Privacy Policy

1. WHO WE ARE

“We”, “us”, “our”, SettleMint, CertiMint or Databroker DAO means SettleMint NV, with its registered office at Diestsepoort 1, 3000 Leuven, Belgium and with company number BE0661674810.

Your privacy is important to us, therefore we’ve developed this Privacy Policy, which sets out how we collect, disclose, transfer and use (“process”) the personal data that you share with us, as well as which rights you have. Please take a moment to read through this policy. We only process personal data in accordance with this Privacy Policy. SettleMint acts both as a “controller” and a “processor” of personal data. The controller of the personal data determines the purposes and means of the processing of personal data and the processor processes the personal data on behalf of the controller.

Personal data are all data that can be traced back to individual persons and identify them directly or indirectly; such as a name, phone number, location, email or home address.

Should you have any questions, concerns or complaints regarding this Privacy Policy or our processing of your personal data; or you wish to submit a request to exercise your rights as set out by the GDPR, you can contact us:

  • (a) Via mail: [email protected]
  • (b) By post: Diestsepoort 1, 3000 Leuven, Belgium to the attention of our Data Protection Officer.
This Privacy Policy was revised last on October 7, 2019

2. HOW AND FOR WHICH PURPOSE DO WE COLLECT YOUR PERSONAL DATA

2.1 Contact form

When filling in the contact form on our website, we need certain information about you in order to be able to answer your questions or requests.

We will use the information collected through the contact form only for the purpose of dealing with your request.

For this purpose, we collect the following data:

  • Name.
  • Company name.
  • E-mail address.
  • Phone number.
  • Any additional information you provide to us regarding your project.

Alternatively, you can contact us by email via [email protected], [email protected]

We process this information based on your consent as you provided this information freely to us.

2.2 Newsletter

In the event you register for our newsletter, your email address will be used in order to send you our newsletters, which may include invites to events, seminars, etc. organized by us. We strive to provide you with the most relevant information.

For this purpose, we collect the following data:

  • Name.
  • E-mail address.
  • Company.
  • Country.
  • What industry are you in.
  • What kind of role do you have.
  • What data categories interest you the most.

We process this information based on your consent as you provided this information freely to us.

2.3 DataMatch Service

In the event you contact our DataMatch Advisor, your email address will be used in order to send you the requested information. We aim to offer you the best DataMatch service possible.

For this purpose, we collect the following data:

  • Name.
  • E-mail address.
  • Company.
  • Country.
  • What industry are you in.
  • What kind of role do you have.
  • What data categories interest you the most.

We process this information based on your consent as you provided this information freely to us.

2.4 Website maintenance and improvement

In order to improve our website, we offer the possibility to provide us with feedback through the Hotjar tool. The providing of feedback, with or without the Hotjar tool is not mandatory nor required to view and browse our website.

For this purpose, we collect the following data:

  • Emoticon representing your general feeling about your experience.
  • Free text field.
  • Email address.
  • Connection with data related to visits (device-specific, usage data, cookies, behavior and interactions) of previous and future visits. Combination of feedback with any other feedback previously submitted from your device, location (limited to country), language used, technology used (device and browser), custom attributes (e.g. products or services you are using), your behavior and interactions (pages visited).

We furthermore use Google Analytics to provide us insights on the website performance, conversion rates and other visitor metrics. Google Analytics uses cookies in order to collect the data which is being processed. For more information on cookies, we refer to our cookie policy.

We process this information based on our legitimate interest.

2.5 (Potential) business connections

During any interaction with you, we may collect personal data for business and marketing purposes. Interaction may include events (collection of business cards), our options to contact SettleMint, or you when serving as a contact point for the collaboration with your company.

For this purpose, we collect the following data:

  • Company information (name, address, sector…);
  • Contact details (name, email-address and/or phone number…)
  • Job title;
  • Notes on our meetings/conversations/history in general;
  • Contract information, including billing.

We process this information based on our legitimate interest.

2.6 Cookies

Our website makes use of cookies to facilitate the rendering and functioning. For further information relating to our use of cookies, we refer you to our Cookie Policy.

We process this information based on legitimate interest.

2.7 Training

Under the name of Blockchainacademy.global, SettleMint organizes training sessions to which any individual can subscribe.

For this purpose, we collect the following data:

  • Name;
  • Email address;
  • Bank data.

We may furthermore ask the attendees of the training for feedback on the attended training, in order to improve our training activities.

For this purpose, we anonymously collect the following data:

  • Feedback.

We process this information based on the execution of a contract.

