Privacy policy & Disclaimer
Unless expressly stipulated otherwise, the pages of this website and any simulations that can be consulted via interactive applications are purely provided for information purposes.
AOD shall not be liable for any direct or indirect damage caused by the user accessing, consulting or using the information, data or publications featuring on this website or on any other website this website refers to.
The applicability of the information featuring on this website is subject to the General Terms of Business governing the functionality of this website and is at all times case specific. Information is not a substitute for advice or assistance in concrete cases. Visitors remain fully responsible for the information they choose to consult and for the consequences of the use they make of that information.
Unless expressly indicated otherwise, none of the sections or components of this website may be reproduced without AOD’s explicit consent.
PRIVACY POLICY
1. Which types of data are protected?
This privacy policy applies to all the personal data we process.
It is applicable to the processing of personal data of our (private and business) clients/principals/requesting parties associated with our services, and to the personal data of counterparties/debtors and, by extension, to anyone who uses our products and services.
This privacy policy also applies when you visit our office, one of the meeting places, the website(s), use the applications, or avail of our products and services in any other way.
2. Data controller
Processing of personal data means any processing of data that can identify you as a natural person and/or legal person. The types of data being processed are listed under point 3 of this privacy policy. ‘Processing’ is a broad concept and inter alia covers, collecting, capturing, sorting, storing, updating, amending, retrieving, consulting, using, disseminating, or by any other means making available, merging, combining, archiving, erasing or, ultimately, destroying these data.
This means that they determine the purpose of and the means we use to process your personal data.
3. What type of data do we process?
A. Any personal data you share with us
We process the personal data you share with us in person. This may be done by phone (for instance any contact details you communicate), in writing (for instance when you complete your form, send us an SMS or email, when you register on or download the applications, electronically (for instance when reading out your eID) or orally (for instance at the office, at one of the meeting places or in your own home).
B. Personal data our systems collect
We assign your personal data to allow you to use our products and services (for instance, an email address, an IP address, a telephone number, customer number, login code(s) and passwords).
C. Personal data we obtain from third parties
When a client/principal entrusts us with a file it will often also contain the (contact) details of his/her counterparty/debtor/creditor(s)/....
Data can also be collected via other platforms such as the Internet for instance.
D. Types of personal data
In our systems, we distinguish between various types of personal data which can be combined with one another:
For eBox use:
To use the eBox, you need to register so that you can be identified and authenticated correctly. As only the correct addressee should have access to the right documents, you cannot use the eBox unless you have been accurately identified and authenticated. These data are processed to give you access to any messages senders have posted for your attention.
Your data are also processed to send you service notifications such as scheduled maintenance notices or to notify you that you have a message in your eBox.
During the registration process we record the following data: your surname and first name, your email address, your choice of language, your digital key and your national register number.
The processing of your data during registration and your use of the eBox is justified on the basis of article 9 of the Act of 27 February 2019 concerning the exchange of messages by electronic means via eBox ('eBox Act') which designates the DG Digital Transformation as data controller in respect of the processing of personal data required to ensure the proper functioning of the eBox it offers (which TrustO is an authorised agent for). Article 8 of the eBox Act sets out the legal basis for the use of your national register number by the DG Digital Transformation and for the use of your contact details, subject to your explicit consent.
This processing comes to an end as soon as you expressly stop using the eBox or upon your death.
User data: we distinguish between the personal data that can identify you as user of our products and services (for instance your name), the personal data that allow us to contact you (for instance your address, email address and telephone number), the personal data that identify your personal characteristics (for instance your age and gender) or your billing and payment details (including your credit rating);
Traffic data: we need these specific technical data to facilitate your traffic across the electronic communication networks, such as your IP address or MAC address;
As stipulated by law, we do not process any sensitive data such as data that reveal your racial or ethnic origin, political opinions, sexual orientation or health.
E. Other data we collect
We can collect personal data via various channels, such as our website(s)/apps and via searches on the Internet.
