PRIVACY POLICY
(version effective as from 20.05.2021)
-
Protecting your personal data is very important to us. This Privacy Policy informs how The ArtGency SRL, which commercial name is LenArt (“us”, “we” or “our”) collects and processes your personal data, notably through your use of our website www.lenart.be (“Website”); called “Services” and their functionalities.
-
For the purpose of the relevant data protection legislation, the data controller responsible for your personal data is The ArtGency SRL whose registered office is located at Boulevard Saint-Michel 4, 1150 Brussells.
-
We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise any of your legal rights, please contact the DPO using the details set out below:
-
Email address: info@lenart.be
-
Postal address: The ArtGency SRL, Boulevard Saint-Michel 4, 1150 Bruxelles.
4. It is important that the personal data we hold about you is accurate and up to date. Please inform us about any relevant changes during your relationship with us using the contact details as set out in the previous paragraph.
5. Terms not otherwise defined in this Privacy Policy have the meaning given to them in our Terms and Conditions which are available on our Website.
6. Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Services, we encourage you to read the privacy notice of every third-party website you visit.
WHAT DATA WE COLLECT ABOUT YOU
7. Personal data, or personal information means any information about an individual from which the person can be identified. It does not include data from which the identity of the natural person cannot be derived (anonymous data).
-
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
-
-
Identity Data like your first and last name, date of birth, National Registration number, copies of identification documents, username, password, biometric data such as your facial image or movie and any other information we need to verify your identity or prove your eligibility to use our Services.
-
Contact Data includes billing address, delivery address, e-mail address and telephone number.
-
Technical Data is data about your device or other equipment including information on the internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the type of mobile device you use, device’s IMEI number, the MAC address of the device’s wireless network interface, mobile phone number used by the device, information stored on your device (including, if you allow us, access to contact information from your address book, login information, photos, videos or other digital content).
-
Usage Data is information about your usage of our Services, your browsing actions and patterns. This may be based on cookies, logs or similar technologies. It may include uniform resource locators (URL), clickstream, services you searched, viewed or used, length of visits, page interaction information. For more information about cookies, please see our Cookie Policy.
-
Location data is data determining your location using GPS technology or IP address.
-
Information from social media networks or online accounts - information from any account that you share with us.
-
-
We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
HOW WE COLLECT PERSONAL DATA
-
Direct interactions. This is information you give us by filling in forms on the Website or by corresponding with us. You give us the information when you fill in a form or report a problem regarding our Services etc. The information may include Identity Data, Contact Data.
-
Automated technologies or interactions. Each time you interact with our Website or use our Services we may automatically collect Technical Data, Usage Data and Location Data.
-
Third parties or publicly available sources. We may receive personal data about you from third-party and public sources as set out below:
-
-
Business partners (such as art galleries ou resellers of art and/or design pieces),
-
Credit reference agencies, fraud prevention agencies or data brokers, including bodies charged with tasks in the public interest (e.g. the Official Belgian Gazette, the Central Individual Credit Register (CICR) and the file of non-governed registrations (ENR) of the National Bank of Belgium (NBB),
-
Advertising networks, analytics providers and search information providers based inside and outside the EU,
-
Providers of technical, payment and delivery services.
-
-
Specific cases of personal data collection. In some cases we can collect information about you whereas you do not have a direct relationship with us in the capacity of one of our clients as such. This may happen if you are for example the beneficiary of a payment made by one of our clients or if you are a client’s
-
-
family member or heir
-
co-borrower / guarantor,
-
legal representative or contact person;
-
ultimate beneficial owner (UBO)
-
debtor (in case of bankruptcy),
-
creditor (in case of seizure requests);
-
shareholder, director or partner,
-
staff member.
-
LEGAL GROUNDS AND PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA
-
We will only process your personal data in accordance with the applicable laws, for the following legitimate purposes and based on the following legal grounds
-
Contract. In some cases, we need your personal data to conclude a contract with you and to carry out our obligations relating to your contract with us or in order to take steps at your request prior to entering into a contract. If you have not concluded a contract with us, we do not process your personal data on the basis of a contract. We may, however, use your personal data for other purposes, such as fraud detection. We always check first whether using your personal data for those other purposes is permitted.
