Privacy Statement
Last Updated: January 27, 2025CONTENTS1. Introduction
2. General information applicable to all our personal data processing activities
2.1. Who is the controller?
2.2. How do we receive your personal data?
2.3. Do we share your personal data outside the European Union?
2.4. What rights do you have as a data subject?
2.5. Want to exercise your rights, have questions or a complaint?
3. Specific processing activities that may apply to you
3.1. You are a client of Disso?
3.2. You are a supplier or subcontractor of Disso?
3.3. You are a visitor to Disso's Website or a prospect?
3.4. You are a (potential) job applicant of Disso?
3.5. You are a participant in one of our Disso activities (networking events, etc.)?
4. Changes to this Privacy Statement1. INTRODUCTIONDisso cares about your privacy and treats your personal data as confidentially as possible.The protection of your privacy and your personal data is an extremely serious matter for us. We collect, store and use your personal data only in accordance with the contents of this privacy statement ("Privacy Statement") and the applicable regulations on data protection, in particular the provisions of the General Data Protection Regulation ("GDPR") and the national data protection provisions.This Privacy Statement explains what personal data is collected and processed, for what purposes, how long we keep personal data, what your rights are in this regard and how you can contact us.This Privacy Statement applies, inter alia, to (i) our website disso.ai (hereinafter our "Website"), and the services and activities associated with it and (ii) all relationships through any other means of communication between you and us.2. GENERAL INFORMATION APPLICABLE TO ALL OUR PERSONAL DATA PROCESSING ACTIVITIES2.1. WHO IS CONTROLLER?Disso Security, a private limited company, with registered office at Kakelstraat 36, 9800 Deinze, Belgium and registered in the Belgian Crossroads Bank for Enterprises under the number 1016.749.842 (hereinafter "Disso", "we" or "us"), is responsible for processing your data as described in this Privacy Statement.Please note that Disso is a data controller, which means that we have a direct responsibility to you in relation to the processing of your personal data. This Privacy Statement relates solely to our relationship with you as a data controller.It is important to note in this context that Disso is, in principle, not the controller of the personal data processed as part of our Disso services (Gen-AI communication security) offered to our clients: e.g. the processing of personal data and communications of employees/staff of Disso's clients whose accounts are integrated into the Disso system. Regarding such personal data, the client is the data controller, and we act as a processor. For more information about the processing of your personal data in connection with these services, we refer you to the privacy statement of the respective client(s).2.2. HOW DO WE RECEIVE YOUR PERSONAL DATA?Personal data is data that can be used to directly or indirectly identify natural person. We may collect and process personal data in various ways, e.g. when:• you contact or have contacted us (e.g. via the contact form on the Website, when you book a meeting via our Website, etc.);
• we provide or have provided any of our services to you;
• you wish to apply for a job at Disso;
• when you create an account via our Website;
• etc.We may also find, update, supplement and improve your data through public sources (e.g. Crossroads Bank for Enterprises, etc.) and social networks.2.3. DO WE SHARE YOUR PERSONAL DATA OUTSIDE THE EUROPEAN UNION?In principle, we use your personal data only for providing the services you request. If we use external service providers to provide these services, these service providers also have access to your personal data exclusively within the scope of their services. We have implemented necessary technical and organizational measures to ensure compliance with data protection regulations and also require external service providers to adhere to these provisions. We have entered into data processing agreements with relevant third parties, which include necessary safeguards regarding the confidentiality and privacy compliance of your personal data.Notwithstanding the foregoing, it is possible that Disso may disclose your personal data to competent authorities (i) if Disso is required to do so by law or legal process and/or (ii) to protect and defend our rights.In principle, we aim to store your personal data on IT systems in the European Economic Area ("EEA").If personal data are transferred to countries or organisations outside the EEA, appropriate safeguards will always be provided. Any transfer of personal data outside the EEA to a recipient in a country not covered by a decision of the European Commission to provide an adequate level of protection, will be subject to the provisions of a data transfer agreement, which will include (i) the standard contractual clauses issued by the European Commission, or (ii) any other mechanism in accordance with the GDPR, or any other regulation relating to the processing of personal data such as the EU- U.S. Data Privacy Framework for transfers to the U.S.2.4. WHAT RIGHTS DO YOU HAVE AS A DATA SUBJECT?You have several rights:• You have a right to access your personal data. This allows you to check what personal data we process about you;
• You have a right to correct your personal data. This allows you to correct or supplement any incorrect or incomplete personal data we process about you;
• You have a right to erasure of your personal data. This allows you to permanently erase personal data that we process about you. We are not always obliged to erase your personal data at your request – this right only applies in the cases and to the extent provided by law;
• You have a right to restrict the processing of your personal data. This allows you to freeze our use of your personal data without erasing it;
• You have the right to object to the processing of your personal data. This allows you to object to the further processing of your personal data;
• You always have the right to withdraw your consent when the processing of your personal data is based on your consent;
• You always have the right to object the processing of your personal data for direct marketing purposes;
