Article 1 - Who We Are
This Privacy Statement describes how Innoverius BV (“Innoverius”, “we”, “us” or “our”) collects, uses, stores, shares and protects Personal Data in connection with its websites, software applications, SaaS platforms, training courses, events and other services (hereinafter collectively referred to as the “Services”).
For the processing activities described in this Privacy Statement, Innoverius BV acts as the Controller within the meaning of Regulation (EU) 2016/679 on the protection of Personal Data (“GDPR”) and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of Personal Data.
This Privacy Statement applies to visitors of our websites, prospects, customers, suppliers, partners, event participants and users of our Applications and Services.
Where Innoverius processes Personal Data on behalf of its customers in connection with the use of the Applications, Innoverius shall in principle act as a Processor. Such processing activities are governed by a separate Data Processing Agreement (“DPA”) between Innoverius and the relevant customer.
We process Personal Data in compliance with the applicable data protection legislation and undertake to implement appropriate technical and organisational measures to protect such Personal Data.
Our contact details can be found at the end of this Privacy Statement, specifically in Article 13.
Article 2 - Personal Data We Process
Innoverius only processes Personal Data that is relevant to its Services, its business operations and its relationship with customers, users, suppliers, partners and visitors of its websites.
Depending on the circumstances, we may process, among others, the following categories of Personal Data:
Identification Data
first name and surname;
salutation;
job title or professional title;
company name;
company registration number and VAT number.
Contact Data
email address;
telephone number;
correspondence address;
billing address;
business address.
Account and User Data
username;
user ID;
authentication credentials;
access rights;
preference settings;
login and usage history.
Contractual and Billing Data
quotations;
contract details;
invoices;
payment information;
communications relating to the provision of services.
Technical and Usage Data
IP address;
browser type;
operating system;
device information;
log files;
date and time of use;
pages viewed;
use of functionalities;
diagnostic and security information.
Communication Data
emails;
support tickets;
chat messages;
feedback;
correspondence with Innoverius.
Marketing and Event Data
newsletter subscriptions;
participation in webinars, training courses and events;
communication preferences;
marketing interactions.
Security Data
access logs;
audit logs;
security notifications;
CCTV footage if you visit our offices.
Data You Voluntarily Provide
We may also process Personal Data that you voluntarily provide to us through forms, correspondence, support requests, events, surveys, feedback or other communications with Innoverius.
In addition, we automatically collect certain technical and statistical data when you use our websites, Applications or Services. Such data is used for security, operation, analysis, optimisation and improvement of our Services.
Article 3 - Account and User Data
When a user creates or uses an account within the Applications of Innoverius, we process Personal Data that is necessary for the identification, authentication, security and management of the user account.
This may include, among other things:
first name and surname;
email address;
organisation or employer;
username;
user ID;
roles and access rights;
preference settings;
authentication credentials;
login and usage history;
security and audit logs.
Passwords are never stored in a readable format and are only retained using appropriate security measures, such as hashing or comparable security techniques.
We process this data in order to:
create and manage user accounts;
grant access to the Applications;
ensure the security of the Applications;
authenticate users;
prevent misuse, fraud and unauthorised access;
provide support and technical assistance;
comply with legal and contractual obligations.
The processing of this Personal Data is necessary for the performance of the agreement with the customer and for the pursuit of our legitimate interests relating to the security, continuity and management of our Services.
Article 4 - Usage and Log Data
When you use our Applications, websites or Services, we may automatically collect and process technical, operational and usage data.
This may include, among other things:
login and logout data;
date and time of use;
functionalities used;
user actions within the Applications;
IP addresses;
device information;
browser and system information;
error messages;
performance data;
audit logs;
security and access logs.
We process this data in order to:
provide the Applications and Services and ensure their proper functioning;
authenticate users;
ensure the security and integrity of our systems;
detect and prevent misuse, fraud and unauthorised access;
identify and resolve technical issues;
provide support and assistance;
improve performance, stability and user-friendliness;
perform statistical analyses;
comply with legal, contractual and security obligations.
This processing is based on the performance of the agreement, the pursuit of our legitimate interests relating to the security, continuity and improvement of our Services and, where applicable, on legal obligations.
