PRIVACY STATEMENT

2024

 
 
 
2 
 
Privacy Statement - SCUDI BV 
 
Foreword ...................................................................................................................................... 3 
I.  Who is data Controller? ..................................................................................................... 3 
II.  Who is concerned? ............................................................................................................ 3 
III.  What data does SCUDI process? ........................................................................................ 3 
IV.  When are personal data collected? ................................................................................... 4 
V.  For what purposes and on what legal basis are your data processed? ............................. 4 
VI.  Am I obliged to provide data?............................................................................................ 5 
VII.  Will the data be transfered to a third country or an international organisation? ............. 5 
VIII.  How do we protect your data? .......................................................................................... 5 
IX.  Who has access to your data and to whom is it communicated? ..................................... 5 
X.  What are your rights regarding the protection of personal data and how can you 
exercise them?.............................................................................................................................. 6 
 
1.  Right of access (to consult your data) ................................................................................................................ 6 
2.  Right to rectify your data ..................................................................................................................................... 6 
3.  Right to erasure ................................................................................................................................................... 6 
4.  The right to limitation of processing ................................................................................................................... 6 
5.  The right to object ............................................................................................................................................... 7 
6.  The right of portability ......................................................................................................................................... 7 
7.  Withdrawal of your consent ................................................................................................................................ 7 
8.  Exercising your rights ........................................................................................................................................... 7 
9.  The right to lodge a complaint with the Data Protection Authority ................................................................. 7 
10.  How long do we store your data? ....................................................................................................................... 7 
11.  How do I stay informed about changes to this privacy statement? ................................................................. 7 
12.  How to contact us? .............................................................................................................................................. 7 
 

Foreword

The protection of your personal data is governed by the General Data Protection Regulation (GDPR)

applicable since the 25

of May 2018 and by the national laws that implement the GDPR, in particular

the law of 30

July 2018 on the protection of natural persons with regard to the processing of personal

data.

We are committed to respect our obligations as well as your rights when we process personal data.

To go deeper into the subject, we recommend the website of the Data Protection Authority in Belgium

https://www.autoriteprotectiondonnees.be/.

We are committed to protect and process your personal data in complete transparency and in strict

compliance with the law. This statement is intended to inform you about how we collect, use and

store your personal data. We encourage you to read this privacy statement to be informed of how we

use your personal data and about your rights as a data subject.

I. Who is data Controller?

SCUDI BV, having its registered office at Oorlogskruizenlaan 165/9, 1120 Brussels (Belgium) and registered with

the Crossroads Bank for Enterprises under number 0782.931.441, is acting as the controller.

SCUDI BV is therefore your contact person as well as that of the supervisory authorities (in particular the DPA)

for any question relating to the processing of personal data.

SCUDI BV has appointed a Data Protection Officer ("DPO") as your point of contact for all questions or requests

relating to the personal data processing. You can contact the DPO by:

Mail:

Data Protection Officer

SCUDI BV

Oorlogskruizenlaan 165/9

1120 Brussels

E-mail: info@scudi.me

II. Who is concerned?

The following persons are concerned by this statement:

a. Visitors who use our website ;

b. Current or potential customers acting as natural persons ;

c. The other natural persons involved in a transaction with our company as guarantors or

representatives of our clients.

Legal persons are not affected by this statement.

III. What data does SCUDI process?

This statement covers personal data of natural persons, i.e. data that directly or indirectly identify a person. The

number and type of personal data processed may vary depending on our relationship. We may collect various

personal data during your interactions with us, such as:

a. Identifying information: Your surname, first name, address, date and place of birth, photo,

account number, telephone number, email address, IP address, various invoices ...;

b. Data relating to your transactions on our CMS platform: The data of a transfer order, name and

various info on your employees, amount of withdrawal... or generally all movements recorded

on your accounts;

c. Data relating to your habits and preferences: We do not retain any data from your interactions

on our dedicated pages on social media and relating to your behaviour regarding the use of

our websites, our applications for tablets and smartphones... ;

d. Data from authorised third parties: Moniteur Belge, professional data providers, ...;

e. Your communications with us: The data you provide when you contact us through various

channels made available to you;

IV. When are personal data collected?

Your personal data are collected:

When you register to use our online services (with each identification or use);

When you use our services and products;

When you subscribe to our newsletters, respond to our invitations (conferences... ) ;

When you contact us through the different channels made available to you.

Please note the use of other technological means for statistical and evaluation purposes relating to the success

of our marketing campaigns. Il is also used to study the ergonomics of our web applications but not to access to

your personal data. We do not use cookies for these purposes. For more information, please refer to our Cookie

Policy [https://www.SCUDI.io/cookie-policy].

