1. Processing of personal data
1.1 In order to provide its services, Tunify SA with registered office at 3530 Houthalen-Helchteren, Centrum-Zuid 1111 and company number 0501662719 (hereinafter referred to as “Tunify”) must necessarily have certain Personal Data that must be provided directly or indirectly by the Data Subject or the Customer (as defined below).
1.2 Tunify attaches a lot of importance to the protection of privacy. In the context of acting in a legally responsible manner, Tunify undertakes to comply with the applicable legislation and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC.
1.4 This document must be read together with and is applicable in combination with Tunify’s general terms and conditions, which can be found under https://www.tunify.com/general-terms/
“General Terms and Conditions” means Tunify’s General Terms and Conditions, which can be found under https://www.tunify.com/general-terms/;
means Regulation No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
means a natural person whose Personal Data are processed by Tunify;
has the same meaning as defined in GDPR;
means the service provided by Tunify through the Website within the framework of the Agreement, as defined in the Agreement;
means a legal or natural person who wishes to make use of the Service or to contact Tunify for the provision of Services;
means the agreement concluded between the Parties with regard to the Service under the conditions laid down in the General Terms and Conditions and supplemented by other conditions that may be agreed between the Parties;
means all information relating to an identified or identifiable Data Subject in the meaning of GDPR;
means any operation or set of operations which is performed upon Personal data or sets of Personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or reception, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, alignment or restriction, deletion or destruction;
means the natural or legal person, public authority, service or other body which, alone or together with others, determines the purpose and means of the Processing of Personal Data, namely the Customer or, if the Data Subject is the Customer, Tunify.
means with regard to Tunify, its employees, officers, agents and advisors;
means a natural or legal person, government body, agency or other body that processes Personal Data on behalf of the Controller, namely Tunify;
means the website and the application developed, operated and maintained by Tunify, available at www.tunify.be, www.tunify.com, or on any other website or application through which the Service is offered.
3. Authorization for the Processing
By using the Service of Tunify within the framework of the Agreement and/or by visiting the Website and/or transferring Personal Data to Tunify via the Website or in any other way, and insofar as the Processing is not based on any other grounds for Processing as referred to in Article 6 of the GDPR:
– the Data Subject, if he provides his Personal Data, agrees that Tunify processes his Personal Data in accordance with the purposes described below;
– the Customer, if he provides the Personal Data of the Data Subject, agrees that Tunify processes his Personal Data in accordance with the purposes described below and guarantees that he has the consent of the Data Subject and/or has another legal basis for granting Tunify permission to process Personal Data in accordance with the purposes described below.
4. Collection of Personal Data
4.1 Tunify collects Personal Data by means of their transmission by the Data Subject or the Customer who is legally authorised to do so within the framework of the Agreement, in particular via the Website.
4.2 In addition, when when visiting the Website, registering with Tunify or registering to receive Tunify’s e-newsletters or information about Tunify’s products or services , Tunify may collect, store and use certain Personal Data on the Data Subject.
4.3 Like most website providers, Tunify also analyzes server logs to gather statistical information on how the Website is only used at an aggregated level and includes browser types, operating systems, IP addresses, referring/exit pages, platform types and date/time stamps.
5. Nature of the Personal Data
The Service is related to and the Website contains business content and is specifically targeted at and designed for adult use. Tunify does not knowingly solicit or process personal information about minors or sensitive categories of Personal Data, such as racial or ethnic origin, religious or philosophical beliefs, trade union membership, political beliefs or preferences and health data.
6. Purpose of the Processing
Tunify Processes Personal Data exclusively within the framework of the Agreement for the provision of the Service (including the maintenance and support of a registered account held by the Data Subject or the Customer with Tunify and the facilitation of access to and the provision of resources, tools and other materials available to the Customer), and for any related purpose for which the Data Subject has given its consent for the Processing or where there are other grounds for lawful Processing.
Tunify also processes Personal Data in order to respond to queries submitted by Users of the Website via the Website, for technical management of the Website, for research and analysis in order to maintain and improve the Service, in order to develop new services, based, among other things, on the opinions of the Data Subjects on Tunify’s products and services and for customer satisfaction purposes.
All Personal Data is processed solely for the purpose for which it was collected and to the extent necessary to achieve that purpose. This limitation applies both to the amount of Personal Data and to the scope of the Processing, the retention period and the accessibility.
