PostProval

PostProval social media scheduling

Privacy policy

1. Introduction

1.1 General

The website https://www.postproval.com (hereinafter the “Website“), the platform PostProval (hereinafter the “Platform“) and the PostProval application (hereinafter the “Application”) are provided by PostProval (formally registered as De Roy, Britt) (hereinafter “we” and “us“). Any person who visits our Website (hereinafter the “Visitor“) as well as any social media manager / marketeer who wishes to access and use the Platform or Application for managing the social media accounts of its clients and with whom we have concluded a contract (Terms and Conditions)(hereinafter the “Customer“) almost inevitably discloses certain personal data. This personal data constitutes information that allows us to identify you as a natural person, whether or not we actually do so. You are identifiable as soon as it is possible to create a direct or indirect link between one or more personal data and you as a natural person. The Visitor and Customer is also referred to collectively in this privacy statement as “you/your“.

We use and process your personal data in accordance with the General Data Protection Regulation (“GDPR“) and other relevant legal provisions. Any reference in this privacy statement to the GDPR is a reference to the Regulation of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

Through this privacy statement, you are informed of the processing activities we may carry out with your personal data.

This Privacy Statement applies when we act as a ‘controller’ of the processing of personal data of our Website, Platform and Application. In other words, when we determine the purposes (the “why”) and means (the “how”) of the processing of that personal data.

Through the Platform and the Application, personal data can also be processed of clients of the Customer. For that processing however, PostProval does not act as a ‘controller’ and thus does not determine the purposes and the means of that processing. In that case, PostProval acts as a ‘processor’. This means that PostProval processes that personal data on behalf of the Customer while the Customer determines the purposes and the means of that processing. So the Customer acts as the controller for the processing of its clients data.

Please read this privacy statement carefully and make sure you understand it.

1.2 What is personal data?

Personal data is defined in the GDPR as “any information relating to an identifiable person who can be identified, directly or indirectly”. Personal data, in simpler terms, is any information about you that makes it possible to identify you. Personal data includes obvious information, such as your name and contact details, but also less obvious information, such as identification numbers, electronic location data and other online identifiers.

1.3 Changes

We may update this policy from time to time by posting a new version on our Website. This may be necessary, for example, if the law changes, or if we change things in a way that affects the protection of personal data. We recommend Visitors to check this page occasionally to ensure that you are happy with any changes to this privacy statement. If you are a Customer, we have your email address and we undertake to notify you of any significant changes to our privacy statement by email.

2. Contact details

Our Website, Platform and Application are provided and operated by De Roy, Britt under the trade name PostProval. We are registered in Belgium under registration number 0628.483.883 and our registered office is located at Ijzerlaan 24, 8600 Diksmuide.

You can contact us:

(a) by post, to the postal address set out above;
(b) via the contact form on our Website; or
(c) by e-mail, using hello@postproval.com.

3. What personal data are processed and how are they used?

3.1 Information processing

Depending on the capacity in which you visit or use our Website/Platform/Application, we may collect and process the following personal data.

3.1.1 Visitors

    Categories of personal data of Visitors

    Processing purposes

    Legal basis

    Storage period(*)

    Technical data:

    • IP address

      geographical location

      browser type and version

      operating system

      reference source

      duration of your visit

    page views and website navigation paths, as well as information on the timing, frequency and pattern of your use of the service.

    The source of the technical data is the use of non-necessary cookies.

    The technical data may be processed for the purpose of analysing/improving the use of the Website.

    • Consent

    See our Cookie statement. on our Website.

    The source of the technical data are the use of necessary cookies.

    • Our legitimate interests, so that the Website functions technically in accordance with necessary cookies as referred to in our Cookie Statement.

    Communication data

    = all information you provide when contacting us, e.g. via social media, phone, email or the contact form on our Website.

    When you contact us via the contact form:

    • First name;

      Email;

      Message.

    The source of the communication data is the information you provide when contacting us.

    Communication data may be processed for the purpose of this communication with you and record keeping.

    • Our Legitimate Interest, to be able to respond to requests, questions or comments or to contact you for questions of any kind (e.g. when you contact us via social media, phone , email or the contact form on our Website).

    The data will be kept for maximum 3 years after the response.

    Newsletter data (direct marketing):

    • First name;

      Family name;

      Email.

    The source of the newsletter data is the information you provide to us when you subscribe to the newsletter.

    Newsletter data is processed in order to send you newsletters, for which you have given your consent. You may unsubscribe at any time by clicking on the “unsubscribe” link in the relevant e-mail or by any other action described therein.