V. For what purposes and on what legal basis are your data processed?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR).

Your personal data may be processed on one or more legal bases and for the following purposes:

Your consent

. You can agree to our personal data processing for certain purposes, such as, for

example, the analysis of your activities for marketing purposes, the subscription to our

newsletters, prospecting.... You have the right to withdraw your consent at any time without

prejudice to the lawfulness of the processing performed prior withdrawal.

Execution of contractual obligations

. We may also process your personal data if this is

necessary for the execution of a contract to which the data subject is a party or for the execution

of pre-contractual measures taken at the data subject's request. We process your data in order

to allow you to register on our platform and application, to provide services in the context of

the execution of withdrawals concluded with you as our client.

Legal obligation

. We are subject to various legal obligations or requirements (for example:

compliance with legislation, response to the official request of a duly mandated public or judicial

authority, proof of operations (e.g. a withdrawal request), identity and age checks, execution of

control and declaration obligations under tax laws, measurement and risk management within

SCUDI BV).

SCUDI’s legitimate interest

. We process your data for the purposes of the legitimate interests

pursued by us or a third party. For example, this may include anticipating new legal obligations

resulting from Belgian or European law (including the future extension of the scope of the

legislation on the prevention of money laundering and terrorist financing), consultation and

exchange of data with information bodies for the purposes of marketing, market research or

opinion polls, unless you have objected to the use of your data for this purpose. It may also

include, for example, the exercise of legal claims and defence in the event of a dispute,

guaranteeing IT security and operations of SCUDI BV platform, monitoring transactions,

Article 6, paragraph 1 (a) GDPR.

Article 6, paragraph 1 (b) GDPR.

Article 6, paragraph 1 (c) GDPR.

Article 6, paragraph 1 (f) GDPR.

prevention and clarification of infringements, to prevent fraud, measures aimed at the

management of business and the development of products and services or risk control. We also

have a legitimate interest in providing information about our activities to our customers.

For each processing, only the data relevant to the purpose pursued are processed.

VI. Am I obliged to provide data?

You must provide all the personal data required to enable us to accept and establish a business relationship, and

to comply with the contractual obligations related to it, as well as the data that we are required to collect either

under law or in accordance with our risk management and compliance procedures. Without this data, we are not,

in principle, able to conclude a contract with you or to perform it.

According to future anti-money laundering regulations and in accordance with our current risk management and

compliance procedures, we must identify you on the basis of your identification documents before establishing a

business relationship. You must provide us or one of our financial partners your company details, date of

incorporation, statutes, UBO details, name, date and place of birth, nationality, address and identification, for

business representative. For us to be able to meet these requirements, you must provide us the required

information and documents, and immediately notify us of any changes that occur during the course of the business

relationship. If you do not provide us with the necessary information and documents, we cannot establish or

continue the business relationship.

VII. Will the data be transferred to a third country or an international organisation?

Data may be transferred to countries outside the European Economic Area (EEA) (called third countries). In this

case, SCUDI BV ensures that the necessary devices are put in place to guarantee the security of this data.

If the regulations of a third country do not provide an equivalent level of protection, SCUDI BV will only carry out

such a transfer where permitted by law and ensures that appropriate guarantees are in place (for example, when

an adequacy decision exists or by the use of the standard contractual clauses). If you have any questions or would

like further information, please send a signed and dated request, accompanied by a double-sided copy of a identity

document, to SCUDI BV, Oorlogskruizenlaan 165/9, 1120 Brussels or by email to info@scudi.me

VIII. How do we protect your data?

Access to your personal data is only permitted to persons for whom it is necessary for the execution of their

mission. These are subject to a strict obligation of confidentiality.

We have put in place technical measures exclusively intended for the protection of your personal data. Therefore,

we want to prevent unauthorised people from having access to them, processing them, modifying them or

destroying them. You will also find some tips to secure your data on https://www.safeonweb.be/.

IX. Who has access to your data and to whom is it communicated?

The people who are authorised to access your data are determined precisely according to their mission. In the

following cases, we will communicate (some of your) personal data to third parties:

Certain subcontractors acting on our behalf, such as, for example, marketing and

communication companies.

IT service providers (technical support).

PSP, Paynovate and their agent LinkCy SAS for electronic payments. In this case, Paynovate is

acting as controller. You can read Paynovate's privacy policy on its website. For LinkCY :

https://docs.google.com/document/d/1ovGKwfX3dn_3_PBgEYkig62xN7fc8cyW/edit

Lawyers or advisors: in some cases, SCUDI BV may transmit your personal data to external

advisors or lawyers or insurers if it is necessary to defend the interests of SCUDI BV.

