– PRIVACY POLICY –

IPM Group

IPM GROUP and your data

I. Presentation of the Controller

This Privacy Policy is drawn up by the company IPM GROUP (hereinafter “IPM”, “we”, “us”, “our”), whose registered office is located at 79 Rue des Francs, 1140 Etterbeek under company number 0403.508.716.

IPM Group is a group of companies active in the fields of information (La Libre, la DH, …), real estate information (Logic-Immo), multimedia productions, creative services (WhiteFox, IPMadvertising) and travel organisation (Want to travel, Continents Insolites).

Our group is made up of various brands and subsidiary companies whose main objective is to inform individuals via all media channels including magazines, the internet, mobile media and radio.

In the course of our activities, we process personal data concerning our customers, individuals, or any natural person in contact with us, including potential customers (hereinafter referred to as “the prospect“).

The purpose of this policy is to explain how we collect, use and store your personal data.

Data protection and respect for your privacy are core values for us and we are committed to processing and protecting the personal data of our customers, subscribers, readers, surfers or users of our services, applications, news sites or online magazines in a fair and transparent manner in compliance with the law.

We understand by “personal data” all personal data concerning you, i.e. any information that allows you to be directly or indirectly identified as a natural person.

This policy is in line with our desire to act with complete transparency, in compliance with the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data (hereinafter referred to as the “Privacy Law”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”).

Except in the case of a subsidiary company belonging to our group, IPM Group is therefore the data controller within the meaning of the GDPR.

If you wish to react to any of the practices described in the policy, please do not hesitate to contact us.

II. What categories of personal data do we process and how do we obtain them ?

We process your data within the framework of our activities and these data can be collected in several ways.

A. The three pillars of data collection within the IPM Group

– Express communication from you

When you subscribe, when you register for an event, when you enter a competition, when you fill out a form on one of our sites, when you create an account on one of our sites or one of our applications or when you subscribe to one of our newsletters, etc…

– Automatic collection when you use our services

When you browse our sites, use our applications, we collect information via cookies and other systems.

– Data transmitted by third parties

We have partners with whom we work, if you allow them to pass on your personal data to us, we can obtain them. We may then receive different types of data depending on what you have agreed to.

B. The personal data you provide us with

– Personal identification data

Surname, first name, address,…

– Identification data, issued by public services, other than the national register number

Identity card number, passport number, VAT number

– Biometric data

Passport

– Personal characteristics

Age, sex, date of birth,…

– Electronic identification data

IP addresses, emails, cookies, password for access to IPM accounts, telephone  

– Financial identification data

Credit card numbers

– Details of trips and journeys

Information concerning stays and journeys made, travel visas

– Lifestyle

Details concerning the consumption of goods or services, behaviour of the individual or his/her family

– Marriage or current form of cohabitation

Date of marriage, number of children, household composition

– State of physical health

Diet, other special health requirements for travel or accommodation management

– Characteristics of the accommodation

On our sites dedicated to real estate, if you post an ad we know what type of property you live in

– Leisure activities and interests

Hobbies, sports and other interests that we collect via your competition entries or via forms

– Details of the goods and services provided, lent or rented to the person on file

Type of subscriptions, purchases made,…

– Personal experiences

Professional interests, research interests, academic interests, specialisation topics

– Possessions

Land, property or other possessions

– Actual job

Employer, title and description of the function, grade, place of work, specialisation or type of enterprise, …

C. Data collected automatically using cookies[1] and other technologies (Pixel)

– Login information

IP adresses

– Browser information

Browser type, time, frequency and duration of use

– Device used or application used
– Personal configuration

Language, preferences,…

– Location data

If you have enabled this feature, we can approximately locate you

D. Special Categories of Data under the GDPR

The principle concerning the so-called special data is the prohibition of processing.

a) Types of special categories of data

– Data concerning the sexual life or sexual orientation of a natural person
– Health data
– Genetic data
– Biometric data that uniquely identify a natural person
– Trade union membership
– Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs

b) How can the IPM Group therefore process these types of data (exception to the prohibition)?

There are a number of situations in which we may process these particular types of data, but we will only process these types of data if :

– You have explicitly consented to the processing of this personal data for one or more specific purposes;
– The processing relates to personal data that you have obviously made public;
– The processing is necessary for the establishment, exercise or defence of a legal claim.

In our opinion, we will mainly process these data in the context of our travel services via your passports (biometric data) or to find out about your allergies or dietary restrictions (religious or health-related data).

