1 General
This notice explains how, as a data controller, Isabel NV/SA (“we”, “us”, “our”, “Isabel”) with offices at Keizerinlaan 13-15, 1000 Brussels, Belgium (phone: +32 2 545 17 11) processes personal data we collect from you through the www.isabel.eu website and/or Isabel 6 application.
Isabel is part of Isabel Group which is composed of
· Isabel NV/SA, with offices at Keizerinlaan 13-15, 1000 Brussels, Belgium (phone: +32 2 545 17 11);
· CodaBox NV/SA, with offices at Diestsepoort 1, 3000 Leuven, Belgium (phone: +32 2 880 84 80);
· Clearfacts BV/SRL, with offices at Posthoflei 1 / Box 1A, 2600 Antwerpen, Belgium (phone: +32 3 369 55 66); and
· Clearnox SAS, with offices at 8 Rue Honoré de Balzac, 37000 Tours, France (phone: +33 2 47 60 65 96).
2 Updates to this Privacy Notice
We reserve the right to modify this notice at any time, but will in any case do so in accordance with applicable laws and regulations. We will inform you, when possible, of any substantial changes to this notice.
This notice was last modified and revised on the 02/06/2023.
3 Information We collect
3.1 Customer Relationship
When you or your company becomes a customer of Isabel Group or one of its member companies, we collect the following types of personal data about you:
a. Identification data: your name, email address, language preference and phone number, we will also assign you or your company a customer number;
b. The products you or your company uses and invoicing information.
3.2 Services Registration
When you request information about our services, we collect the following types of personal data about you:
a. Identification data: your name and title, address, phone number, email address and information about your company, its number of banks used and potential users of the services;
b. We also collect all emails we exchange with you.
When you register your company for the use of Isabel 6, we collect the following types of personal data:
a. About you, as legal representative of the company:
i. Identification data: name, professional email, professional phone number, signed copy of an official identity document (ID card, passport...);
ii. Work information: employer, work address;
b. About your company’s billing contact:
i. Identification data: name, professional email, professional phone number, professional fax number;
ii. Work information: job title, employer;
c. About your company’s users:
i. Identification data: name, professional email, professional phone number, professional fax number, signed copy of an official identity document (ID card, passport...), PKI card user ID (if used);
ii. Identification data for itsme® registration: National Registration Number, itsme® identifier;
iii. Personal characteristics: gender, date of birth, language;
iv. Work information: job title, employer, work address.
We may collect some of the above information from data.be, when you provide us with your company number; this avoids you from having to complete all the fields manually.
3.3 Services Use
When you use Isabel 6, we collect the following types of personal data:
a. Identification data: PKI card user ID or itsme® identifier, identification information of your company’s financial transactions counterparties; and
b. Data relating to security: history of transactions encoded and/or validated.
3.4 Customer Support
When we initiate a screen sharing session with you, to support you in the use of our products, we collect the following types of personal data about you:
a. Identification data: your name and email address;
b. Any information shared during the screen sharing session (audio and video).
When you contact us through our website or by phone, we collect the following types of personal data about you:
a. Identification data: your name and title, email address and phone number (optional);
b. Information relating to your company: your company name and your function within that company;
c. Data relating to security: your IP address, security logs, connection and activity logs, and the user agent of your web browser;
d. Any additional information you would include in the messages you are sending us; and/or
e. Any information shared during the call.
We may also collect, when you provide it, information relating to your personal assistant.
When we contact you regarding “parked payments” (payment transactions suspended because of their unusual characteristics), we collect the following types of personal data about you:
a. Identification data: your name and email address;
b. Your decision to release or cancel the payment;
c. Any information shared during the call.
3.5 Marketing
When you register for and/or attend an event we organise, we collect the following types of personal data about you:
a. Identification data: your name and title, email address and phone number;
b. Information relating to your company: your company name;
c. Any other information relating to the event.
We also collect personal data about you from other events organisers to which you have provided consent to share those personal data with us.
When you register for and/or attend a webinar we organise, we collect the following types of personal data about you:
a. Identification data: your name, email address, phone number and IP address;
b. Data relating to your company: its name and VAT number;
c. Data relating to security: security logs, connection and activity logs, and the user agent of your web browser;
d. The questions you may send during the webinar.
