Privacy & Data Retention Policy

We greatly value your privacy at Inventive Designers (Inventive Designers NV, with registered office at Sint-Bernardsesteenweg 552, 2660 Hoboken, Belgium with company number 0453.758.377).

This Privacy & Data Retention Policy (“Policy”) sets out the way in which Inventive Designers collects and processes (uses, stores, shares etc.) personal data regarding you as a customer or as an end-user authorized to use our products and related services (together the “Services”) by a subscriber to our Services, as well as any information you submit or post when accessing and using the Services in accordance with the applicable terms (the “Service Terms”). This Policy also sets out the process for retention and deletion of any such data and information.

Inventive Designers protects your personal data and acts in accordance with the provisions of applicable data protection legislation, in particular the EU General Data Protection Regulation.

For any queries you may have regarding this Policy, please contact the Inventive Designers Data Protection Officer at dpo@inventivegroup.com.

Inventive Designers reserves the right, in its sole discretion, to modify this Policy at any time with digital or written notice of the change (the level of detail to be decided by Inventive Designers at its sole discretion). We encourage you to subscribe to privacy policy updates using the form below to stay informed about the latest version of the Policy. In the event of any disagreement with the Policy, your sole remedy is to discontinue use of the Services or, where applicable, invoke your right to object or withdraw your consent to the processing of your personal data (as set out hereunder).

1. Personal data regarding subscribers and authorized users

1.1 What kinds of data do we collect?

Personal data that you provide regarding yourself may include (without limitation) name, contact details (physical and digital), billing and payment information, job title and employer, information regarding your use of the Services (notably information regarding your internet connection and system as well as origin and destination pages), as well any information that you voluntarily include in your account profile or provide in your online and in-person communications with us (e.g. on our web forum or blog, or through third-party providers).

Moreover, you may provide us with personal data such as name and e-mail address for any individual that you authorize to log into and utilize the Services in connection with your account.

1.2 What do we do with this data, and for which purposes?

We process these categories of personal data for one or more of the following purposes:

(i) performance of the Services and of our contractual obligations towards you or the subscriber;
(ii) customer management and billing;
(iii) administering your account with us;
(iv) communicating with you, including responding to your comments, questions, and requests, and providing customer service and support;
(v) verifying and carrying out financial transactions in relation to payments you make online;
(vi) auditing the uploading and downloading of data through the Services;
(vii) measuring and monitoring the use of the Services;
(viii) improving the quality and content of the Services; and
(ix) direct marketing, promotion and personalising of our Services, notably through the use of profiling and electronic messages.

In relation to point (v), we reserve the right to request information about subscribers and their authorized users from other third parties such as credit reference agencies. We will add this information to the information we have previously processed about subscribers and their authorized users so as to enable us to (1) provide goods or services to subscribers and their authorized users; (2) improve and enhance their buying experience; and (3) contribute to money laundering and fraud prevention.

Where we make such a request we will inform you of whether any record of the search will be recorded on a credit file.

In relation to point (vii), we reserve the right to extract information about subscribers’ and authorized users’ online user experience using own or third-party tools. We will add this information to the information we have previously collected about subscribers and their authorized users and may use it for the processing purposes.

The processing of the personal data for purposes (i) to (iv) is necessary for the performance of the contract between you and Inventive Designers.Processing for the purpose (iv) is necessary for the performance of the contract or carried out within the framework of the legitimate interests Inventive Designers holds to process the personal data: supporting and improving the quality of the Service. Processing for purposes (v) to (viii) is carried out within the framework of the legitimate interests Inventive Designers holds to process these personal data: prevention of fraud or misuse of services; marketing research and service improvement purposes. Processing for the purpose (ix) is carried out in part also in the framework of Inventive Designers’ legitimate interests, and for the surplus, where required by law, based on the consent of the subscriber or authorized user.

1.3 Your rights

You are entitled to review and to request the rectification of such personal data. Furthermore, you are entitled to object to the use of your personal data for direct marketing purposes. You also have the right to ask for a copy of all your personal data which are processed by us, where technically feasible. As from 25 May 2018, you will also be entitled to exercise the right (i) to object to processing based on legitimate interests, (ii) to data portability, (iii) to data export, (iv) to erasure and (v) to lodge a complaint with the Belgian Privacy Commission,

To exercise these rights or update your profile, use the preferences link at the bottom of marketing emails, or email dpo@inventivegroup.com.

Finally, you have the right to lodge a complaint with the Belgian Privacy Commission regarding the processing of your personal data by Inventive Designers.

