the date of termination or expiry of the Agreement.
Unless the applicable law dictates otherwise, Tunify will comply with such a request, provided that the Customer has paid all amounts due to Tunify at that time, including those resulting from the termination or expiry of the Agreement (whether or not due on the date of termination or expiry of the Agreement). In the event of the return of Personal Data, Tunify will no longer retain the Personal Data, unless the Data Subject (or the Customer) so requests and under the conditions agreed at the time.
In the absence of a request for the return of Personal Data, Tunify is not obliged to store, pass on or return Personal Data, unless Tunify has stored the Personal Data as stipulated in this article.
Unless the Data Subject (or the Customer) asks Tunify to return Personal Data or Tunify has requested that Personal Data be deleted or made anonymous, Tunify may retain the Personal Data for a period of 2 (two) years after completion of the execution of the Agreement, it being understood that the Data Subject (or the Customer) may ask Tunify to continue to store the Data for the period indicated by him and under the conditions then agreed.
Tunify may in any case continue to use all the data if Tunify does so in an aggregated and anonymous format, in such a way that the data in question can no longer be regarded as Personal Data.
15. Contact
For any additional information related to this Privacy Policy or for any request for correction, access or restriction of the Processing, the Data Subject may contact Tunify at info@tunify.com. The Data Subject will receive a free confirmation of his request within thirty (30) days, it being understood that this period may be extended by thirty (30) days, provided that Tunify considers the request in question to be complex.
16. Disputes and applicable law
This Privacy Policy is governed by and construed in accordance with Belgian law. All disputes relating to this Privacy Policy, including its interpretation, as well as disputes relating to the protection of Personal Data, fall under the exclusive jurisdiction of the courts of the district of Hasselt, without prejudice to the mandatory legal provisions that stipulate otherwise. Before bringing an action, the parties concerned will take all possible measures to settle their dispute amicably.