Privacy Policy

This Privacy Policy was written in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”).

This Policy applies to Tradeshift Belgium SA or any of its Tradeshift Belgium subsidiaries wherever located (collectively referred to as “Tradeshift Belgium”) when Tradeshift Belgium processes Personal Data as a Controller as defined in the GDPR.

This Policy relates to Personal Data of all Data Subjects, including non-EU citizens.

Tradeshift Belgium shall pay particular attention to the protection of the privacy of the Data Subjects and therefore undertakes to take all reasonable precautions required to protect Personal Data collected against the loss, theft, disclosure or breach of privacy or any unauthorized use.

Tradeshift Belgium collects and processes Personal Data from Data Subjects for the following purposes:

• Registration and subsequent authorized access to the Babelway service;
• Billing and payment management;
• Providing user and customer support;
• Data backup to meet service availability guarantees;
• User experience analysis and improvement;
• Auditing data access;
• Convert prospective users;

Tradeshift Belgium may also collect and process Personal Data that are not yet foreseen in this Policy. In such a case, Tradeshift Belgium will inform Data Subjects that their Personal Data is processed for another purpose.

This Policy relates to Personal Data collected from Data Subjects via any means, including cookies, online registration, email and offline communication methods.

Personal Data collected by Tradeshift Belgium is defined as personally identifiable data such as:

• Electronical identification data (IP addresses, cookies, …) ;
• Personal identification data (name, email address, …) ;
• Personal identification data issued by public services (identity card number, national register number, …) ;
• Professional data (company name, head office, VAT number, professional telephone number, professional email address,…);
• Data related to logs and users web sessions;
• Any other data that Data Subjects voluntarily communicate to Babelway, for example during information inquiries and / or registrations on the platform.

Tradeshift Belgium shall keep Personal Data only for the reasonable and necessary time with regard to the purposes and in accordance with the legal and regulatory requirements. Tradeshift Belgium retains Personal Data for a maximum of three years after termination of the relationship that required the collection of Personal Data. At the end of the retention period, Tradeshift Belgium makes every effort to ensure Personal Data has been made unavailable and inaccessible.

Tradeshift Belgium always uses the encryption technologies that are recognized as industry standards within the IT sector to secure Personal Data.

Right of access, rectification and copy

Data Subjects may obtain a free copy (including in an electronic format) of their Personal Data and, if necessary, ask Tradeshift Belgium to rectify, complete or delete data that are inaccurate, incomplete or irrelevant.

Tradeshift Belgium may require the payment of reasonable fees based on administrative costs for any additional copies requested by the Data Subjects. When submitting this application electronically, the information shall be provided in an electronic form in common use, unless the Data Subject requests otherwise. The copy of the data will be communicated to the Data Subject at the latest within one month after receipt of the request.

Right to restriction of processing

The Data Subject has the right to restrict the processing in case :

• The accuracy of Personal Data is contested by the Data Subject until Tradeshift Belgium has verified this accuracy ;
• The processing is unlawful and the Data Subject refuses the erasure of his/her Personal Data and requests the restriction of their use instead ;
• And the other unlikely cases foreseen in the GDPR.

Tradeshift Belgium shall inform the Data Subject when the restriction ended.

Right to data portability

Data Subjects may ask Tradeshift Belgium to directly transmit their own Personal Data to another Controller in a structured and commonly used format.

Right to be forgotten

Data Subjects have the right to obtain the erasure, at no cost, of their Personal Data without undue delay in the following case:
• Personal Data are no longer necessary in relation to the purposes for which they were collected;
• Personal Data have been unlawfully processed;
• The Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
• Personal Data have to be erased for compliance with a legal obligation.

Disclosure to third parties

When required by the purpose, Tradeshift Belgium may transfer Data Subjects’ Personal Data to third parties, including in countries outside the EU. In such case, this transfer is performed under Tradeshift Belgium’s control and responsibility and to the extent it is necessary for the performance of their duties.

When required by law, a court order or an order from a public authority, Tradeshift Belgium may be obliged to disclose Personal Data.

Use of Rights

If Data Subjects wish to exercise any of the rights described above, they must send their written request to Tradeshift Belgium with proof of identity (ID card copy) to the Tradeshift Belgium contact address below. Data Subjects will receive an answer as soon as possible, and no later than one month.

If the application has been rejected, Tradeshift Belgium shall explain the rejection decision.

If the request is refused, Civil Courts shall be competent regarding any request relating to the right to obtain communication, rectification, deletion or limitation of Personal Data.

Security

In addition to the security information provided in the contract concerning all the data received or collected, Tradeshift Belgium shall implement the appropriate technical and organizational measures to ensure an appropriate level of security in regard to Babelway’s risk.

Those security measures were implemented taking into account the state of knowledge, the costs of implementation and the nature, scope, context and purpose of the processing as well as the risks to the rights and freedoms of the Data Subjects.

Tradeshift Belgium implemented appropriate security measures to protect Personal Data against loss, theft, alteration, disclosure or unauthorized use.

Complaints

Data Subjects who wish to react to one of the practices described in this Policy may always contact Tradeshift Belgium at Tradeshift Belgium contact address below.

Data Subjects may also file a complaint with the Belgian Commission for the Protection of Privacy at the contact address below:

Data Subjects may also file a complaint with the Civil Brussels Court.

For further information on complaints and possible remedies, Data Subjects are invited to consult the information available on the website of the Belgian Commission for the Protection of Privacy: https://www.privacycommission.be/en

Contact details

Babelway:
By email: info@babelway.com
By mail: Chemin du Cyclotron, 6 1348 Louvain-la-Neuve.

Commission for the Protection of Privacy
Rue de la Presse, 35
1000 Brussels

Phone : + 32 2 274 48 00
Fax :+ 32 2 274 48 35
commission@privacycommission.be

Modifications

Tradeshift Belgium may change, modify, adapt provisions of this Policy at any time. The changes shall be applicable at the publication time. Therefore, Tradeshift Belgium advises Users and Data Subjects to consult the most recent version of this Policy.

Applicable and Governing law

This Policy is governed by Belgian law.

French-speaking courts of the judicial district of Brussels shall have the exclusive jurisdiction regarding any dispute relating to the interpretation or execution of this Policy.