Last version: September 2024
Hi! Welcome to Get In Touch! We are glad you use our Solution, which allows you to send automated and personalized messages to Authorized Users and receive messages from Authorised Users.
Using the Get In Touch Solution leads to the processing of Personal Data by Get In Touch. By concluding an agreement with Get In Touch (hereinafter referred to as the ), you accept the processing of Personal Data within the Get In Touch Solution as set out in this Data Processing Policy (hereinafter referred to as the “Policy”).
By reading this Policy, you will be properly informed about our legal responsibilities with regard the the processing of personal data and the security measures we have adopted in order to ensure the Personal Data is processed in a safe way.
1. INTRODUCTION
Get In Touch BV is a company incorporated and existing under the laws of Belgium, with registered office at Park Ter Linden1, 9090 Melle (Belgium) with VAT/company number BE-1012.665.647 (hereinafter ‘Get In Touch’, ‘we’ or ‘us’).
When you (hereinafter ‘you’ or the ‘Customer’) rely on the Solution and/or Services, Get In Touch:
- shall have access to Personal Data; and,
- will have to Process Personal Data on your behalf.
This Policy applies to the Processing of Personal Data by Get In Touch for the Customer and determines:
- How Get In Touch will manage, secure and process the Personal Data; and,
- Both parties’ obligation to comply with the Privacy Legislation.
By relying on the Solution and/or Services of Get In Touch, you acknowledge to have read and accepted this Policy and consequently the way Get In Touch Processes the Personal Data.
2. DEFINITIONS
In this Policy, the following concepts have the meaning described in this article (when written with a capital letter):
Authorized User any individual authorised by the Customer to access and use the Solution on behalf of the Customer;
Business Account the Communication Channel business account a Customer uses for its (commercial) communication with Authorized Users;
Communication Channel(s) third-party messaging platforms or services, such as WhatsApp, SMS, email, or similar tools, with which the Customer must directly contract, in order to use them as part of the Solution;
Controller the entity (being in this case: the Customer), which determines the purposes and means of the Processing of Personal Data;
Customer any professional, whether acting in their own name or through a legal entity, who enters into an agreement with Get in Touch, as well as its affiliated companies
Data Importer the recipient of personal data/processor of Get In Touch in a third country, which is not subject to an adequacy decision of the European Commission;
Data Subject the natural person to whom the Personal Data relates, as identified in Annex I;
Data Breach unauthorised disclosure, access, abuse, loss, theft or accidental or unlawful destruction of Personal Data;
Personal Data any information relating to an identified or identifiable natural person (i.e. the Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Privacy Legislation (i) the General Data Protection Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (‘GDPR’); (ii) Directive 2002/58/EC of the European Parliament and Council of 12 July 2002, concerning the processing of personal data and the protection of privacy in the electronic communications sector (‘e-privacy directive’) (including all future legislative changes and amendments/revisions thereof); and/or (iii) all (future) applicable national laws regarding the implementation of the GDPR;
Process/Processing any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, including, but not limited to: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data;
Processor the entity (being in this case: Get In Touch) which Processes Personal Data on behalf of the Customer as Controller;
Services all services, provided by Get In Touch to the Customer implying the Processing of Personal Data, with respect to the Solution (such as but not limited to: training, maintenance, support, etc…);
Solution the ‘Software as a Service’ web application offered by Get in Touch, which integrates with the Business Accounts of Customers across various Communication Channels to allow Customers to send automated and personalized messages to its Authorized Users, including but not limited to practical information, feedback requests, and congratulations and receive messages from its Authorized Users;
Sub-processor any processor engaged by Get In Touch.
The Policy includes the following annexes:
Annex I Overview of (i) the Personal Data, which parties expect to be subject of the Processing, (ii) the categories of Data Subjects, which parties expect to be subject of the Processing, the (iii) retention period for each Processing; and (iv) the use (i.e. the way(s) of Processing) of the Personal Data, the purpose and means of such Processing;
Annex II Overview and description of the security measures taken by Get In Touch in order to protect the Personal Data that are being processed during the performance of the Services.
3. ROLE OF THE PARTIES
3.1 Parties acknowledge and agree that with regard to the Processing of Personal Data, the Customer shall be considered the ‘Controller’ and Get In Touch the ‘Processor’. Further, Get In Touch is allowed to engage Sub-processors pursuant to the requirements set forth in Article 7.