    • Consent

    Your data will be processed until you unsubscribe.

3.1.2 Customers

    Categories of personal data of Customers

    Processing purposes

    Legal basis

    Storage period(*)

    Technical data:

    • IP address

      browser type and version

      operating system

      reference source

      duration of your visit

    page views and website navigation paths, as well as information on the timing, frequency and pattern of your use of the service.

    The source of the technical data is the use of non-emergency cookies.

    The technical data may be processed for the purpose of analysing/improving the use of the Platform and the Application.

    • Consent

    See the Cookie Statement on our Website.

    The source of the technical are the use of necessary cookies.

    • Our legitimate interests, so that the Platform and the Application function technically in accordance with necessary cookies as referred to in our Cookie Statement.

    Account details

    • Login details: Email (user ID) and pseudonymized password.

      First name

      Last name

      Address

      Telephone number

      Company details (company name, address, legal form).

    The source of the account data is the information you provide when creating your account.

    Account data may be processed to enable and administer your use of our Platform and Application.

    • Execution of a contract between you and us

      At your request, taking steps to enter into such a contract.

    The data is stored for the duration of the agreement. After the termination of the agreement, we can still keep the account details if you do not delete your account yourself immediately, so that your progress on the Platform would not be lost when you enter into a new contract with us. After 3 years of inactivity, however, we will delete your account on the Platform.

    Communication data

    = all information you provide when contacting us, e.g. via social media, phone or email.

    The source of the communication data is the information you provide when contacting us.

    Communication data may be processed for the purpose of this communication with you and record keeping.

    • Our Legitimate Interest, to be able to respond to requests, questions or comments or to contact you for questions of any kind (e.g. when you contact us via social media, phone or email).

    The data will be kept for maximum 3 years after the response.

    Transaction and billing data

    • First name;

      Last name;

      Email;

      Company name;

      VAT number;

      Company address;

      Credit card number;

      Bank card number.

    The source of transaction data is the information you provide to us to be able to pay for using our Platform services. Transaction and billing data may be processed for the purpose of delivering the services and keeping proper records of those transactions.

    • Execution of a contract between you and us

      At your request, taking steps to enter into such a contract.

    Personal data is kept for the duration of the agreement. After termination of the agreement, personal data will be kept for another seven years in order to comply with the legal obligation (tax obligation).

    Newsletter data (direct marketing):

    • First name;

      Family name

      Email.

      Country

    The source of the newsletter data is the information you provide to us when you subscribe to the newsletter.

    Newsletter data is processed in order to send you newsletters from PostProval, for which you have given your consent. You may unsubscribe at any time by clicking on the “unsubscribe” link in the relevant e-mail or by any other action described therein.

    • Consent

    Your data will be processed until you unsubscribe.

In addition, we may process your personal data when this is necessary to comply with a legal obligation to which we are subject (such as tax legislation). Without prejudice to the above, we may keep your personal data when this would be necessary for the establishment, exercise or defence of legal claims, whether in legal proceedings or in administrative or extrajudicial proceedings. The legal basis for this processing is our legitimate interests, namely the protection and exercise of our legal rights.

Furthermore, we may keep (internal) personal data, in particular name, company name and email of banned Customers who have seriously damaged our trust and, despite repeated requests, do not comply with our rules of conduct described in our platform Terms and Conditions. We base this on our legitimate interest: prevention of fraud, criminal offences and misconduct. The list is kept indefinitely and is only accessible to a very limited group of persons within our company.

3.2 Processors

A processor is a natural or legal person who processes personal data at our request or on our behalf. We may sometimes contract with this party to provide certain products and/or services. In other words: We use processors because it is necessary for the provision of services. In this case, we will enter into a written agreement with the processor whereby the security of your personal data is guaranteed by the processor. The processor will always act in accordance with our instructions.

We use the following categories of processors:

  • Companies we have engaged for marketing purposes;
  • Companies we have engaged for ICT technical support and hosting purposes;
  • Companies that we have engaged for communication purposes;
  • Companies we have engaged for analytical purposes;
  • Companies we have engaged for payment purposes.

4. Provision of your personal data to third party services

We will not share your personal data with third parties (other than processors) for any purpose, subject to the following exceptions.

In some circumstances, we may be legally obliged to share certain personal data, including yours, if we are involved in legal proceedings or in order to comply with legal obligations, a court order or the instructions of a government authority.

