Privacy policy

Last update: 09/08/2023

ARTICLE 1 – IDENTITY

This Privacy Policy governs the processing of your personal data by A3D (hereinafter, the "Company", “A3D”, “we”, “our”, “us”), a legal entity, whose address is Chemin du Cyclotron 6, 1348 Ottignies-Louvain-la-Neuve, Belgium, VAT BE 0794.136.228, registered with the Crossroads Bank for Enterprises (CBE) under number 0794.136.228.

The privacy and security of your (hereinafter referred to as “you” or “your”) personal data are very important to us. The purpose of this Privacy Policy is to specify which categories of personal data we collect through our various activities and services. We explain whether or not your personal data will be disclosed to third parties and the restrictions and safeguards to which we subject such transfers. We furthermore aim to provide you with a comprehensive view of the purposes for which we process your personal data and which rights you may exercise in that regard.

ARTICLE 2 – GENERAL INFORMATION

Your personal data may reach us via various means. This may be directly from you via our website: archited.io, its subdomains and directories (collectively referred to as the “Site”), any other means relating to information or communication technology, including our mobile application (“Application”), emails and voice calls, or via any in-person interactions we might engage in. We may additionally receive your personal data, indirectly, such as from third-party sources.

For the purpose of this Privacy Policy, we are to be considered the controller of your personal data. This means that the applicable data protection legislation imposes certain obligations on us. The aforementioned legislation includes, in particular, the Belgian Act of 30 July 2018 on the protection of natural persons in relation to the processing of personal data, the Belgian Act of June 13th, 2005, on the electronic communication, the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016, “GDPR”), including future adaptations and revisions of the previous (hereinafter collectively referred to as the applicable “Data Protection Legislation”).

Should you have any questions regarding this Privacy Policy, or should you feel that your interests are not represented or are inadequately represented, please address your questions to us at : support@archited.io.

ARTICLE 3 – HOW WE COLLECT PERSONAL DATA

There are multiple ways in which your personal data may reach us. This may be directly or indirectly, via in-person interactions or online, via an action by you or via automated means, etc. We identified the following, non-exhaustive list of collection points:

  • When you visit and use our Site, including when you fill in forms on it or via cookies and similar technologies;
  • When you contact us, including, without limitation, by e-mail, telephone, written letter, etc;
  • When your data is provided to us by third parties as part of our services.

We may also collect and receive personal data from publicly available sources, such as public registers for individuals and public registers for companies, in accordance with the purposes set out below.

ARTICLE 4 - PERSONAL DATA WE COLLECT AND PROCESS

In what follows, we will attempt to give you a general overview of the most important categories of personal data we might collect and further process about you. Please note that these categories intend to provide you with an overview as complete as possible, but that we cannot provide you with an exhaustive list due to the nature of our activities. As a general rule, the personal data we process about you will always be linked to the specific purposes identified under article 5 of this Privacy Policy.

Please be aware that the categories of personal data we process about you will depend on the capacity in which you come into contact with us. Our services are neither intended for nor aimed at children. If we become aware of the unintentional processing of personal data relating to children, we will take measures to immediately delete such data.

A. Basic contact and identification data

This category of personal data includes identification data, meaning basic identifying and/or professional information such as your first name, surname, date of birth, your company name, and your function. This category furthermore includes contact data such as your email address and telephone number. Where required for the purposes set out below, it may additionally refer to demographic information such as your address, security questions, etc.

B. Service data

Refers to the personal data, other than your basic contact identification data and financial data that we may process for the execution of our services in relation to you. This data may in particular refer to information relating to the licenses you have on which items/assets, etc.

C. Data on your preferences

We collect data about your personal interests, pages consultation and preferences, etc. This data additionally includes your subscription to our newsletter, downloads, etc.

D. Financial data

Financial data refers to data relating to billing information, credit card information, account numbers, payment history, etc.

