This version is in effect since 2 April 2021
Your privacy is really important to us. We will ensure that your personal data is processed safely and lawfully, and always in accordance with applicable privacy legislation, and in particular with the General Data Protection Regulation ("GDPR").
This privacy statement sets out how Cumul.io, a public limited company ("naamloze vennootschap") with registered office at Tiensevest 102 box 201, B-3000 Leuven, Belgium, registered with the Crossroad Bank for Enterprises ("Kruispuntbank van Ondernemingen") under number 0640.944.227 (RLE Leuven) ("Cumul.io", "our" or "we") collects and uses personal information from customers and other individuals (collectively "you") who access or use our websites, including https://cumul.io, and our digital platform which allows you to connect and combine data and create dashboards, in order to get actionable insights from this data (the "Application") (together, the "Services").
By using our Services, you understand that we will collect and use your personal data as described in this Privacy Statement.
This Privacy Statement does not apply to any third-party websites and apps that you may use, including the ones in which our Services are embedded. You should review the terms and policies for such third-party websites and apps before using them.
If you have any questions about this Privacy Statement, you can join us at the following e-mail address: firstname.lastname@example.org.
Cumul.io acts as controller of your personal data when you are using our Services.
However, in some cases we may process your personal data pursuant to an agreement (including a data processing agreement) with a third party organization. In those cases, we act as a processor and the terms of that agreement govern how we process your personal data. If you believe a third party organization has asked us to process your personal data on their behalf, please consult with them in the first instance as they will be the controller of your personal data and as such, responsible for how we process your personal data. Otherwise, you can also contact us directly and we will redirect you to the controller of your personal data in case we process your personal data pursuant to an agreement on its behalf.
We collect three broad categories of information about you ( your "personal data") when you interact with us.
We collect personal data that you provide us to give you more information about our Services or to provide you with our Services
When you register on our website or you contact us via email or our contact form to obtain a demo, more information about our Services or (free trial or paid) access to our Services, you provide us with your personal data such as:
We refer to this type of personal data as "Customer Account Data".
When you are using our Services, we process personal data that you give us or that we collect automatically.
When you use or interact with our Application, you provide us with:
When you use or interact with our Services, we also collect automatically the following personal data:
We refer to this type of personal data as "Customer Data".
When you subscribe to our newsletters (or white papers), you provide us with your email address. We refer to this type of personal data as "Marketing Data".
The legal basis on which we rely to process your personal data depends on which type of data we process and for which purposes:
We use your Customer Account Data to the extent necessary to perform our Services in accordance with the agreement we entered into with you (you as a customer) or that we may enter with you (you as a potential customer).
This processing is performed for the following purposes:
We use your Customer Account Data and Customer Data further to our legitimate interests to:
get more analysis and insight on our Services, for example:
We will not transfer, transmit or otherwise disclose your personal data to third parties without your prior express consent except for the third parties described below:
Such third parties will only have access to the personal data they need to perform their tasks, and may not use such data for other purposes. The third parties to whom the personal data is transferred are also subject to an obligation of confidentiality and must provide the necessary guarantees that appropriate organizational and technical security measures are taken to protect your personal data.
In the event that the third parties listed above are located outside the European Economic Area, the transfer of personal data to these recipients will only take place if:
We will ensure that your personal data is not kept longer than necessary to fulfill the purposes we explained you under point 4. If you want more information about the retention periods of your personal data, please contact us at email@example.com.
We take appropriate and necessary organizational and technical security measures to protect your personal data and your privacy in order to prevent the loss, unlawful use or alteration of information we receive. Such measures include (i) log-on protection of the Personal Data, (ii) encryption of the Personal Data, (iii) anti-virus systems, (iv) anonymization of personal data; and (v) confidentiality obligations applying to all employees involved.
You have certain rights related to your personal information, which may differ depending on the legal basis we use to process them. You can find a description of your rights below.
If you want to exercise these rights, please send an email to firstname.lastname@example.org. We undertake to respond to any request to exercise the aforementioned rights within thirty (30) calendar days.
When we process your personal data on the basis of your consent, you have the right to revoke your consent to such processing at any time. You will not suffer any detrimental consequences if you do so. This consent withdrawal will not affect the lawfulness of the processing that occurred prior to the revocation of your consent.
When we process your data on the basis of our legitimate interests, you have the right to object to such processing activities at any time. If you object to a processing activity, we will no longer process your personal data for the purposes for which you do not want us anymore to process your data, unless we have compelling legitimate grounds for such processing or we need it for the establishment, exercise or defense of legal claims.
You have the right to be informed whether we are processing your personal data and, if so, to obtain access to such Personal Data and to receive the following information:
Furthermore, you also have the right to receive a copy of the personal data that you have provided to us in a structured, common and machine-readable format (via the email address that you have provided us with) so that you can pass it on to another data controller or so that we can pass it on to another data controller at your request and if technically possible. Requesting a copy is free of charge. If you request additional copies of your personal data, we may charge a reasonable fee to cover administrative costs.
In order to exercise your right of access, and to prevent any unauthorized disclosure of your personal data, you must provide us with proof of your identity. When exercising your right of access, we therefore ask you to add a copy of the front side of your identity card to your written request by email or post.
You have the right to have your personal data corrected or have inaccuracies rectified free of charge if your personal data is incomplete or inaccurate or is processed in an unlawful manner. Furthermore, you also have the right to complete incomplete personal data, including by providing a supplementary statement.
You have the right to request the deletion of your personal data as collected by us in the following cases:
In the event of a deletion request, you should be aware that we need to retain certain personal data in order to comply with our legal obligations or for the establishment, exercise or defense of legal claims.
Furthermore, you also have the right to request that we restrict the processing of your personal data to processing made: (i) for storage purposes, (ii) with your consent or (iii) or for the establishment, exercise or defense of legal claims in the following cases:
If you have a complaint on the processing of your personal data or on the exercise of your rights, please send an email to email@example.com. We undertake to respond to any request to exercise the aforementioned rights within thirty (30) calendar days.
Furthermore, you always have the right to lodge a complaint or initiate proceedings with the data protection supervisory authority ("Data Protection Authority" or "Gegevensbeschermingsautoriteit") with the following contact details: Data Protection Authority (GBA), Rue de la Press 35, 1000 Brussels, +32(0)2 274 48 00/+32(0)2 274 48 35, firstname.lastname@example.org, https://www.dataprotectionauthority.be.
We may make improvements, additions or changes to this Privacy Statement for a variety of reasons. We will post a notice of those changes on our website https://cumul.io.
This version was drawn up on 2 April 2021.
Older versions of this Privacy Statement will be stored in our archive and can be retrieved at any time by sending an email to email@example.com.