PRIVACY STATEMENT

(EN)

2024

 
 
 
2 
 
Privacy Statement - SCUDI BV 
 
Foreword ....................................................................................................................................... 3 
I.  Who is data Controller? .................................................................................................... 3 
II.  Who is concerned? ............................................................................................................ 3 
III.  What data does SCUDI process? ....................................................................................... 3 
IV.  When are personal data collected? .................................................................................. 4 
V.  For what purposes and on what legal basis are your data processed? ............................ 4 
VI.  Am I obliged to provide data? ........................................................................................... 5 
VII.  Will the data be transfered to a third country or an international organisation?............ 5 
VIII.  How do we protect your data? ......................................................................................... 5 
IX.  Who has access to your data and to whom is it communicated? .................................... 5 
X.  What are your rights regarding the protection of personal data and how can you 
exercise them? .............................................................................................................................. 6 
 
1.  Right of access (to consult your data) ........................................................................................................... 6 
2.  Right to rectify your data............................................................................................................................... 6 
3.  Right to erasure ............................................................................................................................................. 6 
4.  The right to limitation of processing ............................................................................................................. 6 
5.  The right to object ......................................................................................................................................... 7 
6.  The right of portability .................................................................................................................................. 7 
7.  Withdrawal of your consent .......................................................................................................................... 7 
8.  Exercising your rights .................................................................................................................................... 7 
9.  The right to lodge a complaint with the Data Protection Authority ............................................................. 7 
10.  How long do we store your data? ................................................................................................................. 7 
11.  How do I stay informed about changes to this privacy statement? ............................................................. 7 
12.  How to contact us? ........................................................................................................................................ 7 
 

Foreword

The protection of your personal data is governed by the General Data Protection Regulation (GDPR)

applicable since the 25

of May 2018 and by the national laws that implement the GDPR, in particular

the law of 30

July 2018 on the protection of natural persons with regard to the processing of

personal data.

We are committed to respect our obligations as well as your rights when we process personal data.

To go deeper into the subject, we recommend the website of the Data Protection Authority in

Belgium https://www.autoriteprotectiondonnees.be/.

We are committed to protect and process your personal data in complete transparency and in strict

compliance with the law. This statement is intended to inform you about how we collect, use and

store your personal data. We encourage you to read this privacy statement to be informed of how

we use your personal data and about your rights as a data subject.

I. Who is the data Controller?

SCUDI BV, having its registered office at Silversquare Zaventem, Ikaroslaan 1, 1930 Zaventem and registered

with the Crossroads Bank for Enterprises under number 0782.931.441, is acting as the controller.

SCUDI BV is therefore your contact person as well as that of the supervisory authorities (in particular the DPA)

for any question relating to the processing of personal data.

SCUDI BV has appointed a Data Protection Officer ("DPO") as your point of contact for all questions or requests

relating to the personal data processing. You can contact the DPO by:

Mail:

Data Protection Officer

SCUDI BV

Silversquare Zaventem

Ikaroslaan 1

1930 Zaventem

E-mail: info@scudi.me

II. Who is concerned?

The following persons are concerned by this statement:

a. Visitors who use our website ;

b. Current or potential customers acting as natural persons ;

c. The other natural persons involved in a transaction with our company as guarantors or

representatives of our clients.

Legal persons are not affected by this statement.

III. What data does SCUDI process?

This statement covers personal data of natural persons, i.e. data that directly or indirectly identify a person.

The amount and type of personal data processed may vary depending on our relationship. We may collect

various personal data during your interactions with us, such as:

a. Identifying information: Your surname, first name, address, date and place of birth, photo,

account number, telephone number, email address, IP address, various invoices ...;

b. Data relating to your transactions on our CMS platform: The data of a transfer or withdrawal

order, name and various info of employees, amount of withdrawal... or generally all

movements recorded on your accounts;

c. Data relating to your habits and preferences: We do not retain any data from your interactions

on our dedicated pages on social media and relating to your behaviour regarding the use of

our websites, our applications for tablets and smartphones... ;

d. Data from authorised third parties: Moniteur Belge, professional data providers, ...;

e. Your communications with us: The data you provide when you contact us through various

channels made available to you;

IV. When are personal data collected?

Your personal data are collected:

When you register to use our online services (with each identification or use);

When you use our services and products;

When you subscribe to our newsletters, respond to our invitations (conferences... ) ;

When you contact us through the different channels made available to you.

