Pri­va­cy pol­i­cy

BMI Leisure - Privacy statement (last modified on 01 September 2022)

First of all, we are excit­ed that you are inter­est­ed in BMI Leisure.

In this pri­va­cy state­ment, we doc­u­ment the way Per­son­al Data is processed by us.

It is pos­si­ble that we will ask you to share cer­tain Per­son­al Data with us, includ­ing but not lim­it­ed to your first name, last name, e‑mail address (iden­ti­fi­ca­tion data). Con­cern­ing cer­tain legal oblig­a­tions, you might have to pro­vide us with addi­tion­al data for us to com­ply with said oblig­a­tions.

We only col­lect Per­son­al Data that is nec­es­sary to inform you about our prod­ucts and ser­vices, to exe­cute agree­ments with you, and to con­tact you.

The legal grounds for the pro­cess­ing of your Per­son­al Data are the exe­cu­tion of an agree­ment, a legal oblig­a­tion, our legit­i­mate inter­est, and, in some cas­es, your con­sent (Arti­cle 2).

The pro­cess­ing of your Per­son­al Data is sub­ject to this pri­va­cy state­ment. In case you have ques­tions or remarks, please con­tact privacy@​bmileisure.​com.

By pro­vid­ing Per­son­al Data you are deemed to have acknowl­edged the use of your Per­son­al Data in accor­dance with this pri­va­cy state­ment.

Arti­cle 1 – Def­i­n­i­tions

Affil­i­at­ed Com­pa­ny” means a com­pa­ny which BMI Leisure is affil­i­at­ed, pro­vid­ed that such com­pa­ny meets the con­di­tions for an affil­i­at­ed com­pa­ny” as set out in Arti­cle 11 of the Bel­gian Com­pa­ny Code.

Con­troller” has the mean­ing as defined in the Gen­er­al Data Pro­tec­tion Reg­u­la­tion 2016/679. BMI Leisure will be qual­i­fied as the Con­troller, which deter­mines the pur­pos­es and means of the pro­cess­ing of Per­son­al Data.

Per­son­al Data” has the mean­ing as defined in the Gen­er­al Data Pro­tec­tion Reg­u­la­tion 2016/679, which is any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (also called the data sub­ject”).

Proces­sor” has the mean­ing as defined in the Gen­er­al Data Pro­tec­tion Reg­u­la­tion 2016/679, which process­es Per­son­al Data on behalf of the Con­troller.

BMI Leisure” is the trade­name of Busi­ness & Mar­ket­ing Improve­ment NV, a com­pa­ny with a reg­is­tered office sit­u­at­ed at 2440 Geel, Molseweg 160, reg­is­tered in the Bel­gian Cross­road Bank for Enter­pris­es with num­ber 0562.755.594.

Web­site” means the web­site www​.bmileisure​.com.

Arti­cle 2 – Pur­pos­es and legal grounds

Client data

In the frame­work of our ser­vices and com­mer­cial activ­i­ties we col­lect and process iden­ti­ty and con­tact data of our clients, their per­son­nel, col­lab­o­ra­tors, asso­ciates, and any use­ful con­tacts. The pur­pos­es of this pro­cess­ing are the exe­cu­tion of the agree­ments with our clients, cus­tomer care, book­keep­ing, and direct mar­ket­ing pur­pos­es such as the send­ing of pro­mo­tion­al or com­mer­cial infor­ma­tion. The legal grounds are the exe­cu­tion of an agree­ment, the ful­fill­ment of legal and reg­u­la­to­ry oblig­a­tions, our legit­i­mate inter­est, and, in some cas­es, your con­sent.

Sup­pli­er and sub­con­trac­tor data

We col­lect and process the iden­ti­ty and con­tact data of our sup­pli­ers and sub­con­trac­tors, their sub­con­trac­tors, their per­son­nel, col­lab­o­ra­tors, asso­ciates, and any use­ful con­tacts. The pur­pos­es of this pro­cess­ing are the exe­cu­tion of the agreement(s), supplier/​subcontractor care, book­keep­ing, and direct mar­ket­ing pur­pos­es such as the send­ing of pro­mo­tion­al or com­mer­cial infor­ma­tion. The legal grounds are the exe­cu­tion of an agree­ment, the ful­fill­ment of legal and reg­u­la­to­ry oblig­a­tions, and/​or our legit­i­mate inter­est (for direct mar­ket­ing).

Per­son­nel data

We process the Per­son­al Data of our employ­ees in rela­tion to our per­son­nel and our staffing ser­vices and our salary admin­is­tra­tion ser­vices.

Oth­er data

Besides client, supplier/​subcontractor, and per­son­nel data, we process the Per­son­al Data of oth­er peo­ple, such as poten­tial new clients/​prospects, use­ful con­tacts with­in our sec­tor, net­work­ing con­tacts, etc.

These data are col­lect­ed through our Web­site or through oth­er chan­nels. The pur­pos­es of pro­cess­ing are in the inter­est of our com­mer­cial activ­i­ty, direct mar­ket­ing, and pub­lic rela­tions. The legal ground is our legit­i­mate inter­est and, in some cas­es, the exe­cu­tion of an agree­ment or your con­sent.

