Privacy Policy

Privacy Policy

A: Introduction – Controller

This privacy policy outlines the policy and your rights regarding the processing of personal data that is collected through the website at www.ceusters.be

An announcement will be made on the websiteif the privacy policy is amended. You can consult the (adjusted) privacy policy via the website at any time.

We endeavour to protect your personal data when you subscribe to the newsletter, register for any other service or use our digital services in any other manner. Personal data relates to any information concerning an identified or identifiable person.

The person responsible for processing your personal data (referred to hereafter as the “Controller”) is:

  • NAME & FORM OF THE COMPANY: Group hugo ceusters – scms N.V.
  • ADDRESS: UITBREIDINGSSTRAAT 72 B 2
  • CBE/VAT: BE0404.697.064

If you have any questions regarding the said processing, you can always contact it at:

We want to inform you about the collection and processing of your personal data by means of this Data Protection Policy. We ask that you read this Data Protection Policy carefully as it contains essential information about how your personal data is processed and for what purpose.

By communicating your personal data, you expressly declare that you have read and expressly agree to this Data Protection Policy, as well as to the processing itself.

The Controller undertakes to process, protect and respect your data obtained through www.ceusters.be (and through the mobile application) in accordance with the applicable regulations (inter alia, the European General Data Protection Regulation EU 2016/679, referred to hereafter as the “GDPR”).

In this regard, it can use processors, in which case it always ensures that its processors shall also respect the applicable regulations.

Where we refer to “our” and “we” in this privacy policy, we refer to the Controller. You can take due note of our privacy policy below.

B: What (categories of) data do we process?

The Controller can process the following categories of personal data:

  • Surname and first name
  • Place of residence/address and place of delivery
  • Language
  • Date of birth/age
  • Gender
  • Fixed and/or mobile phone
  • Email address
  • Activities on our website
  • IP address
  • Personal interests
  • Information on marketing actions
  • Any additional personal data that is provided or to which access was granted by means of your consent.

The personal data that we process about you depend on matters such as the services to which you have subscribed, e.g.: apps, newsletters, message forums, internet and mobile messaging, telephone, etc.

For some of our services, you can subscribe via social media.

When you use our digital services such as apps, the website, etc., we collect and process your IP address, type of browser and operating system, estimated location and which website you visited before you entered our website. The use of our digital services is determined for the purposes of analysing statistics. 

We only collect the personal data that we deem necessary to achieve the purposes of the processing, as specified below, and we ensure that the data is up to date and correct if you make any changes to them.

If information that is connected to letting or commercialising space is transmitted, the Controller or the Manager reserves the right to transmit the said information to the relevant owner for further processing that is related purely to the purpose for which the information was transmitted, if the said owner is not the Controller.

C. Cookies

Cookies can be subject to the GDPR insofar as they lead to personal data is processed. In addition, other legislation applies to this, however (Directive 2002/58/EC (Recital 25 and Article 5, (3) and the transposition of this into Belgian law by Article 129 of the Act of 13 June 2005 (as amended by the Act of 10 July 2012):

  Article 129.[1 Storing information or obtaining access to information that is already]1 stored in the end equipment of a subscriber or [1 user]1 is only allowed on the condition that:

  1° in accordance with the conditions provided in the Act of 8 December 1992 on the Protection of Privacy regarding the Processing of Personal Data, the subscriber [1 user]1 concerned receives clear and precise information on the purposes of the processing and on his rights based on the Act of 8 December 1992;

  2° [1 the subscriber or end user has given his consent after he has been informed in accordance with the provisions in 1°]1

  [1 The first paragraph does not apply to the technical storage of information or the access to information saved in the end equipment of a subscriber or an end user, the sole purposes of which are to send communication via an electronic communications network or where it is strictly essential to provide a service explicitly requested by the subscriber or end user.]1

  [1 The consent]1 in the sense of the first paragraph or the application of the second paragraph does not release the controller from the obligations of the Act of 8 December 1992 on the Protection of Privacy regarding the Processing of Personal Data, which is not imposed in this Article.