When you participate in one of our surveys, we collect the following types of personal data about you:
a. Identification data: your name and email address;
b. The responses you provided to the survey.
When you register to our newsletter, we collect the following types of personal data about you:
a. Identification data: your name, professional email and language preference;
b. Work information: your company name and address;
Your device and usage information are also collected when you read the newsletters.
3.6 Website browsing
While you browse our website, we collect the following types of personal data about you:
a. Identification data: your IP address;
b. Data relating to security: security logs, connection and activity logs, and the user agent of your web browser;
c. When you allow us, we also collect data relating to your use of the website such as the pages you consulted or if you already visited our website in the past.
4 Processing purposes
We reserve the right to modify this notice at any time, but will in any case do so in accordance with applicable laws and regulations. We will inform you, when possible, of any substan
Your personal data is processed for the following purposes:
a. Where it is necessary for the performance of a contract between you and us or in order to take steps, at your request, to enter into a contract:
i. To allow you and/or your company users to register and use our services.
ii. To send you important communications relating to your use of the services.
iii. To provide you with the information you have requested and answer your questions when you contact us.
iv. To provide you with support when you face issues in your use our services.
v. To manage the relationship between you, our customer, and us and other members of the Isabel Group.
vi. To invoice your company or relying parties for the use of our services.
vii. To ensure the security of our services, including your data.
viii. To allow you to register to and attend our webinars or our events.
ix. To provide you with a payment initiation interface.
x. To provide you with an account information interface.
b. Where you have given your consent:
i. To contact you, as per your request, and provide you with more information about our services.
ii. To contact you, as per your request, and book an appointment with you.
iii. To allow us to send you promotional offers and information on our and other members of the Isabel Group products, in line with your choices.
iv. To send you surveys, allowing us to receive feedback allowing us to improve our products.
v. To collect your feedback on our products and services.
vi. To initiate screen sharing session when you request it to obtain support.
vii. To place cookies on your browser and perform advanced statistics based on the information Those cookies provide us.
c. Where necessary for our legitimate interests, as listed below, and where not overridden by your interests or fundamental rights and freedoms:
i. To ensure the security of our and other Isabel Group applications, services, processes, websites and databases.
ii. To perform company verifications (KYC: Know Your Customer) on the legal entity of new clients and to register this information into our group customer relationship management system
iii. To train and apply the anti-fraud algorithms used within Isabel and Isabel Group.
iv. To retain a trace that a parked payment was asked for release or cancellation by the payment initiator.
v. To retain a trace of our business relationships with you, as an Isabel Group existing or prospect customer.
vi. To support you in completing your registration with our services when your registration was not fully completed.
vii. To allow for business correspondence and business meetings to take place.
viii. To allow review of past calls for training of agents and for quality control.
ix. To retain traces of actions taken during screen sharing sessions.
x. To send existing customers information on the evolution of Isabel Group and its member companies’ products; you may request these communications to stop at any time via an unsubscribe link present at the bottom of every communication.
xi. To improve our services and develop new group-wide commercial offers by identifying e.g. trends, recurrent issues, customer behaviours, through your use of our services;
xii. To advertise our services towards existing customers.
xiii. To get non-nominative information on the visitors that consult Isabel Group websites.
xiv. To create a database of trusted combinations of IBAN numbers and account owners that will be used for fraud prevention purposes.
For these purposes, we have conducted a balancing test, as the law requires, and have determined that, taking into account the limited personal data collected, the processing performed and your reasonable expectations, our legitimate interest in conducting these processing activities is not overridden by your interests or fundamental rights and freedoms.
d. Where it is necessary for us to comply with our legal obligations, such as reporting crime or crime intent, or tax reporting.
5 Disclosure and transfer of personal data
In order to deliver our services to you and for the above purposes, we need to share your personal data with:
a. Isabel and Isabel Group personnel with access on a “need to know” basis and to contractors who have signed a confidentiality agreement with us.
b. Your bank and your financial transactions’ counterparties’ bank.
c. Third party processors, located in Belgium, who support us in the processing of your personal data only on our instructions and who are subject to appropriate confidentiality obligations:
i. Zetes, who manufactures our PKI cards.
ii. PointerPro, who provides us with a survey solution.
iii. Proximus, who provides and maintains our call centre and customer relationship solutions.
iv. Groep Arthur, who helps us with the organisation of events.