4. Proportionate processing
We process personal data for various purposes and only process data that are essential to the realisation of the intended purpose.
We only use personal data when necessary: in the context of the preparation, performance or end of an assignment; to meet the regulatory and statutory provisions we are subject to; and/or to pursue our legitimate interests, in which case we also strive to strike a balance between that interest and respect for your privacy, especially when you are a minor (for further details, please refer to point 7 of this privacy policy).
5. How do we secure your personal data?
A. Our technical and organisational measures
We work hard to protect your personal data and privacy.
Our members of staff have been trained/are being trained to ensure that confidential data are handled correctly. To secure your data, we employ specific persons who monitor compliance with the legislation and with our own ethical principles, as set out in this privacy policy. We use a variety of technical measures to protect your personal data against unauthorised access, unauthorised use and loss or theft of your data, such as: passwords, hard disk encryption software, firewalls, anti-virus software, intrusion and anomaly detection and access controls for our staff. In the event of a data breach with negative consequences for your personal data, you will be notified in the circumstances defined by law.
B. Our software is updated on a continuous basis
The number of members of staff who have access to your personal data is limited and our staff are selected with care. They are only given access to your personal data insofar as they need that information to properly carry out their tasks.
6. Do we share your data with third parties?
We do not sell or share personal data to/with third parties without your consent and do not communicate them to third parties unless:
- required for service purposes;
- required by law;
- we will only pass on your personal data on condition that your interest or your fundamental rights and freedoms do not outweigh the purpose;
- you give us permission to do so.
7. Are personal data used for commercial purposes?
Your data will not be used for commercial purposes. The data referred to in point 3 of this privacy policy are only processed in the context of our statutory obligations, our legitimate interest and the proper performance of the agreement.
8. What privacy rights do you enjoy?
A. Overview of your privacy rights
- Your right of access:
- At any time, you are entitled to hear from us whether or not we process your personal data and, if so, to access these data and to receive additional information about:
- the purposes of the processing;
- the categories of personal data involved;
- the recipients or categories or recipients;
- where possible, the retention period or, if that is impossible, the criteria operated to determine this period;
- the existence of your privacy rights.
- the right to lodge a complaint with the supervisory authority;
- the information at our disposal about the source of the data if we obtain personal data via a third party.
- You are also entitled to obtain a free copy of the data we process, in intelligible format. A reasonable fee may be charged to cover our administrative costs for each additional copy you request.
- Your right to rectification of personal data:
- You are entitled to have any incomplete, incorrect, inappropriate or outdated personal data rectified without delay.
- To ensure that your data are up to date, we ask you to notify us of any changes, such as a change of address, email address or a renewal of your identity card.
- You right to erasure ("right to be forgotten")
- In any one of the following cases you are entitled to have your personal data erased and this without undue delay:
- if your personal data are no longer needed for the purposes they were collected or otherwise processed for;
- if you withdraw your earlier consent to the processing and there are no other legal grounds we can invoke for the (further) processing;
- if you object to the processing of your personal data and there are no overriding legitimate grounds for the (further) processing;
- if your personal data are processed unlawfully;
- if your personal data must be erased to meet a statutory requirement;
- if your personal data were collected while you were still a minor.
Do bear in mind however that it is not always possible to erase all the personal data you may like us to, for instance when their processing is necessary to institute, exercise or substantiate a legal claim or because we are obliged to retain data for the judicial authorities. In that case we will inform you to that effect when we reply to your request.