Of course, these data will not be used for any other purpose.

E. Non-personal data

It may happen that we collect non-personal data. These data are qualified as non-personal data because they do not allow us to identify you directly or indirectly.

They may therefore be used for any purpose whatsoever, for example, to improve our website, our products, target our advertising or improve the services we offer.

III. Processing of personal data

We aim to better target information, offers, products, services based on your personal interests and needs. To do this, the data we collect may be enriched with publicly available data or data from our partners who will ensure that this data is transferred to us in a lawful manner (i.e. in compliance with the laws and regulations relating to privacy mentioned above).

A. What is a processing ?

A processing operation is “any operation or set of operations which may or may not be performed using automated processes and applied to data or sets of data of a personal nature.”

These processings cover the following actions:

– The recording
– The organisation
– The storage
– The use
– The collection
– The adaptation or alteration
– The structuring
– The retrieval
– The consultation
– The restriction
– The disclosure by transmission
– The disemination or otherwise making available or any other form of availability
– The alignment or combination
– The erasure or destruction

IV. Lawfulness of the processing

The GDPR authorises the processing of personal data if it is based on one of the legal bases provided for in the GDPR text.

In the case of IPM, there are four legal bases on which the processing of personal data may be justified.

– Your consent
When you give us your consent, we may process your personal data.
Example: when you tick a box allowing us to send you newsletters
– Necessity for the execution of a contract
The processing is necessary for the execution of a contract to which you are a party. In addition, we may process your personal data if this request is made by you.
Example: delivery of a newspaper to your address
– Respect a legal obligation
The processing is necessary to comply with a legal obligation to which we are subject to.
Example: saving invoices in your customer file to comply with our tax obligations.
– Legitimate interests
The processing is necessary for the purposes of our legitimate interests. In this case, we balance our interests to determine whether our legitimate interest takes precedence over your rights and freedoms, considering, in particular, your reasonable expectations.
Example: commercial prospecting is one of our legitimate interests.

 V. Purposes of the processing

We collect and process your personal data for certain purposes that we describe below. We have determined these purposes and ensure that only personal data that is necessary and relevant in accordance with the data minimisation principle[2] is processed.

B. Compliance with our legal obligations

In certain cases, we are obliged to process your personal data within the framework of legal obligations or when cooperating with the competent authorities.

C. Within the framework of our contractual relationship

When we have a contractual relationship, for example, when making a purchase, placing an order, delivering products to you, or when you accept our general terms and conditions of use, we process your personal data in order to fulfil our contractual obligations and to carry out the task you have set us.

In order to execute our contract, we process your personal data for the following purposes:

–  Ensuring a response to your requests 
We answer your questions regarding your contract, this is part of our customer relationship.
– Manage the delivery of products and services
This includes the management of your subscription or the management of event registrations.
– Managing our customer relationship
To carry out communications and marketing actions about similar products or products that may be of interest to you based on your profile and interests.
– Contact you for an evaluation of our services
Contact you for an evaluation of our services
– Personalise our services
Based on your profile and interests, we use your data to provide you with a more personalised service with targeted advertising.

D. Consent

Where we do not have a binding contractual relationship or where processing is not necessary for the performance of a contract, you can give us your consent to process your personal data.

When you create accounts on our sites, subscribe to our newsletters or events or when you give us permission to contact you again or to send your data to our partners, we invite you to tick a box. This box is a request for consent for us to process your personal data.

We will therefore process your personal data based on your consent for the following purposes:

– Ensuring a response to your requests
When you contact us to respond to you regarding a site, event or newsletter to which you have registered, we use your data to respond to you.
– Send you alerts containing personalised ads considering your preferences
On your smartphones and tablets, you also need to allow notifications via their settings.
– Send you a specialised editorial newsletter based on the sites you have registered for and based on the centre of preference
You can register and unsubscribe preferably via the belly. This allows you to manage the information we send you according to your interests
– Contact you for an evaluation of our services
In the case of a satisfaction survey, we can contact you
– Transmit your data to our third-party partners so that they can contact you with commercial offers
If you give your consent, we will pass on your data to our partners. This transfer may take the form of renting, selling data or transferring it without compensation.
– Personalise our services and contact you so that you can get to know our services better
Based on your profile and interests, we use your data to provide you with a more personalised service.

a)    Preference Center

Within the IPM Group, we attach great importance to your privacy but also to the subjects that interest you.