  [1 The controller offers the subscribers or end users the opportunity of simply withdrawing the consent given, free of charge.]1

  ----------

  (1)<W 2012-07-10/04, art. 90, 017; Inwerkingtreding : 04-08-2012> 

This regulation therefore prescribes that, in principle, consent is required for cookies, unless an exception as referred to in this article is concerned.

Cookies which, based on these criteria according to the Article 29 Working Party are not subject to consent (and are therefore subject to the obligation of information) are:

  • user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
  • authentication cookies, to identify the user once he has logged in, for the duration of a session
  • user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
  • multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
  • load‑balancing cookies, for the duration of session
  • user‑interface customization cookies such as language or font preferences, for the duration of a session (or slightly longer)
  • third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.

D. Grounds for the processing

In general, the Controller will only process personal data in the cases allowed by Article 6.1 of the GDPR, i.e.

  1. based on your specific consent;
  2. when this is necessary within the scope of the performance of a contract;
  3. for compliance with a legal or regulatory obligation;
  4. when this is necessary in order to protect the vital interests of the data subject;
  5. when this is necessary for the purposes of the legitimate interests pursued by the company (e.g. preventing fraud, for internal administrative purposes, direct marketing, etc.);

Users below the age of 13 years must ask their parents or guardian for permission to be able to validly give their consent and to provide data.

E. For what purposes will this data be used?

In particular, the Controller processes your personal data for the following purposes (having the relevant basis):

  • to provide information regarding our services (C.1, 2, and 5);
  • to generally manage customers, including tax obligations and any loyalty programmes (C.1, 2. 3 and 5);
  • to process requests and questions (C.1, 2 and 5);
  • to show relevant communication and advertisement/marketing messages (C.1 and 5);
  • to send newsletters and special offers (C.1 and 5);
  • to inform the Manager or the owner of questions and answers relating to the letting or commercialising of spaces referred to in point B (C.1, 2 and 5);
  • to use the IP address and equipment identifiers (C.1, 2. 3 and 5);
  • to protect our rights (C.2 and 5);
  • to make analyses and do market research with a view to improving the service provision (C.2 and 5).

F. Transmission and third parties

The Controller shall not sell or rent your data to third parties.

Generally, your data is used only by the Controller and persons linked to it, and the Controller shall ensure that the processors who are deployed shall duly respect the applicable regulations and shall only act on the basis of instructions and in accordance with this privacy policy.

However, the Controller does use certain parties to ensure that it continues to provide optimum service. This relates to matters such as service provision concerning the following elements:

  • internet environment (website hosting);
  • IT infrastructure (Servers, CRM, mail service, etc.);
  • ISP and telephone providers;
  • etc.

These processors may change from time to time. In view of the fact that the said external parties can come across personal data, the Controller undertakes to conclude the necessary processing agreements with such external parties to be able to ensure that personal data is adequately protected.

Sometimes the Controller is also obliged to transmit your personal data to third parties. This is mainly the case if a law obliges us to do so or if public bodies have the right to request the said data from us. In principle, your data shall not be transmitted to third countries (outside the European Union), nor to any international organisations.

The Controller shall not transmit any personal data to any third party, besides the aforementioned recipients, without your prior consent.

G. How long will your personal data be stored? 

The Controller shall not store your personal data longer than necessary to achieve the purposes for which it was collected, or for as long as is necessary to duly respect legally or contractually determined time limits.

If newsletters or direct marketing is concerned, you can unsubscribe at any time by sending a message to privacy@ceusters.be,  or by using the link provided to this end in the said newsletters:

Your personal data shall be deleted immediately when you unsubscribe.

Anonymised data (that cannot be connected to you as an individual and is therefore no longer personal data) can be kept for statistical purposes.