5. International transfer (outside EEA) of your personal data

In general, we will store or transfer your personal data only within the European Economic Area (the “EEA”). The EEA consists of all EU Member States plus Norway, Iceland and Liechtenstein.

Exceptionally, your personal data can also be stored in or transferred to countries that are not part of the EEA. are known as “third countries”. For example, the United States, to be able to solve technical issues with Google authenticator. Such third countries may have weaker data protection laws than those in the EEA. This means that we take extra steps to ensure that your personal data is treated as safely and securely as it is in the EEA.

We use specific contracts with external third parties approved by the European Commission (also known as Standard Contractual Clauses: SCC) for the transfer of personal data to third countries. The SCCs guarantee the same level of protection of personal data as would apply under the GDPR. In addition, additional measures are taken to protect your data from unauthorised access. More information is available from the European Commission.

6. Your rights

Some rights are complex and not all details are included here. Please therefore read the relevant provisions and guidelines of supervisory authorities for a full explanation of these rights.

You can exercise your rights in relation to your personal data by notifying us in writing at hello@postproval.com.

We will respond to your request within one month of receipt. We will normally aim to provide a full response within that time. However, in some cases, particularly if your request is more complex, more time may be required, up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

6.1 The right to inspection

You have the right to confirm whether or not we are processing your personal data and, where we are doing so, to have access to the personal data, together with certain additional information. This additional information includes details on the purpose of the processing, the categories of personal data concerned and the recipients of the personal data. Provided that the rights and freedoms of others are not affected, we will provide you with a copy of your personal data. The first copy will be provided free of charge, but additional copies may be provided for a reasonable fee.

6.2 The right to rectification

You have the right to have inaccurate personal data about you corrected and, taking into account the purposes of the processing, incomplete personal data about you completed.

6.3 The right to erasure (‘right to be forgotten’)

In some cases, you have the right to have your personal data deleted without undue delay. These circumstances include:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw your consent to a processing based on consent;
  • You object to the processing according to certain rules of the applicable data protection law (the GDPR);
  • the processing is for direct marketing purposes; and
  • personal data has been unlawfully processed ;
  • the personal data must be deleted in order to comply with a legal obligation incumbent upon us.

However, there are exclusions from the right to erasure. The general exclusions include where processing is necessary:

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation incumbent upon us; or
  • for the establishment, exercise or defence of legal claims.

6.4 The right to restrict processing

In some cases, you have the right to restrict the processing of your personal data. These circumstances are: you dispute the accuracy of the personal data; the processing is unlawful, but you oppose its erasure; we no longer need the personal data for our processing, but you need the personal data for the establishment, exercise or defence of legal claims; and you have objected to the processing, pending verification of that objection.

If processing is restricted on this basis, we may continue to store your personal data. However, we will only process them in other ways: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for important reasons of public interest.

6.5 The right to object to the processing

You have the right to object to our processing of your personal data for reasons relating to your particular situation, but only insofar as the legal basis for the processing is that it is necessary for the purposes of the legitimate interests pursued by us or by a third party. If you raise such an objection, we will cease processing the personal data unless we can demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or that the processing is for the establishment, exercise or defence of legal claims.

In addition, you have the right to object to our processing your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you object, we will cease processing your personal data for this purpose.

Furthermore, you have the right to object to our processing your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out in the public interest.

6.6 The right to data portability

Insofar as the legal basis for our processing of your personal data is based on:

(a) consent;
(b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; or
(c) such processing is carried out automatically,

you have the right to receive your personal data from us in a structured, commonly used and machine-readable format.

However, this right does not apply when the rights and freedoms of others would be affected.

6.7 The right to lodge a complaint with a supervisory authority

If you believe that our processing of your personal data is in breach of the General Data Protection Regulation (GPA), you have the right to lodge a complaint with a supervisory authority responsible for data protection. In Belgium, the supervisory authority is the Gegevensbeschermingsautoriteit (GBA). Data subjects from other Member States have the right to lodge a complaint with their own national supervisory authority. For an overview of the contact details of these authorities, click on this link.

Gegevensbeschermingsautoriteit (GBA)
Rue du Printing 35, 1000 Brussels
+32 (0)2 274 48 00
contact@apd-gba.be
https://www.gegevensbeschermingsautoriteit.be

6.8 The right to withdraw your consent

Insofar as the legal basis for our processing of your personal data is consent, you have the right to withdraw such consent at any time. Revocation does not affect the lawfulness of the processing prior to the revocation.

Curious?
Book a free demo

In 15 minutes you’ll get to know PostProval and all its possibilities.