Klik hier voor de Nederlandstalige versie.
Publication date: 21/06/2023
We attach great importance to the right of privacy and data protection of visitors to our website. We therefore make every effort to protect your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (hereinafter: “GDPR”) and the national implementing legislation.
In this Privacy Policy, we try to explain in clear and plain language who we are and what you can contact us for, what personal data we collect from you, the purposes for which we will process those data, the legal basis for such processing, to whom your personal data may be transferred, how long we will retain your data, how we protect your data and what rights you have in relation to the processing of your personal data.
- Who are we?
Kaat DM is a private limited liability company (bv) under Belgian law, with registered offices at Sint-Jansvest 27 bus 301, 9000 Ghent and registered in the Crossroads Bank for Enterprises under number 0767.541.994 (hereinafter: “Kaat DM”, “we” of “us”).
Kaat DM is a company specialising in photographic activities and wedding and corporate photoshoots. In the course of our activities, we collect, use, store, share or otherwise process personal data. Under the applicable data protection law, we qualify as the “controller” with respect to these personal data.
- Whose personal data do we collect?
In the course of our activities, we may collect personal data relating to our clients, our clients’ employees, (contact persons of) our service providers, visitors to the website, prospects, persons who provide their contact information to us and persons who come into contact with us in other ways.
- Which personal data do we process?
Kaat DM may collect from you the personal data listed below, to the extent such data are relevant to the purposes for which we need them as set forth in Section 4. Whenever it is mandatory for certain data to be filled in, and other data is only optional, this will be clearly indicated so that you can choose whether to provide us with your personal data or not.
(i) When you are a client (or an employee of a client)
| Identification and contact details | Personal identification information: name, company name (if applicable), company number (if applicable), address (delivery address, billing address), phone/mobile phone number, e-mail address |
| Personal details | Gender |
| Account details | Login and password |
| Financial details | Identification and bank account numbers Financial transactions: amounts you had to pay and paid, a summary of payments, purchase history Agreements and settlements |
| Leisure activities and interests | Hobbies, interests, favourite travel destinations (optional) |
| Health details | Health details, such as dietary preferences (if applicable) |
| Profession and job | Private individual or company, VAT number if applicable, employer, title and description of position |
| Illustrations | Photos, video recordings Date and location of image or recording (if applicable) |
| Other | Other data that you provide to us |
(ii) When you visit our website
| Identification and contact details | Electronic Identification Data: IP addresses, information collected via cookies (read our Cookie Policy) |
(iii) When you are (a contact person of) our service provider
| Identification and contact details | Personal identification information: name, company name, company number, address, phone/mobile phone number, e-mail address |
| Financial details | Identification and bank account numbers Financial transactions: amounts you had to pay and paid, a summary of payments, purchase history Agreements and settlements |
| Profession and job | Private individual or company, VAT number if applicable, employer, title and description of position |
(iv) If you wish to receive commercial messages from us
| Identification and contact details | Personal identification data: name, e-mail address |
| Living habits | Use of social media |
| Other | Opt-in/opt-out for direct marketing messages |
(v) When you contact us.
| Identification and contact details | Name, phone/mobile phone number, e-mail address |
| Other | Message content, other data that you provide yourself |
- For what purposes do we use your personal data and on what legal basis do we base such processing?
We may use the personal data stated above for the following purposes:
- To provide our services;
- For customer and supplier management;
- To manage (billing) disputes and claims;
- To compile quotes for potential clients;
- To comply with our legal (accounting and tax) obligations;
- For marketing purposes, namely our electronic newsletter (if you have subscribed to it) or marketing via social media channels;
- For the proper operation and optimisation of our website;
- Public relations;
- To indicate references on our website or social media channels;
- To handle and respond to questions or complaints.
For your complete information, the legal grounds relevant to these processing operations can be found below:
- We process personal data in order to indicate references on our website or social media channels and to handle enquiries or complaints based on your prior consent.
- We process personal data for the provision our services, for customer and supplier management and for the preparation of quotations based on the necessity for the performance of the agreement we have concluded with the data subject. If you do not provide us with any personal data or provide incorrect personal data, we cannot guarantee that an agreement will be concluded with you or that the agreement will be performed correctly.
- We process personal data in connection with our accounting and tax obligations based on our legal obligation under accounting and tax laws. If you do not provide us with personal data or provide incorrect personal data, we cannot adequately fulfil this legal obligation that is incumbent upon us.
- We process personal data for the management of disputes and claims, for the proper functioning and optimisation of our website, for public relations and for the processing of personal data concerning contact persons of clients or service providers who are a legal entity based on the need to represent our legitimate interests (in particular, our interest to represent our interests, to provide our website correctly, to promote our activities and to maintain our contacts).
- We process personal data for electronic direct marketing purposes (such as sending the electronic newsletter) based on your opt-in consent. Only if you have unambiguously indicated that you would like to receive the electronic newsletter (you are completely free to decide), will Kaat DM register you for this.
For the processing of special categories of personal data, namely health data, we rely on the following relevant ground of lawfulness:
- We process your health data, such as your dietary preferences in order to tell your “back story”, to portray you authentically or when participating in a workshop offered by us based on your prior explicit consent.
- With whom do we share your personal data?
We may disclose your personal data to the following parties:
- Our service providers, such as IT service providers, PR/marketing service providers and external consultants, acting as ‘processors’ for us for the performance of the agreement;
- Our professional advisors, such as external law firms and accountants;
- Government bodies, such as police departments and the courts, only if there is a legal obligation to do so.