If Personal Data are Processed for a purpose other than that for which they were originally collected, Tunify will ensure that the Processing does not take place in a way that is incompatible with the purpose for which the Personal Data were provided. If the desired purpose is incompatible with the original purpose for which the Personal Data were provided, Tunify will ask the Data Subject for permission to Process his Personal Data in the light of this new purpose, provided that this permission is given freely.
Tunify will not make any decisions based solely on automated Processing, including profiling, which have legal consequences for the Data Subject or which significantly affect him or her in a similar way.
7. The lawfulness of the Processing
Tunify processes Personal Data when this is necessary (a) for the execution of the Agreement or for the execution of the pre-contractual measures requested by the Customer or the Data Subject, (b) to comply with its legal obligations, (c) for advertising and marketing purposes aimed at implementing a policy of providing information to Customers and/or Data Subjects and pursuing a policy of customer-binding policy and/or (d) for the representation of Tunify’s legitimate interests.
If the Processing cannot be justified by any of the above legal grounds, Tunify may request the consent of the Data Subject, provided that such consent is freely given.
8. Receivers and (sub)Processors
Tunify may transfer Personal Data (or be obliged to transfer Personal Data) to government agencies and may transfer Personal Data to (sub-)Processors so that they can Process this data on behalf of Tunify, provided that (sub-)processors guarantee an adequate level of protection of Personal Data and are contractually obliged to comply with the applicable rules, including the GDPR. Personal data will not be transferred to countries that do not provide at least equivalent protection to that provided within the EEA.
Personal data can be communicated to the Representatives for internal use, but only and as far as this is necessary for the execution of their tasks, such as the execution of the Agreement, the administrative follow-up and the follow-up of the customer relations.
Tunify may also transfer (or be obliged to transfer) Personal Data in connection with its use of external (sub-)processors (such as suppliers of IT services, including services relating to software for Processing and collaborating partners and other persons involved in the follow-up of the Agreement), provided that they provide sufficient guarantees as to the implementation of appropriate technical and organisational measures to ensure that the Processing complies with the requirements of the applicable rules, including the GDPR, and the protection of personal data rights, and when the transfer is necessary within the applicable legal or regulatory framework, taking into account the objectives of the Processing.
To the extent required by the GDPR, Tunify has concluded an agreement with the (sub)Processors in which the purpose of the Processing is determined, whereby the (sub)Processor undertakes, among other things, to guarantee the confidentiality of the Personal Data, to limit the Processing to what is in accordance with Tunify’s instructions or what is legally permitted, and to cooperate in the exercise by the Customer and/or the Complainant of the rights granted to them by the GDPR.
9. Storage of Personal Data
Tunify can store Personal Data on servers located outside Belgium or in a cloud environment. In such a case, Tunify will ensure that the Personal Data is stored in an EU Member State and/or in a country that is recognized as offering an equivalent level of data protection and/or that compliance with the provisions of the GDPR is contractually guaranteed.
10. Registration of processing activities
Insofar as this is required by law, Tunify keeps a register of Processing Activities carried out by Tunify or carried out under its responsibility. In this case, the register will contain the information required by the GDPR, such as the name and contact details of the (joint) data protection officer, the purposes of the Processing, the description of the categories of Data subjects, of the Personal Data and of the recipients, the retention period, etc.
11. Rights of Customers and Data Subjects
The Data Subject may exercise the rights set out below by sending a written notification to the following e-mail address: firstname.lastname@example.org.
Tunify points out that if the Data Subject objects to the Processing of his Personal Data or exercises the rights set out below, this may result in Tunify being unable to continue to perform the Agreement and/or the Customer or the Data Subject will no longer be able to use the Service.
11.1 Right to revoke consent
If the Processing is based solely on consent, the Data Subject has the right to withdraw this consent at any time, without prejudice to the lawfulness of the Processing that took place prior to the withdrawal of consent.
11.2 Right of access
The Data Subject may at any time inspect his Personal Data and all information relating to the Processing of his Personal Data.
11.3 Right to rectification
The Data Subject is entitled to have inaccurate or incomplete Personal Data rectified, as far as this is legally possible.
11.4 Right to deletion
Unless Processing is necessary to assert, exercise or substantiate a legal claim or to comply with a legal obligation incumbent upon Tunify, the Data Subject is entitled to have his Personal Data deleted if (a) his Personal Data are no longer necessary for the purposes for which they were Processed, or (b) the consent, insofar as the Processing is based solely on it, is revoked or (c) the Data Subject objects to the Processing and there are no compelling and justifiable reasons for Tunify or (d) Personal Data has been Processed unlawfully, or (e) Personal Data must be deleted in order to comply with a legal obligation.