Please note that technological means for statistical and evaluation purposes relating to the success of our

marketing campaigns are also used to study the ergonomics of our web applications but not to access your

personal data. We do not use cookies for these purposes. For more information, please refer to our Cookie

Policy [https://www.SCUDI.me/cookie-policy].

V. For what purposes and on what legal basis are your data processed?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR).

Your personal data may be processed on one or more legal bases and for the following purposes:

Your consent

. You can agree to our personal data processing for certain purposes, such as, for

example, the analysis of your activities for marketing purposes, the subscription to our

newsletters, prospecting.... You have the right to withdraw your consent at any time without

prejudice to the lawfulness of the processing performed prior withdrawal.

Execution of contractual obligations

. We may also process your personal data if this is

necessary for the execution of a contract to which the data subject is a party or for the

execution of pre-contractual measures taken at the data subject's request. We process your

data in order to allow you to register on our platform and application, to provide services in

the context of the execution of withdrawals concluded with you as our client.

Legal obligation

. We are subject to various legal obligations or requirements (for example:

compliance with legislation, response to the official request of a duly mandated public or

judicial authority, proof of operations e.g. a withdrawal request, identity and age checks,

execution of control and declaration obligations under tax laws, measurement and risk

management within SCUDI BV).

SCUDI’s legitimate interest

. We process your data for the purposes of the legitimate interests

pursued by us or a third party. For example, this may include anticipating new legal obligations

resulting from Belgian or European law (including the future extension of the scope of the

legislation on the prevention of money laundering and terrorist financing), consultation and

exchange of data with information bodies for the purposes of marketing, market research or

opinion polls, unless you have objected to the use of your data for this purpose. It may also

include, for example, the exercise of legal claims and defence in the event of a dispute,

guaranteeing IT security and operations of SCUDI BV platform, monitoring transactions,

Article 6, paragraph 1 (a) GDPR.

Article 6, paragraph 1 (b) GDPR.

Article 6, paragraph 1 (c) GDPR.

Article 6, paragraph 1 (f) GDPR.

prevention and clarification of infringements, to prevent fraud, measures aimed at the

management of business and the development of products and services or risk control. We

also have a legitimate interest in providing information about our activities to our customers.

For each data processing, only the data relevant to the purpose pursued are processed.

VI. Am I obliged to provide data?

You must provide all the personal data required to enable us to accept and establish a business relationship, and

to comply with the contractual obligations related to it, as well as the data that we are required to collect either

by law or in accordance with our risk management and compliance procedures. Without this data, we are not,

in principle, able to conclude a contract with you or to perform it.

According to future anti-money laundering regulations and in accordance with our current risk management and

compliance procedures, we must identify you on the basis of your identification documents before establishing

a business relationship. You must provide us, or one of our financial partners, your company details, date of

incorporation, statutes, UBO details, name, date and place of birth, nationality, address and identification, for

business representatives. For us to be able to meet these requirements, you must provide us the required

information and documents, and immediately notify us of any changes that occur during the course of the

business relationship. If you do not provide us with the necessary information and documents, we cannot

establish or continue the business relationship.

VII. Will the data be transferred to a third country or an international organisation?

Data may be transferred to countries outside the European Economic Area (EEA) (called third countries). In this

case, SCUDI BV ensures that the necessary devices are put in place to guarantee the security of this data.

If the regulations of a third country do not provide an equivalent level of protection, SCUDI BV will only carry out

such a transfer where permitted by law and ensures that appropriate guarantees are in place (for example, when

an adequacy decision exists or by the use of the standard contractual clauses). If you have any questions or would

like further information, please send a signed and dated request, accompanied by a double-sided copy of a

identity document, to SCUDI BV, Silversquare Zaventem, Ikaroslaan 1, 1930 Zaventem or by email to

info@scudi.me

VIII. How do we protect your data?

Access to your personal data is only permitted to persons for whom it is necessary for the execution of their

mission. These are subject to a strict obligation of non-disclosure.

We have put in place technical measures exclusively intended for the protection of your personal data.

Therefore, we want to prevent unauthorised people from having access to them, processing them, modifying

them or destroying them. You will also find some tips to secure your data on https://www.safeonweb.be/.

IX. Who has access to your data and to whom is it communicated?

The people who are authorised to access your data are determined precisely according to their mission. In the

following cases, we will communicate (some of your) personal data to third parties:

Certain subcontractors acting on our behalf, such as, for example, marketing and

communication companies.

IT service providers (technical support).

PSP and EMI, like Paynovate and it’ s agent LinkCy, for the recording of electronic payments.

In this case, Paynovate is acting as controller. You can read Paynovate's privacy policy on its

website.