E. Usage and technical data

We collect and store full IP addresses, unique device identifiers, your browser type, time zone settings, operating system, and the specifications of the hardware you use to access our Site and social media accounts. We may furthermore collect personal data when you access our Wi-Fi network and other electronic services. Please note that the concerning data may among others be collected by automated means, such as for example cookies. Please refer to our Cookie Policy for more information relating to our processing of personal data via cookies and similar technologies.

ARTICLE 5 - HOW WE USE PERSONAL DATA

In the next part, we set out the specific purposes for which your personal data may be processed. In addition to explaining why and how we might use your personal data we will provide you with the legal bases on which we base ourselves to legitimately make use of the personal data. Please contact us as described under article 12 of this Privacy Policy, should you have any questions in relation to the purposes for which we process your personal data.

A. Interactions with us

We may collect and process personal data about you when exchanging communications, whether or not related to the performance of our services. The personal data concerned refers in particular to all basic contact and identification data. The personal data may be used for responding to your queries, the provision of services, and/or other information you may have requested. Please note that the processing under this section includes interactions both in an online and offline environment. This means that information, such as personal data on a business card you exchanged with us, may also be processed by us. For the collection and processing of your personal data in relation to our interactions, we base ourselves on our legitimate interest to provide you with the best possible interactions, among others in our provision of services, in answering your requests and by providing you with proper response times.

B. Services

We process your basic contact and identification data in the execution of our services for the purpose of managing your profile. For this purpose, we manage the information for letting you log in to our services, managing your account, managing your license, managing your items, managing your statistics, etc.

We process your service data for the purpose of the provision of our services to you. For this purpose, we collect information regarding your items, general statistics are made, and specific recommendations based on the collected service data.

For the processing of your personal data for the execution of our services, in our capacity of controller, we will always require your prior, explicit consent. When requiring your consent, we will additionally provide you with a copy of this Privacy Policy. Please note that you can withdraw your consent at any time, as indicated below under article 9.

C. Marketing

We may use your personal data for our marketing purposes. We may use your basic contact and identification data and data on your preferences for the purpose of providing you with information relating to events, communications regarding our products and services, newsletters, etc. For the collection and processing of your personal data in relation to direct marketing, we base ourselves on your consent to receive such communications. If you are a client or otherwise engage(d) our services, we may send you marketing communications based on the services we provided you with in the past. In that case, we may send you direct marketing communication based on our legitimate interest to keep you informed on related services and evolutions of our business. When you receive marketing communications from, either on the basis of your consent or on the basis of our legitimate interest, you have at all times the right to opt-out from our receiver list by sending us an email or by clicking the unsubscribe button at the bottom of a specific marketing communication.

D. Business administration

We collect and process the basic contact and identification data, preference data, and, where relevant, financial data of individuals acting in their capacity of representatives of their organizations, and of those people who are or might be our business partners or service providers for the purpose of our general business administration.

The personal information may be used for fixing meeting dates, the execution of the services of our service providers, for establishing a business relationship with a service provider, taking into account any dietary requirements you may have, etc.

For the collection and processing of your personal data in relation to our business administration we base ourselves on the contract concluded with the service provider.

However, should there not be a contract in place then we base ourselves on our legitimate interest to store information on potential partners and/or service providers, including their representatives.

E. Compliance and enforcement

We may use your basic contact and identification data, service data, usage and technical data, and financial data for our own compliance with the legal and regulatory obligations imposed on us. These obligations include any fiscal obligations to which we conform.

Please note that we may collect or receive such information from you or from third-party sources, such as official instances managing such documentation from you on their own merit or on your instruction. We may additionally process your personal data under this section for our own establishment and enforcement of claims or defenses of a legal, administrative, or jurisdictional nature. For the collection and processing of your personal data for compliance with specific legal or regulatory obligations, we base ourselves on our necessity to comply with the various legal obligations to which we are subject.

