Privacy Policy

What do we do with your data?

We take your picture and send it to your email address. [All UX flows]

We may also post your picture on a private photo gallery. [UX flow 1]

We also send your picture, email address and the answers you may have typed in to our client. [UX flows 2-3]

We also send your picture, email address and the answers your typed in to our client so you can receive special offers and promotions from our client. [UX flow 4.1]

We also send your picture to our client so they can reuse it, for example by publishing it on their social networks account or on their website. [UX flow 4.2]

We use algorithms to extract certain patterns (your mood, look, age range, gender) that we aggregate to provide our client with socio-demographic insights. [UX flow 5]

We process the following categories of personal data about you:
-The picture representing you and the other persons on the picture; [All UX flows]

-Your email address; [All UX flows]

-The answers that were asked by our client and that you were invited to fill in (which may include, your age, gender, postal address, etc.); [UX flows 2-3-4.1-4.2 if Q&A]

-On an aggregated basis, limited socio-demographic data : your gender (female-male-undefined), your mood (negative-neutral-positive), your look (afraid-angry-disgusted-happy-sad-surprised), your age range (from 0-4 years, then every 5 years, until 60+ years) [UX flow 5]

We process your data for the following purposes:

-Sending the picture to your email address; [All UX flows]

-Posting your picture on a privately accessible photo gallery; [UX flow 1]

-Transfer your picture to our client as well as your answers to the questions our client asked so that it can know you better. Our client is not authorized to use your personal data for marketing purposes and will not use your picture for corporate internal or external communications (e.g. post your picture on its own social media accounts or website); [UX flows 2-3-4.1-4.2 if Q&A]

-Transfer your picture and your email address to our client so you can receive special offers and promotions from our client; [UX flow 4.1]

-Transfer your picture to our client so it may use it for corporate internal or external communications (e.g. post your picture on its own social media accounts or website); [UX flow 4.2]

-Transfer your picture and your email address to our client and provide our client with socio-demographic insights for our client to tailor its marketing activities. [UX flow 5]

Who are we and what are we committed to?

We are sharingbox, a Belgian company located in Brussels. We take your privacy seriously and are committed to comply with data protection laws, and especially the General Data Protection Regulation (GDPR).

sharingbox SA/NV is a company existing and operating under Belgian law, with statutory seat located at Rue Saint-Denis 112 – 1190 Forest and registered at the Crossroads Bank for Enterprises under company number 817.422.859.

We use our best efforts to bring the data processing activities of sharingbox into compliance with applicable data protection legislation, including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR) and the Belgian Data Protection Act of 8 December 1992, each as applicable, and as amended, restated or replaced from time to time.

Are we allowed to use your data?

We must collect your email address to send the picture back to you. [All UX flows]

Our partnership with our client allows us to offer you the picture for free. So we have a legitimate interest to collect your personal data and disclose them to our client. [UX flows 2-3-4.1-4.2]

We have thoroughly analysed the potential risks related to the application of pattern recognition technology to your picture and have implemented adequate measures to ensure that those risks are reduced to a minimum acceptable. [UX flow 5]

We will always ask your prior consent if our client wants to use your personal data to offer your special offers or promotions or wants to publish your picture online. [UX flows 4.1-4.2]

The provision of your personal data is necessary for the legitimate interests pursued by sharingbox provided that these interests prevail over your fundamental rights and freedoms.

We will ask for your free, prior and informed consent if our clients want to use your personal data for direct marketing purposes or want to publish your picture online (on their social media accounts or in their websites) or use it for internal or external corporate communications. By giving your consent to our client, you irrevocably waive any claim for (economic) compensation for the use by our client of your picture.

We do not subject you to decisions based exclusively on automated processing that produces legal effects concerning your or similarly significantly affect you.

The provision of your picture and your email condition is a necessary condition for the provision of our service.

If we cannot process your picture or your email address, you may not use our service.

We do not collect personal data about you from third parties.

Who has access to my data?

The event organizer has access to your picture and your email address. If the pictures are published on a private photo gallery, the event organizer can decide to provide access to other persons. Our IT team and customer support team may also have access to your personal data only if they need to. [UX flow 1]

Our client has access to your picture, email address and the answers your gave to the questions that were asked by our client. Our IT team and customer support team may also have access to your personal data only if they need to. Only the sales representatives managing the campaign for our client will have access to your personal data. [UX flows 2-3-4.1-4.2]

Our client has access to your picture, email address and the aggregated socio-demographic data extracted from your picture. Our IT team and customer support team may also have access to you your picture and email only if they need to. Only the sales representatives managing the campaign for our client will have access to your personal data. [UX flow 5]

As the case may be, the following recipients may access your personal:

-The IT team;

-The customer support team;

-The sales team;

-The directors of the Company;

-Third party service providers related to the maintenance of the computer systems processing your personal data (these providers only have access to the personal data necessary to carry out their missions);

-The courts and tribunals of the judicial order in the event of a dispute involving you;

-The law enforcement authorities in the event of a finding or suspicion of the occurrence of an offence involving you in accordance with or as required by applicable law;

-In the event of a merger or acquisition (including reorganisation), we may transfer your personal data to a third party involved in the transaction (for example, a buyer) in accordance with applicable data protection law.

We take appropriate measures to ensure that our data processors (including our third-party cloud infrastructure provider) process your personal data in accordance with applicable data protection law.