Article 5 - Data You Enter into the Applications
Our Applications allow customers to store, manage, process and share data, documents and other information in connection with their own activities.
To the extent that such data contains Personal Data relating to clients, employees, suppliers, counterparties or other data subjects, the customer acts as the Controller and Innoverius acts solely as the Processor within the meaning of the GDPR.
Innoverius processes such Personal Data exclusively on behalf of and in accordance with the instructions of the customer, to the extent necessary for the provision, hosting, security, support, maintenance and further development of the Applications.
The rights and obligations of the parties with respect to such processing activities are further governed by a separate Data Processing Agreement (“DPA”), which forms an integral part of the contractual relationship between Innoverius and the customer.
Innoverius does not acquire any ownership rights in the data entered into the Applications by the customer and does not process such data for its own purposes, except where this is necessary for the provision of the Services, compliance with legal obligations or where expressly agreed between the parties.
Article 6 - Sub-processors and Hosting
For the provision of our Applications and Services, Innoverius relies on carefully selected service providers, infrastructure providers and other parties who, in certain cases, process Personal Data on our behalf or on behalf of our customers.
These parties may, among other things, be responsible for:
cloud hosting;
data centre services;
backups and storage;
network and security services;
email and communication services;
authentication and identity services;
monitoring and logging;
support and maintenance services;
AI Functionalities and related technologies.
Where such parties process Personal Data on behalf of Innoverius or its customers, they are appointed as (Sub-)processors in accordance with the applicable data protection legislation.
Innoverius selects only parties that provide appropriate technical and organisational security measures and, where legally required, enters into the necessary contractual arrangements, including data processing agreements and other data protection clauses.
Our infrastructure is primarily hosted within the European Economic Area. Where Personal Data is processed outside the European Economic Area or is accessible from outside the European Economic Area, Innoverius shall implement appropriate safeguards in accordance with Chapter V of the GDPR.
An up-to-date overview of the principal Sub-processors engaged for the provision of the Applications and Services may be obtained upon request or is made available through our contractual documentation.
Article 7 - Purposes and Legal Bases
Innoverius processes Personal Data solely for specific, explicit and legitimate purposes.
Depending on the relationship with the data subject, Personal Data may be processed, among other things, for:
creating and managing user accounts;
providing the Applications and Services;
hosting, securing and maintaining the Applications;
authentication and access management;
customer management and relationship management;
support and assistance;
invoicing, accounting and debt collection;
communication with customers, prospects and suppliers;
training courses, webinars and events;
monitoring, logging and security;
fraud prevention and incident management;
statistical analysis and product improvement;
the development of new functionalities;
marketing and commercial communications;
compliance with legal and regulatory obligations;
protecting the rights, property and interests of Innoverius, its customers and its users.
We process Personal Data solely on the basis of one or more of the following legal grounds as provided for in Article 6 GDPR:
Performance of a Contract
Where the processing is necessary for the preparation, performance or follow-up of an agreement with the data subject or the organisation they represent.
Legal Obligation
Where the processing is necessary to comply with a legal or regulatory obligation to which Innoverius is subject.
Legitimate Interest
Where the processing is necessary for the purposes of our legitimate interests, including:
network and information security;
fraud prevention;
product improvement;
customer management;
support services;
internal administration;
protection of our rights and interests.
For every processing activity based on a legitimate interest, we carry out a balancing test between our interests and the rights and freedoms of the data subjects.
Consent
Where processing is based on consent, such consent may be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.
Article 8 - Sharing Personal Data with Third Parties
Innoverius does not sell, rent or disclose Personal Data to third parties for their own commercial purposes.
Personal Data may only be disclosed to third parties where this is necessary:
for the performance of an agreement;
for the provision of our Applications and Services;
for compliance with legal or regulatory obligations;
for the protection of our rights, property or interests;
for the protection of the rights, property or interests of our customers, users or other data subjects.
Depending on the circumstances, Personal Data may be disclosed to:
competent public authorities;
supervisory authorities;
judicial authorities;
law enforcement and investigative services;
professional advisers, including lawyers, accountants and auditors;
insurers;
other parties where the data subject has given consent or where a legal basis permits such disclosure.
