Latest change on: 7-3-2022
The website www.comanage.me (hereinafter the "Website") and the platform CoManage (hereinafter the "Platform") and services are offered by CRE8 BV (hereinafter "we" and "us"). Every person who visits our Website (hereinafter the "Visitor") as well as every person who uses our services/our Platform (hereinafter the "Customer") almost inevitably discloses certain personal data. This personal data constitutes information that allows us to identify you as a natural person, whether or not we actually do so. You are identifiable as soon as it is possible to create a direct or indirect link between one or more personal data and you as a natural person. Visitor and Customer are also referred to collectively as "you/your" in this privacy notice.
We use and process your personal data in accordance with the General Data Protection Regulation ("GDPR") and other relevant legal provisions. Any reference in this privacy notice to the AVG is a reference to the Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
Through this privacy statement you are informed of the processing activities we may carry out with your personal data.
This privacy statement applies when we act as a data controller of the processing of personal data of our Website, our Platform and of our services, in other words, when we determine the purposes and means of processing those personal data.
Please read this privacy notice carefully and make sure you understand it.
1.2 What is personal data?
Personal data is defined in the AVG as "any information relating to an identifiable person who can be identified, directly or indirectly." Personal data, in simpler terms, is any information about you that allows you to be identified. Personal data includes obvious information, such as your name and contact details, as well as less obvious information, such as identification numbers, electronic location data and other online identifiers.
We may update this Policy from time to time by posting a new version on our Website. This may be necessary, for example, if the law of changes, or if we change things in a way that affects the protection of personal data. We recommend that you check this page from time to time to make sure you are happy with any changes to this privacy statement.
2. Contact information
Our Website and services are offered and operated by CRE8 BV. We are registered in Belgium under registration number 0631.922.138 and our registered office is located at Diestersteenweg 462, 3680 Maaseik, Belgium.
You may contact us:
by mail, to the above postal address;
via the contact form on our Website;
by telephone, at +32 89 68 02 66; or
by e-mail, using email@example.com.
3. What personal data is processed and how is this data used?
3.1 Information processing
Depending on the capacity in which you visit or use our Website/Platform, we may collect and process the following personal data. The collection of personal data continues to expand with more intensive use of our Website and our services. In general, Customers will disclose more personal data than Visitors. Specifically, we process the following categories of personal data:
Type of data subject
Categories of personal data
Retention period (*)
The source of the technical data is the use of unnecessary cookies.
Technical data may be processed for analyzing/improving the use of the Website.
Please refer to the Cookie Statement on this Website.
The source of the technical data is the use of necessary cookies.
Our legitimate interests so that the Website functions technically well in accordance with necessary cookies as referred to in our Cookie Statement.
The source of account data is the information you provide when creating your account.
Account information may be processed to enable and monitor your use of our Website and services.
Execution of a contract between you and us at your request, taking steps to enter into such contract.
Data will be kept for a period of 3 years after the last login.
The source of the communication data is the information you provide to us when you contact us.
The communication data may be processed for the purpose of this communication with you and record keeping.
Our Legitimate Interest, to respond to requests, questions or comments or to contact you for questions of any kind (e.g., when you contact us via social media, the contact form on our Website, phone or email);
Personal information will be retained until we believe you are satisfied with our response.
The source of transaction data is the information you provide to us when you make purchases through our Website. The transaction data may be processed for providing the services and keeping proper records of those transactions.
Performance of a contract between you and us
At your request, taking steps to enter into such a contract.
Personal data will be kept for the duration of the contract. After termination of the contract, personal data will be kept for another seven years to fulfill the legal obligation (tax obligation).
Newsletter data (direct marketing):
The source of newsletter data is the information you provide Us when you sign up for the newsletter.
The newsletter data is processed to send you newsletters from Our Platform (related to news, updates, sweepstakes, content and new products) for which you have consented. You may unsubscribe at any time by clicking the "unsubscribe" link in the relevant email or by any other action described therein.
Your data will be processed until you unsubscribe.
In addition, We may process your personal data when necessary to comply with a legal obligation to which We are subject (such as tax laws). Notwithstanding the above, We may retain your personal data where this would be necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in administrative or extrajudicial proceedings. The legal basis for this processing is our legitimate interests, namely the protection and exercise of our legal rights.
A processor is a natural or legal person who processes personal data at our request or on our behalf. We may sometimes contract with this party to provide certain products and/or services. In other words: We use processors because it is necessary for the provision of services. In this case, we will enter into a written agreement with the processor whereby the security of your personal data is guaranteed by the processor. The processor will always act in accordance with our instructions.We use the following categories of processors:
Companies we have engaged for marketing purposes;
Companies we have engaged for administrative purposes (e.g. CRM system);
Companies we have engaged for analytical purposes;
Companies we have engaged for logistical purposes (e.g. order picking, delivery, etc.);
Companies we have engaged for payment purposes.
Companies we have engaged for ICT -technical support and hosting purposes;
Companies we have engaged for communication purposes (e.g. live chat on the Website);
4. Providing your personal data to third parties.
We will not share your personal data with third parties (other than processors) for any purposes, subject to the following exceptions.