2. Personal data regarding recipients and other Service Data

2.1 What kinds of data do we collect?

When using our Services, you may also provide us with additional information by creating, inputting, submitting, posting, transmitting, storing or displaying it. Such information may include personal data that you choose to include, including personal data regarding others (such as their name and contact details, as well as other personal data). To the extent that you submit any personal data of others, you represent and warrant that you have informed them of the processing of their data in accordance with this Policy and, where required, have obtained their consent thereto.

We refer to any information described above as “Service Data” for purposes of this Policy. All Service Data is subject to our technical safeguards.

2.2 What do we do with this data, and for which purposes?

We process Service Data solely for the purposes of providing the Services as data processor, in accordance with the instructions of our subscriber as data controller and as per our contract with the subscriber.

2.3 Data subject rights

In this context, if you have any question in relation to the exercise of your rights as data subject, please contact the subscriber. Any recipients of the Services should also be informed by the subscriber that Inventive Designers may process their data as data processor on behalf of the subscriber as data controller, and that they should address any queries directly to the subscriber.

3. Log files from the use of the Services

3.1 What kinds of data do we collect?

Inventive Designers gathers certain information automatically and stores it in log files. This information includes (but not limited to) internet protocol addresses, browser, internet service provider, referring/exit pages, operating system, date/time stamp, and click-stream data as well as certain personal information such as username, user e-mail address and other

information that may be included in log files. Our application log files are subject to the same strict data security policies and procedures as apply to the rest of our Services. The foregoing information can be linked and may be combined automatically with your personal data and user accounts.

3.2 What do we do with this data, and for which purposes?

We process these categories of personal data for one or more of the following purposes:

(i) providing technical support to our subscribers and authorized users;
(ii) auditing the uploading and downloading of data through the Services;
(iii) measuring and monitoring the use of the Services (among others for performance and security reasons); and
(iv) improving the quality and content of the Services.

The processing of the personal data of categories (i) and (ii) is necessary for the performance of the contract between a subscriber and Inventive Designers and of the license granted to the user to access the Services. Categories (iii) and (iv) are processed within the framework of the legitimate interests Inventive Designers holds to process these personal data: prevention of misuse of services; marketing research and service improvement purposes.

3.3 Your rights

We refer to section 1.3 above as regards your rights as data subject with respect to the processing of personal data in log files.

4. Disclosure and transfer of your personal data

Your personal data may be shared with:

(i) any third party acquiring part or the whole of Inventive Designers;
(ii) recognized financial or bank institutions whose intervention is necessary for the smooth running of the payment procedure;
(iii) our agents and service providers (for example: providers of web hosting, cloud storage or maintenance services);
(iv) credit reference agents – see above in this respect;
(v) third parties in any other case where we are required to do so by law or if we believe that such action is necessary to prevent fraud or cybercrime or to protect the Services or the rights, property or personal safety of any person.

When (iii) implies the transfer to a third country or international organisation, their will either be an adequacy decision by the European Commission, the company will participate in the EU-US Privacy Shield Framework, or the standard data protection clauses adopted by the European Commission will have been signed.

We maintain a list of service providers (subprocessors) that we might share personal data with. You can consult this list here, and subscribe to updates using the form below to stay informed of changes.

If you have any queries about the processing of your data by such third parties for their own purposes, please contact the third party in question. To the extent that this processing goes beyond the scope of purposes set out above, the third party is fully responsible for such processing, and Inventive Designers can in no way be responsible or liable for such processing.

We may also disclose aggregate statistics about users and recipients of our Services in order to describe our Services to prospective partners, advertisers, sponsors and other reputable third parties and for other lawful purposes. These statistics will not include information through which you may be identified.

5. Cookies

Our Services use cookies. A cookie is a small amount of data sent by our server to your web browser, which loads or stores this data on your device automatically. The use of cookies enables Inventive Designers to deliver the Services and to provide faster and more efficient access to returning users of our Services.

For the avoidance of doubt, when referring to “cookies” in this Policy, we also refer to HTML5 local storage objects (LSOs), ‘web beacons’ and ‘pixels’ and other forms of web or local tracking or storage techniques.

You do not need to accept all cookies to use all features of our Services, but by rejecting all cookies you will be unable to use even the most basic functionality thereof.

For any further information on cookies and how to disable them individually or globally, please go to www.allaboutcookies.org.

5.1 What information is collected?

We collect information, provided by you directly or through trusted partners, that may include, for example, information about your operating system, the webpages accessed through our Services, the link that led you to our Services, the dates and times you accessed our Services or any e-mail content, and geolocation information.

Where any of the above-mentioned information, alone or combined with other information, would constitute personal data under applicable laws, the sections above on personal data will apply to the processing of such information.

5.2 What cookies do we use and why?

Through our Services, we use the information collected via cookies to provide our Services, to customize (the content of) our Services for you, to see how you visit various sections and use various features of our Services, to monitor how many users we have for our Services and which webpages have been viewed, and finally, in general, to improve and manage our Services.

