This is the most important thing you need to know:
If you use Rightso, we will encrypt your personal data (mainly your answers to the questions) and store it for three months on a server in the EU. You agree to the terms of use by which we have a contract with you. We will only use your encrypted personal data for the performance of that contract. Before you can use the generator, we will also ask for your explicit permission in case you mention sensitive personal data in your answers. ClauseBase provides the technology and acts as a processor of your encrypted personal data. Since your personal data is encrypted, we cannot read your personal data (unless you provide us with the file name and password). If you have any questions about this privacy policy, please contact privacy@timelex.eu.
Still want more information? Read the full privacy policy below:
As a law firm specialising in privacy and data protection, we attach great importance to the security and confidentiality of the personal data we process. Moreover, we want to be very clear and transparent about what happens when we collect and use your personal data. Hence this privacy policy for the use of Rightso.
1. When does this privacy policy apply?
This Privacy Policy applies only when you use Rightso, specifically when you generate a request or response. In all other cases (e.g., if you were to communicate with us through the contact form on the website or by email), our general privacy policy continues to apply.
2. What if this privacy policy doesn't answer all your questions?
Data protection legislation requires us to provide you with a great deal of information, so we would like to ask for your attention for a moment. If you have any further questions about the processing of your personal data, please do not hesitate to contact our DPO (the abbreviation for "Data Protection Officer"). You can contact our DPO via email: privacy@timelex.eu.
3. Who is "we"?
"We" in this privacy policy refers to Timelex: time.lex CV Joseph Stevensstraat 7, 23rd floor, 1000 Brussels, Belgium, Ondernemingsnummer 0890.217.005, RPR/RPM Brussels, Tel.: +32 2 893 20 95
The law firm Timelex is responsible for the collection and use (or - as the law calls it - "processing") of your personal data in the manner explained in this privacy policy.
For the sake of simplicity, you can address your questions, requests or problems regarding the processing of your personal data to Timelex (remember the DPO mentioned above).
4. What personal data do we process and why?
Your personal data will only be collected and used in the context of Rightso. That means that the personal data you provide to us will be used to generate a request or a response:
If you generate a request, the personal data you provide us with will be processed so that you can export and download the request. Once you export and download the Request, your personal data is securely encrypted and stored in accordance with this Privacy Policy. Only the person or organization that has the file name and password at the bottom of your request can decrypt the personal data you provided and then import it into Rightso. This way, you are always assured that the organization has the personal data as you provided it through Rightso. This enables the organization to answer your question in a targeted and efficient manner. Since Rightso is meant to facilitate the creation and answering of requests as much as possible for both the requester as the organization to which the request is addressed, we consider the import functionality an essential feature of Rightso. This functionality is therefore a necessary part of the agreement you enter into with us when using Rightso.
If you generate a response, the personal data you provide to us will be processed solely to enable you to export and download the response.
In order to achieve the above objectives, we process the following personal data:
Basic identity data that you provide, such as name, e-mail address, mailing address, phone number, the company you work for, your job title;
technical information related to the device you are using, such as your IP address, browser type, geographical location and operating system;
any other personal data you provide through Rightso, which may include sensitive personal data.
We wish to emphasize that you are in no way required to provide certain personal data through Rightso. There are no mandatory fields that you must fill out, which means that you always have full control over the personal data that you may or may not provide to us.
When you use Rightso, you are entering into an agreement with us. The processing of your personal data as described in this Privacy Policy is necessary in order to perform this agreement with you. However, if you provide sensitive personal data (e.g. health data) to us through Rightso, you are giving your express consent to the processing of this sensitive personal data.
5. With whom do we share your personal data?
We do not share your personal data with anyone other than:
yourself;
The recipient of your request, i.e. the person or organization to whom you send your request, will be able to import your personal data using the file name and password specified in the request;
ClauseBase, being a legal tech start-up from Leuven. ClauseBase, as a service provider of Timelex, is bound by strict contractual obligations to keep your personal data secure and confidential and will encrypt and store your personal data in accordance with this privacy policy;
governmental or judicial authorities insofar as we would be obliged to send them your personal data (but we can only provide encrypted personal data).
6. Where are your personal data processed?
We do not transfer your personal data outside the European Economic Area (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland). ClauseBase stores your personal data in an UpCloud data centre in Madrid (Spain). This data centre uses 100% renewable energy.
However, if, after generating your request, you yourself send your request to a person or organization outside the EEA, your personal data will obviously leave the EEA. Your personal data may also be imported by a recipient outside the EEA with the file name and password specified in your request. We consider such a transfer to be necessary for the performance of the contract between you and us.