Where we process the personal data for the purpose of establishing or enforcing our own claims or defenses, we base ourselves on our legitimate interest to protect our commercial, financial and legal interests as permitted by law.

F. Client insights and analytics

We may analyze the information including the personal data necessary for us to directly identify you in relation to other personal data, such as your interactions on the Site, social media, and your communications with us. This information relates in particular to your basic contact and identification data and the usage and technical data.

The gathering and analysis of such information may be performed by using cookies, web beacons, pixel tags, log files, and similar technologies used to gather personal data from the hardware and software you use to visit our Site, including from any mobile devices you may use.

For more information regarding cookies, web beacons, and pixel tags used on our Site and Application, please refer to our Cookie Policy. For the collection and processing of your personal data for client insights and analysis, we base ourselves on our legitimate interest to use your personal data for the continuous improvement of our services, in order to provide you with the best possible experience, among others on our Site and social media profiles.

G. Security and IT management

We use your basic contact and identification data and usage and technical data for the purpose of ensuring the effective and secure functioning of our information security systems and more generally the online environment that we put at your disposal, including the management of your accounts and password-protected sections of our Site. The gathering and analysis of such information may, among others, be performed by using cookies, web beacons, pixel tags, log files, and similar technologies used to gather personal data from the hardware and software you use to visit our Site or our Application, including from any mobile devices you may use. For more information regarding cookies, web beacons, and pixel tags used on our Site and Application, please refer to our Cookie Policy. For the collection and processing of your personal data for the purpose of securing and ensuring the effective functioning of our online environments, we base ourselves on our legitimate interest to monitor how our Site and Application are used and to detect and prevent fraud, criminal activities, and general misuse of our services.

ARTICLE 6 - HOW LONG WE RETAIN YOUR PERSONAL DATA

Our policy is to only retain your personal data for as long as it is required to satisfy the purposes for which we collected it or for which you provided it to us. In what follows we seek to give you the necessary insights in order for you to assess how long your personal data may be retained by us.

As a base rule, we will de-identify or delete any personal data that is no longer considered necessary for the purposes described above or when the retention period as described below has been surpassed. If no retention period has been accorded to a particular processing purpose, the personal data will be deleted or anonymized at the latest within ten (10) years after their collection or receipt by us.

Nevertheless, please note that your personal data will never be anonymized or deleted when such personal data is to be retained by us in the application of an obligation of legal, administrative, or jurisdictional nature. Such an obligation would effectively forbid us or make it impossible for us to remove your personal data. Such data will only be stored and further processed for the purpose of our compliance and will no longer be processed for any other purpose.

Deletion or anonymization of personal data will always happen without further notice or liability on our part.

We distinguish the following retention periods:

  • Services & Preferences :Two (2) years after your last access to the services.
  • Marketing : Five (5) years from the date of receiving your consent or from the date you last used our services.
  • Compliance and enforcement : Ten (10) years after our last business transaction or ten (10) years after the closure of your file
  • Client insights and analytics : Two (2) years after the reception or collection of the personal data.
  • Security and IT management : Twelve (12) months after the collection of the information, except if the information may lead to a compliance and enforcement action from our side, in which case it will be held for ten (10) years after its collection.

ARTICLE 7 - WITH WHOM WE SHARE YOUR PERSONAL DATA

In order to provide our services to you and in order to make our Site, Application, and social media pages available to you, we may share your personal data with third-party contractors and/or other controllers. The sharing of your personal data is either performed on the basis of our contract with you, in particular where this is necessary for the performance of our services or is subordinately based on our legitimate interest to provide our services to you in the best possible manner and allow for the proper communication within our business.

We do not share your personal data with these recipients for secondary or unrelated purposes other than those mentioned in this Privacy Policy, unless expressly otherwise stated at the moment of collecting the particular personal data. The recipients have been carefully selected, and the necessary steps have been taken to ensure the adequate protection of your personal data.