- Your right to restriction of processing
- You are entitled to have the processing of your personal data restricted in any one of the following cases:
- if you dispute the accuracy of the personal data concerned: their use will be restricted for a period enabling us to verify the accuracy of the data;
- if the processing of your personal data is unlawful: instead of asking us to erase your data, you ask us to restrict the use thereof;
- if we no longer need your data for the original purposes of processing but you need them to institute, exercise or substantiate a legal claim: instead of erasing your data, their use will be restricted to allow you to institute, exercise or substantiate the legal claim;
- as long as no decision has been taken on the exercise of your right to object to the processing, you can ask us to restrict the use of your personal data;
- Your right to data portability:
- You have the right to ‘reclaim’ your personal data, for instance to switch service providers more easily. This is only possible in respect of any personal data you provided us with, based on consent or in virtue of an agreement. In all other cases you will not be able to take advantage of this right (for instance when your data are being processed in virtue of a statutory obligation).
- 2 aspects are inherent to this right:
- you may ask us to return the personal data in question in a structured, commonly used and machine-readable format;
- you may ask us to directly transmit the personal data in question to another data controller. In that case, you are personally responsible for the accuracy and security of the (email) address you provide us with to facilitate the transmission. We have the right to deny this request if transmission is technically impossible.
- You have the right to object to the processing of your personal data:
- By virtue of your special situation you are entitled to object to the processing of your personal data if the processing features in the context of our legitimate interest or in the context of the common interest. We will stop processing your personal data unless we are able to demonstrate that there are compelling and legitimate reasons for the processing that override your reasons or if the processing of the personal data is related to the lodging, exercise or corroboration of a legal claim (for instance filing an application with the court).
B. How can I exercise the aforesaid rights?
You can simply send an email to the address listed in point 12 or call in to our office. To exercise your right of access, and to prevent each unauthorised disclosure of your personal data, we need to verify your identity. In the event of doubt or ambiguity we will ask you for additional information (preferably a copy of the front of your identity card).
Are there any costs associated with this? You can exercise your privacy rights free of charge unless your request is manifestly unfounded or excessive, more specifically because of its repetitive nature. In that case, the privacy legislation entitles us, at our discretion, to:
- either charge you a reasonable fee (taking into account the administrative costs to provide you with the information or communication requested and the costs associated with the implementation of the measures you ask for);
- or to refuse to act on your request.
In what format will I receive a reply? If you submit your request electronically, the information is provided electronically where possible unless you specify otherwise. In any case we will provide you with a concise, transparent, intelligible and easily accessible reply.
When will I receive a reply? We will respond to your request as quickly as possible and in any case within one month of receipt. Depending on the complexity and the number of requests, that period may be extended by a further two months if need be. If we need to extend the term we will notify you to that effect within one month of receipt of your request.
What if we do not act on you request? In all our replies, we will inform you that you have the option to lodge a complaint with the competent supervisory authority or to seek judicial redress.
9. How long are your personal data retained?
We are not permitted to retain your personal data any longer than necessary for the purpose they were collected. In other words, the retention period can vary per individual purpose and can be quite short at times. Sometimes, the retention period can be longer, for instance to comply with our statutory obligations (for instance, to meet our accounting and tax obligations, we are obliged to retain your invoicing details for a maximum of 7 years) or out of the legal necessity to store certain data (in particular your contract, invoices and correspondence associated with complaints) as proof in the event of disputes for up to 10 years after your contract has come to an end. Needless to say, access to archived data will be rather limited however.
10. Website(s) and applications.
If you visit our website(s) and use our applications we process the following personal data relating to you:
- Your IP address, your browser type and language, the software, the type and brand of the equipment you use to connect to our website(s) and apps, the time at which you visit our website(s) or use our apps and the Web address via which you accessed our website(s), the pages you view, the links you click and any other actions you engage in on our website(s) and apps. To do so, we use cookies. For further information about the type of cookies we use and the options you have, please refer to point 11C of this privacy policy.
- On some websites and apps we will ask you for additional personal information, such as your email address, name, address or a telephone number and sometimes also for your bank account number or number of your identity document. In addition, we may ask you for your profile or demographic details such as your postal code, age, gender, preferences, interests and favourites;
The personal data we collect via our website(s) and applications are used for the following purposes:
- to enable us to provide you with our (Web) services and to communicate with you;
- to compile statistics and perform analyses with a view to improving the quality of our website(s) and to enhance our services;
- to provide you with a better and more personalised service.
