Privacy policy apps

 

  1. Definitions
    • In this privacy policy (the “Privacy Policy“) the following terms are used with the following meaning, unless expressly stated otherwise:
      • Account: Your personal access based on Login Details that you must create to access the Platform and the Service.
      • Terms and Conditions: The Terms and Conditions, version November 2023 as available on our website www.doccle.be.
      • GDPR: Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
      • Content: All information and data (such as documents, photos, profile data and administrative data) that are placed on the Platform, that you receive, consult, share via the Platform, that are made available to you or that you upload yourself.
      • Community: our Customer Support, the service offered by Doccle to assist, advise and guide you in using Doccle. This service can be reached through:
      • Data points: Personal data or other personal data of yourself or of third parties (in accordance with Article 8.3 of these Terms and Conditions) such as your national register number, your telephone number, e-mail address, bank account number, customer number, as entered and validated by you in your Account and of which it is indicated that on the basis of this a Connection Proposal can be established.
      • Service: The current and future services offered to you by Doccle on the Platform as explained in Article 6 of these Terms and Conditions.
      • Doccle: The organisation whose main activity consists of offering a digital Platform (see Article 1.16) on which Services (see Article 1.7) are available. Doccle includes the following entities:
        • Doccle BE: The private company Doccle with its registered office at Buro & Design Center, Esplanade box 65, 1020 Brussels, Belgium and registered with the Crossroads Bank for Enterprises under number 0846.382.408 (RPR Brussels, Dutch-speaking department).
        • Doccle NL: The private company Doccle with its registered office at Bergen op Zoom, the Netherlands and registered under number 90900774.
      • Doccle Code: The unique code that the Partner provides to you on the basis of which a Connection can be established.
      • End User: The natural person, sole proprietorship or legal entity who creates an Account with a view to accessing the Platform and using the Service.
      • Titleholder: The natural person, legal person, government, authority or public institution that is entitled to use or distribute a document and/or data.
      • Login details: Your username, password and, if applicable, your E-id or itsme® data with which you can access the Platform.
      • Agreement: The contractual relationship that is established between you and Doccle when you accept these Terms and Conditions and create an Account.
      • Partner: Public and private company with which Doccle collaborates and with which you can establish a Connection via your Account so that Content of this company that is intended for you can be shared with you via the Platform.
      • Personal data: Personal data as defined in art. 4, 1) of the GDPR, in particular all information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
      • Platform: The digital environment offered to you by Doccle on which you can use the Service, which is accessible via the secure website or the mobile application (Android and IOS App), developed and managed by Doccle.
      • SEPA Mandate: A mandate, being a document made available by a Partner on the Platform that you can complete and sign, by which you authorize this Partner to deduct a certain monthly payment from your account every month. to hold. After you have granted a SEPA Mandate, your bank will activate a direct debit.
      • Connection: A link between you and a Partner based on the Doccle Code or after accepting a Connection Proposal, after which the relevant Partner can share Content with you via the Platform and after which you can receive Content via the Platform.
      • Connection Proposal: A proposal to make a Connection with a Partner that is made to you by Doccle on the basis of the Data Points entered by you in your Account, of which a Connection is established after acceptance.

All definitions included in this article can be used in either the singular or the plural.

 

  1. Subject and scope of this Privacy Policy

2.1       By accepting the Terms and Conditions and creating an Account, an Agreement of indefinite duration is concluded between you and Doccle. This Privacy Policy has been drawn up in implementation of Article 16 of the Terms and Conditions and applies to all processing of Personal Data that is necessary for the performance of the Agreement between you and Doccle and for access to or use of the Platform or the Service available on or is offered via the Platform.

Since we attach great importance to the protection of your Personal Data, we provide you with more information in this privacy policy about how Doccle handles your Personal Data.

2.2      Prior to creating an Account, you declare that you have taken note of the Privacy Policy, that you have read it and that you understand it. You can download the text of this Privacy Policy at any time via our website www.doccle.be or www.doccle.nl.

In all these cases, the Privacy Policy is made available to you in a version that you can download, view, save and print.

The provisions of the Privacy Policy do not apply to:

  • partners data policy;
  • the data policies of any other companies and organizations that advertise through the Platform;
  • the data policy of the external parties with which Doccle collaborates.

 

  1. Who is responsible for the processing?

 3.1       As soon as you create an Account in accordance with the Terms and Conditions, Doccle BV (Belgium) and Doccle NL will act as Joint Controllers with regard to the processing of your Personal Data on the Platform.

3.2       Doccle will process this Personal Data in accordance with the applicable legislation, in particular the GDPR and this Privacy Policy.

 

For all questions about your Personal Data and this Privacy Policy, you can contact Doccle by sending an e-mail to privacy@doccle.be or privacy@doccle.nl.

