Privacy Policy
We are convinced that the protection of your personal data is essential. Your personal data are processed in accordance with the General Data Protection Regulation of 27 April 2016 (hereinafter the "GDPR").
The aim of this privacy policy is to provide clarity about:
- Who the controller is (PART I)
- Exactly what processing operations we carry out (PART II)
- Exactly what rights you have in relation to these processing operations (PART III)
You are therefore kindly invited to read this privacy policy carefully and to do so regularly. Future amendments cannot be ruled out. If anything is unclear, please contact MPS-WD at privacy@waow.com.
PART I. Data controller
The data concerned are processed by Mobile Payment Solutions NV and its subsidiary Waowdeals.be BV (hereinafter "MPS-WD"). MPS-WD is considered the data controller under the GDPR, which means that MPS-WD is responsible for the correct processing of the data concerned and, if you have any questions or wish to exercise your rights in relation to the data processing, you can simply contact MPS-WD:
Mobile Payment Solutions NV
Leberg 28
9660 Brakel
company registration number: 0633.921.328
Tel: 0800/23 633
Email: privacy@waow.be
Waowdeals.be BV
Uitbreidingsstraat 84
2600 Antwerp
company registration number 0567.647.463
Tel: 0800/23 633
Email: privacy@waow.be
PART II. Processing: scope, purposes and legal basis
Scope
This Privacy Policy applies to all services we provide and in general to all our activities. The policy applies to the following persons:
All former, existing and potential customers of MPS-WD;
Everyone involved in a transaction with the waow app, both you
personally or as a representative of a legal entity (trader, intermediary, legal representative or operational employee);
Persons who are not customers of MPS-WD, such as beneficiaries of payments or the contacts of business customers.
Processing purposes and legal basis
MPS-WD collects and processes personal data as part of our services and activities:
Identification data, such as surname, first name, date of birth, place of birth, identification number, email address and the IP address of your computer or mobile device; Transaction data, such as your bank account number, deposits, withdrawals and payments involving your account;
Data on online behaviour and preferences, such as the IP address of your mobile device or your computer and the pages you visit on waow's website or apps;
Data about your interests and needs that you share with us, for example when you contact our services or fill in an online questionnaire;
Geographic data, location data when you are in the vicinity of our members of the waow network to inform you of offers (via pop-up message)
Processing relates to everything we can do with these data, such as collecting, recording, storing, adapting, organising, using, disclosing, transmitting or deleting. You share personal information with us when you: become a customer/member, register for our services, fill in a form (online), sign a contract, use our products or services, contact us through one of our communication channels.
Personal identification
KYC ("know your client") imposed by the National Bank of Belgium.
Special personal data
We do not record any special (sensitive) personal data relating to your health, ethnicity, religious, philosophical or political beliefs.
Data on children
MPS-WD is committed to ensuring the protection of the data of its users and their children. We only collect information about children when they use an MPS-WD product or when you provide us with information about children in connection with a product you purchase. We do not provide direct information on services to children under 13 years of age without parental approval. We do not send direct marketing material to children under 12. MPS-WD processes the requested data because we need the data for the execution of the agreement. Without this data, MPS-WD cannot execute the agreement. For this purpose, the data is only transferred to processors (such as banks, etc.) who must be involved in the execution of the agreement. After the end of the agreement, your data will be retained for 10 years (as legal claims based on the agreement may be filed for up to 10 years after the date). Afterwards, the data concerned will be deleted. The legal grounds are the execution of an agreement, the fulfilment of legal and regulatory obligations and/or our legitimate interest.
Data of suppliers and subcontractors
We collect and process the identity and contact data of our suppliers and subcontractors, as well as their (sub)contractors, staff, employees, appointees and other useful contacts. The purposes of these processing operations are the execution of an agreement, the management of suppliers/subcontractors, accounting and direct marketing activities such as sending promotional or commercial information. The legal grounds are the execution of an agreement, the fulfilment of legal and regulatory obligations and/or our legitimate interest. For direct marketing activities by email or via the app, consent will always be requested and can also be withdrawn at any time.
Data of personnel
We process the personal data of our employees as part of our personnel management and payroll administration. Due to its specific nature, this processing is regulated more extensively in individual employee privacy agreements.
Other data
In addition to the data of customers, suppliers/subcontractors and staff, we also process personal data of others, such as potential new customers/prospects, useful contacts within our sector, network contacts, expert contacts, etc. The purposes of these processing operations are in the interest of our business and public relations. The legal basis is our legitimate interest or, in some cases, the execution of an agreement.