H. What are your rights and what can you do with your personal data? 

  • right to access & inspection  you have the right to access the personal information that we process concerning you and to obtain a copy thereof; 
  • right to rectification  you have the right to have inaccurate or incomplete personal data concerning you rectified without unnecessary delay; 
  • right to be forgotten  you have the right to demand that all personal data concerning you is erased; 
  • right to restriction of processing  you have the right to demand that we stop processing your personal data for specific purposes; 
  • right to data portability  you have the right to receive the personal data concerning you in a commonly used and machine-readable format; 
  • right to withdraw consent  you can withdraw your consent, in full or in part, for the processing of your personal data and the use of the data for marketing purposes at any time; 
  • right to submit complaints  you have the right to submit a complaint to the supervisory authorities relating to our processing of your personal data;
  • right to information in the case of a data leak  you will be informed if a data leak is established and this results in increased risk to our members’ freedom rights. 

The supervisory authority that you can contact in such a case is the Data Protection Authority, the details of which you will find below: 

  • Data Protection Authority
  • Drukpersstraat 35, 1000 Brussels
  • +32 (0)2 274 48 00
  • +32 (0)2 274 48 35
  • contact@apd-gba.be

I. Security of the data

The Controller permanently monitors the security of the personal data that is stored and processed in its organisation. As the person responsible for the processing, it commits itself to taking all the necessary technical and organisational measures to prevent unauthorised persons from gaining access to the data entrusted to it. By doing so, it also attempts to prevent the loss, destruction or unauthorised distribution of this data.

The Controller uses systems that are regularly updated, that allow data encryption and that contain firewalls which coincide with the applicable respective standard. The Controller undertakes to inform you of any violation of this privacy policy that can have a serious impact on you.

J. Modifications

The Controller is at liberty to unilaterally modify this privacy policy from time to time, where appropriate, within the scope of amending legislation. An announcement will be made on the website in such a case.

 This privacy policy was last modified on 24 February 2020

Privacy Policy

A: Introduction – Controller

This privacy policy outlines the policy and your rights regarding the processing of personal data that is collected through the website at www.ceusters.be

An announcement will be made on the websiteif the privacy policy is amended. You can consult the (adjusted) privacy policy via the website at any time.

We endeavour to protect your personal data when you subscribe to the newsletter, register for any other service or use our digital services in any other manner. Personal data relates to any information concerning an identified or identifiable person.

The person responsible for processing your personal data (referred to hereafter as the “Controller”) is:

  • NAME & FORM OF THE COMPANY: Group hugo ceusters – scms N.V.
  • ADDRESS: UITBREIDINGSSTRAAT 72 B 2
  • CBE/VAT: BE0404.697.064

If you have any questions regarding the said processing, you can always contact it at:

We want to inform you about the collection and processing of your personal data by means of this Data Protection Policy. We ask that you read this Data Protection Policy carefully as it contains essential information about how your personal data is processed and for what purpose.

By communicating your personal data, you expressly declare that you have read and expressly agree to this Data Protection Policy, as well as to the processing itself.

The Controller undertakes to process, protect and respect your data obtained through www.ceusters.be (and through the mobile application) in accordance with the applicable regulations (inter alia, the European General Data Protection Regulation EU 2016/679, referred to hereafter as the “GDPR”).

In this regard, it can use processors, in which case it always ensures that its processors shall also respect the applicable regulations.

Where we refer to “our” and “we” in this privacy policy, we refer to the Controller. You can take due note of our privacy policy below.

B: What (categories of) data do we process?

The Controller can process the following categories of personal data:

  • Surname and first name
  • Place of residence/address and place of delivery
  • Language
  • Date of birth/age
  • Gender
  • Fixed and/or mobile phone
  • Email address
  • Activities on our website
  • IP address
  • Personal interests
  • Information on marketing actions
  • Any additional personal data that is provided or to which access was granted by means of your consent.

