Protection of privacy and personal data
In this document, Groep Caenen Capital Fund is abbreviated to GCCF.
This privacy statement explains how the various companies of Groep Caenen Holding, with its registered office at Leopoldlaan 121, 8430 Middelkerke, Belgium, handle the personal data of their customers and all other natural persons in contact with GCCF.
The privacy legislation (in particular, the “Act of 8 December 1992 on the protection of privacy in relation to the processing of personal data” and the “European General Data Protection Regulation of 27 April 2016”, also known as the “General Data Protection Regulation” (GDPR)) provides safeguards for the protection of the privacy of (natural) persons in relation to the processing of their personal data. In line with the aforementioned legislation, GCCF has drawn up this privacy statement.
More general information on data processing may be obtained from the Data Protection Authority (www.privacycommission.be).
2. PROCESSING OF PERSONAL DATA
All personal data is processed with due care by GCCF, in accordance with the law. If you have any questions regarding the protection of your privacy, please do not hesitate to contact GCCF. You may contact the company by sending an e-mail to firstname.lastname@example.org. Personal data are only processed for specific, explicitly described and justified purposes For the record, Article 3 provides more detail on these purposes.
Personal data are only processed if at least one of the following legitimate purposes is met:
- the data subject has granted his/her consent to the processing of personal data;
- the processing of personal data is required for the performance of an agreement to which the data subject is party, or to take (pre)contractual measures required for the conclusion of an agreement following a request from the customer;
- the processing of personal data is required to fulfil a legal obligation resting on GCCF;
- the processing of personal data is required to safeguard a vital interest of the data subject;
- the processing of personal data is required to promote the legitimate interests of GCCF or of a third party to which the personal data are provided.
- All personal data will be erased upon expiry of the retention periods set by GCCF (as per Article 7), unless the data are transferred to an archive facility for archive management and/or dispute handing.
GCCF may gather and process the following personal data (this list is non-exhaustive):
- identification details (name, surname, date, place and country of birth, nationality etc.);
- contact details (postal and e-mail address, landline and mobile telephone number);
- marital status and family details;
- bank and financial details;
- real estate information (administrative documents and/or permits, private or official instruments);
- details regarding occupation, employer, job role, income and other financial details;
- details about and digital footprints of any (mobile) devices of the data subject.
3. PROCESSING PURPOSES
GCCF only processes those personal data that are strictly necessary. Within GCCF, these personal data are made available to employees who are authorised for this purpose, as detailed in Article 8.
GCCF gathers and uses personal data for the following purposes, amongst others:
- the provision of information before, during and/or after the conclusion of any engagement or agreement with the data subject;
- dispute management;
- compliance with the legislation and regulation to which Caenen is subject;
- customer or relationship management;
- marketing policy;
- the training, coaching or supervision of employees (e.g. the detection, handling or prevention of legal or contractual breaches), HR purposes etc.
- Generally speaking, the processing of personal data will be necessary to (i) enable Caenen to take certain measures before the conclusion of any agreement at the request of the data subject, (ii) fulfil any engagement or agreement and (iii) comply with the law of any legitimate interest of GCCF.
The data subject is exclusively responsible for the data he/she provides.
4. DISCLOSURE OF DATA TO THIRD PARTIES
GCCF may enlist external service providers as part of its operations. GCCF may disclose personal data to these external service providers, insofar as required for the performance of their tasks.
GCCF cannot be held liable for the transactions of external service providers, including when GCCF or these external data providers disclose (or are obliged to disclose) personal data on the grounds of (i) a legal provision, (ii) a legitimate interest, (iii) an express order from a supervisory or administrative authority, (iv) police, investigative or judicial proceedings or (v) a court ruling.
5. PERSONAL DATA PROTECTION
Taking into consideration (i) the state of technology; (ii) the costs of implementation; (iii) the risks inherent in processing and (iv) the nature of the personal data, GCCF will take suitable technical and organisational measures to protect the personal data against (amongst other things) destruction, loss, falsification, unauthorised disclosure or access and any other form of unlawful processing of the personal data.
6. RIGHTS OF THE DATA SUBJECT
Right to information
Through this privacy statement, GCCF intends to inform you as comprehensively as possible regarding the processing of your personal data. Your data are processed for legitimate purposes in a suitable, relevant, secure and proportional manner; they are not retained for any longer than necessary and they are at all times processed with the greatest possible integrity and confidentiality.
Right to access data
You always have the right to check the legitimacy of any processing activity involving your personal data and to ask GCCF to provide you with information regarding the processing purposes, the categories of your personal data, the categories or recipients of your personal data, the retention periods and the rights you may exercise.
You also have the right to ask GCCF to provide you with a copy of any personal data of yours that have been processed. In principle, this copy will be provided free of charge, unless your request is unreasonable or excessive. In such cases, GCCF may charge an administrative fee.
Right to deletion of data
You have the right to ask GCCF to delete your personal data if GCCF no longer has a legitimate reason for processing these data. You may exercise this right in the following circumstances:
- Your personal data are no longer required to fulfil the intended purpose;
- You can prove to GCCF that your personal data were processed unlawfully;
- Your personal data must be deleted following a legal obligation;
- You revoke your consent for us to process your personal data and there are no other lawful grounds to process your data;
- You have successfully exercised your right to object (see clause 8.6)
- However, GCCF retains the right to refuse your request for deletion (subject to justification) and cannot be held liable for the fact that deleted personal data temporarily remain stored elsewhere, outside of its knowledge.