• You have the right to data portability. This allows you to transfer, copy or forward personal data smoothly from one controller to another.2.5. WANT TO EXERCISE YOUR RIGHTS, HAVE QUESTIONS OR A COMPLAINT?For the exercise of your rights, for any questions or complaints related to the processing of personal data, you can always contact us:- via email: [email protected]
- via letter: Disso Security BV
FAO: the data protection manager
Kakelstraat 36
9800 Deinze
Belgium
You can also file a complaint with the supervisory authority in the location where you reside. For Belgium, this is the Data Protection Authority:- via the website: gegevensbeschermingsautoriteit.be - via e-mail: [email protected]
- by phone: +32 2 247 48 00
- via letter: Gegevensbeschermingsautoriteit
Gegevensbeschermingsautoriteit
Drukpersstraat 35
1000 Brussels
For more information regarding complaints and remedies, we invite you to consult the Data Protection Authority's website: gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen.3. SPECIFIC PROCESSING ACTIVITIES THAT MAY APPLY TO YOUUnder what circumstances Disso collects, uses or otherwise processes different categories of personal data from you, for what purpose, on what legal basis, for what period and with whom it is shared, is described below.3.1. YOU ARE A CLIENT OF DISSO?Disso provides Gen-AI driven email and communication security, giving your business more control over its communication safety and protecting it against modern cyber threats.Disso may collect and process one or more of the following personal data:• contact information and account creation data: e.g. name, first name, profession, telephone and mobile number, e-mail address, address details and other contact information; company information;
• test phase data: e.g. e-mail address(es) and other personal data and/or communications used during the test phase (if the client chooses to test using their own data; not mandatory, as sample data can also be used);
• correspondence and other forms of communication: e.g. letters, e-mails and other (forms of) communication;
• billing and administrative data: e.g. bank account numbers, and any other payment information.3.2. YOU ARE A SUPPLIER OR SUBCONTRACTOR OF DISSO?Disso may collect and process one or more of the following personal data:• contact information: name, title, function, telephone and mobile number, e-mail address, office address and other contact and/or company information;
• correspondence and other forms of communication: letters, e-mails and other (forms of) communication;
• information on the delivery of the product/service and any information on our engagement with the supplier/subcontractor, bank account numbers and any other information on payments.3.3. YOU ARE A VISITOR TO DISSO'S WEBSITE OR A PROSPECT?Disso may collect and process one or more of the following personal data:• contact information: e.g. name, first name, e-mail address, company name, role in your company, address;
• correspondence and other forms of communication: e-mails and other (forms of) communication;
• your electronic identification data: e.g. your IP address, connection times, etc. following a visit to our Website that uses cookies or similar techniques.3.4. YOU ARE A (POTENTIAL) JOB APPLICANT OF DISSO?Disso may collect and process one or more of the following personal data:• contact information: name, first name, function, telephone and mobile number, home address, e-mail address, social media account and other contact information;
• correspondence and other forms of communication: letters, e-mails and other (forms of) communication;
• other recruitment-related information: gender, date of birth, photograph, application form, CV, interview notes, and other employment history information.3.5. YOU ARE A PARTICIPANT IN ONE OF OUR DISSO ACTIVITIES (NETWORKING EVENTS, ETC.)?Disso may collect and process one or more of the following personal data:• contact information: name, first name, company name, function, address, telephone and mobile number, e-mail address, payment details (in case of paid activity);
• correspondence and other forms of communication;
• in case of events: business cards, dietary restrictions, photos, videos, etc.However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.Disso processes the above personal data for the following purposes:I. to provide you with more information about our services and products at your request or at our initiative, if deemed necessary to accurately perform our services for you;
II. to provide you with the services as agreed with you;
III. to handle any complaint and/or feedback;
IV. to make or collect payments;
V. to maintain a business relationship with you as a client.Disso processes the personal data listed above on the following legal grounds:• the processing is necessary for the performance of an agreement to which you are a party or to take steps at your request prior to the conclusion of an agreement (purposes I to IV above);
• the processing is necessary for the purposes of the legitimate interests pursued by Disso or a third party (purpose V above). Our legitimate interest is to serve you as a client even better by keeping you informed about our activities, services and products (purpose V above).Disso will retain your personal data for a period of 6 months after the completion of the service or termination of the agreement. This retention period allows us to handle any post-service inquiries, complaints, or administrative follow-ups.In certain cases, we may retain your personal data for a longer period, including but not limited to the following situations:• if applicable laws require us to retain specific data, we will retain the data for the duration of the legally required period;
• data necessary to establish, exercise, or defend legal claims will be retained for the duration of the applicable statutory limitation period.In pursuit of these purposes, we may disclose your personal data to:• subcontractors who process personal data on our behalf (processors), e.g. in relation to hosting, mailing, marketing initiatives, etc.. They only process your personal data under our written instructions and in accordance with an agreed processing agreement;
• judicial, police or administrative authorities, if required by law or court proceedings.4. CHANGES TO THIS PRIVACY STATEMENTWe may update this Privacy Statement from time to time. Therefore, we encourage you to consult it regularly so that you are aware of any changes.For more information about our privacy practices, please contact us at [email protected]