Public authorities: We may disclose your personal data to the police, judicial or other regulatory

authorities if a law, regulation or other legal basis requires us to do so.

Subsequent purchasers of the company: In the unlikely event that all or part of our company is

taken over by a third party, your information will be transferred to the acquirer.

When we use service providers, these companies may be controller themselves (and therefore obliged on their

side to comply with data protection regulation). If not, they must follow our instructions and comply with our

Privacy Statement. We ensure that our partners only receive data that is strictly necessary to perform their part

of the contract.

In the context of a transaction, the customer accepts that the personal data strictly necessary for the

achievement of at least one of the purposes mentioned above or for what is required under the applicable

regulations, are communicated by the electronic money establishment to subcontractors and outsourced service

providers whose intervention is necessary.

X. What are your rights regarding the protection of personal data and how can you exercise them?

You have several rights regarding your personal data. Some of these rights have a very specific scope of application

or are subject to special conditions or exceptions.

1. Right of access (to consult your data)

You are entitled to request access to your personal data, i.e. you can ask us to provide you with the personal

data we hold about you.

2. Right to rectify your data

It may happen that some of personal data which SCUDI BV holds about you, are not or no longer correct or up-

to-date. Therefore, you are entitled to have your personal data corrected.

3. Right to erasure

You are entitled to obtain deletion of your personal data, unless there are legal exceptions, in one of the following

cases:

We no longer need it regarding the original purposes;

You withdraw your consent to the processing of your data;

You object to SCUDI BV processing your data for its legitimate interests, unless there is a

compelling legitimate reason;

When you suspect that some of your data is being processed unlawfully by SCUDI BV; or

The law of a Member State of the European Union or a European regulation requires the erasure

of your personal data.

4. The right to limitation of processing

You are entitled to obtain the limitation of processing of your personal data to SCUDI BV for the necessary period

for the verification of those data if:

You suspect an inaccurate information or the unlawfulness of the data processed by SCUDI BV;

You object to the processing of data for the legitimate interests of SCUDI BV.

Article 15 of the GDPR.

Article 16 of the GDPR.

Article 17 of the GDPR.

Article 18 of the GDPR.

5. The right to object

You have the right to object to processing of your personal data when you do not agree with the way in which

SCUDI BV processes some of your data according to its legitimate interests (see point 4). However, this right of

opposition may be refused for compelling reasons such as compliance with legal obligations incumbent on SCUDI

BV (in particular concerning the tax obligations, the fight against fraud, the fight against money laundering, etc.).

6. The right of portability

You are entitled to receive personal data you’ve provided us with, in a structured, commonly used and machine-

readable format and are entitled to ask us to send this data to another data controller.

7. Withdrawal of your consent

Where processing is based on your consent, you have the right to withdraw your consent at any time. The

withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Exercising your rights

To exercise your rights, send us your dated and signed request, accompanied by a copy of an identity document

by mail to SCUDI BV, Oorlogskruisenlaan 165/9, 1120 Brussels or by email to the Data Protection Officer:

info@scudi.me

In addition, SCUDI BV's customers are informed that they can consult at any time in its accounts the information

they have communicated to SCUDI BV.

9. The right to lodge a complaint with the Data Protection Authority

You have the right to submit a request and/or to lodge a complaint with the Data Protection Authority at the

following address: Rue de la Presse 35, 1000 Brussels, tel: +32 2 274 48 00, email: contact@apd- gba.be

10. How long do we store your data?

We do not store your personal data beyond the necessary time for the processing for which it was collected.

Data relating to prospects are in principle stored for three years. Our legal, tax or legal obligations to retain your

data for evidence purposes vary from case to case and can sometimes be for several years. These data are

archived and are only accessible for the purposes of legal evidence, control by an authorised body (e.g. the tax

authority) and for internal audit reasons.

11. How do I stay informed about changes to this privacy statement?

In a changing world where technologies are constantly evolving, this privacy statement may be subject to change.

We encourage you to review this statement periodically to be informed of how we use your personal data.

12. How to contact us?

If you have any further questions regarding the processing of your personal data, you can always contact us:

a. By email to : info@scudi.me

b. By mail to : Oorlogskruisenlaan 165/9, 1120 Brussels

Last updated: May 7

, 2024

Article 21 GDPR.

Article 20 GDPR.

Article 7, paragraph 3 of the GDPR.