3. Do we share or transfer your personal data?

We actively and passively share data with a number of affiliated third parties which we engage to assist us in the execution of our daily activities. Active sharing means that the third party processes the information as input in the process of our collaboration with said third party. Passive sharing on the other hand means that we use a service/software provided and hosted by the third party, however the third party does not process the information as an input in the process of our collaboration with said third party.

Our passive sharing collaborations are:

#Third partyTypeDescription of collaboration
1DeloittePassiveWe use this supplier for accounting purposes.
2EventbritePassiveWe use this supplier for organization of training purposes. SettleMint actively processes the information and provides the training, while Eventbrite hosts the website on which individuals can register for the training.
3Google MailPassiveWe use this Software as a Service for digital communication purposes. SettleMint actively processes the information while Google hosts the software.
4LeadfeederPassiveWe use this Software as a Service for customer relationship management purposes. SettleMint actively processes the information while Leadfeeder hosts the software.
5MailChimpPassiveWe use this Software as a Service for newsletter purposes. SettleMint actively processes the information while MailChimp hosts the software.
6Microsoft Office LensPassiveWe use this Software as a Service for customer relationship management purposes. SettleMint actively processes the information and Microsoft provides the software.
7PipedrivePassiveWe use this Software as a Service for customer relationship management purposes. SettleMint actively processes the information while Pipedrive hosts the software.
8SurveyMonkeyPassiveWe use this Software as a Service for training feedback purposes. SettleMint actively processes the information while Pipedrive hosts the software.
9HotjarPassiveWe use this Software as a Service for website visit experience feedback. SettleMint actively processes the information, while Hotjar hosts the software.
10Google AnalyticsPassiveWe use this Software as a Service for website traffic analysis. SettleMint actively processes the information, while Google hosts the software.

For each of the above mentioned third parties, we have a data processing agreement, governing the use by these third parties and the protection of your personal data.

Besides the aforementioned affiliated third parties, we make use of social media and their plugins, which enable you to be directed to our social media channels and to interact with our content and employees. We do not however disclose your personal data to any of our social media partners.

Any reference made to you will be discussed with you upfront to obtain your consent.

These social media channels on which we are represented, and related management tools are:

  • Facebook;
  • LinkedIn;
  • Twitter;
  • Instagram;
  • YouTube;
  • Reddit;
  • Medium;
  • GitHub;
  • Telegram
  • Hootsuite

In the event you click such link, such social media service provider may collect personal data about you and may link this information to your existing profile on such social media. We are not responsible for the use of your personal data by such social media service provider. In this case, the social media service provider will act as controller.

4. What techniques do we use to protect the privacy of your personal data?

SettleMint has implemented technical and organizational measures that are appropriate to the obtained personal data. These safeguards are designed to secure all your personal data from loss and unauthorized access, copying, use or modification.

1. Technical measures:

  • Use of anti- virus, firewalls, etc.;
  • Authentication;
  • Encrypted hard disks;
  • Access restriction;
  • Encryption of data;
  • Secure backup.

2. Organizational measures

  • Access for specific persons;
  • Internal Privacy Policy for employees;
  • Training of employees;
  • Confidentiality clauses;
  • Incident &data breach management.

We can transfer your personal data to parties that are based outside the EEA. In such a case, we ensure that your personal data is processed in a country that has a similar degree of data protection and where at least one of the following safeguards is implemented:

  • Countries that have been deemed to provide an adequate level of data protection by the European Commission;
  • Where we use specific providers, we may use specific contracts approved by the European Commission which gives personal data the same protection it has within the EEA;
  • Where we use providers based in the US, we may transfer your data if they are certified under the EU-US Privacy Shield, which requires a similar level of data protection as if it was processed within the EEA.”

5. How long do we keep your personal data?

We retain your data for as long as it is necessary for the fulfillment of the purposes we collected it for. In some circumstances we may anonymize your personal data -which means it can no longer be associated to you- for research or statistical purposes in which case we may use this information without further notice to you.

In cases where local law requires it, we retain your personal data for the following period:

#DataRetention
1Hotjar website visit experience feedback1 year
2CV obtained through external recruiters2 years
3CV uploaded via our website1 year

6. WHAT ARE YOUR RIGHTS

You have rights under the GDPR in relation to your personal data. We have summarized them for you in a clear and legible way. To exercise any of your rights, please send us a written request in accordance with paragraph 1 of this Privacy Policy. We will respond to your request without undue delay, but in any event within one month of the receipt of the request. In the case of complex requests or many requests, we may extend this period with two additional months. In such case, we shall inform you of the extension within one month of the receipt of your request and the reasons for the delay.

