Privacy Policy
This Statement applies to the processing of personal data by FireStarter for the purposes described herein.
1 INTRODUCTION
The purpose of this Privacy Statement is to provide transparency about FireStarter’s point of view regarding privacy and the processing of personal data. Our goal is to demonstrate that FireStarter handles personal data with care and in accordance with the applicable legislation.
FireStarter processes personal data of the following categories of persons (hereinafter also called: data subjects):
- Clients and Users (as defined in our Terms and Conditions);
- Suppliers;
- Website visitors;
- Visitors;
- Employees & applicants, which are out of scope in this Privacy statement.
2. PROCESSING ACTIVITIES
2.1. Clients and Users
What type of personal data do we process?
FireStarter serves different customer groups within the legal software industry, including privately held companies, lawyers, tax advisors, financial advisors, business development professionals, real estate professionals and governmental authorities.
We process certain kinds of personal data of the Clients and Users representing our customers.
FireStarter processes the following data types of Clients and Users:
- Name
- Contact information (e-mail address, telephone number)
- Job title
- Newsletter preferences
- Online behavior within our website
What is the purpose of processing?
FireStarter processes personal data of Clients and Users for the following purposes:
- providing our Clients and Users with an adequate sales order processing system;
- providing our Clients and Users with the best possible service;
- in order to maintain the User accounts;
- deliver the requested services.
We may also contact these data subjects via surveys to ask their opinion about our services in order to provide them with the best online experience possible.
What is the legal ground for processing?
Consent
FireStarter will ask written consent from the data subject where applicable, to process the personal data via the website. The scope of this consent is defined in our Terms and Conditions we ask our Clients and Users to accept before using our services and which contain the data processing terms on which FireStarter processes personal data on behalf of its Clients or Users.
Legal obligation
We have a legal obligation to process certain kinds of personal data under the applicable laws and regulations. In general, we have the obligation to know our customers and to keep track of who are using our services. These are low sensitive data types such as names, telephone numbers and email addresses that we store in our systems.
Contract
We also need to process this personal data in the performance of the sales contracts with our Clients.
Legitimate Interest
FireStarter may also have a legitimate interest in processing the personal data for direct marketing purposes. We will always balance our legitimate interest against the interest of the data subject to decide what the impact is of the processing. We will make sure that we take care of the rights of the data subjects and inform them about the possibility to object to the processing in an easy accessible format.
What is the retention period?
FireStarter retains the personal data in accordance with the applicable legal retention period or as long as necessary for the purpose of processing.
2.2. Suppliers
What type of personal data do we process?
FireStarter processes the following data types of suppliers:
- Name
- Contact information (e-mail address, telephone number)
- Job title
What is the purpose of processing?
FireStarter processes the personal data of suppliers for the following purposes:
- guarantee a correct handling of the ordering process;
- comply with contractual obligations.
What is the legal ground for processing?
Contract
FireStarter needs to process the personal data in order to fulfil its contractual obligations towards its suppliers.
What is the retention period?
FireStarter retains the personal data in accordance with the applicable legal retention period or as long as necessary for the purpose of processing.
2.3. Website visitors
What type of personal data do we process?
FireStarter processes the following data types of website visitors:
- Online behaviour within our website
What is the purpose of processing?
FireStarter processes the online behaviour of website visitors for maintenance and improvement of the website.
What is the legal ground for processing?
Legitimate Interest
FireStarter has a legitimate interest in processing the personal data for marketing and communication purposes. We will always balance our legitimate interest against the interest of the data subject to decide what the impact is of the processing. We will make sure that we take care of the rights of the data subjects and inform them about the possibility to object to the processing in an easy accessible format.
What is the retention period?
FireStarter retains the personal data in accordance with the applicable legal retention period or as long as necessary for the purpose of processing.
2.4. Visitors
What type of personal data do we process?
FireStarter processes the following data types of visitors to our headquarters:
- Name
- Contact information
What is the purpose of processing?
FireStarter processes the personal data of visitors for the following purposes:
- ensuring security and safety within our headquarters;
- identification of individuals in case of misconduct.
What is the legal ground for processing?
Consent
Visitors are asked to fill out the visitors log at the entrance of our headquarters.
What is the retention period?
FireStarter retains the personal data in accordance with the applicable legal retention period or as long as necessary for the purpose of processing.
3. SECURITY PRECAUTIONS
FireStarter secures your personal data from unauthorized access, use or disclosure. FireStarter secures the personal identifiable information you provide on computer servers in a controlled and secured environment. When personal data is transmitted to other websites, it is protected by Secure Socket Layer (SSL) security, which encrypts all sensitive information before sending unrecognizable.
Next to our standard processes and procedures, regular technical and functional checks and formal audits are being executed by independent parties to identify risks in a timely fashion with regards to our IT and data landscape. As standard measure, all information, traffic and data are always encrypted.
