Protecting your personal data is important to us, and therefore we have created this policy that outlines how we handle your personal data. ISPA always complies with the applicable laws and regulations, including the GDPR.

1. Who is the data controller?
ISPA, located at ISPA Rue de la Loi 38 / 5 – 1000 Brussels, is the data controller responsible for processing your personal data. If you wish to contact us, you can do so via the following contact details:
ISPA
Rue de la Loi 38 / 5
1000 Brussels
info@ispa.be

If you contact us to exercise one of your rights (see point 7), we ask that you clearly indicate which right you wish to exercise. Please be as specific as possible when exercising your rights.
In the context of data hosting, management, and maintenance by ISPA (including support and security), and the installation and migration of hardware, ISPA is also a data processor. This is addressed in the agreements between ISPA and the data controller(s). This does not form part of the current Policy.

2. What personal data do we process?
Depending on your capacity, we collect the following personal data:

From customers:
 General identification details (such as name, title/position, salutation, address, mobile and/or phone number, email, identification details assigned to the customer, identity card number, national register number);
 Financial details (such as identification and bank account numbers; solvency assessment based on public data; financial transactions);
 Professional activities (including the nature of the activity, the type of goods/services used by the person included in the file, business relationships);
 Agreements and arrangements with ISPA;
 Electronic identification details (such as IP address and cookies) if the customer visits the website;
 Any other personal data that the customer lawfully provides to ISPA;

From prospects:
 General identification details (such as name, title/position, salutation, address, mobile and/or phone number, email, identification details assigned to a prospect, identity card number, national register number). These personal data may originate from other sources, such as purchased databases or public sources;
 Professional activities (including the nature of the activity, business relationships). These personal data may originate from other sources, such as purchased databases or public sources;
 Electronic identification details (such as IP address and cookies) if a prospect visits the website;
 All data related to pages from other sites that you have viewed on our website;
 All data related to pages that you have viewed on our website;
 Any other personal data that a prospect lawfully provides to ISPA;

 

From suppliers:
 General identification details (such as name, title/position, salutation, address, mobile and/or phone number, email, identification details assigned to the supplier, identity card number, national register number);
 Financial details (such as identification and bank account numbers; solvency assessment; financial transactions);
 Professional activities (including the nature of the activity, the type of goods/services supplied by the person included in the file, business relationships);
 Agreements and arrangements with ISPA;
 Electronic identification details (such as IP address and cookies) if the supplier visits the website;
 All data related to pages from other sites that you have viewed on our website;
 All data related to pages that you have viewed on our website;
 Any other personal data that the supplier lawfully provides to ISPA;

If you provide us with personal data of a third party, such as your:
o staff;
o independent contractors;
o directors;
o representatives;
o customers;
o suppliers;
you guarantee to ISPA that:
o these personal data have been lawfully obtained from the third party and lawfully provided to ISPA;
o you provide ISPA with up-to-date personal data;
o you have provided this third party with relevant information about the existence and content of this Policy.

3. Why do we process personal data (purposes)?
Personal data are processed for the following purposes:
3.1. Execution of the agreement
o Creating a personal account;
o Correct execution of the agreement;
o Preparing invoices and billing information;
o Customer service: to assist you quickly in case of questions and/or issues;
o Performing credit checks and investigating, preventing, and combating fraud;
3.2. Purchases in the webshop
o Execution and compliance with the agreement regarding the purchase of products or services in the store or on the webshop;
o Processing orders, returns, and any after-sales services: to deliver and keep you informed of these orders and/or returns;
o For any repairs;
o Preparing invoices and billing information;
o Checking your age to verify if you have the legal age to make online purchases;
3.3. Direct marketing
o Sending newsletters, offers, promotions, etc., to prospects.
If you no longer wish to receive this communication, you can unsubscribe via the provided opt-out. Afterward, you will no longer receive direct marketing from us regarding the no longer desired communication, and we will stop processing your personal data for these direct marketing purposes.
3.4. Necessary for the operation of our business
o Improving our services;
o Sending newsletters, offers, promotions, etc., to customers. You can always unsubscribe via the opt-out in the email;
o Preventing misuse or improper use of our services;
o Retaining personal data as evidence or for initiating a legal claim;
o Sending surveys so we can improve our services;
o Retaining personal data to register attendance at/participation in events.
3.5. Compliance with legal obligations
o Compliance with legal obligations (e.g., in the context of anti-money laundering and counter-terrorism legislation);
You are not obliged to share your personal data with us, but if you do not provide the requested personal data, we may not be able to deliver the desired services and/or products.