-
Legal obligation. We process your personal data to adhere to statutory requirements. As a credit intermediary, we are subject to various legal obligations which require us to process your personal data. These include our obligations to combat and prevent fraud, money laundering and terrorist financing (AML-CTF) and our obligation to adhere to the rules of conduct in economic and financial law. In some cases, we are also subject to the obligation to disclose your personal data to judicial authorities, intelligence agencies and regulatory and supervisory authorities such as the Financial Services and Markets Authority (FSMA), the European Central Bank (the ECB), the National Bank of Belgium (NBB) and the Federal Public Services Economy and Finance (FPS Economy & FPS Finance). We must also comply with a number of obligations in application of the Foreign Account Tax Compliance Act (FATCA).
-
Legitimate interest. We have the right to process your personal data if it is necessary for the purposes of the legitimate interest pursued by the controller (us) or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Legitimate interests on the basis of our processing activities are for example the following:
-
-
Research. We study possible trends, problems, root causes of errors and risks in order to prevent complaints and losses. This way, we are able to intervene and issue a warning in time, if need be. We also study trends and our clients’ preferences for the purpose of analyzation and continuous development of the products and services we offer.
-
New and improved products and services. We use our clients’ personal data for the purpose of deploying and developing our products and services in order to keep up with our clients’ evolving wishes and expectations.
-
Marketing relating to our products and services. We process your personal data for the purpose of direct marketing communications through analyzing your needs, preferences, habits and situation, and to market and/or communicate our products and services to you.
-
Risk management and protection of our legal rights. We use your personal data for the purpose of improving our risk management and to defend our legal rights, including:
-
providing evidence of transactions you are involved in or communications between you and us;
-
fraud prevention, for instance by detecting theft of your identity or credentials (e.g. phishing, theft of your ID document), unauthorized access to your data or device (hacking attempts);
-
IT management, including infrastructure management, business continuity and IT security;
-
establishing statistical models, (e.g. in order to assess your client profile type);
-
performing internal control and audit;
-
enforcement of claims and defense within legal disputes.
-
-
-
Public interest. We have the right to process your personal data if and insofar as it is necessary for reasons of substantial public interest (such as ensuring effective AML-CTF processes).
-
Consent. We may process your personal data if you have given us prior consent to do so for one or more specific purposes. You have the right to adapt or withdraw your consent at any time and free of charge. Adaptation or withdrawal of your consent will not affect past processing activities (the previous processing of your data remains lawful) but will affect and possibly annul those processing activities which were previously based on your consent in the event no other legal ground is available to us to rely on for the specific processing activity.
-
Further processing. We may use your personal data for other purposes than the purpose for which your personal data was initially collected. In that case, the new purpose must be in line with the purposes for which your personal data was initially collected. In those cases, we will always check first if such further use of personal data is permitted, taking into account your rights and interests.
USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES
-
If you have previously purchased a product or service from us, we are legally allowed to keep you informed about similar products and services we offer that are suited to your needs. This also applies if you are a visitor to our Website. In order to do this properly, we use various sources, such as the personal data that we received from you in the context of our online forms and contracts, and information we collect about you through your use of our Website. The use of social media data depends on the privacy settings you use on social media sites. Also other sources of information, including public sources, are relevant. We will always check first whether a public or another source of information can be used reliably. Where applicable, we will check whether you, as a client, have consented to the use of personal data that comes from another party. You have the unconditional right to object to our use of your personal data for direct marketing where this direct marketing is based on our legitimate interest and includes profiling and this at any time and free of charge. You can object to direct marketing by sending an email to info@lenart.be .
-
When you visit our Website, we may, upon your specific consent, show you direct marketing material of our products or services or product or services of third-party partners which are deemed to be relevant to you personally. In such cases your data will not be transferred to such third-party partners. You have the unconditional right to adapt or withdraw your consent to our use of your personal data for direct marketing of third-party partners’ products and/or services, and this at any time and free of charge. Withdrawal or adaptation of your consent is possible by sending an email to info@lenart.be . Please note that in such cases of withdrawal you will continue to see marketing material from third parties, which will however not be direct marketing and not based on your personal data, when using our Website.
-
We may, upon your specific consent, transmit advertisements of our products or services or products or services of third parties to you by e-mail or telephone. In such cases your data will not be transferred to such third-party partners. You have the unconditional right to adapt or withdraw your consent to our use of your personal data for direct marketing of third-party partners’ products and/or services, and this at any time and free of charge. Withdrawal or adaptation of your consent is possible by sending an email to info@lenart.be . In cases of withdrawal we stop sending you advertisements by e-mail or telephone.
