Privacy policy

Object

This privacy policy (the “Policy”)  is drawn up ImplicitMeasures.com BVBA, with offices in 9052 Gent, Technologiepark-Zwijnaarde 82, registered in Belgium under nr. BE0657.989.701 (the “Controller”). The purpose of this Policy to inform visitors to the websites hosted at the following addresses: implicitmeasures.com, cognitiongate.com, cognitiongate-beta.com (hereinafter referred to as the “Websites”) of the manner in which data are collected and processed by the Controller. This Policy is in line with the Controller’s intention to act transparently, in compliance with its national provisions and with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data (as defined below) and on the free movement of such data and repealing Directive 95/46/EC (the “General Data Protection Regulation” or “GDPR”). The Controller pays particular attention to the protection of the privacy of its users and therefore undertakes all reasonable precautionary measures to protect any information collected relating to an identified or identifiable user (“Personal data”) against loss, theft, disclosure, or unauthorized use. If the user wishes to react to one of the practices described below, he may contact the Controller at the postal address or email address specified in the “Contact Details” section of this Policy.

Which data do we process?

The Controller collects and processes the following Personal Data according to the methods and principles described below:

    • The users’ domain (automatically detected by the Controller’s server), including the dynamic IP address;
    • The users’ e-mail address if the user has previously disclosed it, for example by sending messages or questions on the website, by communicating with the Controller by e-mail, by participating in discussion forums, by accessing the restricted part of the website by identification, etc.;
    • Any information concerning the pages that the user has consulted on the website;
    • Any information that the user has provided voluntarily, for example in the context of surveys and/or registrations on the website, or by accessing the restricted part of the website through identification.

Your account data

The Controller may collect data unrelated to the identity of the user (“Non-personal Data”). These data may be used for any purpose whatsoever, such as marketing purposes or to improve the Websites and the products and/or services offered. In the event that Non-personal Data are combined with Personal Data, so that identification of the data subjects is possible, such data will be treated as Personal Data until these data are properly anonymised.

Collecting methods

The Controller shall collect Personal Data in the following manner:

    • Cookies;
    • Website sign-up or download forms;
    • Usage logs.

Purposes of the processing

Personal data are collected and processed only for the purposes mentioned below:

    • Ensuring the management and control of the execution of the proposed services;
    • Sending and follow-up of orders and invoices;
    • Sending promotional information on existing and new products and/or services of the Controller;
    • Sending of promotional material;
    • Answering the user’s questions;
    • Performance statistics;
    • Improving the quality of the Websites and the products and/or services offered by the Controller;
    • Identification of the user’s interests.

The Controller may be required to carry out processing operations not yet provided for in this Policy. In this case, the Controller will contact the user before re-using his Personal Data, in order to inform him of the changes and give him the possibility, if necessary, to refuse such re-use.

Legitimate interest

Some data processing activities are based on the legitimate interest of the Controller. The legitimate interest is proportionate with regard to the rights of the users. For further details regarding the purpose of this type of data processing, users can contact the Controller directly (contact details provided below).

Duration of the storage

The Controller shall store Personal Data only for the time reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements. The Personal Data of a customer are kept for a maximum of 10 years after the end of the contractual relationship between the customer and the Controller. Shorter retention periods apply for certain categories of data, such as traffic data, which are stored for only 12 months. At the end of the storage period, the Controller shall make every effort to ensure that the Personal Data have indeed been made unavailable and inaccessible.

Exercise of rights

For all rights mentioned hereafter, the Controller can check the user’s identity before granting the right. The request for additional information by the Controller must be done within 1 month after the request made by the user.

Access to the data and copy

The user may obtain, free of charge, any written communication or a copy of their Personal Data collected by the Controller. The Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the user. If the user makes such a request electronically, the information shall be provided in a commonly used electronic format, unless the user requests otherwise. The copy of his data will be communicated to the user at the latest within one month after receipt of the request, except in case of a contrary provision in the GDPR.

Right of rectification

The user can request rectification of Personal Data which are inaccurate, incomplete, or irrelevant, or complete them if they prove to be incomplete. Except in case of a contrary provision in the GDPR, this request will be handled within one month after the request was made.

Right to object to processing

At any time and free of charge, the user may object to the processing of their Personal Data if:

    • Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
    • Data processing is necessary for the legitimate interests pursued by the Controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data prevail (in particular where the data subject is a child).

The Controller may refuse to exercise the user’s right of opposition if he establishes the existence of compelling and legitimate reasons justifying the processing, which take precedence over the interests or rights and freedoms of the user, or for the establishment, exercise, or defence of a legal claim. In case of dispute, the user may lodge an appeal in accordance with the point “claims and complaints” of this Policy. The user may, at any time, oppose, without justification and free of charge, the processing of their Personal Data if their data are collected for purposes of commercial prospection (including profiling). If Personal Data are processed for scientific or historical research purposes or for statistical purposes in accordance with the GDPR, the user has the right to object, for reasons relating to their particular situation, to the processing of their Personal Data, unless the processing is necessary for the performance of a task in the public interest. The Controller is obliged to reply to the user’s request as soon as possible and at the latest within one month and to give reasons for his reply if he intends not to comply with such a request, except in case of a contrary provision in the GDPR.

