10th of July 2019 version
Webulous cares about the respect of your privacy and of your rights in the matter of the protection and the control of your personal data. That's why the object of this charter is to inform you completely and transparently on the way your data might be processed by Webulous.
Webulous sprl, established Konkelstreet 105/16 at 1150 Brussels, with as VAT/BCE number : BE 0721 652 086, proposes its services as digital agency to professional clients. Webulous is only active on the B2B market and does not propose any services to private individuals.
In extension, the digital agency Webulous is a collaborative network made of the following Belgian companies :
- Essentia Design (BE 0876 941 168)
- Grade2 (BE 0835 088 440)
- IT4Today (BE 0864 403 127)
- Tipos Consulting (BE 0844 794 774)
- Zero Gravity (BE 0863 923 867)
In this privacy protection charter, we will use the name "Webulous" to design the sprl Webulous extended to the whole of the companies that constitute the collaborative network.
If you have any question concerning this charter or the use of your personal data, you can contact us by email at the address email@example.com or by post at the address hereabove.
Webulous commits itself to act in complete transparence, in the respect of the law of the 8 December 1992 relative to the privacy protection in regard to the personal data processing and, from the 25 May 2018, to the European reglementation 2016/679 of the 27 April relative to the protection of physical people in regard to the personal data processing and to the free circulation of these data (« GDPR »).
2. Context in which Webulous may process your personal data
The activity of the digital agency Webulous includes providing its professional clients the following services :
- Strategy and consultancy in digital matter
- Design and graphic creation
- Web and application development
- Hosting and infrastructure
Webulous also proposes the Webulous.io service, an online platform for real estate professionals.
In this context, Webulous can be in charge, for its clients, of collecting, processing or storing personal data. Webulous acts thus as "subcontractor" on instruction of its clients who act each as "controller".
The terms "subcontractor" and "controller" have the meaning which is given them inside the GDPR.
3. The data we process
Webulous is allowed, as subcontractor acting according to the client's instructions, to process the personal data of the controller in the limits necessary to provide of the services requested by him and being the object of a signed quote or of a contract.
The type of personal data that we process and the categories of people concerned are determined and controlled by the controller, at his only discretion.
4. Webulous engagements as subcontractor
Webulous engagements as subcontractor :
- To process the personal data only for the ends that are the object of the subcontract.
- To process the personal data only on documented instruction of the controller, including what concerns the transfer of personal data to another country or to an international organisation.
- To inform the client if, in his opinion and according to the information he has, one of the client's instructions transgresses the GDPR dispositions or other dispositions from the European Union or a Member State of the European Union in the matter of personal data protection.
- To guarantee the confidentiality of the processed personal data.
- To ensure that people authorised to process the personal data :
- commit themselves to respect the confidentiality or are submitted to a legal appropriate confidentiality obligation.
- receive the necessary formation in the matter of personal data protection.
- According to the controller's choice, to suppress all personal data or to send them back to the controller at the end of the service delivery related to the processing, and to destroy the existing copies, unless the right of the European Union or of the Member State requires the conservation of personal data.
- If possible, to help the controller to carry out his obligation of following up the demands that the concerned people ask in order to exerce their rights : right of access, rectification, deleting and opposition, right to the processing limitation, right to the data portability, right to not be the object of an automatised individual decision (including the profiling).
- To take into account, about its developments or services, the principles of data protection from the conception (privacy by design) and of by default data protection (privacy by default).
- To notify to the controller every eventual violation of personal data as soon as possible after having learned about it and to provide the necessary precisions.
- To help the controller in the realisation of impact analyses concerning data protection as well as the realisation of the preliminary consultation of the control authority.
5. Subcontract and communication of the data to third parties
Within the scope of its activities, each company (hereunder individually called the "initial subcontractor") member of the Webulous collaborative network can call upon the services of the other members of the network as subcontractors (hereunder individually called the "ulterior subcontractor").
Webulous certifies that each company of the collaborative network, signator of this charter, presents sufficient guaranties for the implementation of technical and organisational measures appropriated in order for the processing to respond to the GDPR requirements.
In case of the addition or replacement of an ulterior subcontractor within the scope of a mission or a contract involving the processing of personal data, the controller is informed of it by the initial subcontractor and has the possibility to put forward objections against these changes. It should be noted that Webulous reserves the right to call upon third party providers without the client's preliminary authorisation on the condition that these third party providers don't have access to personal data.