If the request for deletion forms part of the objection to the Processing for reasons related to the specific situation of the Customer and/or the Data Subject, Tunify will delete the data, except for serious and justified grounds for Processing which outweigh the interests and rights of the Customer and/or the Data Subject concerned or which are related to the assertion, exercise or substantiation of a legal claim.
11.5 Right to restriction of Processing
The Data Subject has the right to obtain the restriction of Processing from Tunify if (a) the correctness of the Personal Data is disputed by him, or (b) the Processing is unlawful and he opposes the deletion of Personal Data, or (c) he needs Personal Data in order to assert, exercise or substantiate a legal claim, while Tunify no longer needs them for Processing, or (d) he has objected to Processing on the basis of the legitimate reasons referred to in Article 21 of the GDPR.
16.6 Right on data transfer
The Data Subject has the right to obtain the Personal Data relating to him in a structured, customary and readable form and to pass it on to another Processor if (a) the Processing is based on permission or (b) the Processing is necessary for the performance of the assignment after the Agreement.
11.7 Right to object
The Customer and/or the Data Subject has the right to submit a complaint to the Data Protection Authority (Drukpersstraat 35, 1000 Brussels (www.gegevensbeschermingsautoriteit.be) if he believes that the Processing is unlawful.
12. Obligation of Tunify
Tunify has taken appropriate measures to protect Personal Data in order to ensure that the Personal Data are used in accordance with the aforementioned purposes and that their accuracy and updating is guaranteed.
13. Security of Personal Data
Tunify ensures that the Personal Data are protected and secured as much as possible to guarantee their confidentiality and to prevent them from being distorted, damaged, destroyed or processed by an unauthorized third party. The specific measures taken by Tunify in this respect are described in the information security policy, a copy of which can be obtained by the Data Subject.
In the event of a Data breach and the associated breach of the availability, integrity or confidentiality of Personal Data, Tunify will ensure that the Personal Data breach is reported to the Data Protection Authority within 72 hours of it becoming known, unless it is unlikely that the breach poses a risk to the rights and freedoms of the Data Subjects. Tunify will also report violations of the Personal Data to the Customers and/or Data Subjects concerned if it is likely that the violation entails an increased risk to the rights and freedoms of the Customers and/or Data Subjects.
Tunify takes appropriate technical and organizational measures to protect Personal Data, but emphasizes that no transmission over the Internet can ever be safely guaranteed. The Data Subject therefore notes that Tunify cannot guarantee the security of the Personal Data during its transmission and that effective security depends in part on the Data Subject (or the Customer) ensuring that the identification data and passwords provided to him/her are confidential and secure.
14. Retention period of Personal data
14.1 Personal Data will not be kept longer than is necessary for the purpose for which they are processed.
14.2 When Processing Personal Data for the purpose of executing the Agreement, the Data Subject (and/or the Customer) may request Tunify to return the Personal Data, upon termination or expiry of the Agreement, to the Data Subject (either the Customer) at the latest within 90 (ninety) days after the date of termination or expiry of the Agreement.
Unless the applicable law dictates otherwise, Tunify will comply with such a request, provided that the Customer has paid all amounts due to Tunify at that time, including those resulting from the termination or expiry of the Agreement (whether or not due on the date of termination or expiry of the Agreement). In the event of the return of Personal Data, Tunify will no longer retain the Personal Data, unless the Data Subject (or the Customer) so requests and under the conditions agreed at the time.
In the absence of a request for the return of Personal Data, Tunify is not obliged to store, pass on or return Personal Data, unless Tunify has stored the Personal Data as stipulated in this article.
Unless the Data Subject (or the Customer) asks Tunify to return Personal Data or Tunify has requested that Personal Data be deleted or made anonymous, Tunify may retain the Personal Data for a period of 2 (two) years after completion of the execution of the Agreement, it being understood that the Data Subject (or the Customer) may ask Tunify to continue to store the Data for the period indicated by him and under the conditions then agreed.
Tunify may in any case continue to use all the data if Tunify does so in an aggregated and anonymous format, in such a way that the data in question can no longer be regarded as Personal Data.
16. Disputes and applicable law