Privacy policy

PRIVACY NOTICE

This Privacy Notice is provided by EDPNET Belgium BV (hereinafter “edpnet”, “we”, “us”, “our”), a company incorporated in accordance with the laws of Belgium, with its registered office at Bellestraat 30, 9100 Sint-Niklaas, registered at the Crossroads Banks for Enterprises under company number 0799.091.641, in its quality as Data Controller (hereinafter “the Controller”), in compliance with articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter “GDPR”).

For the provision of interpersonal and electronic communication services (hereinafter the “Services”) as well as, upon the occurrence of the conditions specified below, edpnet explains (in paragraphs 1 - 8) the purposes and legal basis for which we collect and process your personal data, which categories of data are processed, the transfers of data and modalities they happen, which rights you have as a data subject (hereinafter “data subject”, “you”, “your”, “yours”) and how to exercise.

Edpnet has appointed a Data Protection Officer (hereinafter “DPO”), pursuant GDPR, who can be contacted by writing for the attention of Data Protection Officer, Bellestraat 30, 9100 Sint-Niklaas or via privacy@edpnet.com.

1. Categories of personal data processed

Edpnet will process:

a) the contact and identification data provided by you when entering into the contract for the provision of Services, such as, but not limited to name, surname, age, address, fixed telephone number, mobile telephone number, e-mail address, language, birthday, birthplace, identity card number, national registry number, contact title, IP address, name of previous provider, customer ID with previous provider, Easy Switch ID, payment method of mobile subscription with previous provider, previous mobile SIM card number, invoice with previous provider, user name, bank account number;

b) certain personal data that may be acquired by other means, also during the course of a contractual relationship;

i) telephone and traffic data;

ii) bank and/or payment data;

iii) data relating to telephone cell you are connected to while using telecommunication services;

iv) data processed or generated as part of the provisioning of electronic communications networks or Services;

v) data belonging to special categories within the meaning of Article 9 of Regulation (EU) 2016/679;

vi) data relating to criminal convictions and offences within the meaning of Article 10 of Regulation (EU) 2016/679, provided by judicial authorities as part of their own requests;

vii) data relating to your consumption habits and/or interests.

2. Purposes and legal basis of data processing

 

Under the specified conditions, your personal data will be processed for the following purposes:

 

a) For execution of the contract

Your personal data will be processed for the management of the contractual relationship (for example, for the invoicing of fees, handling payments or claims you may submit to us, credit collection, etc.) and to provide the Services you have requested (internet access, fix or mobile telephony). In particular, for this purpose, edpnet may process the data indicated in paragraph 1.a) and 1.b) points i), ii), iii), and iv). Edpnet informs you that it may contact you and process the above data for purposes related to the execution of the contract (such as but not limited to: assistance, provisioning, activation, support) also through edpnet's official chat channel.

In processing data indicated in paragraph 1.b), point i), edpnet will make your data anonymous, as soon as they are no longer necessary for the transmission of the communication, except for fulfilment of legal obligations or for the sole purpose of invoicing.

Edpnet may process the data referred to in paragraph 1.b) point v) in an encrypted way, without knowing the content of the communication.

 

b) For fulfilment of legal obligations

Your personal data will be processed by edpnet for the fulfilment of legal obligations. Specifically, edpnet may process your data for the fulfilment of accounting and tax obligations, and for the fulfilment of judicial authority requests. For such purposes, the data indicated in paragraphs 1.a) and 1.b), points i), ii), iii), iv), v) and vi) may be processed.

 

In case of an emergency call to the emergency services offering on-site help, your geographical location may be processed without your consent, with a view to allowing the processing of the emergency communication information by the emergency centre concerned.

 

Moreover, exclusively to comply with requests from judicial authorities, edpnetmay acquire the data referred to in paragraph 1.b), point vi).

c) In pursuit of its own legitimate interest, edpnet may implement the following procedures

Edpnet may use the e-mail address you have provided to send commercial communications regarding Services and/or products similar to those covered by the contract.

 

Within the context of Article 9 of the Royal Decree of 12 September 2018 on the obligations applicable to the provision of paid services as referred to in Article 116/1, §2, of the Law of 13 June 2005 on electronic communications, edpnet may process and share your data with third party service and/or content providers, providers acting in their capacity as data controllers ("third data controllers") for the purposes of pursuing their own legitimate interests, since you have provided them with your edpnet mobile number in order to use/subscribe to their services.

 

Edpnet may process 1.b), point i) for the purposes of identifying frauds or a malicious use of the network, and for the purposes of ensuring the security and proper functioning of edpnet’s electronic communications networks and services. Furthermore, edpnet may process the data provided by you and those acquired during the use of the Services to perform internal market research and to analyse the customer satisfaction level.

 

We inform you that you have the right to object at any time, for reasons related to your particular situation with reference to the data processing indicated here above in paragraph 1. that may be carried out by edpnet on the basis of its own legitimate interest. Following your objection, edpnet will refrain from further processing this personal data unless there are compelling legitimate grounds for processing that override your interests and rights.

