Privacy & Cookies Notice

1 General

This notice explains how, as a data controller, CodaBox NV/SA (“we”, “us”, “our”, “CodaBox”) with offices at Diestsepoort 1, 3000 Leuven, Belgium (phone: +32 2 880 84 80), processes personal data we collect from you through the codabox.com and zoomit.be websites and CodaBox services.

CodaBox is part of Wolters Kluwer Belgium SA (hereinafter “Wolters Kluwer”), with offices at Motstraat 30, 2800 Mechelen, Belgium (tel: +32 15 36 10 00).

2 Updates to this Privacy Notice

We reserve the right to modify this notice at any time, but will in any case do so in accordance with applicable laws and regulations. We will inform you, when possible, of any substantial changes to this notice.

This notice was last modified and revised on Nov. 2024.

3 Information We Collect

3.1 Customer Relationship

When you or your company becomes a customer of Wolters Kluwer, we collect the following types of personal data about you:

  1. Identification data: your name, email address, language preference and phone number, we will also assign you or your company a customer number;
  2. The products you or your company uses and invoicing information.

When you contact us through our website or via email, we collect the following types of personal data about you:

  1. Identification data: your name, phone number and email address;
  2. Information about your work: the name of the company you work for;
  3. The messages you are sending us.

When you give us a bank and teletransmission mandate as basis of the CodaBox services, we collect the following types of personal data about you:

  1. Identification data: your name, phone number, email address and language preference;
  2. Information about your work: your job title, employer and work address;

3.2 Services Use

When you interact with the Zoomit services, we maintain activity logs; for this we collect your name, email address, IBAN, bank user ID and language preference.

3.3 Customer Support

When we initiate a screen sharing session with you, to support you in the use of our products, we collect the following types of personal data about you:

  1. Identification data: your name and email address;
  2. Any information shared during the screen sharing session (audio and video).

3.4 Marketing

When you register for and/or attend an event we organise, we collect the following types of personal data about you:

  1. Identification data: your name and title, email address and phone number;
  2. Information relating to your company: your company name;
  3. Any other information relating to the event.

We also collect personal data about you from other events organisers to which you have provided consent to share those personal data with us.

When you register for and/or attend a webinar we organise, we collect the following types of personal data about you:

  1. Identification data: your name, email address, phone number and IP address;
  2. Data relating to your company: its name and VAT number;
  3. Data relating to security: security logs, connection and activity logs, and the user agent of your web browser;
  4. The questions you may send during the webinar.

When you participate in one of our surveys, we collect the following types of personal data about you:

  1. Identification data: your name and email address;
  2. The responses you provided to the survey.

When you register to our newsletter, we collect the following types of personal data about you:

  1. Identification data: your name, professional email and language preference;
  2. Work information: your company name and address;

Your device and usage information are also collected when you read the newsletters.

3.5 Website browsing

While you browse our website, we collect the following types of personal data about you:

  1. Identification data: your IP address;
  2. Data relating to security: security logs, connection and activity logs, and the user agent of your web browser;
  3. When you allow us, we also collect data relating to your use of the website such as the pages you consulted or if you already visited our website in the past.

4 Processing purposes

Your personal data is processed for the following purposes:

  1. Where it is necessary for the performance of a contract between you and us or in order to take steps, at your request, to enter into a contract:
    1. To allow you and/or your company users to register and use our services.
    2. To obtain and maintain mandate access to banks’ data for your company.
    3. To obtain and maintain mandates for sending your data to your accounting company.
    4. To send you important communications relating to your use of the services.
    5. To provide you with the information you have requested and answer your questions when you contact us.
    6. To provide you with support when you face issues in your use our services.
    7. To manage the relationship between you, our customer, and us, Wolters Kluwer.
    8. To invoice your company or relying parties for the use of our services.
    9. To ensure the security of our services, including your data.
    10. To allow you to register to and attend our webinars or our events.
  2. Where you have given your consent:
    1. To contact you, as per your request, and provide you with more information about our services.
    2. To contact you, as per your request, and book an appointment with you.
    3. To allow us to send you promotional offers and information on our Wolters Kluwer products, in line with your choices.
    4. To send you surveys, allowing us to receive feedback allowing us to improve our products.
    5. To collect your feedback on our products and services.
    6. To initiate screen sharing session when you request it to obtain support.
    7. To place cookies on your browser and perform advanced statistics based on the information Those cookies provide us.
  3. Where necessary for our legitimate interests, as listed below, and where not overridden by your interests or fundamental rights and freedoms:
    1. To ensure the security of our Wolters Kluwer applications, services, processes, websites and databases.
    2. To allow for business correspondence and business meetings to take place.
    3. To allow review of past calls for training of agents and for quality control.
    4. To retain traces of actions taken during screen sharing sessions.
    5. To send existing customers information on the evolution of Wolters Kluwer products; you may request these communications to stop at any time via an unsubscribe link present at the bottom of every communication.
    6. To improve our services and develop new commercial offers by identifying e.g. trends, recurrent issues, customer behaviours, through your use of our services;
    7. To advertise our services towards existing customers.
    8. To get non-nominative information on the visitors that consult Wolters Kluwer websites.
    9. To create a database of trusted combinations of IBAN numbers and account owners that will be used for fraud prevention purposes.
      For these purposes, we have conducted a balancing test, as the law requires, and have determined that, taking into account the limited personal data collected, the processing performed and your reasonable expectations, our legitimate interest in conducting these processing activities is not overridden by your interests or fundamental rights and freedoms.
  4. Where it is necessary for us to comply with our legal obligations, such as reporting crime or crime intent, or tax reporting.