Where Personal Data is disclosed to third parties, this shall take place only to the extent necessary and in accordance with the applicable data protection legislation.
Innoverius takes reasonable measures to ensure that such third parties treat the Personal Data received as confidential and implement appropriate security measures to protect it.
Article 9 - Cookies and Similar Technologies
This website uses only strictly necessary cookies. These cookies are required for the technical operation and security of the website and cannot be disabled.
We do not use cookies for analytics, marketing or tracking purposes and do not collect data through cookies to profile visitors or monitor their browsing behaviour.
The necessary cookies used are deployed solely to ensure that the website functions properly and securely.
Article 10 - Retention Periods
Innoverius does not retain Personal Data for longer than necessary for the purposes for which it was collected and processed, unless a longer retention period is required or permitted pursuant to a legal obligation, a legitimate interest or a contractual obligation.
The retention period may vary depending on the nature of the data, the relationship with the data subject and the applicable legal obligations.
In general, the following principles apply, among others:
customer and contractual data is retained for the duration of the contractual relationship and for the period necessary for the exercise or defence of legal rights;
invoicing, accounting and tax data is retained for the legally required retention periods;
prospect data is retained for as long as a legitimate commercial relationship exists or until an objection is made to further processing;
marketing data is retained until consent is withdrawn or an objection is made to the processing;
security, audit and log data is retained for as long as necessary for security, operational and compliance purposes.
Where Personal Data is no longer necessary for the purposes for which it was collected, it shall be deleted, anonymised or otherwise processed in an appropriate manner so that the identification of data subjects is no longer possible.
Article 11 - Security
Innoverius implements appropriate technical and organisational measures to protect Personal Data against loss, destruction, alteration, unauthorised access, disclosure or any other form of unlawful processing.
In determining these measures, Innoverius takes into account, among other things, the state of the art, the costs of implementation, the nature of the processing activities, the scope of the processing activities, the context of the processing activities and the risks to the rights and freedoms of data subjects.
Our security measures may include, among other things:
access and authorisation management;
authentication and security mechanisms;
encryption where appropriate;
logging and monitoring;
network and infrastructure security;
backup and recovery procedures;
security updates and patch management;
organisational measures relating to confidentiality and data protection.
Although Innoverius makes reasonable efforts to protect Personal Data, no system, network or electronic transmission can guarantee absolute security.
If you suspect that Personal Data has been unlawfully used, that your account has been compromised or that a security incident has occurred, we request that you contact us as soon as possible using the contact details provided in this Privacy Statement.
Article 12 - Your Rights
Subject to the conditions and within the limits of the applicable data protection legislation, you have various rights in relation to your Personal Data.
You have, among others, the right to:
obtain access to the Personal Data we process about you;
have inaccurate or incomplete Personal Data corrected;
have Personal Data erased where the processing is no longer necessary or where required by law;
obtain restriction of the processing of your Personal Data in the cases provided for by the GDPR;
object to certain processing activities involving Personal Data;
receive the Personal Data you have provided to us in a structured, commonly used and machine-readable format and have it transferred to another Controller, to the extent provided by law;
withdraw any consent previously given at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.
You may exercise these rights by contacting us using the contact details provided in this Privacy Statement.
To prevent misuse, we may request appropriate verification of your identity before processing a request.
We endeavour to handle requests as quickly as possible and to respond no later than one month after receipt, unless the applicable legislation permits an extension of this period.
Article 13 - Contacts and Complaints
For any questions regarding this Privacy Statement, the processing of Personal Data or the exercise of your rights, you may contact Innoverius at:
Innoverius BV
Sint-Rochusstraat 7
9200 Dendermonde
Belgium
https://www.innoverius.com
If you have any questions, comments or complaints regarding the processing of your Personal Data, we kindly request that you contact us first so that we can seek an appropriate solution together.
If you believe that your Personal Data is being processed in violation of the applicable data protection legislation, you always have the right to lodge a complaint with the competent supervisory authority. In Belgium, this is the Belgian Data Protection Authority:
Belgian Data Protection Authority
Drukpersstraat 35
1000 Brussels
Belgium
https://www.gegevensbeschermingsautoriteit.be
In addition, you always have the right to seek a judicial remedy in accordance with the applicable data protection legislation.