11. Cookie policy
A. What are cookies?
We may use cookies when you open our emails and/or visit our website(s) or use our applications. Cookies are tiny bits of information that are placed on your own computer or mobile device and which are generally used to optimise the user-friendliness of websites and apps.
There are different types of cookies, classified by origin, function and longevity. For a complete overview you can check out websites such as http://www.allaboutcookies.org.
We may use cookies to:
- enhance the use and functionalities of the website(s) and applications;
- analyse how users use our website(s) and apps and to compile statistics.
Cookies can be placed by us and by other parties. Any third parties we allow to place cookies on our website(s) are under contract to guarantee that the connection via which data are exchanged is secure.
B. What type of cookies do we use?
Essential cookies: these cookies ensure that you can browse our website(s) and applications and use their functionalities.
Functional cookies: this type of cookies facilitates the functioning of our website(s) and applications and provides you with a personalised browsing experience.
Performance cookies: these cookies collect information about the use of our website(s) and applications such as the number of visitors, which web pages are the most popular and how much time users spend on a particular web page. On the basis of user behaviour we can enhance our website(s) and applications and optimise and personalise your user experience.
To do so, we can also use cookies placed by third parties.
The concept “cookies” also covers similar technologies such as flash cookies, device fingerprinting, html5-local storage and JAVA scripts.
C. Managing cookies
- You can disable all the cookies that have been placed on your computer or mobile device via your browser settings (usually under "Help" or "Internet options") at any time. Each type of browser has its own settings to manage cookies. You can find the relevant information on the website of the browser you use. For more general information on how to manage cookies, check out http://www.allaboutcookies.org/manage-cookies/. In addition, you can use the following websites to select the companies you no longer wish to receive any cookies from: http://www.aboutads.info/choices/#completed and http://www.youronlinechoices.com/.
Do bear in mind however that changing your settings may affect the functioning of the website(s). The same applies to mobile applications.
12. Use of the eBox via TrustO
In spite of the fact that you indicated that you wish to consult your eBox via TrustO, you still have the option to do so via another recognised provider who offers this consultation opportunity or via the government’s eBox at www.myebox.be. The same links to all your documents can also be consulted via these channels.
You can manage your eBox settings and permissions, or withdraw your permissions via this link. If you are using your eBox via TrustO, you can change your settings and permissions via “change eBox profile” (in the left upper corner).
TrustO gives you an overview of any messages Document Senders (= authors of documents) have sent you. Document Senders are fully responsible for the content of the eBox messages they publish.
As eBox ambassador, TrustO undertakes to continuously stimulate/encourage document senders (DSs) and eBox addressees (citizens and businesses) to promote the use of the eBox.
Access to your highly secure eBox is strictly controlled. Any time you wish to consult your documents, you will be subjected to a number of identity checks (= strong authentication) via eID or itsme. TrustO does not store your government documents unless you decide to store them in your TrustO archive. Any time you use your TrustO account, the session will automatically expire after 20 minutes’ inactivity.
TrustO is a highly secure environment that is fully supervised and confirmed by a judicial officer (= TTP Officer). It offers you the following guarantees:
• TrustO, as platform, has no access whatsoever to your documents in your eBox
• The same applies to all the TrustO staff, appointees and subcontractors
• All activities are logged under the supervision of and confirmed by the judicial officer
• These log activities are the only data that are stored.
TrustO respects the privacy of the users of its website in accordance with Regulation (EU) No 2016/679 (GDPR), the Act of 30/07/2018 and related legislation.
In the event of doubt or if you were to notice any irregularities, please contact our Data Protection Officer (DPO) without delay at the following email address: DPO@TrustO.eu and we will get back to/advise you promptly.
TrustO offers a range of services: Solutions
If necessary, you can ask our judicial officer for an extract from a Report of Findings (e.g. to be used in court). In that case, he will only check the logs of the transactions at your explicit request.