Please note: this list is not exhaustive. There may be other instances where we need to inform other parties in order to deliver our services in the most effective possible way. We consider this necessary in accordance with our mutual interests.
When passing on information to third parties, we always ensure that we take appropriate protective measures. We work with service providers who process certain data on our behalf. Such processing is solely performed in accordance with applicable data protection laws. In particular, we have concluded transfer agreements or a processor agreement with our service providers – to the extent required by law – that comply with the requirements of Article 28 of the GDPR and provide instructions to the service providers on how they should handle the data. Through careful selection and regular monitoring, we ensure that our service providers take all organisational and technical measures necessary to protect your data.
Your personal data will not be loaned or sold to third parties for marketing purposes without your prior explicit consent.
In certain cases, your personal data may be transferred to recipients in countries outside the European Economic Area if this is necessary for the performance of the agreement we have entered into with you or which was entered into in your interest. If your personal data are transferred to recipients in countries outside the European Economic Area for any other purpose, we always ensure that we take appropriate protection measures.
- For how long do we retain your personal data?
We do not keep your personal data longer than necessary for the purposes for which they are collected and processed (as described above).
- Personal data recorded in accounting, financial or other official documents will be retained for as long as these documents must be kept by law, that is, for at least 7 years in the case of tax documents and for at least 10 years in the case of accounting documents;
- Personal data required for the execution and follow-up of a contractual relationship will be kept for the entire duration of that relationship and for 10 years after its termination;
- All personal data used for marketing purposes will be held until such time as you notify us that you no longer wish to receive our mailings or it appears that your e-mail address is no longer in use;
- We keep all personal data relating to a complaint about our services for 5 years after the complaint is settled;
- Regarding the data of visitors to our website, please refer to our Cookie Policy which can be found here.
Only if we are legally obliged to do so, or if it is necessary to defend our interests in court (for example, in the event of a dispute), will we keep your personal data for a longer period of time.
More information about our retention periods is available upon request.
- How do we protect your personal data?
We take all appropriate technical and organisational measures to ensure a level of security appropriate to the specific risks we have identified. We therefore protect your personal data as best we can against the destruction, loss, alteration, or unauthorised disclosure of or access to personal data transmitted, stored, or otherwise processed.
If we cooperate with a third party, the necessary contractual arrangements have been made for this purpose in order to process your personal data in a secure manner.
More information about our security measures is available upon request.
- What are your rights and how can you exercise them?
Within the limits defined in Articles 15-22 of the GDPR, you have the following legal rights in relation to your personal data:
- Right of access: You have the right to obtain confirmation from us as to whether or not we process your personal data, to obtain access to that personal data, to obtain information about how and why we process them, and to receive a copy of those data.
- Right of rectification: You have the right to have your personal data rectified or to request that we complete your personal data if you find that we are processing incorrect or incomplete data about you.
- Right to erasure (“right to be forgotten”): You have the right to obtain data erasure in certain specific cases.
- Right to restriction of processing: In certain specific cases, you have the right to have the processing of your personal data restricted.
- Right to data portability: You have the right to obtain the personal data you have provided to us in a structured, common and machine-readable form, and to transfer those personal data (or have transferred) to another controller if the processing is based on your consent or on an agreement and if the processing is carried out by means of automated processes.
- Right to object: For reasons relating to your particular situation, you have the right to object to the processing of your personal data on the basis of our legitimate interest.
- Right to withdraw your consent: You have the right to withdraw your consent to the processing of personal data on the basis of this ground of lawfulness at any time. Withdrawing your consent will not affect the lawfulness of processing based on the consent given, before its withdrawal.
- Right to object to direct marketing: You also have the right to object to the processing of your personal data for direct marketing purposes. This right is absolute – so we will always act on it.
If you no longer wish to receive direct marketing by phone from any company, you can add your phone number to the Do Not Call Me List (www.dncm.be). If you no longer wish to receive direct marketing by mail, you may add your information to the Robinson List (www.robinsonlist.be). We always take both lists into account in our direct marketing campaigns.
| You may exercise the above rights by sending an e-mail to info@kaatdm.com, or in the case of the right to object to direct marketing, you can also make use of the opt-out link included in our marketing e-mails. |
The exercise of these rights is in principle free of charge. Only in the event of unreasonable or repeated requests may we charge a reasonable administrative fee for this.
We always try to respond to your requests or questions as quickly as possible. We may ask you for proof of identity first to verify your identity.
For further information and advice on the above rights, please refer to the Data Protection Authority website: www.dataprotectionauthority.be.
In addition to the aforementioned rights, you always have the right to lodge a complaint with the competent supervisory authority in connection with our processing of your personal data. In Belgium, this is the Data Protection Authority (GBA). You can contact the GBA at contact@apd-gba.be or by mail at the following address:
Data Protection Authority
Rue de la Presse 35
1000 Brussels, Belgium
- Amendments to this Privacy Policy.
From time to time, it may be necessary to modify this Privacy Policy. Whenever we publish changes to the policy, we will change the publication date at the top of the policy. The most recent version of this Privacy Policy is available on our website at all times.
- Contact
Should you have any questions or concerns regarding this Privacy Policy or about the processing of your personal data by us, you can always contact us by e-mail to info@kaatdm.com, by letter to Sint-Jansvest 27 bus 301, 9000 Ghent.