The personal data that we process about you depend on matters such as the services to which you have subscribed, e.g.: apps, newsletters, message forums, internet and mobile messaging, telephone, etc.

For some of our services, you can subscribe via social media.

When you use our digital services such as apps, the website, etc., we collect and process your IP address, type of browser and operating system, estimated location and which website you visited before you entered our website. The use of our digital services is determined for the purposes of analysing statistics. 

We only collect the personal data that we deem necessary to achieve the purposes of the processing, as specified below, and we ensure that the data is up to date and correct if you make any changes to them.

If information that is connected to letting or commercialising space is transmitted, the Controller or the Manager reserves the right to transmit the said information to the relevant owner for further processing that is related purely to the purpose for which the information was transmitted, if the said owner is not the Controller.

C. Cookies

Cookies can be subject to the GDPR insofar as they lead to personal data is processed. In addition, other legislation applies to this, however (Directive 2002/58/EC (Recital 25 and Article 5, (3) and the transposition of this into Belgian law by Article 129 of the Act of 13 June 2005 (as amended by the Act of 10 July 2012):

  Article 129.[1 Storing information or obtaining access to information that is already]1 stored in the end equipment of a subscriber or [1 user]1 is only allowed on the condition that:

  1° in accordance with the conditions provided in the Act of 8 December 1992 on the Protection of Privacy regarding the Processing of Personal Data, the subscriber [1 user]1 concerned receives clear and precise information on the purposes of the processing and on his rights based on the Act of 8 December 1992;

  2° [1 the subscriber or end user has given his consent after he has been informed in accordance with the provisions in 1°]1

  [1 The first paragraph does not apply to the technical storage of information or the access to information saved in the end equipment of a subscriber or an end user, the sole purposes of which are to send communication via an electronic communications network or where it is strictly essential to provide a service explicitly requested by the subscriber or end user.]1

  [1 The consent]1 in the sense of the first paragraph or the application of the second paragraph does not release the controller from the obligations of the Act of 8 December 1992 on the Protection of Privacy regarding the Processing of Personal Data, which is not imposed in this Article.

  [1 The controller offers the subscribers or end users the opportunity of simply withdrawing the consent given, free of charge.]1

  ----------

  (1)<W 2012-07-10/04, art. 90, 017; Inwerkingtreding : 04-08-2012> 

This regulation therefore prescribes that, in principle, consent is required for cookies, unless an exception as referred to in this article is concerned.

Cookies which, based on these criteria according to the Article 29 Working Party are not subject to consent (and are therefore subject to the obligation of information) are:

  • user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
  • authentication cookies, to identify the user once he has logged in, for the duration of a session
  • user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
  • multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
  • load‑balancing cookies, for the duration of session
  • user‑interface customization cookies such as language or font preferences, for the duration of a session (or slightly longer)
  • third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.

D. Grounds for the processing

In general, the Controller will only process personal data in the cases allowed by Article 6.1 of the GDPR, i.e.

  1. based on your specific consent;
  2. when this is necessary within the scope of the performance of a contract;
  3. for compliance with a legal or regulatory obligation;
  4. when this is necessary in order to protect the vital interests of the data subject;
  5. when this is necessary for the purposes of the legitimate interests pursued by the company (e.g. preventing fraud, for internal administrative purposes, direct marketing, etc.);

Users below the age of 13 years must ask their parents or guardian for permission to be able to validly give their consent and to provide data.

E. For what purposes will this data be used?

In particular, the Controller processes your personal data for the following purposes (having the relevant basis):

  • to provide information regarding our services (C.1, 2, and 5);
  • to generally manage customers, including tax obligations and any loyalty programmes (C.1, 2. 3 and 5);
  • to process requests and questions (C.1, 2 and 5);
  • to show relevant communication and advertisement/marketing messages (C.1 and 5);
  • to send newsletters and special offers (C.1 and 5);
  • to inform the Manager or the owner of questions and answers relating to the letting or commercialising of spaces referred to in point B (C.1, 2 and 5);
  • to use the IP address and equipment identifiers (C.1, 2. 3 and 5);
  • to protect our rights (C.2 and 5);
  • to make analyses and do market research with a view to improving the service provision (C.2 and 5).