3.2 Each Party shall comply with its respective obligations under the Privacy Legislation with respect to the Processing of the Personal Data.
4. USE OF THE SOLUTION AND/OR SERVICES
4.1 The Customer acknowledges explicitly that:
- Get In Touch acts as a facilitator of the Solution and/or the Services. Therefore, the Customer shall be responsible on how and to what extent it makes use thereof;
- The Customer is responsible for all acts and ommissions of the Authorized Users (i.e. in case the Authorized User does (not) take sufficient measures to protect its account on the Solution);
- Get In Touch allows the Customer to make adjustments and/or changes to the Personal Data and shall never consult or adjust these Personal Data itself, unless the Customer requests Get In Touch to do so;
- The Customer is responsible for the material and/or data provided by the Data Subject. The Customer is, as Controller, thus responsible for complying with the Privacy Legislation and/or any other regulations with regard to aforementioned material and/or data;
- The Customer shall comply with all laws and regulations (such as but not limited with regard to the retention period or rights of the Data Subject (cf. Article 11)) imposed on it by making use of the Solution and/or the Services.
4.2 The Customer shall avoid any misuse of the Solution and/or Services. In case of misuse by the Customer and/or the Authorized Users, the Customer agrees that Get In Touch can never be held liable in this respect nor for any damage that would occur. The Customer therefore undertakes to safeguard Get In Touch when such misuse would occur as well as indemnify it against any claim from a Data Subject and/or third party due to such misuse.
5. OBJECT
5.1 The Customer acknowledges that by making use of the Solution and/or Services, it may provide (certain sets of) the Personal Data to Get In Touch for Processing. The nature and purpose of said Processing, as well as a description of the Personal Data and categories of Data Subjects processed under the Agreement are further specified in Annex I.
5.2 Get In Touch shall Process the Personal Data in a proper and careful way and in accordance with the Privacy Legislation and other applicable rules/best-practices concerning the Processing of Personal Data.
More specifically, Get In Touch shall adopt all necessary security measures (cf. Annex II) and provide all its know-how in order to provide the Solution and/or the Services in accordance with the rules of art.
5.3 Get In Touch assures that it shall only Process the Personal Data upon the Customer’s request (as the case may be, in the context of the delivery and/or execution of the Solution to the Customer and its Authorised Users) and in accordance with the latter’s instructions unless any legal obligation states otherwise.
5.4 The Customer keeps full control concerning the following: (i) how Personal Data must be Processed by Get In Touch, (ii) the types of Personal Data Processed, (iii), the purpose of Processing, and (iv) the fact whether such Processing is proportionate.
5.5 Furthermore, the Customer acknowledges that it is responsible for:
- the accuracy, quality and legality of (the collection and transfer of) the Personal Data;
- compliance with all transparency and lawfulness requirements under the Privacy Legislation for the collection and processing of the Personal Data and the transfer thereof to Get In Touch; and,
- ensuring compliance of its instructions with the Privacy Legislation.
Customer shall inform Get In Touch without undue delay if it is not able to comply with its responsibilities under this Section or the Privacy Legislation.
6. SECURITY OF PROCESSING
6.1 Get In Touch takes the security of the Processing activities very seriously. Get In Touch implements appropriate technical and organisational measures for the protection of (i) the Personal Data – including protection against careless, improper, unauthorised or unlawful use and/or Processing and against accidental loss, destruction or damage – (ii) the confidentiality and integrity of Personal Data, as set forth in Annex II.
7. SUB-PROCESSORS
7.1 The Customer acknowledges and agrees that Get In Touch may engage third-party Sub-processors in connection with the provision of the Solution and/or the Services. In such case, Get In Touch shall ensure that the Sub-processors are at least bound by the same obligations by which Get In Touch is bound under this Policy.
7.2 The current Sub-processor(s) on which we rely for the provision of the Solution and/or the Services are listed on here: https://getintouch.group/subprocessors, which includes the identities of those Sub-processors and their country of establishment.