6.1 The right to be informed

In accordance with Article 12 of the GDPR, we as controller shall take appropriate measures to provide any information referred to in Articles 13 through to 22 and Article 34 relating to processing of your personal data in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by you, the information may be provided orally, given that your identity is proven.

Where we obtain personal data, collected directly from you, we shall provide you with:

  • Our contact details.
  • The contact details of our data protection officer where applicable.
  • The purposes of the processing for which the personal data is intended, as well as the legal basis for the processing.
  • Details of the purposes for processing in case of legitimate interests.
  • The recipients of the personal data, if any.
  • Where applicable, the intention to transfer personal data to a third country or international organization and the existence or absence of an adequacy decision by the Commission and any appropriate or suitable safeguards.
  • The period for which the personal data will be stored.
  • Information on further processing other than for the purposes originally stated, prior to further processing.

Where we obtain personal data, not collected directly from you, we shall provide you with:

  • The information as mentioned in the paragraph above, on information we collected directly from you.
  • The identity and contact details of the controller/controller’s representative.
  • The contact details of the data protection officer where applicable

6.2 The right to access

In accordance with Article 15 of the GDPR, you have the right to ask us if we process personal data concerning you. In the case that we process your personal data, you have the right to ask us:

  • The purpose for which it is been processed;
  • Which personal data;
  • Duration of the retention;
  • The source of data (third party or automated processing such as profiling);
  • Safeguards related to transfer;
  • A copy of the data.

Note that for any additional copies, we reserve the right to charge a reasonable fee to cover administrative costs.

6.3 The right to rectification

In accordance with Article 16 of the GDPR, you have the right to request a correction of the stored personal data concerning you if they are inaccurate or incorrect.

6.4 The right to erasure (right to be forgotten)

In accordance with Article 17 of the GDPR, you have the right to request that your personal data held by us is erased. In other words, you have the right to be forgotten by us if:

  • Personal data is no longer necessary in relation to the purpose for which it was collected;
  • You withdraw your consent for the processing and we based our processing on your consent;
  • No overriding legitimate grounds for processing are presented by the controller in response to the objection by the data subject;
  • The personal data has been unlawfully processed;
  • The personal data has to be erased for compliance with legal obligations;
  • The data subject is younger than 16 years and consent of the holder of parental responsibility has not been obtained.

The right to be forgotten does not apply for:

  • Exercising the right of freedom of expression and information;
  • Compliance with legal obligations which requires processing by law;
  • Reasons of public interest in the area of public health;

Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

6.5 The right to restrict processing

In accordance with Article 18 of the GDPR, you have the right to restrict the processing of your personal data (meaning that the personal data may only be stored by us and may only be used for limited purposes), if:

  • You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
  • The processing is unlawful, and you request restriction (as opposed to exercising the right to erasure);
  • We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims;
  • You have objected to processing, pending the verification of that objection.

In addition to our right to store your personal data, we may still otherwise process it but only:

  • With your consent;
  • For the establishment, exercise or defense of legal claims;
  • For the protection of the rights of another natural or legal person;
  • For reasons of important public interest.

We will inform you before we lift the restriction of processing.

6.6 The right to data portability

In accordance with Article 20 of the GDPR, you have the right to receive your personal data, which you have provided to us, in an understandable and readable format.
You furthermore have the right to transmit that data to another organization without hindrance from us if our processing of the data was based on your consent and is processed in an automated manner.
Where technically feasible, you have the right to have your data transferred directly by us to the organization.
Exercising your right to data portability shall be without prejudice.
Note that the right to data portability does not apply if:

  • The processing is necessary for the performance of a task carried out in the public interest.
  • The processing is in the exercise of official authority vested in us.
  • It adversely affects the rights and freedoms of others.

6.7 The right to object to processing

In accordance with Article 21 of the GDPR, you are entitled to object to the processing of your personal data, meaning that we have to terminate the processing of your personal data. The right of objection exists only within the limits provided for in art. 21 GDPR. In addition, our interests may prevent the processing from being terminated, so that we are entitled to process your personal data despite your objection.

6.8 Automated individual decision-making, including profiling

In accordance with Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you.

This right shall not apply if the decision is:

  • Necessary for entering into, or performance of, a contract between you and us.
  • Authorized by Union or Member State law to which we are subject, and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests.
  • Based on your explicit consent.

6.9 Right of appeal to a supervisory authority

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Belgium, you can submit a complaint to the Authority for the protection of personal data:

7. AMENDMENTS TO THE PRIVACY POLICY

In a world of continuous technological change, we will need to update this Privacy Statement on a regular basis.

We invite you to consult the latest version of this Privacy Statement online and we will keep you informed of important changes through our website or through our other usual communication channels.