Privacy Policy

Last updated: 11 May 2022

Privacy Policy

1. Introduction and scope

This privacy policy ("Privacy Policy") governs the processing of your personal data in connection with the provision of our products and services.

Dripl NV, with registered office at Désiré Mellaertstraat 49, 3010, Kessel-Lo, Belgium, registered in the CBE under number 0752.752.266 ("Dripl", "we", "us"), acts as a data controller in connection with these processing operations.

Your personal data and your privacy are protected by Dripl in accordance with Belgian and European privacy regulations, including the General Data Protection Regulation ("AVG") and national implementing legislation.

Please read this Privacy Policy very carefully. It describes not only your rights, but also how to exercise them.

Dripl has appointed a data protection officer, to whom you can always turn for questions regarding your privacy and the processing of your personal data. The person in charge can be reached at the following email address: privacy@dripl.be.

2. What personal data are processed and for what purposes?

Dripl processes the following personal data for the following purposes:

‍

Purpose

Type of personal data

Processing ground

Retention period

Customer Administration

Billing information

Name and first name
Company name
Address
Phone/GSM number
Email address
VAT number

Delivery details

Name and first name
Company name
Address

Payment details

Identification and bank account numbers
Financial transactions

Performance of the agreement (if our client is a natural person)

Justified interest (if our client is a legal entity)

Until 10 years after the purchase by the customer (considering legal limitation period for contractual claims).

This period may be extended in case of suspension or interruption of the limitation period.

Supplier administration

Id.

Name and first name
Company name
Address
Phone/GSM number
Email address
VAT number

Payment details

Identification and bank account numbers
Financial transactions

Performance of the contract (if our supplier is a natural person)Legitimate interest (if our supplier is a legal entity)

Up to 10 years from purchase of Dripl (considering statutory limitation period for contractual claims).

This period may be extended in case of suspension or interruption of the limitation period.

Marketing purposes (including sending newsletters)

Name and first name
Email address

Your consent

Until you unsubscribe from the newsletter and in any event no longer than two years after the last newsletter was sent out

Handling inquiries (when you contact us by email or via the contact form on our website)

Name and first name
Company name
Email address
Other information you provide to us

Legitimate interest

Until the ticket is processed and in any case no longer than two years after the initial contact.

Dripl may only process your personal data if it relies on an appropriate legal basis to do so. We briefly explain the applicable legal grounds below.

The applicable legal basis for customer and supplier records varies:

If our client/supplier is a natural person, Dripl bases this on the necessity for the execution of the agreement. After all, Dripl needs this personal data to process your order correctly.
If our client/supplier is a legal entity, Dripl relies on its legitimate interest.

Given the nature of the personal data requested and the predefined purpose, Dripl believes that the processing of these personal data does not adversely affect your fundamental rights and/or freedoms. You can always object to any processing based on this legal basis by contacting our Data Protection Officer.

For sending our newsletter, we ask your permission.

The consent you give is always free and you have the right to revoke it at any time. You may withdraw your consent by unsubscribing to the newsletter using the link provided for this purpose in the newsletter or by contacting our data protection officer. A withdrawal of consent does not affect the processing of personal data prior to such withdrawal.

To handle inquiries, Dripl relies on its legitimate interest.

3. With which parties will my personal data be shared?

Your personal data may be shared with the following parties:

Party

Processing Activities

Categories of personal data

Additional information

Hubspot

CRM services,

Billing data, delivery and payment details of our customers, identification and contact details of their representatives, data regarding the use of the website, etc.

https://legal.hubspot.com/privacy-policy

Salesforce

CRM services,

Billing information, delivery information and payment information of our customers

https://www.salesforce.com/company/privacy/

Instapage Inc.

Lead generation

Identification and contact information of prospects

https://instapage.com/privacy-policy

Lusha Systems Inc.