5 Disclosure and Transfer of personal data

In order to deliver our services to you and for the above purposes, we need to share your personal data with:

  1. Wolters Kluwer personnel with access on a “need to know” basis and to contractors who have signed a confidentiality agreement with us.
  2. Your accountant.
  3. Third party processors, located in Belgium, who support us in the processing of your personal data only on our instructions and who are subject to appropriate confidentiality obligations:
    1. Wolters Kluwer NV/SA, who maintain our customer relationship and webinar tooling, organise events, and maintain our website.
    2. SurveyAnyplace, who provides us with a survey solution.
    3. Groep Arthur, who helps us with the organisation of events.
    4. Twikey, who provides us with a solution to digitally sign mandates.
  4. Third party processors, located in the European Economic Area, who support us in the processing of your personal data only on our instructions and who are subject to appropriate confidentiality obligations:
    1. Microsoft, who provides and maintains our customer relationship and screen sharing solutions.
    2. Google Analytics, who provides us with simple statistics on the number of unique visitors on our website.
    3. Amazon Web Services (AWS), who is responsible for hosting our website and applications.
    4. Twilio Ireland limited, who is responsible for sending out two-factors authentication SMSs.
  5. Third party processors located in the United States of America, who support us in the processing of your personal data only on our instructions and who are subject to appropriate confidentiality obligations:
    1. Zoom, who provides us with a webinar solution.
    2. MailChimp, who allows us to send bulk mailings for newsletters and marketing campaigns.
    3. Mailgun, who allows us to send, receive and archive emails in a secure way.
    4. FreshDesk, who provides us with a ticketing system to handle your and other customer’s requests.
  6. Independent controller, such as accounting software, that will connect to our API and for which you have provided your consent for us to share your personal data.
  7. YouTube, an independent controller, located in Ireland, who provides services to display videos on our website.
  8. Government institutions or regulatory bodies in compliance with our reporting obligations.

6 Data Security and Retention

Your personal data is and will be kept strictly confidential.

We take all reasonable steps to protect your personal data. This includes setting up processes and procedures to minimise the unauthorised access to, or disclosure of your personal data. We ensure that the third parties we share your personal data with also have adequate security measures in place.

We will store your personal data for as long as it is necessary to achieve the purposes defined in section 4 (Processing Purposes), with maximum retention periods as defined below:

  1. Basic customer data and billing information will be kept for 10 years after the end of our contractual relationship.
  2. Data collected when you purchase services from us will be kept for 10 years after the end of our contractual relationship, as required by Belgian law.
  3. Data relating to mandates will be kept for 10 years after the end of our contractual relationship.
  4. Data relating to Zoomit email notifications and activity will be kept for 6 months.
  5. Data collected when you contact us for questions or support will be kept for 10 years.
  6. Calls and screen sharing recording will be kept for 1 month.
  7. Data collected for statistics purposes will be kept for 14 months.
  8. Data collected to allow you to register and attend our webinars will be kept for 12 months.
  9. Data collected to allow you to register and attend our events will be kept for 1 month after the events take place.
  10. Data collected through surveys will be kept for 12 months.
  11. Technical and security logs will be kept for a maximum of 6 months.
  12. Data backups, created for security reasons, are kept for 4 weeks;
  13. Data collected for marketing purposes will be kept for as long as we have your consent.
  14. Information related to reliable IBAN numbers will be retained until we are notified that the account linked to that IBAN has been closed.

7 Children

Users of CodaBox services must be at least 18 years old.

8 Automated decision-making and profiling

No automated decisions will be taken about you as part of the processing described in this notice.

A profile of your behaviour when you use our website will be created by Wolters Kluwer if you accept our advertising and tracking cookies to be placed on your computer.

9 your rights

You have the right to ask us for a copy of your personal data, to ask us to correct, delete or restrict (stop any active) processing of your personal data and to obtain the personal data you provided us in a structured, machine-readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular when we do not have to process your personal data to meet a contractual or other legal requirement).

Where we have asked for your consent, you may withdraw this consent at any time; however, this will not affect processing that has already taken place before the withdrawal. You may withdraw your consent, linked to our use of cookies, by deleting the cookies linked to our domain.

You may exercise the above-mentioned rights by contacting us as described in the “Contact us” section below.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information that we are required to keep by law or that we have a compelling legitimate interest to keep.

If you have unresolved concerns, you have the right to complain to the Data Protection Authority: https://www.dataprotectionauthority.be/.

10 Contact us

If you have any questions about this Privacy Notice or wish to contact us for any reasons in relation to the processing of your personal data, please contact our Data Protection Officer, by sending an email to wkbe-gdrp@wolterskluwer.com, or by sending a dated and signed request to Wolters Kluwer Belgium NV, Motstraat 30, 2800 Mechelen, Belgium (tel: +32 15 36 10 00).