 

You may oppose, without limitation, the sending of commercial communications to your email address by writing at privacy@edpnet.com. Any updates on these methods will be indicated from time to time on our website.

d) For marketing purposes, subject to your consent

With your express consent, edpnet may process your data in order to send you commercial communications regarding edpnet's services and products. In particular, for this purpose, edpnet may process the data indicated in paragraph 1.a) and 1.b), point i), and vii).

3. The recipients or categories of recipients of the personal data

For the implementation of the contract, the fulfilment of legal obligations and the pursuit of its legitimate interests, edpnet may disclose your personal data to the following categories of persons:

     parties that provide services for the management of edpnet's IT system;

     parties involved in the transmission, mailing, forwarding and sorting of the data subject's communications;

     parties who carry out debt collection services

     parties who carry out control, audit and certifications on the activities carried out by edpnet also in the interest of its customers and users;

     other telecommunications operators, for the management of interconnection and roaming relationships;

     group companies;

     subsidiary, parent and associated companies;

     credit transferee companies;

     parties who perform technical and organisational tasks on behalf of edpnet;

     sales agents, firms and companies as part of service and consultancy relationships;

     public authorities, if the conditions are met;

.

4. Data processing methods

Your data is collected and recorded in a lawful and correct manner for the purposes indicated above and are processed, also with the aid of electronic or automated means and specific databases, in terms not incompatible with these purposes and, in any case, in a manner such as to guarantee the security and confidentiality of the data.

 

Edpnet has taken all reasonable technical and organisational measures to protect your personal data against unauthorised access and use, loss or theft, such as: security of your passwords, encryption software, firewalls, antivirus, intrusion and anomaly detection, as well as control for the edpnet employees (the number of employees who have access to your personal data are limited and access is only granted insofar as these specific data are required to perform their tasks properly).

5. Processing term and retention period

Your data will only be processed for the time necessary for the purposes mentioned above. Specifically, below are the main use and retention periods relating to your personal data for the various processing purposes:

5.1. Execution of contract

Edpnet will retain the data processed for the execution of the contract throughout the duration of the contract and for a further period of 10 years thereafter, unless the need for further retention for additional periods to enable edpnet to defend its rights arises.

Your traffic data will be retained for a maximum period of 12 months for billing purposes or for making interconnection payments, without prejudice to any further specific retention required as a result of a dispute, including in court.

5.2. Fulfilment of legal obligations

Edpnet will retain data processed for the purpose of fulfilling legal obligations to the extent provided for by law and for as long as the need for processing persists in order to fulfil said legal obligations;

The information regarding both incoming and outgoing telephone and electronic communications, excluding the actual content of the communications:

     is retained for 12 months for the purposes (i) to prevent end users of edpnet from be harmed or bothered and detect fraud and malicious use on their networks and services, pursuant to the Law of 13 June 2005 concerning electronic communications; and (ii) to provide you with the most advantageous alternative tariff plans of edpnet, if it is applicable pursuant to the Law of 13 June 2005 concerning electronic communications.

For the purposes of safeguarding national security, combating serious crime, preventing serious threats to public security, and safeguarding the vital interests of a natural person edpnet will retain the data indicated in paragraph 1.b), point iv for a maximum of 12 months, or according to specific geographical areas defined by Law 13 June 2005 concerning electronic communications, for another maximum subsequent 12 months.

5.3. Legitimate Interest

The data processed for the pursuit of edpnet's legitimate interest will be processed for the time strictly necessary for the pursuit of that interest, namely:

     data relating to the status and punctuality of your payments to edpnet will be retained for the entire duration of the contract and for a period of 10 years following the conclusion of the contract;

     the data used for sending commercial communications to your email address, as indicated in paragraph 2, letter c), will be processed until the termination of the contractual relationship, unless you have previously objected.

5.4. Consent

Marketing

The data for marketing purposes will be processed for a period of 24 months and until you revoke your consent to use the data for that purpose; following such revocation, edpnet will cease the processing in question and will no longer retain the data acquired exclusively for that purpose.

6. Transferring data outside the European Union

Your data may also be transferred outside the European Union to different Data Recipients. Such transfers, where applicable, will be regulated through the use of standard contractual clauses adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to GDPR or on the basis of an adequacy decision by the European Commission.

7. Data Subject's Rights

In accordance with the regulations in force, you may exercise the following rights:

     request and obtain information relating to the presence with the Data Controller or your personal data, the purposes of the processing and access to such data;

     by sending an e-mail from the email address that you provided during your order to privacy@edpnet.com, and attaching a valid identification document to your request

     request and obtain the modification and/or correction of your personal data if you believe that they are inaccurate or incomplete;

     by sending an e-mail to privacy@edpnet.com, and attaching a valid identification document to your request

     request and obtain the cancellation - and/or limitation of processing - of your personal data if data or information are unnecessary (or no longer necessary) for the above purposes;

      by sending an e-mail from the email address that you provided during your order to privacy@edpnet.com, and attaching a valid identification document to your request

     request and obtain portability of the personal data that are processed by automated means in a structured, commonly used format and readable by an automatic device and request their transfer to another data controller.

     by sending an e-mail from the email address that you provided during your order to privacy@edpnet.com, and attaching a valid identification document to your request.