F. Transmission and third parties

The Controller shall not sell or rent your data to third parties.

Generally, your data is used only by the Controller and persons linked to it, and the Controller shall ensure that the processors who are deployed shall duly respect the applicable regulations and shall only act on the basis of instructions and in accordance with this privacy policy.

However, the Controller does use certain parties to ensure that it continues to provide optimum service. This relates to matters such as service provision concerning the following elements:

  • internet environment (website hosting);
  • IT infrastructure (Servers, CRM, mail service, etc.);
  • ISP and telephone providers;
  • etc.

These processors may change from time to time. In view of the fact that the said external parties can come across personal data, the Controller undertakes to conclude the necessary processing agreements with such external parties to be able to ensure that personal data is adequately protected.

Sometimes the Controller is also obliged to transmit your personal data to third parties. This is mainly the case if a law obliges us to do so or if public bodies have the right to request the said data from us. In principle, your data shall not be transmitted to third countries (outside the European Union), nor to any international organisations.

The Controller shall not transmit any personal data to any third party, besides the aforementioned recipients, without your prior consent.

G. How long will your personal data be stored? 

The Controller shall not store your personal data longer than necessary to achieve the purposes for which it was collected, or for as long as is necessary to duly respect legally or contractually determined time limits.

If newsletters or direct marketing is concerned, you can unsubscribe at any time by sending a message to privacy@ceusters.be,  or by using the link provided to this end in the said newsletters:

Your personal data shall be deleted immediately when you unsubscribe.

Anonymised data (that cannot be connected to you as an individual and is therefore no longer personal data) can be kept for statistical purposes.

H. What are your rights and what can you do with your personal data? 

  • right to access & inspection  you have the right to access the personal information that we process concerning you and to obtain a copy thereof; 
  • right to rectification  you have the right to have inaccurate or incomplete personal data concerning you rectified without unnecessary delay; 
  • right to be forgotten  you have the right to demand that all personal data concerning you is erased; 
  • right to restriction of processing  you have the right to demand that we stop processing your personal data for specific purposes; 
  • right to data portability  you have the right to receive the personal data concerning you in a commonly used and machine-readable format; 
  • right to withdraw consent  you can withdraw your consent, in full or in part, for the processing of your personal data and the use of the data for marketing purposes at any time; 
  • right to submit complaints  you have the right to submit a complaint to the supervisory authorities relating to our processing of your personal data;
  • right to information in the case of a data leak  you will be informed if a data leak is established and this results in increased risk to our members’ freedom rights. 

The supervisory authority that you can contact in such a case is the Data Protection Authority, the details of which you will find below: 

  • Data Protection Authority
  • Drukpersstraat 35, 1000 Brussels
  • +32 (0)2 274 48 00
  • +32 (0)2 274 48 35
  • contact@apd-gba.be

I. Security of the data

The Controller permanently monitors the security of the personal data that is stored and processed in its organisation. As the person responsible for the processing, it commits itself to taking all the necessary technical and organisational measures to prevent unauthorised persons from gaining access to the data entrusted to it. By doing so, it also attempts to prevent the loss, destruction or unauthorised distribution of this data.

The Controller uses systems that are regularly updated, that allow data encryption and that contain firewalls which coincide with the applicable respective standard. The Controller undertakes to inform you of any violation of this privacy policy that can have a serious impact on you.

J. Modifications

The Controller is at liberty to unilaterally modify this privacy policy from time to time, where appropriate, within the scope of amending legislation. An announcement will be made on the website in such a case.

 This privacy policy was last modified on 24 February 2020