> PRIVACY STATEMENT

D’hondt Insurance NV
Gistelsesteenweg 300
8200 Bruges
RPR: Ghent, Bruges division | FSMA: 0451 836 292
Insurance broker registered in the FSMA register with Ond. No. 0451836292

> WHO WE ARE

We value your privacy and whenever we handle your personal data, we do so in accordance with the provisions of the General Data Protection Regulation (GDPR) and the national laws that deal with the processing of personal data. The privacy legislation obliges us to make the information that we share in this privacy statement accessible to you. This privacy statement clarifies what measures we take to protect your privacy when you use our services or products and what rights you have. When we process your personal data, we are in most cases the "controller". This means that we determine the purpose and means of the processing. By purchasing our services and/or products, you agree that we may collect and process some personal data about you in accordance with the purpose described in our privacy statement. We invite you to read this statement carefully. Geert Lammertyn is our privacy coordinator who can be reached at geert.lammertyn@dhondt-insurance.com for any questions you might have or to exercise your rights. It is possible that this statement will be amended in the future. We therefore ask you to read the privacy statement on a regular basis.

> PROCESSING YOUR PERSONAL DATA

Personal data or personal data means any information about an individual that may allow that person to be identified. This is not data where the identity has been removed (anonymous data). We try to collect as little personal data as possible to achieve our goals.

We comply with data protection laws that require that the personal data we process about you:

  • Only collected for valid purposes that we have clearly explained to you.
  • Be used in a lawful, fair and transparent manner and thus used in a manner that is adequate, relevant and limited to what is necessary for the purposes for which they are processed.
  • Be accurate and updated as needed, no longer tracked as necessary for the purposes we told you about, and treated securely.

We may request certain information from you to enable you to purchase or use our goods or services. If we obtain your personal information in another way, we will state this in this privacy statement. If you have any questions, don't hesitate to contact our privacy coordinator.

More specifically, we will collect some or all of the following data elements:

  • VAT number
  • Bank account
  • Company Address
  • Business function
  • Profession
  • Payment overview, customer account
  • Date & time
  • Third party cookies
  • Electronic identification data
  • Electronic location data
  • Essential cookies
  • Photos / images
  • Signature
  • Content of correspondence
  • Customer file
  • Marketing cookies
  • Customer name
  • Performance cookies
  • Personal email address
  • Personal phone number
  • Professional phone number
  • Social media link
  • Home address
  • Permission
  • Work email address

We count on you to provide us with correct information. Let us know when data changes so that we can keep all data up to date. The processing of data must allow us to provide our services and products, to continuously improve our services and products available to you and to adapt them to your needs. More in particular, we carry out the following processing operations:

  • Newsletter / promotion

Description: Keeping clients informed about what the company has to offer

Purpose: As long as the user remains subscribed to the newsletter

Legal basis: Legitimate interests

Retention period: From contract termination, retention during the limitation period and/or limitation periods relevant to legal action

Data categories: Personal email address, Photos / images, Work email address, Customer name, Consent

Data is processed within the EU

  • Customer Appointments

Description: Registration of customer appointments on paper or on computer

Purpose: Availability / Calendar Management

Legal basis: Contract

Retention period: From contract termination, retention during the limitation period and/or limitation periods relevant to legal action

Data categories: Personal email address, Personal phone number, Professional phone number, Work email address, Customer name, Date & time

Data is processed within the EU

  • Customer prospecting

Description: Prospect information management

Purpose: To communicate goods and services to potential customers

Legal basis: Legitimate interests

Retention Period: All prospects not converted to customers will be deleted after 2 years

Data categories: Personal email address, Work email address, Customer name, Company address, Company function

Data is processed within the EU

  • Delivery of goods and/or services

Description: Delivery of goods and/or services to customers

Goal: Ensure correct delivery of goods and/or services, enable track & trace and feedback

Legal basis: Contract

Retention period: From termination of the contract, retention during the legal period and / or period relevant to legal action