In some circumstances, we may be required by law to share certain personal data, including yours, if we are involved in legal proceedings or for compliance with legal obligations, a court order or the instructions of a government agency.
We may provide your personal data to a third party (often partners) whose content appears on our Website for the purpose of, among other things, enabling them to contact you to offer you relevant services. Please note that we have no control over the activities of these third parties, nor over the data they themselves collect and use. We recommend that you check the privacy policies of these third parties. The table below provides more details on the disclosure of your personal data to third parties.
Google (Google Analytics)
5. International transfer (outside EEA) of your personal data
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the "EEA" consists of all EU member states, plus Norway, Iceland and Liechtenstein). These are known as "third countries" and may have less stringent data protection laws than those in the EEA. This means that we take extra steps to ensure that your personal data is treated as securely and reliably as it is in the EEA.
We use specific contracts with external third parties approved by the European Commission (also known as Standard Contractual Clauses: SCC) for the transfer of personal data to third countries. The SCCs guarantee the same level of protection of personal data as would apply under the AVG. In addition additional measures are taken to protect your data from unauthorized access. More information is available from the European Commission.
6. Your rights
Some rights are complex and not all details are included here. Please therefore read the relevant provisions and guidelines of supervisory authorities for a full explanation of these rights.
You can exercise your rights with respect to your personal data by giving us written notice. Please see section 2 for contact details.
We will respond to your request within one month of receiving your request. We normally aim to provide a full response within that time. However, in some cases, especially if your request is more complex, more time may be required, up to a maximum of three months from the date we receive your request. You will be kept fully informed of the progress..
6.1 The right to access
You have the right to confirm whether or not we process your personal data and, where we do, to access the personal data, together with certain additional information. This additional information includes details of the purpose of the processing, the categories of personal data concerned and the recipients of the personal data. Provided that the rights and freedoms of others are not affected, we will provide you with a copy of your personal data. The first copy will be provided free of charge, but additional copies may be provided for a reasonable fee.
6.2 Right of rectification
You have the right to have inaccurate personal data about you corrected and, taking into account the purposes of processing, to have incomplete personal data about you completed.
6.3 The right to erasure ("right to oblivion")
In some circumstances, you have the right to have your personal data erased without undue delay. These circumstances include:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdraw your consent to processing based on consent;
you object to processing under certain rules of applicable data protection law (the AVG);
the processing is for direct marketing purposes;
the personal data has been processed unlawfully;
the personal data must be deleted to comply with a legal obligation incumbent upon us.
However, there are exclusions to the right to delete data. The general exclusions include where processing is necessary:
for the exercise of the right to freedom of expression and information;
for compliance with a legal obligation incumbent upon us; or
for the establishment, exercise or defense of legal claims.
6.4 The rights to restrict processing
In some circumstances, you have the right to restrict the processing of your personal data. These circumstances are: you dispute the accuracy of the personal data; the processing is unlawful, but you oppose erasure; we no longer need the personal data for our processing, but you need personal data for the establishment, exercise or defense of legal claims; and you have objected to the processing, pending verification of that objection.
If processing is restricted on this basis, we may continue to store your personal data. However, we will only process them otherwise: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for important reasons of public interest.
6.5 The right to object to processing
You have the right to object to our processing of your personal data for reasons related to your specific situation, but only to the extent that the legal basis for the processing is that the processing is necessary for the purposes of legitimate interests pursued by us or by a third party. If you raise such an objection, We will stop processing the personal data unless We can demonstrate that there are compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or that the processing is for the establishment, exercise or defense of legal claims.
In addition, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you object, We will stop processing your personal data for this purpose.
Furthermore, you have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes for reasons related to your specific situation, unless the processing is necessary for the performance of a task carried out in the public interest.
6.6 The right to data portability
Insofar as the legal basis for our processing of your personal data is based on:
the processing is necessary for the performance of a contract to which you are a party, or to take action at your request before entering into a contract; or
such processing is carried out by automated means,
you have the right to receive your personal data from us in a structured, commonly used and machine-readable format.
However, this right does not apply where doing so would compromise the rights and freedoms of others.
6.7 The right to complain to a supervisory authority
If you believe that our processing of your personal data violates the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority responsible for data protection. In Belgium, the supervisory authority is the Data Protection Authority (GBA). In the Netherlands, the supervisory authority is the Authority Persoonsgegevens (AP). Data subjects from other member states have the right to file a complaint with their own national supervisory authority. For an overview of the contact details of these authorities, click on this link.
Data Protection Authority (GBA)
Drukpersstraat 35, 1000 Brussel
+32 (0)2 274 48 00
Autoriteit Persoonsgegevens (AP)
2594 AV DEN HAAG
6.8 The right to withdraw your consent
Insofar as the legal basis for our processing of your personal data is consent, you have the right to withdraw this consent at any time. Revocation does not affect the lawfulness of the processing prior to the revocation.