Visiting our website
When you visit our website, based on our legitimate business interests, "cookies" may be placed on your device's hard drive to align the site to the needs of returning visitors better and to monitor your browsing habits with a view to automatic processing of your data. Detailed information about these cookies, the automatic processing involved and your rights in this regard can be found in our Cookie Policy. Personal data obtained by MPS-WD as a result of your visit to our website may be included in prospecting files based on our legitimate business interests. The data we obtain from your visit will be retained for 5 years after your visit (limitation period for non-contractual liability). Your rights in relation to such processing are described in PART III.
Transfer to third parties
Certain personal data we collect will be transferred to and possibly processed by third party service providers, such as our IT suppliers, accountant, auditor, as well as by public authorities. It is possible that one or more of the aforementioned third parties are located outside the European Economic Area ("EEA"). However, personal data will only be transferred to third countries with an adequate level of protection. The employees, managers and/or representatives of the aforementioned service providers or institutions and the specialised service providers appointed by them shall respect the confidential nature of your personal data and may use these data only for the purposes for which they were provided. Under no circumstances will we sell or make your personal data commercially available to direct marketing agencies or similar service providers, except with your prior consent.
Third-party access
With a view to processing your personal data, we grant access to your personal data to our employees, collaborators and appointees. We guarantee a similar level of protection by also imposing contractual obligations on these employees, collaborators and appointees, which are similar to this privacy policy.
Security
MPS-WD will take the necessary technical and organisational measures to process your personal data with an adequate level of security and to protect them against destruction, loss, falsification, alteration, unauthorised access or accidental disclosure to third parties, as well as any other unauthorised processing of these data. "Data breach" - definition: a breach of security that accidentally or unlawfully results in the destruction, loss, alteration or unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; MPS-WD will notify any discovery of a Data breach within 24 hours of discovery via privacy@waow.com.
Preventing and recognising fraud and data security
MPS-WD has a duty to protect your personal data and to prevent, detect and limit any breaches of its security. We are also required to screen transactions to comply with the laws and regulations against money laundering, terrorist financing and tax fraud.
We may process your personal data for the purpose of protecting you and your financial assets against fraudulent activity, for example if you have been the victim of identity theft, hacking or if your personal data has been stolen.
Internal and external reporting
MPS-WD processes your data for its activities to improve and develop the operations, products and services. This is also carried out in the context of legal obligations (reporting to the National Bank, anti-money laundering legislation, etc.)
PART III. Your rights concerning the processing of your data
In addition to the right to withdraw any consent you may have given, you have various rights with regard to the processing (as described above) carried out by MPS-WD, subject to proof of identity (copy of identity card). You can request these rights free of charge on simple request to privacy@waow.com:
Right of access
You have the right to ask us whether we are processing data relating to you and, if so, to have access to that data. You also have the right to request, for each processing operation, an overview of the bodies that receive your data via MPS-WD.
Right to rectification
You have the right to request immediate rectification of any incorrect data or to supplement incomplete data.
Right to erasure
You have the right to have personal data erased without unreasonable delay if the processing of such data is no longer necessary for the purpose for which it was collected by MPS-WD; you have withdrawn a given consent; you object to the further processing; the personal data are processed unlawfully by MPS-WD;
this is necessary to comply with a legal obligation; or the personal data was collected in connection with an offer of information society services to a child (under 13 years).
Right to restriction of processing
You have the right to obtain a restriction of processing if you dispute the accuracy of the personal data we hold, the processing is unlawful and you oppose the erasure of the personal data, MPS-WD no longer needs this data but you still need it for the establishment, exercise or defence of a legal claim, or pending an answer to the question of whether the legitimate grounds of MPS-WD outweigh yours if you have objected to the processing on the basis of our legitimate interest. Please note, however, that you cannot object to the processing of personal data necessary for us to fulfil a legal obligation, the execution of the agreement or our legitimate interest, as long as these data are necessary for the purposes for which they were collected.
Right to data portability
You have the right to ask us to obtain the personal data we have obtained from you in a structured, commonly used and machine-readable form and to transfer that data to another controller, if the processing by MPS-WD is based on your consent or if the processing is carried out by automated means.
Personal data breach
MPS-WD makes every effort to protect the personal data we process from loss, misuse or falsification. If a personal data breach should nevertheless occur, and this breach presents a high risk to your rights and freedoms, MPS-WD will notify you of this breach without delay, under the conditions set out in the GDPR.
Complaints
If, for any reason, you have a complaint about the processing of your personal data, please contact privacy@waow.com. We make every effort to handle your personal data in a careful and legitimate manner in accordance with the applicable regulations. However, if you feel that your rights have been violated and your concerns have not been addressed within our company, you are free to file a complaint with:
Data Protection Authority
Drukpersstraat 35, 1000 Brussel
Tel: 02 274 48 00
Fax: 02 274 48 35
E-mail: commission@privacycommission.be
You can additionally turn to a court if you believe that you would suffer damage as a result of the processing of your personal data.