Right of limitation of the processing

The user may obtain the limitation of the processing of their Personal Data in the cases listed hereunder:

    • The user disputes the accuracy of the data and only the time that the Controller can control it;
    • The processing is unlawful and the user prefers the processing to be limited to deletion;
    • Although no longer necessary for the pursuit of the purposes of the processing, the user needs it for the establishment, exercise, or defence of his rights in court;
    • For the time necessary to examine the validity of an opposition request submitted by the user, in other words, for the Controller to check the balance of interests between the legitimate interests of the Controller and those of the user.

The Controller will inform the user when the limitation of the processing is lifted.

Right of erasure (right to be forgotten)

The user may obtain the deletion of their Personal Data, if one of the following grounds applies:

    • The data are no longer necessary for the purposes of the processing operation;
    • The user has withdrawn their consent to process their data and there is no other legal basis for the processing;
    • The user objects to the processing and there is no compelling legitimate reason for the processing and/or the user exercises his specific right of opposition in direct marketing (including profiling);
    • The Personal Data were unlawfully processed;
    • The Personal Data must be erased in order to comply with a legal obligation to which the Controller is subject;
    • The Personal Data have been collected in the context of the provision of information society services to children.

The deletion of data is, however, not applicable in the following 5 cases :

    • Data processing is necessary for the exercise of the right to freedom of expression and information;
    • Data processing is necessary for compliance with a legal obligation to which the Controller is subjected, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
    • Dara processing is necessary for public health reasons;
    • Data processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes and where the right to erasure is likely to render impossible or to seriously jeopardise the attainment of the purposes of the processing in question;
    • Data processing is necessary for the establishment, exercise, or defence of legal claims.

The Controller is obliged to reply to the user’s request as soon as possible and at the latest within one month and to give reasons for his reply if he intends not to comply with such a request, except in case of a contrary provision in the GDPR.

Right of “data portability”

The user may at any time request to receive his Personal Data free of charge in a structured, commonly used and machine-readable format, with a view in particular to transmitting them to another Controller, when:

    • The data processing is carried out using automated processes;
    • The data processing is based on the consent of the user or on a contract concluded between the user and the Controller.

Under the same conditions and in the same manner, the user has the right to obtain from the Controller that their Personal Data will be transmitted directly to another Controller, insofar as this is technically possible. The right of data portability shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

Recipients of data and disclosure to third parties

The recipients of the data collected and processed are, in addition to the Controller, his employees, subcontractors, or carefully selected business partners. In the event that the data are disclosed to third parties for commercial prospecting purposes, the user will be informed in advance so that they can choose whether or not to accept this data transfer to third parties. Since the transfer is based on the consent of the user, he can retract his consent at any time with regard to this exact purpose. The Controller respects the legal and regulatory provisions in force and will in all cases ensure that his partners, employees, subcontractors, or other third parties having access to these Personal Data comply with this Policy. The Controller reserves the right to disclose the user’s Personal Data in the event that a law, judicial procedure, or an order from a public authority makes such disclosure necessary. No Personal Data shall be transferred outside the European Union.

Security

The Controller shall implement appropriate technical and organizational measures to guarantee a level of security of the processing and the data collected with regard to the risks presented by the processing and the nature of the data to be protected appropriate to the risk. The Controller takes into account the state of knowledge, the costs of implementation, and the nature, scope, context, and purposes of the processing as well as the risks to users’ rights and freedoms. The Controller has put in place appropriate security measures to protect and avoid the loss, misuse, or alteration of information received on the website. In case a breach of Personal Data occurs, the Controller will undertake quick action to identify the cause and take appropriate measures to remedy the situation. The Controller informs the user of this breach if he is obliged to do so by law.

Claims and complaints

If the user has a complaint, it is advisable to contact the Controller directly. The user can also lodge a complaint with their national control authority, the details of which are listed on the following website of the European Commission: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. Finally, action can be undertaken before the court specified below.

Contact details

For any question and/or complaint, in particular as to the clear and accessible nature of the present Policy, the user may contact the Controller:

Applicable law and competent jurisdiction

This Policy is subject to Belgian law. Without prejudice to the Controllers’ right to seek injunctive relief in other jurisdictions, disputes regarding the execution, interpretation, or performance of this Policy will be subjected to the exclusive jurisdiction of the Ghent enterprise court (‘Ondernemingsrechtbank van Gent, Afdeling Gent’).

Miscellaneous provisions

The Controller reserves the right to modify the provisions of this Policy at any time. Changes will be published with a warning as to their coming into force. This version of the Policy dates from 04/11/2020.