4. Legal basis for personal data?
The processing of personal data under points 3.1 and 3.2 is based on the execution of the agreement or to take measures at the request of the data subject before the conclusion of the agreement.
The processing of personal data under point 3.3 is based on the explicit consent of the data subject.
The processing of personal data under point 3.4 is based on the legitimate interest of our company (only when our company's legitimate interest outweighs the interest of the data subjects; upon request, you can receive more information about this assessment). The interests were further explained under point 3.5.
The processing of personal data under point 3.5 takes place to comply with legal obligations that rest on our company.

 

5. With whom do we share personal data?
We do not provide personal data to third parties unless these parties are contractually bound to ISPA or act on behalf of ISPA and for the respective purposes stated above.
Naturally, we also make agreements with these external parties regarding your data protection.
We do not provide personal data to companies outside the European Economic Area unless there is an adequacy decision, appropriate safeguards, binding corporate rules, or transfers referred to in Article 49, paragraph 1 GDPR.
In legally specified cases, we are required to share certain personal data with specified authorities.

6. How long do we retain personal data?
We retain personal data only as long as it is necessary for exercising the purposes specified above.
Since the retention period depends on the purpose and the type of personal data, retention periods vary.
7. What rights do you have?
7.1. Right of access, rectification, or erasure
7.1.1. Access
You have the right to access your personal data. If you request it, we will provide you with a copy of the processed personal data.
7.1.2. Rectification
You have the right to have incorrect or incomplete personal data corrected.
7.1.3. Erasure
You have the right to request ISPA to delete your data in the cases specified in Article 17, paragraph 1 GDPR, such as if you withdraw your consent or object to processing for direct marketing. ISPA will delete your data without delay unless Article 17, paragraph 3 GDPR applies. For example, ISPA will not be required to delete your personal data if it is necessary to comply with a legal obligation.
7.2. Right to restrict processing concerning you
You have the right to restrict processing in the cases specified in Article 19, paragraph 1, for example, if the accuracy of the personal data is disputed.
7.3. Right to data portability
You have the right to request the personal data you have provided to ISPA or have them transferred to another company.
7.4. Right to withdraw consent
You have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of the processing based on consent before its withdrawal.
7.5. Right to lodge a complaint with a supervisory authority
If you disagree with ISPA's position, have comments regarding the exercise of your rights, or believe that processing your personal data is not compliant with legislation, including the GDPR, you can file a complaint with the supervisory authority (https://www.gegevensbeschermingsautoriteit.be/).
7.6 Right to object to processing
You always have the right to object to processing for the purpose of direct marketing. Practically, you can do this through the provided "opt-out." Afterward, you will no longer receive direct marketing from us regarding the no longer desired communication, and we will stop processing your personal data for these direct marketing purposes.
Naturally, we may still contact you regarding the execution of the agreement. Moreover, you also always have the right to object to processing based on Article 6, paragraph 1, (e) or (f) GDPR.

8. Website security
When ISPA receives or transfers your personal data on the website, we always use encryption technologies recognized as industry standards in the IT sector. We have implemented the necessary security measures to prevent the loss, misuse, or alteration of information we receive on our website. When we receive or transfer certain critical information, such as financial information, we use a secure server.

9. Cookies
ISPA also uses cookies on the website. Cookies are small pieces of information stored by the browser on your computer, allowing us to record certain information about users of the website (e.g., language preference, duration of your visit to the website, etc.). This data helps us tailor the website better to your needs, preferences, and ease of use.