Privacy & Cookie Policy

At Brightfox we highly value your privacy and take all the necessary measures to protect your personal data. Therefore, we’d like to take the time to inform you what we do with the data we store about you. Moreover, we give you full control on how you like your data to be processed.

Who we are?

“We”, “us” or “our” means…
Brightfox Belgium NV, with its registered office at Veldkant 33A, 2550 Kontich, Belgium and with company number BE 0821.305.136;
We act as controller for the personal data we gather through your use of our website.
This Privacy Policy is solely intended to provide you with information in relation to the processing of personal data through your use of the website. For our privacy practices in relation to our services, we refer you to the agreement as may be concluded between us.
Your privacy is important to us, so we’ve developed this Privacy Policy that sets out how we collect, disclose, transfer and use (“process”) the personal data that you share with us, and which rights you have. Please take a moment to read through this policy.

What personal data do we collect and why do we collect it?

Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify a natural person.

The personal data we collect, is collected and used for the purposes as listed hereunder:

Contact forms
In the event you make use of the contact form, you will be asked to provide the following information: name, address, e-mail address, phone number, and any personal data that you choose to put in the designated blank field (please do not provide us with any sensitive information, such as health information, information pertaining to criminal convictions, or credit card/account numbers). This is information that is provided directly by you. We will use your personal data in order to reply to your query, via e-mail or telephone.

Media / Documents
If you upload images/documents to the website, you should avoid uploading images/documents with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Cookies are small pieces of data that a website asks your browser to store on your computer or mobile device when you visit the website or certain pages. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.
Cookies will usually contain the name of the website where the cookie has come from, how long the cookie will remain on your device, and a value which is usually a randomly generated unique number.
Some cookies will be deleted as soon as you leave the website (the so-called “session cookies”), other cookies will remain stored on your computer or mobile device and will help us identify you as a visitor of our website (the so-called “permanent cookies”).

Why do we use cookies?
Cookies on our Website are used for a variety of different purposes.
We use cookies to improve the user-experience on the Website and to map your surfing behaviour (e.g. the pages you have visited and the time you spent on that page). Cookies make our Website easier to use and allow us to better tailor our Website to your interests and needs. Cookies are also used to help speed up your future activities and experience on the Website. We use cookies, for example, to remember your language preferences.
We also use cookies to compile anonymous, aggregated statistics that allow us to understand how our Website is being used and how we can improve our services.

Which cookies do we use?
We use first party and third party cookies:
First party cookies are cookies created by the Website itself. These cookies are used to optimize your user-experience.
Third party cookies are cookies created by parties other than the Website. Third party cookies in relation to our Website are Google Analytics. Google Analytics is a tool which helps us understand how you engage with the Website. It may use a set of cookies to collect information and report Website usage statistics without personally identifying individual visitors to Google. The main cookie used by Google Analytics is the ‘___ga’ cookie.
A further distinction can be made between the following types of cookies:
* Necessary cookies: These are required for the operation of our Website. They include for example cookies that enable you to log in.
* Analytical/performance cookies: These cookies allow us to analyse our webtraffic, to see the number of users of our Website and how the users navigate through our Website.

How can you manage or delete cookies?
You can at any time manage or delete cookies using the settings on your internet browser, allowing you to refuse some or all cookies. Turning off cookies will limit the service that we are able to provide and may affect your user-experience. Deleting cookies may result in manually adjusting preferences every time you visit our Website. For more details about controlling and/or deleting cookies, visit the page corresponding to your browser for more information:

For other browsers, please consult the documentation provided by the browser operator.

What rights do you have over your data?

This article lists your principal rights under data protection law. We have tried to summarize them for you in a clear and legible way.
To exercise any of your rights, please send us a written request in accordance with article 1 of this Privacy Policy. We will respond to your request without undue delay, but in any event within one month of the receipt of the request. In the event of an extension of the term to respond or in the event we do not take action on your request, we will notify you.

The right to access

You have the right to confirmation as to whether or not we process your personal data and, in the event we do so, you have the right to access such personal data, together with certain additional information that you also find listed in this Privacy Policy.
You have the right to receive from us a copy of your personal data we have in our possession, provided that this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but we reserve the right to charge a reasonable fee if you request further copies.

The right to rectification

If the personal data we hold about you is inaccurate or incomplete, you have the right to have this information rectified or, taking into account the purposes of the processing, completed.

The right to erasure (right to be forgotten)

In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include:
* The personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed;
* You withdraw your consent, and no other lawful ground exists;
* The processing is for direct marketing purposes;
* The personal data have been unlawfully processed; or,
* Erasure is necessary for compliance with EU law or Belgian law.
There are certain exclusions to the right to erasure. Those exclusions include where processing is necessary,
* for exercising the right of freedom of expression and information;
* for compliance with a legal obligation; or,
* for the establishment, exercise or defense of legal claims.