-
When you visit our Website, we can show you advertisements which we deem relevant to you personally based on cookies and similar technologies. In that case, you must have consented to our use of cookies and similar technologies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. For more information about cookies, please see our Cookie Policy. You have the unconditional right to adapt or withdraw your consent to our use of your personal data for direct marketing of third-party partners’ products and/or services, and this at any time and free of charge. Withdrawal or adaptation of your consent is possible by sending an email to info@lenart.be . In the event of withdrawal of your consent, you will only see generic advertisements from then on.
WHO DO WE SHARE YOUR PERSONAL DATA WITH
-
In order to fulfill the aforementioned purposes, we only disclose your personal data to:
-
-
Know Your Customer (KYC), analytical and cyber security providers,
-
Other service providers which process personal data on our behalf, we do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
-
Commercial partners.
-
Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law,
-
Certain regulated professionals such as debt collection agencies, lawyers, notaries or auditors.
-
any other third party, but only subject to your prior consent.
-
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
-
In case of international transfers originating from the EEA to a non-EEA country which the European Commission has recognized as providing an adequate level of data protection, your personal data will be transferred on this basis. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EEA and the US.
-
For transfers to non-EEA countries of which the level of protection has not been recognized by the European Commission as adequate, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:
-
-
Standard contractual clauses approved by the European Commission;
-
Binding Corporate Rules.
-
HOW LONG DO WE KEEP YOUR PERSONAL DATA
-
We will retain your personal data for the duration required for the purposes of processing as set out above, in order to comply with applicable laws and regulations or as is necessary with regard to our operational requirements, such as account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
-
The period for which we will retain information about you will vary depending on the type of information and the purposes that we use it for. For instance:
-
-
data used for AML purposes - for 10 years as of the single transaction or as of the end of the contractual relationship;
-
data kept as a proof of transactions - for 10 years as from processing of the transaction concerned;
-
customer complaints - for 5 years as from the complaint concerned;
-
prospects data used for marketing purposes - for 3 years from the collection of the data concerned;
-
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM
-
In accordance with applicable regulations, you have the following rights:
-
-
To access: you can obtain information relating to the processing of your personal data, and a copy of all your personal data that is processed by us.
-
To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data be modified or completed accordingly.
-
To erase: you can require the deletion of your personal data. We are not always able to do this, however, and we do not always have to agree to do this, for example if we are required by law to keep your personal data for a longer period of time.
-
To restrict: you can request a restriction of the processing of your personal data if:
-
you think that your personal data is incorrect;
-
you think that we are not supposed to process your personal data;
-
we want to destroy your personal data but you still need it (e.g. after the retention period has ended).
-
-
To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing
-
To data portability: where legally applicable, you have the right to have the personal data you have provided to be returned to you or, where technically feasible, transferred to a third party.
-
To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
-
To ask that we do not make our decision solely based on automated processes, including profiling. You can object to such an automated decision, and ask that a person reviews it unless such decision is authorized by applicable law to which we are subject.
-
-
You can exercise the rights listed above using the details set in Point 3. Please note that in case you contact us by Email or post you are required to provide at least your first and last name, signature and a copy of your ID document. Otherwise we won’t be able to identify you and, consequently, take actions on your request. If you make a request on behalf of someone else, you must provide evidence of your authority to make such request.
-
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
-
We try to respond to all legitimate requests within one month.
COMPLAINTS
-
If you have any complaints regarding this Privacy Policy or on how we protect or use your data, please contact our DPO using the contact details as set out above in Point 3. Please note that in case you contact us by Email or post, you are required to provide at least your first and last name, signature and a copy of your ID document. Otherwise we won’t be able to identify you and, consequently, reply to your complaint.
-
If you have any concerns about our use of your personal data or if you feel like we have not addressed your questions or concerns adequately, you have the right to lodge a complaint at any time with the Belgian Data Protection Authority, which regulates and supervises the processing of personal data in Belgium, by e-mail to contact@apd-gba.be, via their helpline on +32 (0)2 274 48 00 or by writing to Rue de la Presse 35, 1000 Brussels; or
We would, however, appreciate the chance to deal with your concerns before you approach the relevant authority so please contact our DPO in the first instance.
CHANGES TO THIS POLICY
-
As changes in the law or in our services and products may affect the way we use your personal data, we reserve the right to amend or modify this Privacy Policy, in accordance with the applicable laws. We will inform you of any material changes through our Website or through other usual communication channels. Your continued use of the Website after a modification of this Privacy Policy entails your acceptance of the modified Privacy Policy.