The initial subcontractor, who concluded the contract or the mission, remains plainly responsible in front of the controller of the execution by the ulterior subcontractor of his obligations.
Within the scope of the contract or of the mission, personal data may be transmitted to the ulterior subcontractor, but only within the scope fixed by the controller and always in compliance with the RGDP requirements concerning the subcontraction.
In addition, within the scope of its accomodation and infrastructure activities, Webulous calls upon the services of the French company OVH as ulterior subcontractor. The conformity guarantees are open for consultation on the website of the company www.ovh.com.
Lastly, if required, we may convey personal data when it's required from the judiciary or administrative authorities, in the respect of the applicable legislation.
6. Security measures
Webulous is very careful concerning the security and confidentiality of personal data.
We do everything to guarantee a security level adapted to the risk by taking the appropriate technical and organisational measures in order to avoid any violation of personal data, accidentally or illicitly, if it is a destruction, a loss, an un authorised divulgation, an abusive use, an alteration or unauthorised access to collected data, to guarantee an appropriate security and always protect the personal data.
Seeing the state of the knowledges, the costs of the establishment and of the nature, the impact the context and the ends of the processing as well as the risks, the taken measures include for instance, according to the needs :
- the pseudonymisation and the encryption of the personal data ;
- the means allowing to guarantee the constant confidentiality, integrity, availability and resilience of the processing systems and services ;
- the means allowing to re-establish the availability of personal data and the access to it in the appropriate time in case of a physical or technical incident.
Webulous continually evaluates and improves its security measures.
7. Data localisation
Within the scope of our accomodation services, we only store data on servers located within the European Union.
For the operational management of its activities, Webulous can call upon online services such as Dropbox or Office 365. The data stored via these services are only localised within the European Union or within a country recognised by the European Union as ensuring an adequate protection level of the personal data ("Adequacy decision").
8. Cookies use
When you visit our website or the website of one of the members of our collaborative network, you accept for the cookies to be installed on your computer to record certain informations. Our cookies don't allow to identify you personally. They are used mostly to make the website work and to improve your user experience, for instance by memorising the chosen language.
A cookie is a small file, containing a chain of caracters, and which is sent to your computer when you visit a website. The life duration of this cookie depends on its nature. It can either be a "temporary" cookie which only stays on your computer during your visit on the website, or a "persistant" cookie which is conserved until it expires or until you suppress it.
We may use the following cookies on our websites :
- The "strictly necessary" cookies, which are temporary technical cookies, essential to allow you to surf on the website and use its functionalities.
- The "functional" cookies, are persistant cookies which allow the website to memorise your use preferences. We record for example the chosen language to activate it automatically when you visit the website the next time. Without these cookies, the user would systematically need to reselect the language of his choice.
- The "analytic" cookies. We use the analytic cookies, as those of Google Analytics or Facebook, to dispose of aggregated data on the time passed on our website or on the visited pages.
- The "third party" cookies, are cookies susceptible of being placed by third party websites or external components. We use external components to improve the user experience on our website (example : instant messaging system, virtual visits, video reader,...). These cookies are submitted to the respective confidentiality policies of these external services (for example, the confidentiality policy of Youtube).
9. Your rights
The controller is fully responsible for the information of the concerned people concerning their rights and the respect of these rights, including the rights of access, rectification, deleting, limitation or portability.
If you are a Webulous client, in compliance with the applicable legislation, you have at your disposal, at any time, access rights, rights of rectification, of deleting, of processing limitation, of opposition against the processing, and the right of partability of your personal data, as well as the right to not be the object of a decision solely based on an automatised processing, including profiling.
If you have any question about the use of your personal data or to exerce one of your rights, you can introduce a demand by email at the address firstname.lastname@example.org or by post à the postal address mentionned in point 1. Every demand should be accompanyed by a proof of your identity.
You also have at your disposal a plea right to the Data Protection Authority at the address : Pressstreet 35 at 1000 Brussels, tel. : 02/274.48.00 – e-mail : email@example.com, without prejudice to any other effective judicial remedy.
We reserve the right to bring modifications to the present charter in order to take into account every legal, case law or technical evolution. Only the last version will prevail.