DATE OF LAST REVISION: MARCH 2023

NXTPORT INTERNATIONAL PRIVACY POLICY

  1. WHO ARE WE?

    We are NxtPort International BV, a company incorporated under Belgian law, having its registered office at Sint- Pietersvliet 7, 2000 Antwerp, Belgium (“NxtPort International”, “we”) and registered with the Crossroads Bank for Enterprises (Kruispuntbank vanOndernemingenorKBO) under enterprise number 0761.774.157.

    We at NxtPort International offer a range of platforms, data services, applications, API’s, websites and other digital products (“Services”).

    We value your right to privacy and make every effort to protect your personal data in accordance with applicable data protection law, including the General Data Protection Regulation (EU) 2016/679 (“GDPR“) and national implementing legislation. In this Privacy Policy, we explain what personal data we collect from you, for what purposes we will process this data, on what legal basis we base this processing, to whom your personal data may be transferred, how long we keep your data, how we protect your data and what rights you have in relation to the processing of your personal data.

  2. FROM WHOM DO WE COLLECT DATA?

    In the course of our business, we may collect personal data from customers, users of the Services, prospects, visitors to our Services, persons who provide their business card or otherwise their contact details to us, and persons who contact us by e-mail or otherwise.

  3. WHICH PERSONAL DATA DO WE PROCESS?

    By using our Services, we collect and process your data. Some aspects of these data can be qualified as personal data.  We process the following categories of personal data:

    • Personal data that you enter yourself on the Services such as subscribing to our newsletter or for the Services, registering for one of the events, or contacting for support.
    • Personal data is collected when you use our Services such as using technologies like cookies and receiving usage data and error reports from our Services.

    NxtPort International may process the following personal data in accordance with the provisions of this Privacy Policy. The following personal data will have to be provided on a mandatory basis:

    • Personal identification data such as the full name, e-mail address, phone number and job title.
    • Usage data such as geolocation data, both imprecise location data (e.g., location derived from IP address) and precise location data (e.g.GPS) and internet of other electronic network activity information such as device identifiers (IP address, user agent, the assigned unique IDs in cookies, information about how you arrived at and navigated through the Services).
    • Company identification data such as the company name, line of business, billing details and contact information.
    • Billing and financial information, such as billing address to secure payments, as well as bank account information to facilitate payments.

    The following personal data will have to be provided on a voluntary basis:

    Data generated using the service desk: the Services may also provide you the opportunity to participate and post content publicly in forums, through interactive features and through other communication functionality (“Community Forums”). You may choose, through such features or otherwise, to submit or post questions, comments, suggestions, or indications of interest in the content or other content, (collectively, “User Content”). When you create User Content in a Community Forum, that content is displayed publicly. Your name, along with any information you have disclosed in your profile, will be accessible by other users of the forum as well as the general public.

  4. FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

    We may use the aforementioned personal data for the following purposes:

    1. Administer and manage your account allowing NxtPort International to provide you access to or use our Services;
    2. Internal business purposes such as improving our Services, better understanding our users, protecting, identifying or addressing wrong doing, enforcing our Terms and Conditions;
    3. Interact with other users;
    4. Ensure legal compliance;
    5. Prevent, detect and fight fraud and other illegal or unauthorized activities;
    6. Promotion and marketing of the Services, such as sending information about new products and features, survey requests, newsletters and events.

    In accordance with the GDPR, we process your personal data based on the following legal grounds:

    • We base the processing of personal data for (1) and (2) on the necessity for the performance of the contract we have concluded with the data subject, in particular the Terms and Conditions, as consultable on our website and adjusted from time to time (art. 6.1 b) GDPR).
    • We base the processing of personal data for (3) on the necessity for the purposes of our legitimate interests, namely facilitating and promoting user interactions for community-building (art. 6.1 b) GDPR). When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
    • We base the processing of personal data for (4) on the necessity for compliance with a legal obligation(art. 6.1 c) GDPR).
    • We base the processing of personal data for (5) on the necessity for the performance of a task carried out in the public interest(art. 6.1 e) GDPR).
    • We base the processing of personal data, including but not limited to the processing of pictures and location data, for (6)on the explicit, prior, free, specific and informed consent from the data subject(art. 13, Book XII, Belgian Code of Economic Law).