Please consider that due to the complexity and changing nature of our services, we are unable to provide you with an exhaustive list of all recipients with whom your personal data may be shared. However, we have identified the following recipients that may process personal data about you:

  • Meta
  • Google

As stated, we may additionally share your personal data with other recipients, such as:

  • Our accountants, auditors, lawyers, or similar advisors when we ask them to provide us with their respective services;
  • Business partners - we share your information with business partners, such as storage and analytics providers who help us provide you with our Service. These third parties may have access to your Personal Data so that they may perform these tasks on our behalf, but they are obligated to comply with this Privacy Policy and may not use your Personal Data for any other purpose;
  • Any other third party in relation to which we have a duty to disclose or share your personal data in order to comply with our legal obligations;
  • Etc.

For more information relating to the recipients of your personal data, you can contact us in accordance with the provisions of article 12.

ARTICLE 8 - INTERNATIONAL DATA TRANSFERS

We are a Belgian law firm with offices registered in Belgium only. As a principle, your personal data will be stored and processed in Belgium. However, for the purposes set out in article 4 of this Privacy Policy, we may transfer personal data to other jurisdictions outside the European Economic Area, and therefore not bound by the obligation in the General Data Protection Regulation. When we transfer your personal data to third parties residing in such jurisdictions, we implement appropriate safeguards in our agreement with those third parties in order to provide your personal data the benefit of an adequate level of data protection and at least a level of data protection equivalent to the level to which you are entitled under the General Data Protection Regulation. For this purpose, we assess the level of data protection in the country of transit or destination, among others taking into account the adequacy decisions taken by the European Commission. Additionally, we may make use of the Standard Contractual Clauses approved by the European Commission, certification mechanisms, and any other appropriate solutions as required or permitted by the applicable Data Protection Legislation. Feel free to contact us as set out under article 12 of the Privacy Policy, should you have any questions regarding the international transfers of your personal data and the safeguards we have implemented in that regard.

ARTICLE 9 - YOUR DATA PROTECTION RIGHTS

Under the applicable Data Protection Legislation, you are entitled to exercise certain rights in relation to your personal data processed by us. If you would like to be supplied with further information on your rights or wish to exercise them, please write to us at support@archited.io. We ask you to properly identify yourself when exercising your data protection rights in order to enable us to execute your request within the hereunder provided delays. The exercise of your rights is free and will be executed within one (1) month of the receipt of your request to exercise your rights. We may extend this delay with an additional two (2) months for a total delay of three (3) months, should your request prove to be particularly complex. If we decide to extend the initial delay, we will always inform you of this decision in due time. In those cases where we deem your request to exercise your rights manifestly unfounded or excessive, we reserve the right to charge you an administrative fee for the execution of your request, or even to refuse to act on your request. You will always be informed within the above mentioned time frames of our decision. A. Withdrawal of consent You have the right to withdraw your consent in relation to all processing activities for which you have previously given us your consent. Please note that withdrawing your consent will not impact the validity of the lawful processing activities performed on your personal data before you withdraw your consent. B. Right of access You are entitled to request a copy of the data we process and hold about you. If we process and/or hold personal data about you, you will receive a copy of the information in an understandable format together with an explanation of why and how we hold and use it.

Additionally, you can ask to receive information regarding the recipients or categories of recipients to whom your personal data has been disclosed, including any recipients established in third countries, meaning countries located outside the European Economic Area. Please refer to Article 8 of this Privacy Policy in order to learn how we handle the transfer of personal data to countries located outside the European Economic Area. C. Right of rectification You have the right to ask us to correct your personal data. This includes the right to have us correct spelling mistakes or change an address, email addresses, phone numbers, etc. Additionally, depending on the purposes of the processing, you have the right to complete any incomplete information we process or hold about you. D. Right of erasure You have the right to request the deletion of the personal data we process about you. We can object to the deletion of your personal data if the processing is done to comply with legal obligations, for reasons of public interest, or for the establishment, exercise, or defense of our legal claims.

