Version 3 - last updated on 25/05/2020
We are aware that you are placing your trust in PLAY IT BV with its registered office at Nelson Mandelaplein 2, 8500 Kortrijk, registered in the Kortrijk Register of Legal Entities under number 0671.574.550 (hereinafter referred to as “PLAY IT”, “we”, “us”). We therefore regard the protection of your privacy as our responsibility.
Please take the time to read through these documents, since these provisions may be of interest to you. In case you have any questions or would like further information, please contact PLAY IT at firstname.lastname@example.org or +32 56 59 12 88.
According to the legal definition, personal data is any information from which a natural person can be identified or is identifiable ("Personal Data"). In order to be considered Personal Data, it is sufficient if such data allows us to establish a direct or indirect link between one or more data on the one hand, and a natural person on the other.
PLAY IT wishes to emphasise that it endeavours at all times to act in conformity with (i) the Belgian Privacy Act of 8 December 1992 on the protection of privacy in relation to the processing of personal data and/or (ii) the EU Regulation of 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
We would like to emphasise that we endeavour to act at all times in conformity with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR").
PLAY IT acts as the data controller within the meaning of the GDPR and as such we would like to inform you about the processing of your Personal Data.
We would also like to emphasise that we are aware of the difficulties and challenges that companies and employees may face when using the Internet today. We therefore make every effort to create the safest possible Internet environment with a healthy dose of caution in the design of the Portal's content, along with the necessary respect when processing the users' data.
We process your Personal Data on the basis of your consent and the performance of an agreement.
If children under the age of 16 use our Services, express consent must be given by the person charged with parental responsibility for such children.
Our use of collected data
Personal data collected:
Portal + Play it Safe
Date of birth;
Level of education; and
Date of birth; and
School + class.
It is possible to visit the Portal without providing any data or registering at the Portal. However, you will not be able to login in this manner.
In principle, we do not request sensitive information (e.g. data on race, medical data, ethnic origin, religious beliefs, criminal record or sexual orientation). Wherever necessary, we will request express permission to collect and use such Personal Data.
Method of collecting Personal Data:
Via the contact form on the Website;
Via the registration form on the Portal;
Via the online form at Play it Safe;
Via playing behaviour in Play it Safe; and
Use of Personal Data:
Your Personal Data will be used for the following purposes:
Direct marketing: to send you (personalised) marketing, advertising and promotional messages, as well as other information in which you may be interested, and which relates to the Services and events offered by Play it Safe. Personal data collected through the Portal shall not be used for this purpose;
Processing of questions;
Providing our services;
Processing of information requested by you;
Providing information on current developments;
Compilation of user statistics;
Security and improvement of our Services;
Replying to requests;
Improving the content and quality of the Portal and Play it Safe; and
Monitoring user performance with a view to providing insights and statistics to the employer.
We will not send you direct marketing information without your consent or, in cases where your consent is not required, you have stated that you do not wish to receive such information. You may opt out of these notifications at any time by using the link in the periodic marketing communications that we send.
Disclosure of personal data to third parties
Without prejudice to the foregoing, however, we may disclose your Personal Data to the competent authorities (i) in case we are required to do so by law or in connection with ongoing or future legal proceedings and (ii) in order to safeguard and defend our rights, and to your employer or external service for prevention and protection at work.
We will not sell, rent or transfer your Personal Data to third parties unless we have concluded a data processing agreement with the third party, which agreement shall provide the necessary guarantees regarding confidentiality and privacy compliance of your Personal Data.
List of third parties to whom Personal Data are transferred:
Microsoft Corporation: for more information, please read Microsoft's online service terms (OST)https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31. Microsoft provides customers with a contractual obligation relating to GDPR in their online service terms. The aforementioned obligation can be found in Annex 4 of the Microsoft Online Services Terms, at the end of the document.
Storage of Personal Data:
However, in case a ten-year retention period is not required, we undertake to apply a shorter retention period.
If you no longer wish to receive newsletters or information about our Services, training courses and/or events, you may unsubscribe at any time by clicking on the "unsubscribe" button, as provided at the bottom of every email from us.
You also have a number of rights under the GDPR, as listed below. If you wish to exercise these rights, please contact email@example.com or complete the form for exercising your privacy rights and send it to us at firstname.lastname@example.org or by post to the following address: Nelson Mandelaplein 2, 8500 Kortrijk.
In order to exercise your rights of access or transfer, and to prevent any unauthorised disclosure of your Personal Data, you are required to provide us with proof of your identity. Therefore, when exercising your rights of access or transfer, we request you to attach a copy of the front of your identity card to your written request, to be sent by e-mail or by post to the above addresses.
PLAY IT undertakes to respond to any request to exercise the rights set out below within thirty (30) calendar days.
Your right to information
If you have any questions or suggestions concerning the processing of your Personal Data, and you can prove your identity, you have the right to request information from us regarding such processing. We will then provide you with access to the Personal Data we are processing from you, as well as the source of such Personal Data.
Your right to rectify or delete personal data
You have the right to have your Personal Data rectified or deleted, or to correct inaccuracies, in case such Personal Data is incomplete or inaccurate or is being processed in an unlawful manner. You have the right to request the removal of incorrect or irrelevant data.
You have the right to have your Personal Data removed without unreasonable delay, unless it is Personal Data that must be retained under a legal provision. Such deletion is primarily related to visibility, so it is possible that the deleted Personal Data may be retained temporarily. However, we will take all reasonable steps to delete all your Personal Data comprehensively and to the maximum extent possible.
Your right to data portability
You also have the right to receive a copy of the Personal Data you have provided to PLAY IT in a structured, commonly used and machine-readable format by e-mail, so that you may transfer it to another controller or so that we may, at your request and if technically possible, transfer it to another controller. Requesting a copy is free of charge. If you request additional copies of your Personal Data, PLAY IT may charge a reasonable fee to cover administrative costs.
Your right to object and right to restriction of processing
You may at any time object to the processing of your Personal Data or request that the processing of your Personal Data be restricted.
Your right to lodge a complaint
Of course, we would also be happy to help you if you have any complaints about the processing of your Personal Data via email@example.com or +32 56 59 12 88. Under the GDPR, you also have the right to lodge a complaint with the Data Protection Authority against our processing of your Personal Data via:
Data Protection Authority Belgium
Drukpersstraat 35, 1000 Brussels
Telephone: +32 2 274 48 00
Fax: +32 2 274 48 35
Security of Personal Data:
We undertake to take reasonable, physical, technological and organisational precautionary measures to prevent (i) unauthorised access to your Personal Data, as well as (ii) loss, misuse or alteration of your Personal Data.
Such measures include: (i) password protection of the Personal Data, (ii) encryption of the Personal Data, (iii) anti-virus systems, (iv) security of network connections through Transport Layer Security (TLS) technology, and (v) anonymisation of Personal Data.
Cross-border processing of Personal Data:
In case we use processors outside the European Economic Area (EEA) for the provision of our Services, your Personal Data may be transferred, stored and processed outside the EEA. In case your Personal Data is transferred outside the EEA, we shall implement contractual or other measures in accordance with the GDPR, that ensure that it enjoys an adequate level of protection there, comparable to that which it enjoys within the EEA.
Websites of third parties:
Nelson Mandelaplein 2, 8500 Kortrijk
+32 (0)56 59 12 88