We also ensure that our processors undertake to, among other things, process your personal data only on our instructions, not hire subprocessors without our consent, take appropriate technical and organisational measures to ensure an adequate level of security of your personal data, ensure that persons authorised to access your personal data are subject to obligations of confidentiality, return and/or destroy your personal data at the end of their services, comply with audits and assist us in following up on your requests regarding the exercise of your data protection rights.

What are my rights?

You have the right to be informed about how we use your personal data and how to exercise your rights. If the information we provide is unclear, let us know at gdpr@sharingbox.com.

You have the right to access your personal data we hold about you.

You have the right to request the deletion of your personal data where there is no compelling reason for us to keep using it. Please note that this is not an absolute right to erasure and exceptions apply.

You may exercise any of your rights by sending a request at gdpr@sharingbox.com.

Subject to applicable data protection laws, you have the rights to access, rectify and erase your personal data, the rights to object to or limit the processing of your personal data and the right to data portability, meaning that:

-You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights;

-You have the right to obtain access to your personal data. This is so you are aware and can check that we are using your personal data in accordance with applicable data protection laws;

-You are entitled to have your personal data rectified if they are inaccurate or incomplete;

-You have ‘the right to be forgotten’ and, in simple terms, this enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not an absolute right to erasure and exceptions apply;

-You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further;

-You have rights to obtain and reuse your personal data for your own purposes across different services;

-You have the right to object to certain types of processing under certain conditions;

-You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection authority;

-If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).

Please forward any request regarding your rights as data subject to us by email at gdpr@sharingbox.com. We will try to comply with your request as soon as reasonably practicable and always under the timeframes set forth by applicable data protection law. Please note that we may need to retain certain of your personal data for certain purposes as required or authorized by law. We may also ask you for of proof of identity if we have a doubt about your identity.

How can I stop receiving marketing email? [UX flow 4.1]

If you would like to stop receiving marketing email from our client, you can opt-out at any time by unsubscribing from the mailing list of our client or by sending an email to our client explaining that you do not want to receive marketing email anymore.

Our client must provide you with the possibility to stop receiving marketing email anytime (for example, through an “unsubscribe me” link at the bottom of the marketing email).

You have the right to object at any time to the processing of your personal data for direct marketing purposes.

Our clients must provide you with an easy means to object from receiving marketing communications e.g. through a link to unsubscribe from their mailing list or by allowing you to send an email to them.

If you cannot exercise your right to object or keep receiving marketing communications from our clients after you have exercised your right to object, you may contact us at gdpr@sharingbox.com.

You always have the right to lodge a complaint at the competent data protection authority. The competent data protection authority for Belgium can be contacted at:

Belgian Data Protection Authority / Autorité de protection des données / Gegevensbeschermingsautoriteit
Rue de la Presse, 35, 1000 Bruxelles / Drukpersstraat 35, 1000 Brussel
+32 (0)2 274 48 00
commission@privacycommission.be

Where are my data stored?

We process your personal data from our facilities in Belgium.

We do not transfer your personal data outside of Europe, except as part of our hosting contract with Amazon Web Services (AWS), the leading cloud infrastructure provider. AWS is based in the United States and complies with European data protection law for the storage of your personal data on our behalf.

We transfer your personal data to Amazon Web Services (AWS), the leading cloud infrastructure provider. AWS is a company registered in the United States. It stores your personal data on our behalf. AWS is registered under the EU-US Privacy Shield data protection scheme. Hence, the transfer of your personal data to the United States complies with the conditions imposed by the EU-US Privacy Shield under Article 45 of the GDPR.

Except for the transfer of personal data to AWS, we do not transfer your personal data to countries located outside of the European Economic Area.

For further information about transfers of personal data outside of the European Economic Area and the EU-US Privacy Shield, please visit the website of the European Commission (https://ec.europa.eu/commission/index_en).

How long do we retain your personal data?

We retain your personal data as long as necessary to achieve the purposes for which we process your personal data.

For example

We use the following criteria to determine the retention periods of personal data according to the context and purposes of each processing operation:

-The time elapsed since you took your picture;

-The sensitivity of personal data;

-Security reasons (for example, the security of our information security systems);

-Any current or potential dispute or litigation;

-Any legal or regulatory obligation to retain or delete personal data.

Is my data secure?

We implement technical and organizational measures to ensure an adequate level of security of your personal data.

For example, we take appropriate measures to ensure that we report security incidents leading to the accidental or unlawful destruction, loss, alteration, unauthorised. disclosure of, or access to, personal data.

I have a question or a problem. Who can I contact?

If you have any questions or complaints about the way we process your personal data, please send them our way by email at gdpr@sharingbox.com or by post at Rue Saint-Denis 112 – 1190 Forest (Belgium).

You always have the right to lodge a complaint at the competent supervisory authority.

The competent supervisory authority for Belgium can be contacted at:

Belgian Data Protection Authority / Autorité de protection des données / Gegevensbeschermingsautoriteit
Rue de la Presse, 35, 1000 Bruxelles / Drukpersstraat 35, 1000 Brussel
+32 (0)2 274 48 00
commission@privacycommission.be

What else should I know?

We may modify the way in which we collect and use your personal data. If we would do so, we would inform you of the changes.

We reserve the right to modify our privacy policy at any time, so please review it frequently at regular intervals. We will inform you of the changes we bring to our privacy policy so that you are at any time aware of the way we process your personal data.

In the event of a conflict or inconsistency between a provision of this privacy policy and a provision of another policy or other document of sharingbox relating to the processing of personal data, the provision of this policy shall prevail.