To this end we have developed the “preference centre” accessible via all IPM Group websites. This personal application (access is secured through the use of a personal code) should enable you to control the information that we send you or that our third-party partners send you.

Via this interface, you will be able to choose the processing that we may carry out on your personal data (sending a newsletter for each brand, transfer of data to third parties, etc.).

You will thus have direct control over your personal data, which will enable you to update them.

b) Withdrawal of consent

You can, of course, withdraw your consent to our various services whenever you want. This withdrawal will preferably be done via the centre in a manner that is as simple as when you gave it to us.

Another option is to withdraw your consent via the “unsubscribe” link below our communications.

E. Within the framework of our legitimate interests

Legitimate interests are not defined in the GDPR, so each company must define them on the basis of its activity and needs while maintaining a proportion between its legitimate interests and your rights and freedoms.

As a company whose primary purpose is to inform you, we are dependent on our advertisers who make up the largest part of our financial income.

Therefore, in order to be able to continue to provide you with information, particularly free information, via our websites and other sources of information, we must ensure our advertisers visibility.

This visibility takes several forms, including advertising inserts in our newsletters, in our newspapers and on our websites.

a) Balance between our legitimate interests and your rights and freedoms

The GDPR requires that when we process your personal data, we balance your rights and interests against our legitimate interests.

It is important that you understand why we believe that we may process your personal data based on our legitimate interests.

To this end, we would like to inform you about the different criteria we use to assess whether we can process your personal data based on our legitimate interests.

Thus, the determination of our legitimate interests depends mainly on three factors:

– The security of our sites and applications (fraud prevention, site access management, etc.);
For example, as part of the security of our websites we use Google’s CAPTCHA system, which protects access to our databases from repetitive attacks by robots. In addition, our platforms can only be accessed via your unique emails and the use of personal passwords.
As a further example, we use access tracking systems – your unique identifier and IP address are used in this context – to our systems via a firewall and our servers.
– The data subject’s reasonable expectation of further processing based on our legitimate interests.
– Necessary intra-group processing (between our trademarks) for, inter alia, administrative purposes.

b) Purposes for which we process your data on the basis of our legitimate interests

– Forward your contact data to the companies of the IPM Group so that they can contact you to offer you commercial offers;
–  For journalistic purposes (preparation, collection, editing, production, distribution or archiving for the purpose of informing the public, using any media);
– For our clients, all the management of our contractual relationship that is not directly related to the execution of our contract;
– The identification and management of persons on our websites;
– The personalisation of our services on the basis of your profile;
– The commercial prospecting and management of prospects;
– The preparation of studies, models (risk, marketing and other) and statistics, using anonymisation and/or pseudonymisation techniques whenever possible;
– The preservation of the security of goods and persons, the fight against fraud or attempts at intrusion, abuse or other offences;
– The training of our staff through the use of real-life situations for illustrative purposes (we try, as far as possible, to anonymise your personal data);
– The analysis of your previous searches in order to personalise our service offers to best suit you;
– To improve the quality of service for people who have an account on our sites or who have registered for an alert or newsletter and who are not bound by a contract.
– Keeping a list of clients who no longer wish to be contacted;
– Improving existing services and the user experience of our sites and applications;
– The organisation of games and competitions (for some, you may be asked to give your consent for processing in the context of this competition);
– The management of your requests related to the application of your rights;
– The establishment, exercise, defence and preservation of our rights.

F. Unexpected processings and compatibility with current processings

In the event that we need to carry out processing for purposes not yet provided for in this policy, we may use your personal data for such purposes as long as they are compatible with the purposes for which we originally collected the data.

In this case, we consider any link between the initial purposes, the subsequent purposes and the context (our relationship, the nature of the data and the consequences for you) in which the data was collected.

If we consider that the purposes are not compatible with the initial purposes, we will contact you before processing the data for these other purposes.

G. Profiling and automated processing

In order to ensure a better user experience, we use the profiling technique to associate you with your different preferences. As far as possible, we will only use anonymised or pseudonymised data.

Profiling within the meaning of the GDPR is any form of automated processing of personal data consisting in using such data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict elements concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

In cases where we use your personal data for profiling, we ensure that no decisions are made that have legal effects or significantly affect you in a similar way.

If you believe that you are the subject of a decision based solely on an automated process, you may object to this as shown below.

H. Sponsorship

Through some of our websites, your relations can let you know our contents.