For these purposes, we and our service providers may use the following categories of cookies through our Services:

• Strictly necessary cookies – These cookies are used for the sole purpose of (i) carrying out a transmission of a communication over an electronic communications network, or (ii) allowing us to provide the Services or any other information society service explicitly requested by you.
• Performance (analytics) cookies – These cookies collect information about how visitors use our Services, for instance which pages visitors go to most often, and if they get error messages through our Services. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. These types of cookies are only used to improve how our Services work.
• Functionality cookies – These cookies allow our Services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features, to improve your web experience.
• Marketing cookies – These cookies are used to deliver marketing messages more relevant to you and your interests by collecting information about the pages you visit and the interactions you have with the Services. They are usually placed by marketing software with our permission.
• Social media cookies – These cookies are used based on social media connection functionalities or when you make use of a social media add-on button, e.g. clicking on the ‘Like’ icon on a webpage. Social media features and widgets are either hosted by a third party or hosted directly on our Services.

Session cookies allow website operators to link your actions during a browser session. A browser session starts when you open the Internet browser window and finishes when you close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted. Persistent cookies, on the other hand, are cookies which remain on your device for the period of time specified in the cookie. We use both session and persistent cookies.

You can find more information about the individual cookies used for our Services, and the specific purposes for which these cookies are used, in the overview below.

5.3 Cookies used for our Services 

Our Services use strictly necessary as well as functional cookies. We use the following cookies:

• Product-specific (e.g. Scriptura Engage) session cookie: allows us to link your actions to a browser session and to remember you are logged in. They are present as long as your browser session is active. They are named SSOcookie, JSESSIONID or PHPSESSID.
• AWS Load Balance cookie: used to redirect your browser to the backend server responsible for remembering your session. They are present as long as your browser session is active. They are named AWSELB
• Full Story Cookie: this is used when the FullStory option is enabled for your account. It allows us to give better support in case of problems and to help reproduce problems. You can block FullStory cookies and functionality by visiting https://www.fullstory.com/optout/Web
• Application Firewall: this allows us to determine whether you are an actual human visiting our service (as opposed to a robot that might overload or otherwise abuse our system) They can be preserved from 30 minutes to several days.
• Google Analytics: allows us to assess how you and other web users use this website, and this information is essential in helping us to continuously improve our website’s functionality. They can be preserved from 30 minutes to 2 years. To avoid collecting personal information, we anonymize IP addresses.
• HotJar: allows us to assess how you and other web users use this website, and this information is essential in helping us to continuously improve our website’s functionality. No personal information is collected. This information is retained for 1 year. These cookies are optional and can be declined by visiting https://www.hotjar.com/legal/compliance/opt-outor by using Do Not Track headers.

5.4 Web analytics

We use the following analytics-related cookies on our Services:

• HubSpot: allows us to assess how you and other web users use this website, and this information is essential in helping us to continuously improve our website’s functionality. They can be preserved from 30 minutes to 10 years. This cookie is optional and can be declined in the cookie banner.

5.5 Use of Social Plugins

We use the following social plugins, which may set specific cookies:

• LinkedIn (for more information on this plugin, please visit https://www.linkedin.com/legal/cookie-policy
• Twitter (for more information on this plugin, please visit https://twitter.com/en/privacy
• Facebook (for more information on this plugin, please visit https://www.facebook.com/policies/cookies

6. For how long do we retain this data?

We retain this data for as long as is required for the purposes set out above in this Policy and shall delete such data after such time.

In general, we retain this data throughout the duration of the customer relationship and afterwards in accordance with the applicable statute of limitations, unless:

•  we or the subscriber reasonably consider that the data ceases to be relevant and necessary for the purposes of providing the Services – for instance, after an authorized user’s account is terminated or defaulted, any data related thereto will be deleted one calendar year after such termination or defaulting; or
• we, the subscriber or the authorized user have technically built in an earlier expiry date (e.g. for cookies or for e-mail promotions).

Beyond the end of a subscriber’s subscription, we only retain such data to the extent that this is likely to be required for litigation and dispute management purposes, to the extent requested by the subscriber (e.g. archiving) or to the extent required by law (e.g. personal data on invoices). Beyond the end of a subscriber’s subscription, Inventive Designers reserves the right to keep data for supporting, measuring and monitoring the Services.

In the absence of a customer relationship, we retain the relevant data only for as long as is reasonably necessary for lead conversions.

We reserve the right to retain aggregate and anonymized data for analytics and marketing purposes for as long as we deem it useful, it being understood that we take measures to ensure that there remains no personal data therein.