v. Flexmail, who allows us to send bulk mailings for newsletters and marketing campaigns.
vi. equensWorldline, who provides the Card Stop services for our customers.
d. Third party processors, located in the European Economic Area, who support us in the processing of your personal data only on our instructions and who are subject to appropriate confidentiality obligations:
i. Microsoft, who provides and maintains our customer relationship and screen sharing solutions.
ii. Google Analytics, who provides us with simple statistics on the number of unique visitors on our website.
iii. Amazon Web Services (AWS), who is responsible for hosting our website and applications.
e. Third party processors located in the United States of America, who support us in the processing of your personal data only on our instructions and who are subject to appropriate confidentiality obligations:
i. Zoom, who provides us with a webinar solution.
f. Government institutions or regulatory bodies in compliance with our reporting obligations.
As part of our Anti-Money Laundering obligations, we will submit your identity documents to www.checkdoc.be to verify the validity of these documents.
6 Data Security and Retention
Your personal data is and will be kept strictly confidential.
We take all reasonable steps to protect your personal data. This includes setting up processes and procedures to minimise the unauthorised access to, or disclosure of your personal data. We ensure that the third parties we share your personal data with also have adequate security measures in place.
We will store your personal data for as long as it is necessary to achieve the purposes defined in section 4 (Processing Purposes), with maximum retention periods as defined below:
a. Data collected to create a personal account on our platform will be kept for as long as your account is not deleted (upon your or your company’s request);
b. Basic customer data and billing information will be kept for 10 years after the end of our contractual relationship.
c. Data used to perform company verifications on legal entity of new clients will be kept for 10 years after the end of our contractual relationship, as required by Belgian law;
d. Data used to perform payment execution verifications will be kept for 10 years, as required by Belgian law;
e. Data collected to release or cancel parked payments will be kept for 10 years.
f. Activity logs will be kept for 10 years after the end of our contractual relationship, as required by Belgian law;
g. Data collected when you purchase services from us will be kept for 10 years after the end of our contractual relationship, as required by Belgian law.
h. Data collected when you use our services will be kept for 10 years after the end of our contractual relationship, as required by Belgian law;
i. Data collected when you contact us for questions or support will be kept for 10 years.
j. Data collected when you request information about our services will be kept for 3 years or until you request us to delete your data.
k. Calls and screen sharing recording will be kept for 1 month.
l. Data collected for statistics purposes will be kept for 14 months.
m. Data collected to allow you to register and attend our webinars will be kept for 12 months.
n. Data collected to allow you to register and attend our events will be kept for 1 month after the events take place.
o. Data collected through surveys will be kept for 12 months.
p. Technical and security logs will be kept for a maximum of 6 months.
q. Data backups, created for security reasons, are kept for 4 weeks;
r. Data collected for marketing purposes will be kept for as long as we have your consent.
s. Information related to reliable IBAN numbers will be retained until we are notified that the account linked to that IBAN has been closed.
7 Children
Users of Isabel 6 services must be at least 18 years old.
8 Automated Decision-Making and Profiling
No automated decisions will be taken about you as part of the processing described in this notice.
A profile of your behaviour when you use our website will be created by Isabel Group if you accept our advertising and tracking cookies to be placed on your computer.
9 Your rights
You have the right to ask us for a copy of your personal data, to ask us to correct, delete or restrict (stop any active) processing of your personal data and to obtain the personal data you provided us in a structured, machine-readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular when we do not have to process your personal data to meet a contractual or other legal requirement).
Where we have asked for your consent, you may withdraw this consent at any time; however, this will not affect processing that has already taken place before the withdrawal. You may withdraw your consent, linked to our use of cookies, by deleting the cookies linked to our domain.
You may exercise the above-mentioned rights by contacting us as described in the “Contact us” section below.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information that we are required to keep by law or that we have a compelling legitimate interest to keep.
If you have unresolved concerns, you have the right to complain to the Data Protection Authority: https://www.dataprotectionauthority.be/.
10 Contact us
If you have any questions about this Privacy Notice or wish to contact us for any reasons in relation to the processing of your personal data, please contact our Data Protection Officer at Isabel NV/SA, by sending an email to privacy@isabelgroup.eu, or by sending a dated and signed request to Isabel NV/SA, Keizerinlaan, 13-15, 1000 Brussels, Belgium.
11 Cookies