In this case, they will give us some of your personal information (your email address) so that we can send you this information.

We keep this data in our database so that we can contact you on request of your acquaintance.

If you are already in our database, we will add this information to your customer profile. If you are not in our database, we will simply keep the information provided by your acquaintance.

For example, via our Logic-Immo site, your acquaintance may share a property with you to let you know about it.

VI. How long do we keep your personal data??

In general, we take care not to keep your personal data longer than is necessary for the purposes for which it was collected.

More specifically, several situations must be distinguished in order to determine how long your personal data will be retained. These various situations are listed in the table below.

Situation

Retention period

•       You are registered on one of our websites or one of our applications

•       We keep your personal data for the duration of your registration in order to offer you the best possible service.

•       You are registered on a website, one of our applications and one of our newsletters or email alerts.

 

•       We keep your personal data for the duration of your registration in order to offer you the best possible service and to inform you about new products or services.

•       You have unsubscribed from any of our websites, newsletters or email alerts.

•       In this case we will keep your data for three years after you unsubscribe.

•        We have a contract.

 

•       Following the end of our contract, we archive your contract and your personal data for a period of ten years.

At the end of the retention period, we make every effort to ensure that the personal data has been made unavailable and inaccessible.

Your rights under the GDPR

VII. Access, withdrawal, rectification, erasure, portability, limitation and opposition

Your rights under the regulations allow you to remain in control of what we do with your personal data.

A. Right of access and copying

This right of access to the data we hold about you applies for all the purposes we have listed above.

This right enables you to ask us whether we process your personal data, for what purposes, the categories of data concerned and the recipients of your data.

You may also request a copy of all the personal data that we process, and which concerns you.

B. Right of rectification

You also have a right of rectification allowing you to ask us, at any time, to modify information that is inaccurate, incomplete or obsolete.

C. Right to erasure or to be forgotten

You can have your personal data erased when one of the following reasons apply:

  • The data are no longer necessary for the purposes of the processing operation;
  • You withdraw your consent to the processing of your data and we base this processing only on the legal basis of your consent ;
  • You object the processing;
  • We have processed your personal data unlawfully ;
  • In the event that the data in our possession is incomplete, inaccurate or out of date ;
  • We need to delete your personal data in order to comply with a legal obligation (under Union law or the law of the Member State) to which we are subject.

D. Right to portability

If we process your personal data on the basis of a contract or with your consent and the processing is carried out using automated processing activities, you can ask us to transfer all your personal data to you or to transfer them to another data controller.

E. Right to limit the processing

In some cases, you can also ask us to limit the processing of your personal data.

The situations in which you may ask us to limit the processing of your personal data are as follows:

  • If you challenge the accuracy of any personal data for as long as we can verify the accuracy of that data;
  • If we process your personal data unlawfully and you would prefer us to limit such processing rather than delete your personal data.

Of course, we will inform you as soon as the limitation of the processing no longer applies.

F. Right to object

As we have explained, we ask for your consent to send you commercial information, advertising or personalised proposals (through direct marketing actions or electronic newsletters).

You have the right, if you do not or no longer wish us to send you such communications, to object to the processing of your personal data for these purposes.

G. Right not to be subject to automated processing, including profiling

If you believe that a decision that concerns you has been taken solely on an automated basis, i.e. without any human intervention, and that this decision produces legal effects or that it affects you significantly, you can contact us as you are entitled not to be subject to such a decision.

Please note that such decisions are possible if they are necessary for the conclusion or execution of a contract between you and us or if you have explicitly consented to them. In addition, if we are permitted by law to do so, we may take steps to process your data in an automated manner.

In general, we do not believe that such decisions are taken within the IPM Group, but please do not hesitate to contact us and we will be happy to come back to you with an explanation.

VIII. How to exercise your rights ?

A. Identification

In order to be able to help you enforce your rights, we need to verify that your request concerns your personal data.

We may ask you for additional information if we cannot identify you with the information we have in our possession.

In this case, we may ask you for additional information and perhaps, if necessary, a copy of your identity card.

B. How long will it take us to reply?

We undertake to get back to you as soon as possible and within one month of your request at the latest.

We may be obliged to extend this period to two months if your application is complex, and we are faced with an excess of applications. If such a situation should arise, we will inform you of the reasons for the delay.

General Information

IX. Security of the data

We implement the appropriate technical and organisational measures in order to guarantee an adequate level of security about the processing of your personal data. This level of security is established based on the risks presented by the processing and the nature of the data to be protected.

