Fixxer NV/SA Privacy Charter (“Privacy Charter”)
Fixxer NV/SA
Karel Rogierplein 11
1210 Sint-Joost-ten-Node
Copyright


This document is owned by Fixxer NV/SA. No changes may be made to this document, nor may copies be availed to any party external to Fixxer NV/SA without the prior approval of Fixxer NV/SA. This document contains proprietary information that is protected. All rightsare reserved. No part of this document may be photocopied, reproduced or included in any published document, circular or Charter nor published in any way or translated into another language without the prior written approval of Fixxer NV/SA of the form andcontext in which it may appear.
 


1 Privacy Charter


This Privacy Charter governs the collection, storage and use of personal information collected by Fixxer, either via our website at www.fixxer.eu (“Website”) or during the use of the services provided by Fixxer for data subjects acting as representatives of investors, representatives of investees, individual shareholders, employees, candidates, suppliers, or in any other way professionally linked to Fixxer. This Privacy Charter will provide details about the personal information we collect, how and why we use personal information and data subject’s rights in relation thereto.
 

Please read this Privacy Charter carefully. It explains why and how we collect information, what your Privacy rights are and our obligations. We keep your data as safe and secure as reasonably possible in strict compliance with applicable data protection laws, in particular the General Data Protection Regulation 2016/679 of 27 April 2016 (‘GDPR’). 

This Privacy Charter was last updated on 3rd of Augustus 2023.


1.1 Who we are


Fixxer NV/SA (‘Fixxer’ or ‘we’), naamloze vennootschap, société anonyme having its registered office at Karel Rogierplein 11, 1210 Sint-Joost-ten-Node, Belgium and registered in the register of legal entities of Brussels with company registration number 0794.919.156 and VAT number BE0794.919.156. As a data controller in the sense of article 4 GDPR of personal data, we respect the right to privacy and will only process personal information which is provided to us in accordance with applicable data protection laws, which include:
 

(i) the General Data Protection Regulation (Regulation 2016/679) (“GDPR“);
(ii) the Act of 30 july 2018 on the protection of natural persons with regard to the
processing of personal data;
(iii) any additional national legislation and (iii) other applicable privacy laws.
 

2 The personal information we collect about you


When accessing and browsing the Website (including when you submit personal information to us through data entry fields on the Website) or during the use of our services, we may collect the following information (“personal data”):
 

  • Financial data: We collect the following financial data including, but not limited to company information including but not limited to bank account numbers, VAT numbers and other related financial information.
  • User data: To provide our services, Fixxer collects the following user identification data including, but not limited to trader or user’s e-mail address, contact details when registering such information via our Website and other user identifiers. Other possible information we may process at any point in time is the full name (first and last name),
    your address and country of residence, telephone number, and any other information
    necessary to provide our services.

We only collect personal data which is necessary for the provision of our services and do not
process personal information in any way, other than specified in this Privacy Charter.


3. For which purposes and on which legal basis we process personal data


We (or third-party data processors acting on Fixxer’s behalf) may collect, store and use personal data listed above for the following purposes:
 

3.1 Purposes of the processing of personal data
 

Fixxer processes personal data for the following purposes:

  • Processing activities and purposes: Legal ground
  • The offering of the Software platform services to manage the repair-in-kind services for non-life insurance companies, including but not limited to processing activities relating to development, work organisation, project management, customer management, monitoring, payment solutions, IT roadmap management, internal chat systems, error monitoring, password storage: Necessary for the execution of the agreement; Legal Obligation
  • Administration and management of information requests for Clients: Necessary for the execution of the agreement
  • Improving the provision of the Services: Legitimate interests
  • Maintaining and using the Website and the Cloud services: Legitimate interests
  • Commercial marketing (emails, social media, invitations to events): Legitimate interests
  • Sending of the newsletter: Consent 
  • Accounting administration (expense notes and invoicing): Necessary for the execution of the agreement; Legal obligation 
  • Supplier management (including procurement): Necessary for the execution of the agreement
  • Selection and recruitment: Legitimate interest
  • Administration of personnel: Necessary for the execution of the agreement
  • Compensation and benefits administration: Necessary for the execution of the agreement
  • Compliance with legal obligations: Legal Obligation
  • Mobility Administration: Legitimate interests
  • Administration of hospitalization insurance: Necessary for the execution of the agreement
  • Evaluation of personnel and freelancers: Legitimate interests
  • Administration of illness: Legal obligation
  • Training: Legitimate interests
  • Dispute Management: Legitimate interests
  • Work planning: Necessary for the execution of the agreement


3.2 Legal ground for the processing of personal data
 

We base the processing of personal data on one or more of the following legal grounds:

  • Consent: consent may be requested in connection with the use of personal data for
    certain purposes; If the processing is based on consent, data subjects have the right to
    withdraw consent of this processing at any time, without this affecting the lawfulness of
    the processing based on the consent before its withdrawal. In case consent has been
    given to receive newsletters and advertising, this can be withdrawn by adjusting the
    account settings or using the "unsubscribe" link in this communication. In such a case
    consent can be withdrawn at any time;
  • To be able to conclude an agreement: when providing our services we have to process
    certain user and financial data due to be able to conclude and carry out the agreement
    with our clients, sub-processor and partners;
  • To be able to execute an agreement correctly: in case the data subject is a representative
    of an investee or an investor of one of the funds managed or advised by Fixxer, we must
    be able to supply information regarding the privacy rights and obligations in certain cases;
    4
  • For the realization of a legitimate interest: Fixxer may process data in order to function as
    a company and to fulfill its corporate purpose. Fixxer strives to maintain a fair balance
    between the need to process data and the preservation of the privacy rights and
    freedoms, including the protection of privacy.
  • Because of a legal obligation: Fixxer may need to process certain personal data for anti-
    money laundering legal obligations or in order to abide social and/or tax legislation.

4 What are your privacy rights?


4.1 Access, rectification, erasure, portability and objection rights
 

When personal data is processed, you have the following rights:

  1. Right to access: the right to access the data that we process. This also includes the right to ask a copy and to ask for information about the data retention period and the purposes of the processing;
  2. Right to update: the right to request us to update or correct any outdated or inaccurate personal data that we hold;
  3. Right to erasure: right to erasure and restriction of processing of personal data within the boundaries specified in the privacy legislation;
  4. Right to transfer: Right to request that we transfer personal data to a third party within the limits specified in the privacy legislation;
  5. Right to restrict: restrict the processing of personal data if you were to object to the processing or to the accuracy of the processed data or if you wish to retain certain personal data in the context of a possible claim while Fixxer no longer needs the data in the light of the purposes mentioned above;
  6. Right to oppose: in case Fixxer processes personal data for its legitimate interests, you have the right to oppose such processing; in this case Fixxer may only proceed with the processing of personal data if compelling legitimate grounds apply and after careful consideration of your interests and the interests of Fixxer;
  7. Right to complain: You always have the right to file a complaint with the supervisory authority, namely the Belgian Data Protection Authority;
  8. Right to object: if your personal data are processed for direct marketing you have the right to object to such processing and Fixxer must further refrain from processing your personal data for these purposes. Fixxer will then cease the processing unless there are compelling legitimate grounds. For example, you can object to the processing of your personal data after a non-successful application. In such case, Fixxer will immediately erase your personal data and stop any further processing. If you wish to exercise any of the above rights, please contact us:
    - by postal mail: Fixxer NV/SA, Karel Rogierplein 11, 1210 Sint-Joost-ten-Node, Belgium
    - via e-mail: [email protected]
    This request must always be accompanied by either proof of identity or proof of a valid connection to the use of our services. If we have reason to doubt the identity or valid connection of the natural person making the request, we are entitled to request additional information necessary to confirm the identity or connection to our services. If Fixxer has already anonymised your information, we will inform you that we are unable to comply with the exercise of your rights except when you, with a view to exercising your rights, provide additional data that make it possible for us to identify you. Within 1 month after the submission of the request, you will be informed of the follow-up by our Privacy Officer.
     

No automated decision-making, including profiling, is used in the processing of Personal Data. Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects or that significantly affect the individuals involved. As a rule, Fixxer does not make use of automated decision-making as described above. Fixxer does not base its decision whether or not to hire you solely on automated processing of your personal data.
 

4.2 Right to lodge a complaint
 

In the event of a conflict concerning the processing of your personal data, you can contact us:

You can also lodge a complaint to the Belgian Data Protection Authority For additional general information regarding the protection of Personal Data, please contact the Data Protection Authority (DPA) with address at 1000 Brussels, Drukpersstraat 35, tel: 02/274.48.00 or via e-mail
[email protected] (www.gegevensbeschermingsautoriteit.be).
 

If Fixxer receives a request to exercise any of the above-mentioned rights, Fixxer might request additional information to verify the validity and valid connection to our services before acting on the request. This is to ensure that the data subject is the rightful person and to ensure the confidential treatment and protection of personal data.
 

5 How we share personal data

Except in the cases specified below we will not disclose, sell or rent your personal data to any third party. We may only share personal data with (affiliated) companies who perform data processing activities on our behalf. We may disclose personal information with third parties where we are required to do so:
(i) by applicable law,
(ii) by a governmental body,
(iii) by a law enforcement agency or
(iv) in connection with an investigation of suspected or actual fraudulent or illegal activity.
 

In accordance with the principles set out below, we will delete personal data once it is no longer required to fulfill the purposes outlined in this Privacy Charter, unless their retention would remain required for other fundamental purposes, including but not limited to complying with
our legal obligations, handling claims and resolving disputes.
 

Fixxer will never disclose or share your personal data without your explicit prior consent, unless this is required to do so by law. We do not pass on your information to any other third party, or any other third party unless it is relevant for the recruitment process. In case of such a data transfer, we will inform the relevant individuals beforehand. 