Get In Touch shall update the list whenever a Sub-processor changes (e.g. a new Sub-processor was added, a Sub-processor was substituted, etc.) and will notify the Customer when (significant) changes are made. If you wish to exercise its right to object, please notify Get In Touch in writing by the latest within ten (10) days after the list was updated.
7.3 In the event that the Customer objects to a new Sub-processor and such objection is well founded, Get In Touch will use reasonable efforts to (i) make available a change in the Solution and/or the Services or (ii) recommend a commercially reasonable change to the Customer’s use of the Solution and/or the Services to avoid Processing of Personal Data by the objected new Sub-processor without unreasonably burdening the Customer.
If Get In Touch is, however, unable to make available such change within a reasonable period of time (which shall not exceed thirty (30) days following your objection), you may terminate the use of the Solution and/or the Services if:
- You cannot use the Solution and/or the Services without appealing on the objected new Sub-processor;
- Such termination only concerns the use of the Solution and/or the Services which cannot be provided by Get In Touch without appealing to the objected new Sub-processor;
- You notify Get In Touch of your wish to terminate the use of the Solution and/or the Services to Get In Touch within a reasonable time.
7.4 Get In Touch takes responsibility for the acts and omissions of its Sub-processors to the same extent as if it would be performing the Services itself, directly under the terms of this Policy.
8. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
8.1 Get In Touch assures the Customer that a transfer of personal data to a third country or international organization shall always be subject to (i) an adequacy decision by the Commission or (ii) one of the following safeguards:
- Closing a data transfer agreement with the third country recipient, which shall contain valid standard contractual clauses (‘SCC’), as adopted by the European Commission in Decision (EU) 2021/914. Before the transfer takes place, the Data Importer has to guarantee Get In Touch that an adequate level of privacy compliance is ensured in this third party country; and/or;
- Binding corporate rules. As it is the case for standard contractual clauses, the Data Importer has to guarantee Get In Touch that an adequate level of privacy compliance is ensured in the third party country; and/or;
- Certification mechanisms.
In the event the transfer (or disclosure) of the Personal Data to a third country is required by EU law, EU member state law to which Get In Touch is subject to, Get In Touch shall inform the Customer of that legal requirement before the transfer/disclosure, unless that law prohibits such information on important grounds of public interest.
8.2 Every transfer to a third country or international organisation, not recognized by an adequacy decision, is subject to an assessment by Get In Touchto determine if there is anything in the law and/or practices in force of said third country that may infringe on the effectiveness of the appropriate safeguards in place (as identified above).
Where required on the basis of aforementioned assessment, Get In Touch shall identify and implement appropriate supplementary measures to govern any data transfer to such international organization or a third country without adequacy decision to ensure the level of data protection as required by EU law.
Furthermore, Get In Touch shall take all reasonable efforts to oblige the Data Importer to implement sufficient guarantees and measures to protect the Personal Data and ensure the effectiveness of the protection of the SCC’s, binding corporate rules and/or certification mechanisms.
8.3 In case of non-compliance by a Data Importer or where protections in the third country are not adequate, Get In Touch shall – at its sole discretion – either:
- Suspend the transfer of Personal Data to the Data Importer / such third country until the issue has been solved; or,
- Terminate the transfer of Personal Data to the Data Importer / such third country and request the Data Importer to delete the Personal Data in its possession.
8.4 In practice, Get In Touch performed/added some additional checks to its process:
- Data mapping: Get In Touch mapped all of its data flows (in particular, with regard to data transfers to third parties/countries);
- Contact with (Sub-)processors: Get In Touch contacted the Data Importers to ensure that the Processing is carried out in accordance with the agreements made and with the requirements from the Schrems II-decision.
- Transfer tool identification: Get In Touch re-assessed the transfer tools (e.g. European Commission’s adequacy decisions, Standard Contractual Clauses…) it or its (Sub-)processor relies on to transfer Personal Data to (Sub-)processors located in third countries;
- Legal assessment of recipient country – Get In Touch is assessing the privacy laws of all third countries to which Personal Data is being transferred. Accordingly, Get In Touch wishes to establish if these third country recipients provide adequate and effective data protection;
- Adequacy assessment – Get In Touch is requesting (Sub-)processors that are transferring Personal Data to third countries (in which effective protection equal to the GDPR cannot be guaranteed, such as the United States) (if any) to provide an overview of the supplementary measures they have taken or intend to take to ensure the safety and security of the data transfer and Processing.
