We value your right to privacy and make every effort to protect your personal data in accordance with the applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and national implementing legislation.
1. Who are we?
Cocom has set up a platform, consisting of a website (www.cocom.be) and the Cocom App, which aims to connect communities for co-city living by property as a service (PaaS). In the context of these activities, we collect, hold, disclose and/or otherwise process personal data. Pursuant to the applicable data protection legislation, we qualify as the ‘data controller’ with respect to these personal data.
2. Whose personal data do we collect?
In the context of our activities (as described above), we process personal data of professional and non-professional users who subscribe to the Cocom App, of prospects, of persons who subscribe to our electronic newsletter, of visitors of our website, and of contact persons at professional users of the Cocom App.
3. What personal data do we collect?
We may collect the following personal data about you insofar as this information is relevant for the purposes for which we need it, as explained under title 4 below. Anytime certain information is mandatory and other information is optional, this shall be clearly indicated as such, so that you can choose whether to provide us such information.
4. For what purposes do we use your personal data?
We may use your personal data for the following purposes:
- For customer administration;
- To offer and improve our services'
- For the authentication and access to your account on the Cocom App;
- For the management of (invoice) disputes and claims;
- For the handling of customer inquiries and complaints;
- For market and statistical research;
- For direct marketing purposes;
- For the rental or sale of commercial information (if you have consented to this).
- For the processing of your personal data for the delivery of services and for the follow-up and improvement of our services and invoicing, to provide you with certain information with respect to the purchased service, or in the context of customer complaint handling, we rely upon the necessity for the performance of a contract;
- for the processing of your personal data for electronic direct marketing purposes (sending our electronic newsletter):
- if you are a user of the Cocom App, we rely upon the exception for existing customers (art.1, 1° of the Royal Decree of 4 April 2003);
- if you are not a user of the Cocom App, we rely upon your opt-in consent. This means that only if you have unambiguously stated that you would like to receive our electronic newsletter (you are entirely free to do this), we will register you for our electronic mailings.
Note that you have the right to withdraw that consent at any time, free of charge, and without this having any negative implications for you. You may do so by e-mail (see below) or via the opt-out link included in each of our marketing mailings.
- For the processing of your personal data for the rental or sale to third parties for direct marketing purposes, we rely upon your opt-in consent (you are entirely free to consent to this).
Note that you have the right to withdraw that consent at any time, free of charge, and without this having any negative implications for you. You may do so by e-mail (see below).
- in all other cases, the processing of your personal data is based on our legitimate interests (i.e. the interest of contacting prospects and possible customers to inform them of our offering, the interest to promote our business in general, both online and offline, the interest to perform market and statistical research, etc.).
5. With whom do we share your personal data?
We may disclose your personal information to the following parties:
- With our service providers who act as our ‘processors’ such as our IT provider, our cloud service provider and our payment service provider.
- With our professional advisors such as external law firms and accountants.
- With government authorities such as the government, police authorities or the judiciary in case we have a legal obligation to do so.
We will implement appropriate safeguards when transferring your personal data to third parties. If necessary, we will for example conclude a data transfer or a processing agreement specifying the limitations to the use of your personal data and the obligations with respect to the security of your personal data.
Your personal data will not be lent or sold to third parties for direct marketing purposes without your prior explicit consent. Your personal data will not be transferred to countries outside the European Economic Area.
6. How long do we store your personal data?
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (as listed above). Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file.
More specifically, the following retention guidelines are applied by us:
- personal data included in accounting, financial or other official documents will be retained for as long as such documents legally need to be kept;
- personal data required for the execution and follow-up of a contractual relationship will be kept for the entire duration of that relationship and for 10 years following termination thereof;
- personal data obtained in the context of complaint handling will be deleted (or anonymized) as soon as the complaint is closed;
- any personal data used for marketing purposes will be retained for as long as we are sending you relevant mailings and for a maximum of 1,5 years thereafter. As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your unsubscribe right, we will no longer keep your personal data for these purposes; and
Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.
More information on our retention periods is available upon simple request.
7. How do we protect your personal data?
We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified.
We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
More information on our protection measures is available upon simple request.
8. What are your rights and how can you exercise them?
Within the limits defined by articles 15-22 of the GDPR, you have the following legal rights with respect to your personal data:
- Right of access: you have the right to obtain confirmation from us as to whether or not we are processing your personal data, to obtain access to that personal data and how and why they are processed, as well as to receive a copy of that data.
- Right to rectification: you have the right to obtain a rectification of your personal data or to request that we complete your personal data if you notice that we are processing incorrect or incomplete data about you.
- Right to erasure (‘right to be forgotten’): you have the right to obtain data erasure in certain specific cases.
- Right to restriction of processing: You have the right to have the processing of your personal data restricted in certain specific cases.
- Right to data portability: you have the right to obtain the personal data that you have provided to us, in a structured, common and machine-readable form, and to transfer those personal data (or have them transferred) to another data controller.
- Right to object: you have the right to object to the processing of your personal data on the basis of our legitimate interest for reasons relating to your specific situation.
You can exercise the aforementioned rights by sending an e-mail to email@example.com.
The exercise of these rights is in principle free of charge. Only where requests are manifestly unfounded or excessive we may charge a reasonable fee.
We aim to respond your requests or questions as quickly as possible. We might request a proof of identity in advance in order to double-check your request.
For further information and advice on the above rights, please visit the website of the Data Protection Authority: www.gegevensbeschermingsautoriteit.be.
Finally, you also have the right at any time to lodge a complaint with the Data Protection Authority in connection with the processing of your personal data by us. You can reach the authority via firstname.lastname@example.org or by regular mail at the following address:
The Space Behind, Eduard Van Steenbergenlaan 48/2, 2100 Antwerp (Belgium).