Data Enrichment Services

Contact details of prospects

https://www.lusha.com/legal/privacy_policy/

Phantombuster Société par actions simplifiée

Data Extraction Services

Contact details of prospects

https://hub.phantombuster.com/page/terms-of-service#71-gathering-of-personal-data-by-phantombuster

This list may evolve and will be updated as needed.

Dripl will only share personal data that is relevant and necessary. We guarantee that all external parties are selected with due care.

If you were to be redirected to another website via our website, other terms and conditions, privacy and cookie policies may apply. We therefore recommend that you read these additional terms carefully.

Dripl may also disclose your personal data to third parties (including judicial authorities) if required to do so by law or if Dripl determines in good faith that such disclosure is necessary to comply with a court order or to preserve the rights of Dripl, its employees and/or customers. The applicable legal basis will be either Dripl's legitimate interest or, if applicable, the need to comply with a legal obligation.

Finally, your personal data may be communicated to third parties within the framework of a cooperation or corporate transaction (acquisition, merger, sale of shares or assets, joint venture, etc.) and to the relevant professional advisors of the parties involved (lawyers, consultants, etc.). Dripl invokes its legitimate interest in this regard.

4. Will my personal data be transferred to countries outside the EEA?

The European Economic Area ("EEA") includes the countries of the European Union and Norway, Liechtenstein and Iceland. The AVG requires additional safeguards if Dripl transfers your personal data to countries outside the EEA.

Certain third parties relied upon by Dripl process your personal data in countries outside the EEA, including the United States.

Such transfers will only take place in accordance with applicable law. The additional safeguards Dripl takes include entering into agreements based on the European Commission's model provisions.

You can always contact our data protection officer to obtain a full overview of the appropriate safeguards.

5. How will my personal data be secured?

Dripl has devised appropriate technical and organizational measures, protection measures and safeguards to process your personal data in accordance with applicable Belgian and European regulations, and in particular, without being limited to this, to protect your personal data against loss, misuse or unauthorized modification.

Measures include:

Appointment of data protection officer;
Employee awareness;
Making the personal data collected available on a need-to-know basis;
Encrypted password manager;
Management plan in case incidents occur;
Annual management review of information security.

Despite Dripl's aforementioned measures, you should be aware that there are always risks associated with sending personal data over the Internet. The security and protection of your personal data can never be fully guaranteed.

6. What rights do I have?

If and to the extent provided for in applicable Belgian and European regulations, you have the right:

to a confirmation of whether or not Dripl is processing your personal data and, where appropriate, to access the personal data Dripl is processing;
to correction by Dripl, without undue delay, of inaccurate or incomplete personal data;
To have your personal data erased by Dripl;
to obtain your personal data and transfer it to another controller or processor;
To obtain from Dripl the restriction of the processing of your personal data to the extent possible;
To have your personal data sent to you in a structured, commonly used and machine-readable format; or
to oppose the processing of your personal data on the legal basis of legitimate interest and the use of your personal data for direct marketing purposes.

You can exercise these rights by contacting the data protection officer(privacy@dripl.be).

You have the right to complain to the competent supervisory authority if the processing of your personal data violates applicable regulations. In Belgium, the competent authority is the Data Protection Authority(www.gegevensbeschermingsautoriteit.be, contact@apd-gba.be, Printing Press Street 35, 1000 Brussels).

7. Changes to the Privacy Policy.

Dripl may modify this Privacy Policy at any time. The date of the last amended version is listed at the bottom of the Privacy Policy. Amendments will be posted on the website and, if applicable, will be submitted for approval.

8. Liability

If Dripl lawfully transmitted your personal data to a third party (other than a processor), Dripl shall not be liable for the unlawful processing or use by that third party.

9. Applicable law and jurisdiction clause

This Privacy Policy is governed, interpreted and enforced in accordance with Belgian law, which is exclusively applicable in the event of any dispute.

The Belgian courts of the Leuven jurisdiction, shall have exclusive jurisdiction to adjudicate any dispute that may arise from the interpretation or implementation of this Privacy Policy, subject to the consumer's right to submit a dispute to the competent court on the basis of a mandatory provision of law.