Privacy

Privacy policy

1. General

Herbert nv, with registered office at Molenstraat 45, 9820 Merelbeke and registered under number BE 0447.733.093 (hereinafter ” Herbert”), considers the protection of personal privacy to be extremely important. Herbert wishes to inform its customers and users as much as possible about its services, while respecting their data and giving them control over what happens to them. Herbert wants to manage and use its customer data safely, respectfully and with due diligence in order to provide better service to its customers and to offer the best possible experience. Herbert therefore starts from the principle that everyone must have control over their personal data. Below, you will find information about what data Herbert collects, why, how long for and how you can control it.

Herbert invites its customers to take the time to thoroughly review this Privacy Policy, together with the General Terms and Conditions for Managed Hosting & Cloud Services and any other conditions that may apply to its products and services.

2. Applicability

This Privacy Policy applies to all our customers (current, former and future) and to all visitors to the Herbert website(s).

The European General Data Protection Regulation 2016/679 of 27 April 2016 (“General Data Protection Regulation”), the law of 8 December 1992 (“Privacy Act”), the law of 13 June 2005 (“Electronic Communications Act”) and the accompanying implementing decrees, as well as any future changes hereto, regulate the protection of your personal data.

Herbert strives to fulfil its obligations and to respect the rights of the customer whenever Herbert processes your personal data. For more information about this, Herbert would like to refer you to the website of the Commission for the Protection of Privacy [https://www.privacycommission.be/en].

3. Processing of personal data and responsibilities

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The personal data that Herbert collects and processes, primarily concerns the data that customers enter themselves via the various pages of our website(s) and that Herbert obtains through your use of our website(s) and/or our products and/or services.

Herbert acts as the responsible party for processing the personal data of its customers for the purposes as described in this Privacy Policy.

This does not detract from the fact that the customer has a number of obligations in connection with the processing of personal data that allows the customer to use Herbert’s products and services. In this capacity, the customer must always obtain, where necessary, the legally required authorisations from the end users for the processing of their personal data by Herbert insofar as necessary within the framework of Herbert’s products and services.

4. Purposes

Herbert processes personal data for various purposes, whereby the only data processed is that which is necessary to achieve the intended purpose.

Thus, we use personal data:

  • When we have received permission;
  • In the context of the preparation or performance of our contract;
  • To comply with the legal or regulatory provisions to which we are subject; and
  • When Herbert has a justified interest in this, such as, for example, as the case may be, direct marketing, fraud prevention, internal administration management or monitoring of appropriate network and information security, in which case we always strive for a balance between that interest and respecting the privacy of the person concerned.

Insofar as required, and with permission, Herbert collects personal data for the following concrete objectives:

To process an application for our products and services.

If you visit our website to collect and/or request information about our products and services, or if you sign up for Herbert’s newsletter, for example, then Herbert needs your address details. All information that Herbert receives about you during this pre-contractual phase will only be used by Herbert to provide you with the requested information, in the way that you want. In addition, if you ultimately decide to become a customer at Herbert, Herbert will ask you for a number of personal details, such as name, address, telephone number, e-mail address and customer number, and Herbert will also assign certain data to you, such as login details.

To provide the best service and to inform about usage options.

Herbert uses personal data for setting up, maintaining and supporting products and services, and for administrative purposes.

To provide information about (new) products and services from Herbert.

Herbert may use personal data to offer (in writing, by telephone or electronically) new products, services or special promotions that Herbert believes may be of interest to you. Of course, you can opt out of this type of message (see further).

To track performance.

Herbert may use personal data and consumer profiles to evaluate its products and services. This includes, among other things: requesting feedback on services (for example, via market research), data obtained during answers to customer questions, fraud detection and quality assurance.

To comply with legal obligations.

In many cases, Herbert is legally obliged to keep certain personal data and/or communicate them to government agencies, for example, in the context of general tax and accounting obligations. In the context of a police or judicial investigation, Herbert can be obligated to communicate certain data to the requisite authorities in a confidential manner.

5. Security

Herbert strives at all times to protect personal data and privacy, both in its physical offices and on the Herbert network. Herbert ensures appropriate organisational and technical measures to secure personal data.

If a data breach should occur with adverse consequences for personal data, the customer is personally notified under the conditions provided for by law.

The number of Herbert employees who have access to personal information is limited and they are carefully selected. These employees are granted access to personal information insofar as they need this information to perform their duties properly.

