Hi!

We respect your privacy. And that makes sense really. This privacy policy explains how we handle all kinds of data, including your personal details. We explain which of your personal details we save, how we process them and why we do this.

We guarantee that we treat your personal data confidentially and that we save it in an extremely secure environment. We never pass on your personal data to our commercial partners. Let’s be clear about that. 

We save and process your personal data in accordance with the rules of the GDPR, specifically Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and the national implementing legislation. In this privacy policy we use specific terms that are defined in those regulations (for instance, ‘personal data’, ‘processing’, ‘processor’, ‘controller’).

Who are we?

Value Square nv is a Belgian company with its registered office in Belgium: Schoonzichtstraat 23A, 9051 Ghent (Sint-Denijs-Westrem), Belgium. Our VAT number is BE 0885.750.253. We are responsible for the collection and processing of personal data via the website ('controller'). This means that we determine the purpose and means of this processing. 

Where do we save that data?

We save all our data in an extremely secure environment. We use services from Microsoft that provide all kinds of databases, depending on the type of data and purpose for saving the data. The servers Microsoft uses are at two different European locations and are extremely well secured. 

Of course, we have implemented appropriate technical and organisational measures to ensure the security of the processing of your data. Unfortunately, when it comes to the internet there is no such thing as a 100% guarantee. So, if someone were to break into our database at any point, you can’t claim damages for that, unless your harm is caused by a breach of our obligations under the GDPR. But we repeat, we apply high security standards that are tested regularly, both by ourselves as well as our auditors.

How long do we process that data?

We process all the data about you for as long as you are using our services. Once you are no longer a user, it depends on which data we are talking about. It sounds complicated, so we will explain.

We are legally obliged to keep certain data for a longer period. We fall under financial legislation, in particular, the Act of 18 September 2017 on the prevention of money laundering and the financing of terrorism. This Act is also called the Anti-Money Laundering Act. Well, the Anti-Money Laundering Act states in its Article 60 that we are obliged to save a number of details for 10 years after the collaboration has ended. In other words: after you have stopped using our services, we have to save a number of details for another 10 years. These are identification details and registration details of transactions. So, this is something we can’t avoid. However, all other personal data which we are not required to keep will be deleted immediately when you stop begin a customer.

In short, we retain your personal data for the length of time we need in order to do what we do, unless we are legally obliged to save it for longer.

Added to that, we may save your personal data longer if you have given us permission to do so, or if we require those details for court proceedings. We will of course do all we can to prevent us ever having to use your details as evidence in court.

Your rights

In principle, you have a number of rights based on the GDPR. Let’s take a moment to go through these rights. To start with, you have the right to request us to obtain access to your personal data, to obtain rectification or erasure of your personal data, or to limit the processing of your personal data. You also have the right to object to the processing of your personal data and the right to data portability. Furthermore, you have the right to withdraw your consent to the processing of your personal data at any time. It is a priority for us to respect all these privacy rights. It is, however, important to clarify that we must take the following particularities into account.

As said earlier, we are legally obliged to keep your identification data and transaction registration data for 10 years. Most of your GDPR rights do not apply to this storage. The Anti-Money Laundering Act, Article 65 to be precise, states the following: “The person whose personal data are processed in accordance with this Law does not have the right to access and correct his or her data, nor the right to be forgotten, nor the right to portability of these data, nor the right to object, nor to the right not to be profiled, nor to the notification of security failures.”

Your privacy rights do remain applicable to the processing of your personal data for commercial purposes, for example, the processing for events. This means, for example, that you have the right to request that we no longer process your personal data for these purposes, or to limit its processing.

If you want to exercise your rights, please send our DPO a mail. Please specify clearly which right you want to exercise. We do ask you to attach a copy of the front of your ID to your email for identification purposes.

To be clear

We are under the strict supervision of the financial supervisory authorities. This means that we have to check our users to see whether they are on international sanction lists, PEP (Politically Exposed Persons) lists or other official lists. For this purpose we use the surname, first name, date and place of birth. 

Consequently, no one can object to this processing. This also means that if we suspect money laundering or terrorism financing, we are obliged to pass on the personal data with additional information (evidence) to the competent authorities. The GDPR can’t prohibit this.