Lawyers or advisors: in some cases, SCUDI BV may transmit your personal data to external

advisors or lawyers or insurers if it is necessary to defend the interests of SCUDI BV.

Public authorities: We may disclose your personal data to the police, judicial or other

regulatory authorities if a law, regulation or other legal basis requires us to do so.

Change of Control of the company: In the unlikely event that all or part of our company is taken

over by a third party, your information will be transferred to the acquirer.

When we use service providers, these companies may be controller themselves (and therefore obliged on their

side to comply with data protection regulation). If not, they must follow our instructions and comply with our

Privacy Statement. We ensure that our partners only receive data that is strictly necessary to perform their part

of the contract.

In the context of a transaction, the customer accepts that personal data, strictly necessary for the completion

one or more of the purposes mentioned above or under the requirement of applicable regulations, are

communicated by the electronic money institute to subcontractors and outsourced service providers whose

intervention is necessary.

X. What are your rights regarding the protection of personal data and how can you exercise them?

You have several rights regarding your personal data. Some of these rights have a very specific scope of

application or are subject to special conditions or exceptions.

1. Right of access (to consult your data)

You are entitled to request access to your personal data, i.e. you can ask us to provide you with the personal

data we hold about you.

2. Right to rectify your data

It may happen that some of your personal data held by SCUDI BV, is not or no longer correct or up-to-date.

Therefore, you are entitled to have your personal data corrected.

3. Right to erasure

You are entitled to obtain deletion of your personal data, unless there are legal exceptions, as in one of the

following cases:

We no longer need it regarding the original purposes;

You withdraw your consent to the processing of your data;

You object to SCUDI BV processing your data for its legitimate interests, unless there is a

compelling legitimate reason;

When you suspect that some of your data is being processed unlawfully by SCUDI BV; or

The law of a Member State of the European Union or a European regulation requires the

erasure of your personal data.

4. The right to limitation of processing

You are entitled to obtain the limitation of processing of your personal data by SCUDI BV for the necessary

period required for the verification of this data if:

You suspect inaccuracy of the information or the unlawfulness of the data processed by SCUDI

BV; or

You object to the processing of data for the legitimate interests of SCUDI BV.

Article 15 of the GDPR.

Article 16 of the GDPR.

Article 17 of the GDPR.

Article 18 of the GDPR.

5. The right to object

You have the right to object to processing of your personal data when you do not agree with the way in which

SCUDI BV processes some of your data according to its legitimate interests (see point 4). However, this right of

opposition may be refused for compelling reasons such as compliance with legal obligations incumbent on

SCUDI BV (in particular concerning the tax obligations, the fight against fraud, the fight against money

laundering, etc.).

6. The right of portability

You are entitled to receive a copy of the personal data you’ve provided us with, in a structured, commonly used

and machine-readable format and you are entitled to ask us to send this data to another data controller.

7. Withdrawal of your consent

Where processing is based on your consent, you have the right to withdraw your consent at any time. The

withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Exercising your rights

To exercise your rights, send us your dated and signed request, accompanied by a copy of an identity document

by mail to SCUDI BV, Silversquare Zaventem, Ikaroslaan 1, 1930 Zaventem or by email to the Data Protection

Officer: info@scudi.me

In addition, SCUDI BV's customers are informed that they can consult at any time, in their accounts the

information they have communicated to SCUDI BV.

9. The right to lodge a complaint with the Data Protection Authority

You have the right to submit a request and/or to lodge a complaint with the Data Protection Authority at the

following address: Rue de la Presse 35, 1000 Brussels, tel: +32 2 274 48 00, email: contact@apd-gba.be

10. How long do we store your data?

We do not store your personal data beyond the necessary time required for the processing and for the cause

of which it was collected. Data relating to our customers is in principle stored for three years. Our legal, tax

or legal obligations to retain your data for evidence purposes vary from case to case and can sometimes be for

several years. These data are archived and are only accessible for the purposes of legal evidence, and control

by an authorised body (e.g. the tax authority) or for internal audit reasons.

11. How do I stay informed about changes to this privacy statement?

In a changing world where technologies are constantly evolving, this privacy statement may be subject to change.

We encourage you to review this statement periodically to be informed of how we use your personal data.

12. How to contact us?

If you have any further questions regarding the processing of your personal data, you can always contact us:

a. By email to : info@scudi.me

b. By mail to : Silversquare Zaventem, Ikaroslaan 1, 1930 Zaventem

Article 21 GDPR.

Article 20 GDPR.

Article 7, paragraph 3 of the GDPR.

Last updated 240105