In the context of the selection & recruitment process the following stakeholders might have access to personal data: HR, your envisaged hierarchic superior(s), the IT department and auditors on a strict ‘need-to-know’ basis for the purposes described above. Fixxer may change its corporate structure by changing the legal form via a merger or via acquisitions and sale. In such transactions, Personal Data will be transferred in accordance with this Privacy Charter and applicable data protection laws. Anonymous data, on which the GDPR is not applicable, can always be passed on, whether or not for commercial purposes.
 

6 How long do we keep your personal data?
 

Fixxer will not store personal data beyond the time necessary for the performance of the purposes for which the data is processed.

The starting point for storing personal data is the legal retention period. Such a period is often up to 10 years after the end of an agreement or 5 years after the last processing for which the information was originally obtained. If the law does not prescribe a period, the archiving may be
shorter. The storage may also be longer in order to be able to use the data for proof purposes in a legal procedure.


The personal data will be retained for the following subsequent periods:

  • Categories of Documents Data Retention Period
  • Accounting documents 10 years, counting from 1st of January of the year following the closure of the financial year.
  • Personal data gathered during the use of our Services 13 months, counting from the day following the end of the contract.
  • Corporate documents 5 years, counting from the creation or loss of relevance in case of documents that are or remain in force for an indefinite period.
  • Fiscal documents 10 years, counting from 1st of January following their date.
  • Social documents 5 years, counting from the day following the end of the contract.
  • Supplier documents 10 years, counting from the day following the end of the contract.
  • Insurance documents 10 years, counting from the notification of the insured fact to the insurance institution. 
  • Applications 1 year, counting from the data of receipt, unless explicit permission for longer storage
  • Personnel files 10 years, counting from the end of the employment relationship
  • Mailboxes of employees 6 months, counting from the end of the employment relationship
     

7 How do we protect personal data?
 

Fixxer has taken extensive appropriate technical and organisational measures to safeguard and protect the personal data it processes against unauthorized or unlawful processing and against accidental destruction, loss, access, misuses, damage and any other unlawful forms of processing of the personal data in our possession.

It is permitted to collect non-personal and anonymous data when the Website is visited and to anonymize personal data for analytical research purposes. This data does not allow to identify an individual person and this data may be shared with third parties, including for statistical
purposes.


8 Updates to our Privacy Charter
 

This Privacy Charter may be updated periodically to reflect changes in our personal data practices. 

We will post a prominent notice on our Website as a notification of any significant changes to our Privacy Charter and indicate at the top of the notice the date at which it was last amended. If one or more clauses from this Privacy Charter are declared partially or completely null and
void or non-binding by judicial intervention, this will not affect the validity of the other clauses or the validity of the entire Privacy Charter. If the clause(s) in question wish to be amended or replaced, the amended or new clause must be as closely aligned as possible with the clause(s) declared void or non-binding. 

The failure to demand strict compliance with the provisions of this Privacy Charter shall not be
construed as any waiver or rejection thereof. Any dispute or claim relating to the processing of personal data and the Privacy Charter or any
data mentioned herein is governed by Belgian law and falls under the exclusive jurisdiction of the courts and tribunals of Brussels (Belgium).
 

9 How to contact us?
 

If you have any questions or comments about this Privacy Charter or about how we collect, store and use your personal information, or if you would like to exercise your rights, or to update the information we have about you or your preferences, please contact us here:
 

  • E-mail: [email protected]
  • Post: Fixxer NV/SA, Karel Rogierplein 11, 1210 Sint-Joost-ten-Node, Belgium


10 Transfers of personal data outside EU

Personal data in the EU is protected by the General Data Protection Regulation, but other countries may not necessarily have the same standards on privacy or protection of personal data.
 

It may be necessary that a Fixxer client, sub-processer or partner requires access to personal data to process and/or store these Personal data. This partner may be located within or outside the EEA.
 

For these purposes, all Fixxer sub-processers or partners have concluded an internal agreement including EU Standard Contractual Clauses in accordance with the data protection principles. Fixxer abides by the standard provisions regarding data protection (SCC’s) within the meaning of Article 46 (2) (c) and (d) GDPR in the name and on behalf of Fixxer. For the record, in that case Fixxer is the data exporter (as defined in the SCC’s) and any processor or Sub-processor is the data importer (as defined in the SCC’s). Personal data will only be processed for internal use for the purposes described above. We do not rent or sell Personal Data to third parties, yet only use Personal data for our own purposes. Inside Fixxer Personal data is only made available to its staff on a 'need to know' basis. Fixxer uses processors to process Personal Data. Processors are natural or legal persons, governments, agencies or other bodies that process the personal data on behalf of Fixxer.
 

Fixxer may transfer the personal data to the following (categories of) recipients:
 

  • Processors providing statistical research and analysis;
  • Processors who provide hosting of this Website and related databases;
  • Processors and data controllers who acts as subcontractors in the performance of the Services;
  • Companies affiliated with Fixxer.

Personal data may be processed outside the European Economic Area. Fixxer will ensure that appropriate or appropriate safeguards are taken, such as a transfer based on an EU Adequacy Decision or based on EU Standard Contractual Clauses. Data subjects can obtain a copy of the guaranteed measures upon written request by sending a mail to [email protected].