Please note that if you use addresses other than those indicated in this Policy to exercise your rights or to change optional consents, the handling of your request may be slowed down.

 

7.1. Procedure for revoking optional consents - referred to in paragraph 1, letter (d)

 

Your consent under paragraph 2, letter d) may be revoked by you at any time and in several ways:

     by sending an e-mail from the email address that you provided during your order to privacy@edpnet.com, and attaching a valid identification document to your request;

If you are no longer one of our customers, you may revoke your consent under paragraph 2, letter d) within 6 months after deactivation of your account in the following ways: by sending an email to the following address privacy@edpnet.com, enclosing a valid identification document with your request.

7.2. Procedure for universal revoking of consents for marketing correspondence and calling

If you do not wish to receive any commercial calls, you can register yourself on the Don’t-call- me-anymore list. You can do this via the website https://www.dncm.be (only available in Dutch or French).

If you no longer wish to receive commercial letters, you can register yourself on the so-called Robinson list via the website www.robinsonlist.be (only available in Dutch or French)

8. Additional information

Edpnet is an Other Licensed Operator (OLO) and a Light MVNO. What does it mean?

Edpnet is an OLO. This means that we can develop our own internet access services for use on the Proximus xDSL and Fiber PON network and to market, distribute and sell them under our name and for our account. Proximus is fully responsible for the operation of its copper and fibre network. In the capacity of Proximus as Network Operator, Proximus may process your data on their behalf for purposes such as: (i) the delivery of the Services; (ii) maintenance, repairs, improvement and development of the Proximus infrastructure; (iii) legal obligations.

Edpnet is a Light Mobile Virtual Network Operator (Light MVNO). This means that we can develop our own mobile services on the Orange mobile network, and to market, distribute and sell them under our name and for our account. Orange is fully responsible for the operation of its mobile network. In the capacity of Network Operator, Orange may process your data for purposes such as: (i) the delivery of the Services; (ii) maintenance, repairs, improvement and development of the Orange infrastructure; (iii) legal obligations.

For further information, we invite you to read the Privacy Notice of our Network Operator Partners.

Exercise of Rights and lodge of a complaint to the Belgian Data Protection Authority

 

You can exercise your rights or file complaints about the processing of your personal data by contacting edpnet at the following address: EDPNET Belgium BV, for the attention of the Data Protection Officer, Bellestraat 30, 9100 Sint-Niklaas or via privacy@edpnet.com.

Edpnet needs to verify your identity. Therefore we ask you to include a copy of your identity card with your request. You can exercise your privacy rights free of charge, unless your request is unfounded or excessive. Edpnet can then charge a reasonable fee, taking into account the administrative costs to be able to carry out the request, or refuse to execute the request.

If edpnet does not respond within 30 days to your request or if it refuses to do so in your opinion, or if our response does not meet your expectations, you can lodge a complaint with the Belgian Data Protection Authority, Drukpersstraat 35, 1000 Brussels, or via commission@privacycommission.be, who will start a mediation procedure.

Definitions

 

Anonymised/anonymous data: Personal data made anonymous through a process which is non-reversible within the limits of the technology applicable from time to time.

Consent: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

Legitimate Interest: any interest of the Data controller or third parties for which the data processing is necessary to achieve it and it is overriding to the interests, rights and freedoms of the data subject.

Traffic Data: the identifier of the origin of the communication; the identifier of the destination of the communication; the precise dates and times of start and end of the communication; the telephone number from which the incoming communication originated; the IP address used to send the incoming communication, the timestamp and the port used; and the precise dates and times of the start and end of the incoming)

Data processed or generated as part of the provisioning of electronic communications networks or Services: Data referred to in Articles 126, § 1 and 126/2, § 2 of Law 13 June 2005 concerning electronic communications.

 

Legal Disclaimers

 

This Privacy Notice has been drawn up with due observance of the obligations in GDPR and the provisions of European Directive 2002/58/EC

Edpnet may use your personal data for new purposes that are not yet provided for in our "Privacy Notice". In that case, we will contact you before using your data for these new purposes, to inform you of the changes to our regulations for the protection of personal data and to give you the opportunity to refuse your participation.

If this privacy policy is changed, you can always find the most recently published version on this page. If the law so requires, edpnet will inform you individually.

This Privacy Policy text was last updated on 18/11/2024

edpnet cookies

Functional (necessary) and analytical cookies are recommended for our edpnet website to work properly. They are not used to identify you as a visitor on our website. Edpnet also uses commercial/advertising cookies which are used to personalize advertisements on third party websites. These cookies are by default disabled. But you can choose to enable them below. Visit our Cookie Policy for details.

Settings
Commercial/advertising cookies are used to personalize advertisements. The intention is to display edpnet advertisements, which are relevant and attractive to the individual user, on third party websites. You can read who these third parties are in our Cookie Policy.
Accept recommended cookies