    We will not further process your personal data in a manner that is incompatible with the abovementioned purposes.

  5. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

    We will not sell your personal data to third parties, including third-party advertisers. We may disclose your personal data to the following parties:

    • Other users of the Services if:
      1. If you have registered on our platform as a contact person for other users, your name and email address are available to the other users;
      2. If you or your company provide data to our Services, we may disclose your (company) name, line of business and address on informational and promotional materials, including its websites and product descriptions;
      3. If you or your company subscribe to consume data through one of our Services, we may disclose your (company) name, line of business and address to the parties providing data to that Service. We may also disclose details on your data usage through the Service, to the Parties that have provided the data consumed by you.
    • With our service providers, agents, consultants or partners: We use third parties to help us operate and improve our services. These third parties assist us with various tasks, including but not limited to payment processing.
    • With law enforcement/when required by law: We may disclose your information if reasonably necessary:
    • To comply with a legal process, such as a court order, subpoena or search warrant, government/law enforcement investigation or other legal requirements;
    • To assist in the prevention or detection of crime (subject in each case to applicable law), or
    • To protect the safety of any person.

    When transferring personal data to third parties, we always ensure that we implement appropriate technical and organizational protection measures. Where necessary, we will, for example, conclude a transfer agreement or a processor agreement, which sets out restrictions on the use of your personal data and obligations in respect of the security of your personal data.

    Your personal data will not be lent or sold to third parties for marketing purposes without your prior express consent.

    To the extent that your data is transferred in the context of this article to countries outside the European Union which do not provide an adequate level of protection for your data, NxtPort International will ensure that the companies to which your data is transferred to provide an adequate level of protection. In particular, we have concluded Standard Contractual Clauses (SCC) with them. NxtPort International guarantees to always verify, on a case-by-case basis, whether an adequate level of protection is in place for transfers to third countries.

  6. HOW LONG DO WE STORE YOUR PERSONAL DATA?

    We do not keep your personal data longer than necessary for the purposes for which it is collected and processed (as described above).

    For the purposes of providing services to our customers, we will retain it for as long as necessary to fulfil the purposes set out above, unless a longer retention period is

    • Necessary to cover our liability or
    • Required or permitted by law.

    All personal data purely for the purpose of scientific research or statistical purposes may be stored for longer periods.

    Regarding the data of visitors to our Services, we refer to our Cookie Policy.

  7. HOW DO WE SECURE YOUR PERSONAL DATA?

    We take appropriate technical and organizational measures to ensure a level of security appropriate to the specific risks we have identified. For more information on the procedures we put in place, we refer to our Information Security Policy. We thus protect your personal data as best as we can against the destruction, loss, alteration or unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. NxtPort International protects and secures the personal data it collects and stores about you. However, please remember that no data storage or data transmission is guaranteed to be 100% secure. Thus, while we strive to protect your personal data, NxtPort International cannot ensure or warrant the security of any information you transmit to us. You use our services and provide us with your information at your own risk. More information on our security measures is available upon request.

  8. WHICH RIGHTS DO YOU HAVE AS A DATA SUBJECT?

    Withdraw your consent at any time: you have the right to withdraw consent where you have previously given consent to the processing of your personal data.

    Object to processing of your personal data: you have the right to object to the processing of your personal data if the processing is carried out on the legal basis of a legitimate interest, including profiling. You also have the right to object to the processing of your personal data for direct marketing purposes. This right is absolute – we will always comply with it.

    Right to access: You have the right to obtain confirmation from us as to whether or not we are processing your personal data, to obtain access to that personal data and how and why it is being processed, as well as to receive a copy of that data.