- EEA alternatives – Prior to each transfer of Personal Data to a third country (especially where no equivalent level of data protection can be guaranteed) Get In Touch will assess the necessity of such data transfer by investigating whether there are no alternative options or parties that would ensure that the data is being Processed within the European Economic Area (“EEA”);
- Vendor cooperation assessment – Get In Touch will terminate the cooperation with (Sub-)processors transferring Personal Data to or located in third countries that are unable to guarantee an equivalent level of data protection (if any).
- Other procedural & organisational steps – upon finalising the vendor assessment, Get In Touch will implement the necessary procedural and organisational steps;
- Periodic monitoring & evaluation – Get In Touch endeavours to evaluate on an ongoing basis the transfer of Personal Data to third countries (with regard to necessity, compliance, security…). This includes monitoring developments in such countries that could affect the (earlier) assessments made by Get In Touch.
9. CONFIDENTIALITY
9.1 Get In Touch shall maintain the Personal Data confidential and thus not disclose nor transfer any Personal Data to third parties, without your permission, unless when such disclosure and/or transfer is required by law or by a court or other government decision (of any kind). In such case Get In Touch shall, prior to any disclosure and/or announcement, inform you in full transparency on the scope and manner thereof.
9.2 Get In Touch ensures you that its personnel, engaged in the performance of the Agreement, is informed of the confidential nature of the Personal Data, are well aware of their responsibilities and are bound by written confidentiality agreements. Get In Touch ensures that such confidentiality obligations survive the termination of the employment contract.
9.3 Get In Touch ensures you that the access of its personnel to the Personal Data is limited to such personnel performing the Services in accordance with the Policy.
9.4 The Customer acknowledges the login information to be strictly personal and ensures not to share this information with any third parties.
10. NOTIFICATION
10.1 Get In Touch will use its best efforts to inform you as soon as reasonably possible when it:
- Receives a request for information, a subpoena or a request for inspection or audit from a competent public authority in relation to the Processing of Personal Data;
- Has the intention to disclose Personal Data to a competent public authority;
- Determines or reasonably suspects a Data Breach has occurred in relation to the Personal Data.
10.2 In case of a Data Breach, Get In Touch:
- Notifies you without undue delay after becoming aware of this Data Breach. In the event you wish so, Get In Touch shall provide – to the extent possible – assistance with respect to your reporting obligation under the Privacy Legislation;
- Undertakes – as soon as reasonably possible – to take appropriate remedial actions to make an end to the Data Breach and to prevent and/or limit any future Data Breach.
11. RIGHTS OF DATA SUBJECTS
11.1 Get In Touch shall, to the extent legally permitted, promptly notify the Customer if it receives a request from a Data Subject for access to, correction, amendment or deletion of that Data Subject’s Personal Data. Get In Touch shall not respond to any such data subject request without your prior written consent except to confirm that the request relates to the Customer to which the Customer hereby agrees.
11.2 If a Data Subject requests to exercise his/her rights, you must assist the Data Subject in its request. Only if you do not have the ability to correct, amend, block or delete the Personal Data (as required by Privacy Legislation), Get In Touch shall assist you (as long as commercially reasonable).
11.3 Notwithstanding the foregoing, the Customer remains responsible for compliance of such Data Subject requests.
12. LIABILITY
12.1 Parties are each individually liable towards authorised supervisory authorities and/or Data Subjects for claims and/or fines that are the result of their own breach of or non-compliance with (i) the provisions of this Policy, and (ii) the Privacy Legislation or other applicable rules concerning personal data. Get In Touch and the Customer indemnify each other in this regard.
12.2 The liability of Get In Touch for a breach of this Policy is limited as described in the applicable contractual documentation (i.e. the agreement (including the general terms and condition) entered into between Get In Touch and the Customer).
13. RETENTION, RETURN AND DELETION OF PERSONAL DATA
13.1 Get In Touch shall only retain the Personal Data as long as needed to provide the Solution and/or the Services or for the term of the Agreement. The Customer accepts that Get In Touch may create back-ups of the Personal Data stored on the Get In Touch servers.