The right to restrict processing;

You have the right to restrict the processing of your personal data (meaning that the personal data may only be stored by us and may only be used for limited purposes), if:
* You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
* The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
* We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; or,
* You have objected to processing, pending the verification of that objection.
In addition to our right to store your personal data, we may still otherwise process it but only:
* with your consent;
* for the establishment, exercise or defense of legal claims;
* for the protection of the rights of another natural or legal person; or,
* for reasons of important public interest.
We will inform you before we lift the restriction of processing.

The right to data portability

To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.

The right to object to processing

You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for:
* The performance of a task carried out in the public interest or in the exercise of any official authority vested in us;
* The purposes of the legitimate interests pursued by us or by a third party.
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

The right to complain to a supervisory authority

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Belgium, you can submit a complaint to the Authority for the protection of personal data (Privacy Commission), Drukpersstraat 35, 1000 Brussel (commission@privacycommission.be),https://www.privacycommission.be/nl/contact).

Data categories

The following categories of personal data can be distinguished:
* Contact data: in the event you make use of the contact form, you will be asked to provide the following information: name, address, e-mail address, phone number, and any personal data that you choose to put in the designated blank field (please do not provide us with any sensitive information, such as health information, information pertaining to criminal convictions, or credit card/account numbers). This is information that is provided directly by you.
* Usage data: We collect anonymous data regarding your activities on our website: IP address, device ID and type, referral source, language settings, browser type, operating system, geographical location, length of visit, page views, or information about the timing, frequency and pattern of your service use. This information may be aggregated and used to help us provide more useful information regarding the use of our website. In the event the usage data is completely anonymized (and can therefore not be traced back to you as an individual), this will not be considered personal data for the purpose of this Privacy Policy. This is personal data that is automatically collected through your use of the website.

The legal basis for the processing of your personal data is…
* Consent: you will, at all times, have the right to withdraw your consent. This will, however, not affect the lawfulness of any processing done prior to the withdrawal of consent. and;
* Legitimate interest: you will have the right to object to such processing, as set out in this Privacy Policy.

Your personal data will solely be used for the purposes as set out in this article.
Retention of your data and deletion
Your personal information will not be kept for longer than is necessary for a specific purpose. However, considering it is not possible for us to specify a period in advance, the period of retention will be determined as follows:
* Common interests;
* Business opportunities.
In the event you withdraw your consent or you object to our use of your personal data, and such objection is successful, we will remove your personal data from our databases. Please note that we will retain the personal data necessary to ensure your preferences are respected in the future.
The foregoing will, however, not prevent us from retaining any personal data if this is necessary to comply with our legal obligations, in order to file a legal claim or defend ourselves against a legal claim, or for evidential purposes.

Providing your personal data to others
We may also disclose your personal data in the event such disclosure is required or necessary in order to fulfil a legal obligation. We may also disclose personal data in order to protect your vital interests or the vital interest of another natural person.
As such, we do not disclose your personal data to our social media partners. We do, however, make use of social media plugins to direct you to our social media channels and to allow you to interact with our content. These social media channels are Facebook, LinkedIn, Twitter, Youtube. In the event you click such link, such social media service provider may collect personal data about you and may link this information to your existing profile on such social media.
We are not responsible for the use of your personal data by such social media service provider. In such case, the social media service provider will act as controller.
For your information only, we have included the relevant links (these may be changed from time to time by the relevant service provider):
* Facebook: http://facebook.com/about/privacy;
* LinkedIn: http://linkedin.com/legal/privacy-policy;
* Twitter: http://twitter.com/privacy;
* Youtube: https://support.google.com/youtube/answer/2801895?hl=en-GB

International transfers
We will ensure that any transfer of personal data to countries outside of the European Economic Area will take place pursuant to the appropriate safeguards.

Amendments to the privacy policy
From time to time, we have the right to modify this Privacy Policy. You will always be able to consult the most recent version of the Privacy Policy on the website.

Trust Policy

Trust is one of our core-values and we want to ensure you that every measure is taken that your data is processed in a safe and secure way. On top of that, you can easily consult, remove and update your personal data.
With GDPR we’ve provided several new ways for you to control your personal information. You can act on how your data is processed in the following ways:
* An improved transparent overview of what we do with your data;
* An explanation on how we collect your data;
* Clear, simple unsubscribe options regarding profiling for (personalized) direct marketing purposes;
* Easily act upon your rights.
Below a more detailed overview of how these ways will help you controlling your information.

A transparent overview of what we do with your data


We do not want to bother you with information you might not like, instead we want to inform you about what you love. Therefore, we collect your information.
We’ve provided an overview of what types of data we collect from you in the data-collection -tab.

An explanation on how we collect your data
We have a series of forms on our website you can fill in to get additional information regarding our services, products or events.
We also want to ensure that by submitting any form, you’ll only receive the communication for the purpose of the form unless you chose to check the ‘I would like to receive email updates from Brightfox’-checkbox.
For example: When you submit a form to download a whitepaper, you’ll only receive one email that contains your download link for the whitepaper.
Additionally, we collect anonymous data from you. This to improve our web-experience so you can better browse our web-portal the next time you visit us. We track on which page you entered the site, how long you spent time on a page and where you left. We do not relate this data to your personal information as we gather this data anomynously via Google Analytics. More information can be found on the data collection section.