The existence and content of the personal communication that takes place via the Herbert network (for example: email traffic, hosting…) is protected by the provisions for telecommunications secrecy. This means that Herbert and its employees may not have any knowledge of the existence or content of such communication, outside of the exceptions enumerated by the law.

Herbert’s websites sometimes mention links to third-party sites (social media, organisers of events sponsored by Herbert) whose terms of use do not fall within the scope of this Privacy Policy. Please read carefully their policy on the protection of personal data.

6. Provision of data to third parties

Herbert does not sell personal data to third parties nor is data passed on to third parties unless this is necessary for our service provision or there is a legal obligation.

If Herbert should provide personal data to third parties by other means, this will be done with an explicit communication, in which an explanation about the third party is given, together with the purposes of the transfer and processing. Where required by law, Herbert obtains express and unambiguous consent from the data subject. The data subject also always has an option to object (see below).

In regard to the international transfer of personal data, Herbert protects all personal data in accordance with the level of protection required by European regulations.

In some cases, Herbert uses anonymous, aggregated data for commercial purposes or for external reporting. This data can never be traced back to a specific individual.

7. Rights of the data subjects

You can exercise a number of rights regarding the processing of your personal data with respect to Herbert, insofar as you have those rights under the applicable legislation.

You can exercise these rights by using the contact details mentioned under point 10 of this Privacy Policy. Herbert will respond to such requests and may or may not comply with such requests in accordance with applicable law and in principle within a period of one (1) month, also in accordance with applicable law.

In order to exercise your rights and to prevent any unauthorised disclosure of your personal data, you must provide us with proof of your identity. We therefore ask that you preferably attach a copy of the front of your identity card to your application. The application can be sent using the details mentioned under point 10 of this Privacy Policy.

If you consider it necessary, you can also contact, or file a complaint with, the Data Protection Authority (Belgian Privacy Commission) ( commission@privacycommission.be).

Right of objection

You have the right to object at any time to the processing of your personal data based on the legitimate interest of Herbert on grounds relating to your particular situation. If you object, Herbert will no longer process such personal data unless Herbert demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right of access and transparency

You have the right to access the data (free of charge) that relate to you and to obtain a copy of these personal data. You can also ask us:

  • Whether we process personal data about you;
  • For what purposes we process them;
  • Which categories of personal data we process;
  • With which categories of third parties we share your personal data;
  • What the origin of the processed data is;
  • What your rights are.

Right to rectification and erasure

As a data subject, you are entitled to have incomplete, incorrect, inappropriate or outdated personal data corrected or supplemented. In order to keep your data up to date, we request that you notify us of any changes, such as if you move house.

You also have the right, without undue delay, to have your personal data deleted if and insofar as:

  1. the personal data are no longer required for the purposes;
  2. there is no longer a legal ground for the processing;
  3. you object to the processing, and there are no overriding legitimate grounds for the processing by Herbert;
  4. the personal data have been unlawfully processed; or
  5. the personal data must be erased for compliance with a legal obligation that applies to Herbert.

Herbert will send you a confirmation message after complying with a request for erasure. In the case of partial erasure, Herbert will also explain why the request could not be fully met.

Depending on the nature of the request, it is possible that some services can no longer be offered by Herbert. Herbert is also not always able to erase all requested data, for example, to comply with legal obligations (e.g. in order to meet accounting and fiscal obligations, Herbert is required to retain invoicing data for a maximum of 7 years).

Right to restriction of processing

As a data subject, you also have the right to have Herbert restrict the processing of your personal data, if and insofar as one of the following applies:

  1. you contest the accuracy of the personal data, in which case the processing is limited during a period enabling Herbert to verify their accuracy;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. Herbert no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
  4. you have objected to processing, pending the verification whether the legitimate grounds of Herbert override those of the data subject.

In case of restriction of processing, the data may still be stored by Herbert.

Right to data portability

For personal data that are (i) processed in the context of the performance of the agreement, (ii) provided by yourself and (iii) processed through automated processes, you as a data subject have the right to obtain these data from Herbert in a structured, commonly used and machine-readable format, and to request Herbert to transmit those data directly to another party, providing technically possible, if you wish to switch providers.

8. Contact details

Questions or requests regarding personal data or this Privacy Policy can be addressed at any time to:

Herbert NV
Molenstraat 45, 9820 Merelbeke
Tel: +32(0)9 223234
e-mail: herbert@herbert.be