    Right to rectification: You have the right to obtain a correction of your personal data or to request that we complete your personal data if you notice that we are processing incorrect or incomplete data about you.

    Right to erasure: You have the right to obtain data erasure in certain specific cases.

    Right to restriction: You have the right to have the processing of your personal data restricted in certain specific cases.

    Right to data portability: You have the right to obtain the personal data you have provided us with in a structured, commonly used and machine-readable form, and to transfer that personal data (or have it transferred) to another controller.

    We do not use your personal data for automated decision-making.

    You may exercise the above rights by sending an e-mail to [email protected] or in the case of the right to object to direct marketing also via the opt-out link included in our marketing e-mails. The exercise of these rights is in principle free of charge. Only in case of unreasonable or repeated requests may we charge a reasonable administrative fee. We always try to answer your requests or questions as quickly as possible. It is possible that we will first ask you for proof of identity in order to verify your identity. For further information and advice on the above rights, please visit the Services of the Data Protection Authority:www.gegevensbeschermingsautoriteit.be. In addition to the above rights, you also have the right at any time to lodge a complaint with the Data Protection Authority in connection with the processing of your personal data by us. You can contact the authority at [email protected] or by mail at the following address:

    Gegevensbeschermingsautoriteit

    Drukpersstraat 35

    1000 Brussel, Belgium

    Furthermore, you can always choose to uninstall the Services or delete your account. When the information on your profile is inaccurate, you have the right to update your information.

  9. REFERENCES TO OTHER WEBSITES

    Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be redirected to that third-party site. We strongly recommend that you review the Privacy Policy of each site you visit.

    We have no control over and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

  10. CHANGES TO THE PRIVACY POLICY

    From time to time it may be necessary to amend this Privacy Policy. When we post changes to the policy, we will change the “last updated” date at the top of the document. The most recent version of this Privacy Policy will be available on our Services at all times.

  11. CONTACT

    If you have any questions or concerns regarding this Privacy Policy or our processing of your personal data, you may contact us at[email protected].

    Withdraw your consent at any time: you have the right to withdraw consent where you have previously given consent to the processing of your personal data.

    Object to processing of your personal data: you have the right to object to the processing of your personal data if the processing is carried out on the legal basis of a legitimate interest, including profiling. You also have the right to object to the processing of your personal data for direct marketing purposes. This right is absolute – we will always comply with it.

    Right to access: You have the right to obtain confirmation from us as to whether or not we are processing your personal data, to obtain access to that personal data and how and why it is being processed, as well as to receive a copy of that data.

    Right to rectification: You have the right to obtain a correction of your personal data or to request that we complete your personal data if you notice that we are processing incorrect or incomplete data about you.

    Right to erasure: You have the right to obtain data erasure in certain specific cases.

    Right to restriction: You have the right to have the processing of your personal data restricted in certain specific cases.

    Right to data portability: You have the right to obtain the personal data you have provided us with in a structured, commonly used and machine-readable form, and to transfer that personal data (or have it transferred) to another controller.

    We do not use your personal data for automated decision-making.

    You may exercise the above rights by sending an e-mail to [email protected] or in the case of the right to object to direct marketing also via the opt-out link included in our marketing e-mails. The exercise of these rights is in principle free of charge. Only in case of unreasonable or repeated requests may we charge a reasonable administrative fee. We always try to answer your requests or questions as quickly as possible. It is possible that we will first ask you for proof of identity in order to verify your identity. For further information and advice on the above rights, please visit the Services of the Data Protection Authority:www.gegevensbeschermingsautoriteit.be. In addition to the above rights, you also have the right at any time to lodge a complaint with the Data Protection Authority in connection with the processing of your personal data by us. You can contact the authority at [email protected] or by mail at the following address:

    Gegevensbeschermingsautoriteit

    Drukpersstraat 35

    1000 Brussel, Belgium

    Furthermore, you can always choose to uninstall the Services or delete your account. When the information on your profile is inaccurate, you have the right to update your information. 6