  1. Which Personal Data do we process?

 4.1       Doccle processes the following categories of Personal Data:

  • Identification data, login data, first and last name, date of birth, address, telephone number, company number, e-mail address, national register number (Doccle BE), Citizen Service Number (BSN) (Doccle NL), and bank account number.
  • Doccle Codes: customer number, contract number, patient number or another unique identifier provided by the Partner.
  • Contact details, when you contact us about our Service (by e-mail, via the contact form or chat function on our website): first name, surname, e-mail address, IP address, and any other Personal Data that you provide during the help session.
  • Payment details, when you make payments via your Account or via SEPA Mandate: bank account number, debit card number, credit card number, SEPA details (partner, bank account number, start date and/or the signed form) and the payment status.
  • Document data, when you upload documents yourself on Doccle via your Account (without Doccle having access to this yourself): the size of the file, name of the file, the file format, time of upload.
  • Information about your use when using the Platform: the way in which you use Doccle, the pages you visit on the website and the activity in your Account.
  • Browser and session data, when using the website via cookies: device data, log file data, IP address, capacity, browser type, operating system, language preference, the external website that referred you. This is described in detail in our Cookie Policy, which can be downloaded from our website.

4.2          It is possible that Doccle processes special categories of personal data such as your race, ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health or life data or sexual orientation, genetic data or biometric data in the following cases:

  • A Doccle Partner has shared a document with you via the Doccle Platform that contains personal data that fall within these special categories (e.g., a hospital shares a report with you via Doccle).
  • You have uploaded a document yourself that contains one or more of these special categories of personal data.

When you upload a document to Doccle that contains such special categories, you are aware that, even if Doccle cannot view or view the document, Doccle processes special categories of personal data.

 

  1. For what purposes and on what legal basis do we process your Personal Data?

Doccle only collects and processes your Personal Data on the basis of a legitimate legal basis and for specific purposes as described in this Privacy Policy. Doccle processes your Personal Data in the situations permitted by law.

Based on your permission, Doccle can process certain Personal Data for:

  • Analysing the behaviour of website users (including End Users) via cookies.
  • Storing Content on the Platform.
  • Link your Account with the eBox of the Belgian Government (Doccle Be).Share Personal Documents or Connections with other End Users and/or a third party designated by you, such as your accountant.

Based on a legal obligation, Doccle must process your Personal Data in specific circumstances and for certain purposes in the context of its activities. This includes, among other things:

  • The obligation to respond to legal process or enforceable requests from government authorities;
  • The obligation to contribute to the prevention of money laundering and terrorist financing;
  • The obligation to respond to a formal request from Belgian tax and judicial authorities;
  • To comply with administrative and accounting obligations.

Based on the performance of an agreement or prior to the conclusion of the agreement with Doccle:

  • To allow you to create an Account;
  • To provide our services;
  • To contact you by email when a new document is available on the Platform;
  • To ensure the security of our Services;
  • To manage the relationship between you and our Partners;
  • To make Connections;
  • To apply a more secure login and/or security method (such as E-id or itsme®) for authentication and identification purposes;
  • To provide you with support when you encounter problems or have questions using our Services.

On the basis of our legitimate interests, your Personal Data will be processed, among other things, for:

  • The technical and functional management of our website (see our cookie policy).
  • Answering your questions or requests for information.
  • The adjustment, maintenance and improvement of the quality of the Service provided to you.
  • The development of new products and features that are useful to our End Users.
  • The establishment, exercise, defence and retention of the rights of Doccle or all persons it represents, for example for collection procedures or disputes.
  • The fulfilment of contractual obligations to our Partners and Trusted Third Parties;
  • The investigation of possible violations of the Terms and Conditions;
  • The promotion of our Service and/or offers via email;
  • The formulation of Connection Proposals based on Data Points. These Connection Proposals are based on Data Points provided by our Partners and may differ per Partner. You can select the Data points within the available Data points on the Platform on the basis of which Doccle can make certain Connection Proposals to you. In that case, you will be asked to fill in and/or validate the necessary Personal Data.

We process, based on our legitimate interest, the Personal Data of existing End Users for direct marketing purposes of similar services and products via e-mails for the promotion of our Service.

If you no longer wish to receive direct marketing, you can express your objection at any time by contacting our Community, or if necessary, using the unsubscribe link at the bottom of our marketing e-mails.

The objection to direct marketing will not have a negative impact on our services to you or on your access to our website.

  1. With whom does Doccle share your Personal Data?

 Processors.

Your Personal Data will never be passed on to third parties within or outside the EEA, unless this is required or permitted by law.