Opting out for (personalized) direct marketing
When you no longer wish to receive our awesome content, you can choose to opt-out by submitting a request in the Requests section.
However, we’ve provided additional options in our email communications where you can choose which type of communication you still wish to receive and which you don’t.
Any request will be processed within 72 business hours on which you will get a personal notification upon completion.

Act on your Privacy & Rights


The General Data Protection Regulation (GDPR) comes with a few rights for you which you can act upon. You can find out what rights you have by visiting your rights section. Whenever you’d like to act upon your rights or have any questions regarding the processing of your data. You can submit a request in the Requests -tab.

Data collection

Protection of your Personal Data
Whenever you decide to reach out to us, you give us pieces of your personal data. As we appreciate your trust in us, we also know how precious that data is to you. Therefore, we make it our top-priority to keep your data stored in a secure and locked environment. So nobody who doesn’t have your consent can view your personal data.

Where’s your data stored?

We keep your personal data in our secure database called Salesforce. And that’s where your data stays. Your personal data will not be processed or transfer to third-parties for commercial purposes.

How is your personal data collected?
We collect your data via request submittals. Whenever you submit a request for a registration, download a whitepaper, application or simply to contact us; we ask for personal data. If you no longer wish to receive this communication, please follow the instructions below.

What Personal Data we collect from you?


– First and Last Name – To address you correctly because we think “Hi” is something you say to your friends.
– Mobile number – You’ll only be contacted by phone if you have submitted a request. We could communicate by phone for verbal communication, a text to remind you for an event you’ve registered or to check if everything is working as expected in your Salesforce instance.
– Language – To communicate with you in a language you can understand. At Brightfox we communicate by default in English, sometimes as well in dutch or french.
– E-mail address –  You’re receiving emails for the following communications. Being:
• News on Salesforce Products or Services
• Events;
• Whitepaper downloads;
• Service requests;
• Or simply contact us.

Why we collect your Personal Data


Initially, the data we collect from you may seem overwhelming but is crucial to provide you the level of service you deserve. In the following column you’ll see how we put your Personal Data to use, to give you the ultimate Brightfox Experience.
Customer Service / Tailored Advice
We communicate via phone, mail and/or social messages. To make sure you do not hear the same story twice, we keep track of it. We store each touchpoint in our secure database, Salesforce. We also learn from each touchpoint, so we can help you even better the next time we interact with each other.
Professional Communication
When you choose to subscribe to our professional communications you will receive
• News on Salesforce Products or Services
• Events;
• Whitepaper downloads;
• Service requests.
If you no longer like to receive these mails, you can always change the way you receive communication using the procedure below.
Web Improvement
We collect behavioral data in an anonymous way. We do this by registering anonymous, but unique, visits to see what activities each visitor has performed. Like viewing a page, time spent on a page, clicks, etc. This data is stored safely and anomynously in Google Analytics.

Request
 (Act upon your rights)
This section serves the purpose of changing the way we process your data.
Below you’ll find a form on which you can make requests regarding the personal data we store from you.

How do I make a request to act upon your rights?
Send  email to dpo@brightfox.be, mentioning the following information:
*Full Name
*Email address
* Phone/Mobile Phone number
* Request Option Right(s) to act upon:
1) The right to be informed
2) The right to restrict processing
3) The right to object
4) The right to be notified
5) Any other question regarding the processing of your personal data.
* Request my personal data • The right to access.
* Update my personal data • The right to have information corrected.
* Remove my personal data • The right to be forgotten/removed.
* Unsubscribe • To unsubscribe from future commercial communications.

Frequently Asked Questions



What is GDPR?
In its shortest version, GDPR or the General Data Protection Regulation is an EU legislation which comes into effect at the end of May 2018.
GDPR serves the purpose to protect an individual’s personal data that’s being processed by a business. Which means, giving you, the individual, the right to do whatever you wants with your personal data and act upon it whenever you like. And that’s definitely a good thing.
We’re happy to announce that we’ve giving you full control over your data, on which you can read more on in this Privacy & Safety policy.

Which rights do I have?
We’d like to inform you that GDPR also brings along a few additional rights for you which you are free to call upon at any given time. These rights include:
* The stopping the collection of your data;
* Consultating your data;
* Correcting of your data;
* Removing of your data;
* Forgetting of your data for future direct marketing;

How do I act upon my rights?
We’ve set up a simple way for you to control the way we process your data and act upon your rights.
 Simply sent an email to dpo@brightfox.be to submit your request and we’ll handle it as soon as possible.

How long does it take until my request is completed?
After you’ve sent your request email it takes up to 72 hours (business days) to complete your request. Afterwards, you’ll receive an email that your request has been succesfully handled.

Contact our DPO (Data Privacy Officer)

If you have any questions, concerns or complaints regarding this Privacy Policy or our processing of your personal data or you wish to submit a request to exercise your rights, you can contact our DPO.