4. DATA TRANSFERS
4.1. External data processors
FireStarter uses external processors for a number of supporting activities. We only use processors that provide sufficient guarantees of appropriate technical and organizational measures for security. In case personal data is being processed by the external processor, there is always a processing agreement in place.
4.2. External recipients
Under certain circumstances FireStarter discloses personal data to external recipients. This only occurs when the data subject has a legitimate expectation of FireStarter to do so. Examples include legal obligations to disclose personal data to public authorities.
4.3. Our role as data controller
When FireStarter processes personal data of Suppliers, Website Visitors or Visitors, we process the personal data on behalf of ourselves in the capacity of data controller. This means that we have our own responsibility to comply with the applicable privacy laws and regulations when processing the personal data involved.
4.4. Our role as data processor
When FireStarter processes personal data of Clients or Users as part of a sales contract with our Clients and Users, we process personal data on behalf of our Clients or Users. This means that our Clients or Users have an own responsibility to comply with the applicable privacy laws and regulations. The data processing terms on which FireStarter processes personal data on behalf of its Clients or Users are part of the Terms and Conditions we ask our Clients and Users to accept before using our services.
Clients and Users may expect that FireStarter processes any personal data with the highest level of caution and that we secure our systems with the appropriate measures to safeguard their privacy.
5. RIGHTS OF DATA SUBJECTS
5.1. Right of access
Every data subject has the right of access to the personal data that FireStarter is processing. Upon request we will provide you with a copy of information regarding your personal data that we are processing. We intend to comply with such a request within one month of receipt, but we may extend this period with two months in complex cases, in which case we will inform you about the reasons of delay. FireStarter reserves its right to charge a reasonable fee in case of an excessive request.
5.2. Right to rectification
You may request that your personal data will be rectified in case the information is incorrect. FireStarter intends to comply with the request within one month of receipt, but may extend this period once with two months in complex situations, in which case we will inform you about the reasons of delay. If applicable, we will inform the recipients of the personal data about any rectifications.
5.3. Right to be forgotten
You have the right to request FireStarter to erase your personal data if one of the following circumstances is applicable:
- the purpose of processing no longer exists;
- you have withdrawn your consent;
- you object to the processing;
- the processing is unlawful;
- there is a legal obligation to delete your personal data;
FireStarter retains the right to limit the right to be forgotten in the following cases:
- FireStarter has a legal obligation to process your personal data;
- processing is necessary for the establishment, exercise or defense of legal claims;
- the request for erasure is manifestly unfounded or excessive.
FireStarter intends to comply with your request within one month after receipt. We may extend this period with two months in complex situations, in which case we will inform the data subject about the reasons of delay. In case we refuse your request for erasure, we will timely inform you about the reasons for our decision and your rights in this matter.
5.4. Right to restrict processing
You may request to restrict the processing of your personal data in the following circumstances:
- your personal data is not accurate;
- you have objected to the processing and FireStarter is considering whether the legitimate interests of FireStarter override yours;
- the processing is unlawful;
- FireStarter no longer needs your personal data, but you need the data to establish, exercise or defend a legal claim.
FireStarter shall timely inform you about the method which will be used to restrict the processing of your personal data.
FireStarter may refuse your request in case it is manifestly unfounded or excessive. We intend to act upon your request within one month after receipt. We may extend this period with two months in complex situations and we will always inform you about the reasons of the delay or refusal and your rights in this matter.
5.5. Right to data portability
In certain circumstances you have the right to data portability, which means that you have the right to obtain and reuse your personal data across different services. This also indicates that your personal data has to be provided to you in an easy accessible format, which makes it possible to move/copy/transfer personal data from one IT environment to another. This needs to take place in a safe and secure way.
The right to data portability only applies in the following circumstances:
- the personal data is provided to FireStarter by an individual;
- the processing is based on the individuals’ consent or for the performance of a contract;
- the processing is carried out by automatic means.
We intend to act upon your request within one month after receipt. We may extend this period with two months in complex situations and we will always inform you about the reasons of the delay and your rights in this matter.
5.6. Right to object
You may object to the processing of your personal data on grounds related to your particular situation and if one of the following circumstances applies:
- the processing is based on the legitimate interests of FireStarter;
- FireStarter processes your personal data for direct marketing purposes;
FireStarter is not obliged to comply with the right to object, if the processing does not concern direct marketing and if:
- FireStarter has a legitimate interest that overrides your interests;
- FireStarter needs to process your personal data for the establishment, exercise or defense of a legal claim.
6. CONTACT INFORMATION
For any additional information, questions and/or complaints about this Privacy Statement or the processing of personal data by FireStarter, please contact our Privacy Officer at the contact information below:
L’eagle holding BVBA
Attn. Privacy Office
Moereind 57
2275 Lille (Antwerp)
Belgium
E-mail: privacy@firestarter.app