13.2 Upon termination of the use of the Solution and/or Services, the accounts of the Customer will be deactivated and the Personal Data shall no longer be available for the Customer. You can request to receive an export of its data within one (1) month following the end of the Agreement. In any event, Get In Touch may, at its sole discretion, determine the format of the export. After said one (1) month- period, the Personal Data on the servers of Get in Touch shall be deleted within two (2) weeks.
13.3 The Personal Data may be present on back-ups. The Personal Data shall be deleted once the last back-up containing the Personal Data is rotated.
13.4 In case a Data Subject’s profile is being removed from the Solution by the Customer, all Personal Data relating thereto will (to the extent retained) immediately be anonymised for the purpose of conducting research.
13.5 All the foregoing does not apply, and Get In Touch may therefore continue to retain the Personal Data if – and only to the extent that – it is required to do so pursuant to a legal obligation imposed on Get In Touch.
14. CONTROL
14.1 Get In Touch is willing to provide you with all necessary information, required to allow verification if we comply with the provisions of this Policy.
14.2 In this respect Get In Touch shall allow you to carry out inspections – such as but not limited to an audit – and provide the necessary assistance thereto.
15. TERM
15.1 This Policy lasts as long as the use of the Solution and/or the Services have not come to an end.
16. UPDATES
16.1 This Policy may be updated from time to time by Get In Touch, in which case Get In Touch shall notify you through its website or the Solution. In any event, the latest version of this Policy can always be accessed on the Get In Touch website.
17. CONTACT
17.1 If you have any questions with regard to this Policy or the manner in which we Process the Personal Data, please contact via email: info@getintouch.group.
Annex I – Processing activities
I. DESCRIPTION OF THE PROCESSING ACTIVITIES
| CUSTOMER & AUTHORIZED USER ONBOARDING & LIFECYCLE MANAGEMENT (SOLUTION) | |
|---|---|
| SOLUTION | |
| Purpose: | Managing the account of the Customer and the Authorized Users on the Solution, from onboarding (creation of the account) on the Solution until offboarding. |
| Data Subjects: | Authorized Users of the Solution |
| Personal Data: | First nameLast name(Business) email addressCompany nameHome address Proof of addressDriver license data GenderDate of birth ID dataPhone numberDevice OSGPS Location User IDs |
| Retention: | For the duration of the Agreement. Retention up until six (6) months (max.) following termination of the Agreement. |
| SUPPORT | |
|---|---|
| |1| USER SUPPORT | |
| Purpose: | Providing support to the Customer and/or Authorized Users regarding (the use of) the Solution. |
| Data Subjects: | Authorized Users of the Solution |
| Personal Data: | First nameLast name(Business) email addressHome addressDate of birth GenderPhone number Device OSUser IDsIP-address |
| Retention: | Until closure of the support request. Data may be further retained in anonymized / statistical format for development and service optimization purposes. |
| |2| BUG FIXES | |
| Purpose: | Analysing and fixing detected bugs in the Solution. |
| Data Subjects: | Authorized Users of the Solution |
| Personal Data: | Device / phone information (category, brand name, model name, marketing name, operating system (version) ) |
| Retention: | Until closure of the bug fix has been completed. Data may be further retained in anonymized / statistical format for development and service optimization purposes. |
II. THE USE (= WAY(S) OF PROCESSING) OF THE PERSONAL DATA AND THE PURPOSES AND MEANS OF PROCESSING:
Annex II – Description of security measures
| USE OF PERSONAL DATA |
|---|
| CollectAlign, combine and createStoreConsultStructure and analyse TransferRetrieveUpdateConsultErase and destroy |
| MEANS OF PROCESSING |
| SolutionElectronic communicationThird party software (Sub-processors) |
| PURPOSE |
| Providing the SolutionMaintaining the SolutionSupporting the Authorized User in case of problems/requestsCommunication ServicesAccount Management, including creation, maintenance and terminationBilling and PaymentService Improvement to enhance the functionality and performance of the SolutionMarketingUser Analytics to track and analyze user behavior to understand engagement and improve user experienceCustomization and Personalization to tailor the Solution to meet the specific needs and preferences of the Customer and/or Authorized UsersTraining and OnboardingFeedback CollectionProfile Building where user profiles are created based on interaction data to deliver targeted and relevant communications |