- Right to correct data
You have the right to correct any inaccurate data or to supplement any incomplete data by simple request to GCCF.
Right to restrict processing
- In one of the following circumstances, you have the right to demand a restriction of the processing of your data:
- You dispute the accuracy of the personal data processed by GCCF and GCCF has been granted a reasonable period to check the accuracy of these personal data;
- You can prove that any processing by GCCF was unlawful and you request a restriction;
- GCCF no longer needs the data, but you do need the data to exercise a legal claim;
- You exercise your right to object.
- Right to object to data processing
- You always have the right to object to the processing of your personal data for ‘direct marketing’ purposes. GCCF will cease the processing of your personal data unless it can raise urgent grounds that outweigh your rights and freedoms. In case of the latter, you will be notified.
- Right to transfer data
You have the right to obtain any data you have provided to GCCF on a consensual basis in a structured, common and machine-readable format, and to reuse these data for other services and transfer them to another data controller, unless it is technically impossible to do so.
Right not be subjected to automatic decision making
You have the right not to be subjected to fully automatic decision making — without any human input — if this significantly affects you or has legal consequences. At present, GCCF can confirm that you are not subjected to any such automated decision making in any of the processing activities performed by GCCF.
The data subject at all times has the right to submit a complaint to the Belgian Data Protection Authority (www.privacycommission.be) if he/she believes that GCCF has not correctly applied the privacy legislation.
Refusal to allow data processing
If the data subject does not consent to the processing of his/her personal data by GCCF, this may result in GCCF being unable to enter into and/or fulfil any requested engagements or agreements or only being able to partially enter into and/or fulfil such engagements or agreements. GCCF may potentially be unable to guarantee the service provision customers are normally entitled to in such cases. In this event, GCCF cannot be held liable in any way for the less than optimal performance of the agreement entered into by both parties.
7. RETENTION PERIODS
The personal data will be stored for a limited period of time that is no longer than necessary given the reason for processing, which is determined on a case by case basis.
In principle, GCCF applies a maximum retention period equal to the applicable statutory limitation or expiry periods. For example, GCCF will generally retain any data provided as part of a home purchase under the Act on residential construction for a period of ten years from final completion.
This period is linked to the fiscal and legal obligations resting on GCCF, as well as the legal requirement to retain your data outside of the retention period as evidence or to respond to requests for information from the competent authorities; for example:
- ten years in relation to anti-money laundering legislation;
- ten years in relation to the contractual liability of GCCF;
- seven years in relation to the accounts and supporting documents of associations of joint owners when acting as a property manager.
- Beyond these periods, your personal data will be deleted or anonymised.
8. ACCESS TO PERSONAL DATA
GCCF will ensure that only certain employees (or categories of persons) have access to the personal data of the data subject. This means that access to the data will only be granted to those people who need such access to be able to perform their job roles. In addition, these authorised persons have given an undertaking to GCCF to maintain the necessary discretion and confidentiality. If a data subject exercises his/her right to access his/her data in accordance with Article 6, GCCF will provide him/her with an overview. If the data subject sends any e-mails or other messages to GCCF, GCCF may retain such messages. On some occasions, GCCF may request personal data relevant to the situation in question. These data may be transferred internally to the accounting department, sales team and so on.
For data processed by external service providers acting as data controllers, the data subject may contact those specific service providers.
9. HOW ARE YOUR PERSONAL DATA PROTECTED?
GCCF applies strict standards to protect the personal data under its control against unauthorised or unlawful processing and against accidental loss, destruction or damage.
GCCF will take technical and organisational measures, including encryption, antivirus protection, firewall, access controls and strict selection of employees and suppliers, to prevent and detect any improper access to, loss of or disclosure of your personal data.
In the unlikely and regrettable event that your personal data are compromised by a breach of data protection while under the control of GCCF, GCCF will take immediate action to identify the cause of such breach and implement appropriate remedial measures. If required, GCCF will notify you of any such incident in accordance with the applicable legislation.
When visiting the www.gccf.be website, cookies may be placed on visitors’ hard drives for the purpose of better customising the website to the needs of returning visitors. These cookies are not used for tracking the surfing behaviour of visitors on other websites.
By using the Google Analytics analytics tool on its www.gccf.be website, GCCF has enlisted Alphabet Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States; hereinafter referred to as “Google”) for the processing of personal data (e.g. IP address).
Google Analytics uses anonymous identifiers (a random set of data used for the same purposes as cookies on platforms, including certain mobile devices that do not allow for cookie technology) to trace and analyse the use of digital platforms by users. These digital platforms include the www.gccf.be website, as well as other web pages of GCCF. The information generated by the use of these digital platforms is transferred to and stored by Google. This information includes data on language, region, devices and networks.
Google will use this information in an aggregated manner to measure the interaction of users with the platforms, to analyse usage and to compile reports on activities on the platform.
Google may also transfer this information to third parties if legally required or when third parties process this information on behalf of Google.
GCCF will only use anonymous and general Google reports for the sole purpose of assessing, improving and optimising the use of its digital platforms.
11. COMPETENT COURT – APPLICABLE LAW – ACCEPTANCE
This privacy statement is governed, interpreted and implemented in accordance with the laws of Belgium, which will be exclusively applicable in the event of any dispute.
The courts of the district of Bruges are exclusively competent to hear any dispute that may arise from the interpretation or implementation of this statement.
By visiting the website, the data subject accepts all provisions of this privacy statement.