We have implemented appropriate security measures to protect your personal data against loss, theft, misuse or alteration of the information received, disclosure or unauthorised use of your personal data.

In the unlikely and unfortunate event that your personal data under our control is compromised due to an information security breach, we will act expeditiously to identify the cause of the breach and take appropriate remedial action.

If necessary, in accordance with applicable law, we will inform you of the incident.

X. Transfer to third-parties

Depending on your choices and on the necessities related to the fulfilment of our contract, we may transfer your personal data to our subcontractors, to our partners of the IPM Group or to our third-party business partners. In addition, if you consent, we may also pass on your data to our partners or third parties.

There are four main circumstances in which we may transfer your data to third parties.

– Subcontractor
We use subcontractors who only process data based on our instructions. We transfer them within the framework of our contracts or when we use them for technical purposes. In any case, we remain your point of contact in relation to your data. Like us, we ask them to ensure compliance with the applicable legal and regulatory provisions. We also ensure that they comply with this policy.
-Intra-IPM
If you give us your consent to do so or based on our legitimate interests or based on our contractual relations, we may pass on your contact data to other companies of the IPM Group. These companies will then be able to contact you so that you can find out about their offers and the opportunities they offer.
– Commercial partners and third-parties
If you consent, we may pass on your data to our business partners so that they can contact you with offers that match your interests. In this case we will analyse your legitimate interests based on those defined in the centre of preference.
– Legal obligation or order of a competent authority
We may need to pass on your personal data in order to comply with a legal obligation, a court order or a request from any competent authority.

 

 XI. Transfers outside the European Union

The principle contained in the GDPR is the prohibition of transfers of personal data to countries outside the European Economic Area. However, this principle has three exception mechanisms allowing personal data to be transferred outside the European Economic Area.

C. Adequacy decisions

For certain countries (or sectors within those countries), the Commission has taken adequacy decisions, which are decisions to transfer personal data on the grounds that the country has an adequate level of protection. These countries are Andorra, Argentina, Canada (for processing subject to the Canadian Personal Information Protection and Electronic Documentation Act), the Fëroe Islands, Isle of Man, Guernsey, Israel, Jersey, New Zealand, Switzerland, Uruguay and Japan.

Once a country has been the subject of an adequacy decision, we may transfer your data to that country on the basis that it offers the same level of data protection as a country within the Union.

D. Appropriate safeguards

Appropriate safeguards are a set of tools recognised by the GDPR to ensure the transfer of personal data outside the European Union.

It is complicated for us to organise transfers to third countries based on appropriate guarantees because we do not get an answer from local actors.

However, as soon as this is feasible, we work based on contracts containing clauses drawn up by the European Commission to be inserted in subcontracting contracts or between the different joint controllers.

E. Exemptions for specific situations.

Where there is no adequacy decision or no appropriate safeguards have been put in place, it is possible to derogate from the principle of prohibition by using an exemption contained in Article 49 of the GDPR.

If we are unable to put in place appropriate safeguards, we will therefore use this exemption to transfer personal data outside the European Union.

XII. Contact, modification, applicable law and Data Protection Officer

CONTACT

MODIFICATION

APPLICABLE LAW

DPO

IPM is your first point of contact if you have any questions about privacy protection or about this policy.

 

Rue des Francs, 79 à 1040 Brussels – Belgium

privacy@ipm.be

We reserve the right to change the provisions of this policy at any time. We will publish changes directly on our website.

 

This Policy is governed by Belgian law.

Any dispute relating to the interpretation or execution of this Policy shall be subject to Belgian law and shall fall within the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels.

If you wish, you can contact the Data Protection Officer.

DPO@ipmgroup.be

 

XIII. Complaints and claims to the Data Protection Authority or the Belgian courts

You can also lodge a complaint with the Data Protection Authority at the following address:

– Rue de la Presse, 35 – 1000 Brussels
– + 32 2 274 48 00
– + 32 2 274 48 35
– contact(at)apd-gba.be

For more information on complaints and possible means of redress, please consult the information available on the website of the Data Protection Authority : https://www.autoriteprotectiondonnees.be

In addition, you can always lodge a complaint with the Brussels Court of First Instance.

[1] Please refer to our cookie policy for more information about cookies.

[2] Following this Principle, we must ensure that any data we collect is adequate, relevant and limited to what is necessary for the purposes for which we process your data.