Data categories: Home address, Personal email address, Personal phone number, Photos / images, Work email address, Customer name, Customer file, VAT number, Company address, Profession, Company function, Signature, Social media link

Data is processed within the EU

  • Communication with customers

Description: Communication with customers in paper or electronic form

Purpose: To provide good customer service

Legal basis: Contract

Retention period: From contract termination, retention during the limitation period and/or limitation periods relevant to legal action

Data categories: Personal email address, Work email address, Customer name, Company address, Company function

Data is processed within the EU

  • Customer billing and accounting

Description: Calculating the fee or compensation due, taking care of invoicing and obtaining payment

Goal: Ensure correct payment

Legal basis: Contract

Retention period: From contract termination, retention during the limitation period and/or limitation periods relevant to legal action

Data categories: Personal email address, Work email address, Customer name, Company address, Company function

Data is processed within the EU

  • Company website

Description: Company website that can be visited by clients, prospects and

all kinds of third parties

Purpose: To inform clients and prospects

Legal basis: Legitimate interests

Retention period: From contract termination, retention during the limitation period and/or limitation periods relevant to legal action

Data categories: Personal email address, Personal phone number, Professional phone number, Electronic identification data, Electronic localization data, Work email address, Essential cookies, Customer name, Third party cookies, Performance cookies, Marketing cookies

Data is processed within the EU

We are the controller for these processing operations. If you have given permission for a certain processing, you always have the right to withdraw this permission.

If you do not want your data to be processed, please contact us so that we can evaluate together whether a contractual relationship between us is possible and whether it is possible for you to continue to use our goods and/or services.

We also handle data from suppliers. When we collect, process and store data about our suppliers, we want to ensure that we only collect, process and store data that we really need and that we are allowed to process in this way. In our dealings with our suppliers, we typically collect, process and store the name, work email address and work phone number of the person(s) communicating with us. We also collect, process and store the VAT number of our suppliers. If we provide vehicles from our suppliers with parking or permitting on our premises, we may collect, process and store the registration number and time data of the visit if this is necessary for organizational or security reasons. The legal basis for the processing of the personal data is the conclusion and performance of an agreement. We use security measures that are functionally and technically in accordance with the best standards in the industry. We retain the data for the limitation period and/or limitation periods relevant to legal action.

> PROCESSING PERSONAL DATA IN YOUR ORDER

The specific nature of our relationship makes it unlikely that you will let us process the personal data of others. In the exceptional case that this does occur, we are the processor and you are the controller. We will then carry out your instructions for the processing, possible subcontracting, the fate of the data at the end of the contract and the possible transfer of data. We will therefore take the necessary security measures and assist you in fulfilling your obligations under the GDPR.

> SHARING PERSONAL DATA

We may need to work with third parties to provide certain services or products such as IT partners, insurance partners, accountancy partners, legal advisors. More specifically, we reserve the right to share your personal data with these partners:

  • Social Media – Facebook / Instagram

Data items: Customer name, Electronic identification data, Photos / images, Date & time, Electronic location data

Data is processed within the EU

META PLATFORMS IRELAND LIMITED (ex-Facebook) acts as data processor.

  • Social media – Linkedin

Data items: Customer name, Electronic identification data, Photos / images, Date & time, Electronic location data

Data is processed within the EU

LinkedIn Ireland Unlimited Company acts as data processor.

  • Marketing platform – Mailchimp

Data items: Personal email address

Data is processed within the EU

The Rocket Science Group LLC (Mailchimp) acts as data processor.

  • Website analytics and visitor statistics via partner

Data items: Electronic identification data, Date & time, Third party cookies,

Performance cookies, Electronic localization data

Data is processed within the EU

LinkedIn Ireland Unlimited Company acts as data processor.