Should you wish to erase your personal data processed on the basis of a contract you concluded with us, we may terminate our performance of the services provided to you under that contract if the processing of such personal data is required for the performance of the contract. E. Right to restrict the processing of personal data Under certain circumstances, you have the right to ask us to restrict our processing of your personal data. Please note that in exercising this right, the relevant personal data will remain stored in our possession, but we will not be able to further process it. You can ask us to restrict the processing of your personal data where:

you believe that the personal data we process on you is inaccurate; our processing of your personal data should be unlawful; we are no longer required to process your personal data for the purposes set out in article 5, but we are not allowed to delete your personal data due to a legal or other obligation; or you object to our processing of your personal data as set out below, but you do not want us to delete your personal data. F. Right to object to the processing In those instances where we process and collect your personal data based on our legitimate interest, you have the right to object to our processing of such data. Please note that if you decide to exercise your right to object to our processing of your personal data, we have the right to provide you with our legitimate grounds on which we base ourselves in order to continue the processing of your data.

Our decision to continue the processing of your personal data does not preclude you from filing a complaint with the relevant supervisory authority as set out further below under article 13. G. Right to data portability You are entitled to receive the personal data we process or hold on you in a structured, commonly used, and machine-readable format. Furthermore, you have the right to have this personal data transmitted to another data controller, where

  • the personal data in question was provided to us by yourself; and
  • we process the personal data on the legal basis of your consent or under an agreement you have concluded with us, as detailed under article 5 of this Privacy Policy.

Please be informed that we are allowed to refuse your exercise of this right if we deem the requested action to be taken not to be technically feasible, a legal obligation precludes us from transferring or providing you with such personal data, or if the exercise of your rights under this section goes against our legitimate interest.

ARTICLE 10 - SECURITY OF YOUR PERSONAL DATA

We use generally accepted and reasonable technical and organizational methods consistent with current technological developments with regard to operational security to offer protection against loss, abuse, alteration, or destruction of all personal data we store and process. Our technical and organizational measures are frequently updated in order to adapt these measures to new technical and organizational procedures and to ensure the continued safety of your personal data. Please note that our Site and social media accounts may contain links to other websites or internet resources which may also collect personal data, through cookies or other technologies. We carry no responsibility, liability for, or control over those other websites or internet resources or their collection, use, or disclosure of your personal data. We recommend that you review the privacy policies of these other websites and internet resources in order to understand how they collect and process your personal data.

ARTICLE 11 - AMENDMENTS TO THE PRIVACY POLICY

We may bring adaptations and improvements to the Privacy Policy from time to time. These changes will mainly be made to account for new case law and practices developing in the data protection field, and in order to ensure your control over your personal data.

The most current version of the Privacy Policy will always be displayed on the Site and can be requested as indicated below under article 12. On top of this Privacy Policy, you will be able to check the date on which we last implemented changes to the policy. Please contact us if you wish to consult earlier versions thereof.

ARTICLE 12 - YOUR QUESTIONS AND QUERIES

You undertake to communicate accurate personal data to us. You may at any time modify the personal data at our disposal by sending us an email. We cannot be held responsible for any failure of our services related to incorrect information you provided. Should you have any questions about this Privacy Policy or should you have the feeling that your interests are not or inadequately represented, you can address all your questions to us at the following email address : support@archited.io.

ARTICLE 13 - DISPUTE RESOLUTION

This Privacy Policy shall be governed by - and construed in accordance with - the Belgian legislation. You have the right to file a complaint with the competent data protection authority, being the authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement of the applicable Data Protection Legislation. Notwithstanding the previous, the lead data protection authority is the Belgian Data Protection Authority (“Autorité de protection des données” or “Gegevensbeschermingsautoriteit”), which can be reached via the following means of communication:

  • by following the instructions and filling in the form accessible via their website;
  • by calling the following number : +32 (0)2 274 48 00 ; or
  • by sending an email to contact@apd-gba.be.