Welcome, and thank you for your interest in BMI Leisure.
This privacy statement outlines how BMI Leisure processes your Personal Data. By providing your Personal Data, you acknowledge and agree to its use in accordance with this privacy statement. For any questions or concerns, please contact us at privacy@bmileisure.com.
Article 1 – Definitions
- “Affiliated Company”: A company affiliated with BMI Leisure as defined in Article 11 of the Belgian Company Code.
- “Controller”: As defined by the GDPR (Regulation 2016/679), BMI Leisure is the Controller determining the purpose and means of processing Personal Data.
- “Personal Data”: Any information relating to an identified or identifiable natural person.
- “Processor”: A party that processes Personal Data on behalf of the Controller.
- “BMI Leisure”: Trade name of Business & Marketing Improvement NV, located at Molseweg 160, 2440 Geel, Belgium. VAT BE0562.755.594.
- “Website”: The official website at www.bmileisure.com.
Article 2 – Purposes and legal grounds
Client data
We process identity and contact data of clients and their associates to:
- Execute agreements
- Provide customer service
- Maintain bookkeeping
- Conduct direct marketing
Legal grounds: Contractual obligation, legal requirements, legitimate interest, and in some cases, consent.
Supplier and subcontractor data
We process identity and contact data for similar purposes as with clients.
Legal grounds: Contractual obligation, legal requirements, and/or legitimate interest.
Personnel data
Processed as part of employment, HR, and payroll administration.
Other Data (Prospects, Contacts)
Collected via the Website or other channels for commercial purposes, PR, and direct marketing.
Legal grounds: Legitimate interest, consent, or contractual necessity.
Specific Purposes
We may also use your data to:
- Inform you about our products and services
- Fulfill agreements
- Respond to inquiries or complaints
- Improve our services and Website
- Perform direct marketing
- Conduct profiling to personalize services (without automated decision-making)
Article 3 – Confidentiality and Security of Personal Data
Your data is processed in accordance with GDPR and applicable laws. We implement security measures to prevent unauthorized access, accidental loss, or unlawful processing. Access is limited to those who require it on a “need-to-know” basis.
However, we cannot guarantee data security if shared through unsecured channels outside our systems.
Article 4 – Collection and Retention of Data
How Data is Collected
- Via the Website
- Newsletter subscriptions
- Contracts and agreements
- Direct communication (phone, email, etc.)
Retention Periods
- Client & Supplier Data: Retained for 7 years post-contract, unless legally required otherwise.
- Personnel Data: Retained for 5 years after employment ends.
- Other Data: Retained for a maximum of 5 years after last contact.
We strive to only collect data necessary for the purposes outlined in Article 2.
Article 5 – Data Transfers
Outside the EEA
We only transfer data outside the EEA if:
- Hosted on U.S. servers with adequate safeguards (e.g., Privacy Shield, Standard Contractual Clauses)
Within the EEA
We may share data with:
- Service providers acting on our behalf (e.g., marketing, IT)
- Authorities as required by law
We ensure:
- All transfers comply with GDPR
- Data processors are contractually bound to use the data securely and only for specified purposes
Article 6 – Your Rights as a Data Subject
To exercise any of the rights below, email us at privacy@bmileisure.com along with a copy of your ID for verification. We will respond within one (1) month, extendable to three (3) months if necessary.
Your Rights Include:
- Right of Access: Obtain confirmation and access to your data.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Delete your data under specific circumstances (e.g., consent withdrawn, no longer needed).
- Right to Restrict Processing: Temporarily limit use of your data (e.g., when contesting accuracy).
- Right to Object: Oppose data processing for direct marketing or based on legitimate interest.
- Right to Data Portability: Request your data in a structured, machine-readable format.
- Right to Withdraw Consent: Withdraw consent at any time (applies only where consent is the legal basis).
- Right to Complain: File a complaint with the Belgian Data Protection Authority at contact@apd-gba.be or via mail to Drukpersstraat 35, 1000 Brussels.
Article 7 – Third-Party Links
Our Website may contain links to third-party sites. We are not responsible for the content or privacy practices of these external sites. Please consult the privacy policies of these sites before submitting your Personal Data.