However, Doccle does use certain trusted third parties and their services to help us provide, improve, protect and promote our Services. These trusted third parties will then have access to some of your Personal Data.

For example, Doccle uses the following categories of third parties:

  • IT services;
  • Software suppliers;
  • Advertising and communication services;
  • Event management;
  • Accounting, tax or legal advisers;
  • Customer management;
  • Payment services.

Doccle will always conclude a processing agreement with these third parties. They hereby guarantee, among other things, to take the necessary technical and organizational measures to protect your Personal Data and to process it only in accordance with this privacy policy.

 Other End Users and Third Parties

 Doccle offers the option of making your personal documents automatically available to one or more other End Users by sharing a Connection or specific documents (for example, to another End User, such as your partner or your accountant).

Doccle will only ever share a Connection or personal documents with other users based on your permission.

 

  1. How long is your Personal Data retained?

 Doccle will not store your Personal Data longer than necessary for the realization of the processing purposes, unless we are legally or judicially obliged to keep it for a longer period. The retention period depends on the nature of Personal Data, the processing ground and how you configure certain settings in your Account.

Personal data collected for purposes related to the Doccle Service will be kept at least until our service has ended. After implementation, we may be obliged to keep your Personal Data for longer if this is required to comply with the laws and regulations applicable to the service. This includes, for example, legitimate business or legal purposes, such as security, fraud and abuse prevention or financial administration.

Some Personal Data, such as your Identification Data or the Content you create or upload (such as documents), can be modified or deleted at any time. We keep this information in your Account until you delete it or choose to have it deleted.

Personal data collected for sending newsletters will be kept as long as you remain registered for these newsletters.

If the retention period has expired, the Personal Data will be deleted and destroyed within a reasonable period of time.

  1. Security and safety of your Personal Data

 Technical and organizational measures

 Doccle applies strict standards to protect the Personal Data under its responsibility against unauthorized or unlawful processing or access and against accidental loss, destruction or damage. Doccle therefore takes technical and organizational measures to prevent and detect inappropriate access, loss or disclosure of your Personal Data:

  • The content of the documents is never visible to Doccle employees or their Partners.
  • All our communication is highly secured.
  • All accesses to data have 2-layer security.
  • All administrative actions by employees at Doccle and the companies and organizations that share documents via Doccle are provided with two-step authentication.
  • We regularly review our data collection, storage and processing practices, including physical security measures such as protection against unauthorized access to systems.
  • We regularly review our methods to avoid data loss.
  • Doccle employees who have access to your Personal Data are subject to strict contractual confidentiality obligations.

Doccle is subjected to a strict ISO 27001 and ISO 9001 audit every year, which checks the above and other measures.

  • In the event that your Personal Data for which Doccle is responsible is compromised, we will immediately act in accordance with the applicable regulations and take action via adequate remedial measures. If necessary, Doccle will inform you of this incident.

 

Phishing

 Increasingly, internet criminals try to trick people directly into handing over personal information.

We will never request personal information by e-mail or ask by telephone to disclose your login details. We only use e-mail to provide you with information about documents on Doccle, or to inform you about novelties.

 

  1. What are your rights when processing your Personal Data?

 You can always contact us to exercise the following rights:

  • Access to and inspection of your Personal Data and all information regarding their processing.
  • Deletion of your Personal Data.
  • Restriction of the processing of your Personal Data.
  • Object to all or certain purposes in order for us to stop processing for this purpose.
  • Withdrawal of your consent, however this does not affect the lawfulness of processing based on your consent before its withdrawal.
  • Transfer of your Personal Data.

 

Doccle will always facilitate the exercise of your rights, taking into account the legal possibilities in this regard.

You will be informed within one month at the latest of what action will be taken on your request. In the case of complex or frequent requests, this period may be extended by a further two months, of which you will be notified.

You can exercise your rights by sending a copy of the front of a valid proof of identity by e-mail to privacy@doccle.be or privacy@doccle.nl.

It is always possible to submit a complaint to your national data protection authority.

Doccle BE: GBA by post at Drukpersstraat 35, 1000 Brussels, by e-mail at contact@apd-gba.be or via the website www.dataprotectionauthority.be.

Doccle NL: submit a complaint to the Dutch Personal Data Authority by post at PO Box 93374, 2509 AJ The Hague or via their website: https://autoriteitpersoonsgegevens.nl/.

  1. Adjustments to this privacy policy

Doccle reserves the right to unilaterally change this Privacy Policy at any time in accordance with applicable laws and regulations. In the event of an intended change to the Privacy Policy, you will be informed about this by e-mail, which will also explain which important changes will be made.

This policy was last amended and revised on November 15th, 2023.

  1. Change register 
  • 04/2023: new Privacy Policy
  • 11/2023: addition of Doccle NL