If we receive your personal information from a third party that refers you to us, we will assume that this information was obtained directly from you or with your consent. If this is not the case, please let us know immediately. These third parties will typically act as data processors. Please note that social media platforms, trading platforms and permanent sales partners are often considered joint controllers. If you participate in an online conversation, meeting, conference,… know that all data you share is visible and/or audible to the other participants. Please keep this in mind before sharing your personal data, video, audio or other data. If you object to the sharing of your data, we ask you to contact us so that we can evaluate together whether a contractual relationship between us is possible and whether you can continue to use our services and/or goods. Please note that we may be legally obliged to process certain data and possibly pass it on to the relevant authorities. As this is a legal obligation, you cannot object to this transfer.

> SECURITY AND CONFIDENTIALITY

We want to keep your personal data safe and confidential and have put in place security procedures to prevent loss, misuse or alteration of this personal data. These procedures are functional and technical in accordance with the best industry standards.

> WEBSITE AND COOKIES

When you visit our website, cookies may be stored on your computer. They help to make visiting the website easy and improve your experience. When you visit our website you will receive information about the cookies we use and we will ask you to give permission for this. Each time you visit our website, the web server will also automatically process the IP address and/or your domain name. We may publish links to websites owned and operated by others. If you click on such a link, you will navigate to another website. Always make sure you read and understand the privacy statement of this other website, as it may differ from our privacy statement. If you are not sure or cannot agree with the privacy statement, we recommend that you leave the affected website immediately.

> SOCIAL MEDIA

If you use the social media functions such as e.g. “like” or “share” button that may be on our website, or if you visit our social media page, please know that your personal data will be processed by the social media platform. In this processing, the European regulator considers us and the social media platform both as joint data controllers, which means that we jointly determine why and how your personal data is processed. You can find out how we process your personal data in this privacy statement. Information about the processing by the social media platform concerned can be found in their privacy statement. We ask you to read the privacy statement of the social media platform carefully before visiting the social media items on our page or our page on the social media platform. If we are holding an event such as a networking event, opening event, premiere, etc., photographers or videographers may be present. The photos and videos they take are intended to be used in marketing materials and/or published on our social media pages. Where you are not the main subject of these materials, the guidance of the data protection authority is that your explicit consent is not required under GDPR. However, if you object to the use of materials on which you are depicted, please let us know.

> EXERCISE YOUR RIGHTS

In accordance with the General Data Protection Regulation (GDPR) / General Data Protection Regulation (GDPR) you have the right to:

  • Request access to your personal data (the data subject's right of access). This allows you to receive a copy of the personal data we hold about you.
  • Request improvement of the personal data we hold about you. This allows you to correct incomplete or inaccurate information we hold about you.
  • Request the erasure of your personal data. This allows you to ask us to delete all your personal data when there is no valid reason to keep it any further. You also have the right to ask us to delete your personal data if you have exercised your right to object to certain processing (see below).
  • To object to the processing of your personal data when we rely on our legitimate interest (or that of a third party) and you want to object to the processing on this basis because of your special situation. You also have the right to object when we process your personal data for direct marketing purposes.
  • Request the restriction of the processing of your personal data. This enables you to ask us to suspend the processing of your personal data, e.g. if you have questions about the accuracy of the data or the reason for the processing.
  • To withdraw your consent to a processing at any time.
  • Not to be subject to a decision based solely on automated processing.
  • Obtain your data in a structured, commonly used and machine-readable form and have it transferred to another controller.

In some cases, we will be required to request more special information from you so that we can confirm your identity and ensure that your right to access information (or the exercise of any other of your rights) is properly exercised. We take this measure to ensure that your personal information is not disclosed to any person other than yourself or to any other person who has no right to receive it. You can exercise your rights by contacting our privacy coordinator Geert Lammertyn via geert.lammertyn@dhondt-insurance.com or via the company's address:

D’hondt Insurance

attn. Geert Lammertyn

Gistelse Steenweg 302/0001, 8200 Brugge

> DATA PROTECTION AUTHORITY

Any complaint or comment can be addressed to the data protection authority at the following address:

Data Protection Authority

Drukpersstraat 35, 1000 Brussel http://gegevensbeschermingsautoriteit.be

Version: 24.06.2022

EN