13. How to contact us?
If you wish to contact us in relation to this privacy policy you can do so in writing, by phone or electronically.
For further information about this privacy policy or for complaints in relation to the processing of your personal data, you can contact our Data Protection Officer (DPO) via DPO@TrustO.eu.
14. Amendments to the privacy policy
We may amend our privacy policy from time to time. We hereby invite you to always consult the latest version of this policy on our website (http://www.trusto.be/Disclaimer.aspx). It goes without saying that we will always notify you via our websites or other commonly used communication channels of any substantive changes and, if required by law, will ask you for your prior consent to our (new) processing activities.
In the event of any inconsistencies, our general terms of business and special conditions governing specific products and services will supersede this privacy policy.
15. Supervisory authority
In the event of complaints relating to the processing of your personal data you can contact the Data Protection Authority, Drukpersstraat 35, 1000 Brussels /
DISCLAIMER
1. Incompleteness - errors
Via this website and TrustO app we aim to inform you as accurately and exhaustively as possible. Neither TrustO nor the webmaster nor the app developer can be held liable in the unlikely event that the information published on the website or the TrustO app turns out to be incomplete or to contain errors.
On no account shall malfunctions, interruptions or defects in the supply of services or information offered or requested via the website or the TrustO app give rise to the payment of compensation of whatever nature.
2. E-mails and other means of contact
Our emails and other means of contact, with attachments or otherwise, are destined for the person or organisation they are addressed to and are intended solely for the purpose or use specified therein. They may contain confidential information and/or personal views that do not necessarily tally with those of the organisation. Any use of this information (such as the processing, transmission, reproduction, whether in full or in part, or dissemination by whatever means) by persons other than the addressee is strictly forbidden. Should you receive an email/letter/or any other communication from us in error, we would ask you to notify us by return and to delete the email/letter/communication in question.
The TrustO app is governed by the same terms and conditions as the website.
3. Website and TrustO app
A. In general
You are welcome to use this website and/or the TrustO app, including the information contained therein, on condition that you fully abide by the terms and conditions set out herein. We reserve the right to reserve these terms and conditions at any time.
B. Intellectual property rights
The reproduction or dissemination of texts, images or other items featuring on this website invariably requires our express prior consent in writing. This not does apply to documents available via the download pages. However, some names, signs or logos are registered trademarks. Please contact the relevant organisation, department or company for further details.
If we offer you the opportunity to post personal contributions on this website, you are not entitled to use any work that is protected by intellectual property rights unless you are the holder of these rights or have obtained the relevant permissions from the beneficiaries to use the work in question on the website and/or the TrustO app. In any event, you undertake to safeguard us against any and all third-party claims.
The photographs published on this website are either the property of TrustO, royalty-free or covered by a Creative Commons licence. Unless otherwise specified, the video clips used have been produced by TrustO.
C. Creating hyperlinks to this website
You are free to create a link to the pages of this website on your own website. The web page containing the hyperlink must disappear completely and the URL address of our website must be clearly visible. Other hyperlinks or iframes (inline frames) shall invariably require our express consent in writing.
D. Links to third-party websites
Links to third-party websites are provided for the user’s information only. We do not check either the websites in question or the information they contain. In consequence, we cannot be held responsible for the content or quality of the websites concerned. Links do not necessarily imply that we cooperate with the operators of these websites in one way or another or that we have approved the information published on these websites.
E. Liability
The information published on www.trusto.be is as accurate as possible. We aim to inform you as precisely and exhaustively as possible. TrustO cannot be held liable in the unlikely event that the information published on the website or the TrustO app turns out to be incomplete or to contain errors.
On no account shall malfunctions, interruptions or defects in the electronic supply of information and/or services offered or requested via this website give rise to the payment of compensation of whatever nature.
We cannot offer any guarantees in terms of the security of the website or be held liable for any direct or indirect damage that may be caused by an interruption in the availability of the website.