7. How long do we keep your personal data?
Your personal data will only be processed for as long as necessary to achieve the purposes described above or, where we have asked you for your consent, until such time as you withdraw your consent.
As soon as you export a request or a reply, we keep your encrypted personal data for a maximum of three months. After this period, your encrypted personal data is automatically deleted. We recommend that you keep your own copy of the Request or Response that you export since neither Timelex nor ClauseBase can recover your Personal Data once it has been deleted.
8. What do we do to keep your personal data safe?
The security and confidentiality of all data we process is very important to us. Therefore, we have taken steps to ensure that all personal data processed is kept secure. These steps include the encryption of your Personal Data (AES-128). Once your Personal Data is encrypted, it is impossible for Timelex and ClauseBase to decrypt your Personal Data, unless of course you provide us with the file name and password. ClauseBase does not keep a copy of the files you export. We have also taken technical and organizational measures to secure our infrastructure, systems, applications, and processes.
9. What rights do you have regarding your personal data?
When we collect and use your personal data, you enjoy a number of rights which you can exercise in the ways set out below.
However, please note that your personal information has been encrypted. Therefore, without the file name and password of your encrypted personal information, we will not be able to respond to your request because we need the combination of the file name and password to identify the personal information that relates to you. Without the combination of the file name and the password, it is technically impossible for us to read your personal information.
Please also note that if you wish to exercise a right, we will ask you for proof of identity. We do this to prevent us from encountering a personal data breach, for example, an unauthorised person posing as you and exercising a right on your behalf.
You have the right to access your personal data, which means that you can ask us to provide you with information about the personal data we hold about you. You can also request a copy of your personal data.
You have the right to request that we correct your personal data if you can demonstrate that the personal data we are processing about you is incorrect, incomplete or out of date.
If you provided your consent for the collection and use of your personal data, you have the right to withdraw this previously given consent.
You may request us to remove your personal data if this personal data is no longer necessary for the purposes for which we collected it, if its collection was unlawful, or if you have successfully exercised your right to withdraw your consent or your right to object to the processing of your personal data. Where any of these circumstances apply, we will delete your personal data immediately, unless legal obligations or administrative or court orders prohibit us from deleting your personal data.
You can ask us to restrict the processing of your personal data:
during the time we are reviewing your request to correct your personal information;
during the time we are assessing your objection to the processing of your personal data;
when such processing was unlawful, but you prefer a restriction to erasure;
when we no longer need your personal data, but you need them for the establishment, exercise or defence against a legal claim.
Where we process your personal data based on our own interests, i.e. you have not given us your consent and we do not need them for the performance or execution of a contract, or to comply with legal obligations, you have the right to object to our processing of your personal data. Where our interest relates to direct marketing, we will comply with your request immediately. For other interests, we will ask you to describe your specific circumstances giving rise to a request. We must then weigh your circumstances against our interests. If this balancing act results in your circumstances outweighing our interests, we will cease processing your personal data.
Where we have collected your personal data on the basis of your consent or because it was necessary for the performance or execution of a contract with you, you have the right to obtain a copy from us in a structured, commonly used and machine-readable format. However, this right only applies to personal data that you have provided to us.
If you wish to exercise any of these rights, please send us an e-mail. You can reach us at privacy@timelex.eu.
Please be assured that we will not interpret an email from you indicating your desire to exercise a right as your consent to the processing of your personal data beyond what is necessary to process your request.
A request must clearly state and specify which right you wish to exercise. Always indicate the context in which we have obtained your personal data so that we can process your request quickly and carefully. Your request must also be dated, signed and accompanied by a digitally scanned copy of your valid identity card proving your identity.
We will inform you immediately of the receipt of this request. If the request is found to be valid, we will notify you as soon as possible and no later than thirty (30) days after receipt of the request.
If you repeatedly make the same request, thereby causing significant inconvenience, we may refuse these successive requests or charge you an administrative fee to cover the costs. We may also deny you the right to access your personal data or only grant you partial access if such access could unreasonably prejudice the rights and freedoms of others, including Timelex.
If you have a complaint about the processing of your personal data by Timelex, you can always contact us at the e-mail address mentioned in the first paragraph of this clause. If you are not satisfied with our response, you can submit a complaint to the competent data protection authority, i.e. the Belgian Data Protection Authority (https://www.gegevensbeschermingsautoriteit.be/).