More specif­i­cal­ly, we can use the Per­son­al Data we col­lect from you for the fol­low­ing pur­pos­es:

(i) to pro­vide you with infor­ma­tion about our prod­ucts and ser­vices;
(ii) to pro­vide you with our prod­ucts and ser­vices and to exe­cute an agreement(s) with you;
(iii) to inspect and process poten­tial com­plaints or requests;
(iv) to help us eval­u­ate, cor­rect, or improve our Web­site and all relat­ed prod­ucts and ser­vices of BMI Leisure;
(v) for direct mar­ket­ing pur­pos­es;
(vi) for inter­nal rea­sons, such as cor­po­rate admin­is­tra­tion and archiv­ing pur­pos­es.
In the course of pro­vid­ing our ser­vices to you, in some cas­es, we might ana­lyze your infor­ma­tion to build indi­vid­ual pro­files.

The aim is to pro­vide you with per­son­al­ized ser­vices that are rel­e­vant and inter­est­ing for you. The pro­fil­ing is based on your Per­son­al Data but is not used for auto­mat­ed indi­vid­ual deci­sion mak­ing which pro­duces legal effects or has sim­i­lar­ly sig­nif­i­cant effects on you. By using your data to dis­cov­er your inter­ests, we can offer you an opti­mal ser­vice and expe­ri­ence.

Arti­cle 3 – The Con­fi­den­tial­i­ty of your per­son­al data

Every time you as a user sub­mit Per­son­al Data, we shall han­dle this infor­ma­tion in accor­dance with the stip­u­la­tions of this pri­va­cy state­ment and any legal oblig­a­tions applic­a­ble to the pro­cess­ing of Per­son­al Data, includ­ing the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) 2016/679.

We shall estab­lish appro­pri­ate mea­sures and pro­ce­dures to secure and pro­tect the Per­son­al Data we col­lect via the Web­site or via elec­tron­ic cor­re­spon­dence.

In this way, we under­take to pre­vent, as far as pos­si­ble, ille­gal pro­cess­ing of Per­son­al Data and unin­ten­tion­al loss or liq­ui­da­tion of your Per­son­al Data. How­ev­er, despite these pre­cau­tions, we can­not guar­an­tee that your Per­son­al Data is pro­tect­ed when it gets dis­played or report­ed via unse­cured means in anoth­er way oth­er than via the Web­site or oth­er­wise com­mu­ni­cat­ed.

We opti­mize the secu­ri­ty of your Per­son­al Data by lim­it­ing the access to your Per­son­al Data to per­sons on a need-to-know” basis (for exam­ple only BMI Leisure employ­ees or asso­ciates who need your Per­son­al Data for the pur­pos­es as described in Arti­cle 2 will have access to the data).

Arti­cle 4 – How do we col­lect your per­son­al data and how long is it kept?

BMI Leisure col­lects your Per­son­al Data:

(i) when you sub­mit Per­son­al Data via the Web­site;
(ii) When you sub­scribe to our newslet­ter;
(iii) when you enter into an (employ­ment) agree­ment with us;
(iv) when you call or mail us or cor­re­spond with us via anoth­er way than the Web­site
We can com­bine the Per­son­al Data we col­lect via the Web­site with infor­ma­tion that you pro­vide us in anoth­er way or which third par­ties deliv­er to us.

Per­son­al Data will be kept and processed by us for the dura­tion that is required in rela­tion to the pur­pos­es of the pro­cess­ing depend­ing on whether we have a con­trac­tu­al rela­tion­ship with you or not.

Client data and sup­pli­er or sub­con­trac­tor data will be removed from our sys­tems after 7 years after the ter­mi­na­tion of the agree­ment involved, except for the Per­son­al Data that we have to store for a longer dura­tion based on spe­cif­ic legal oblig­a­tions or in case of pend­ing litigation(s).

Data col­lect­ed through the Web­site or through any oth­er chan­nel (oth­er data) will not be kept longer than 5 years after the last use­ful con­tact between us and you.

Per­son­nel data will be removed after 5 years after the ter­mi­na­tion of the employ­ment rela­tion.

We avoid the col­lec­tion of Per­son­al Data that is not rel­e­vant for the pur­pos­es as set out in Arti­cle 2.

Arti­cle 5 – Trans­fer for per­son­al data

We will not trans­fer your Per­son­al Data to third par­ties out­side the Euro­pean Eco­nom­ic Area, except to sub­con­trac­tors or employ­ees who retain the Per­son­al Data on servers in the Unit­ed States, have under­tak­en to do so under the Pri­va­cy Shield or in accor­dance with the Euro­pean Com­mis­sion’s Stan­dard Con­tract Terms and there­by pro­vide an ade­quate lev­el of secu­ri­ty for the pro­cess­ing of Per­son­al Data.

Fur­ther­more, we will not trans­fer your Per­son­al Data to third par­ties inside the Euro­pean Eco­nom­ic Area with­out your per­mis­sion, except:

(i) to Affil­i­at­ed Com­pa­nies;
(ii) when these data are nec­es­sary to per­mit employ­ees, agents, sub­con­trac­tors, sup­pli­ers, or com­mer­cial part­ners to pro­vide a ser­vice or accom­plish a task in the name of BMI Leisure, includ­ing but not lim­it­ed to pro­vid­ing mar­ket­ing sup­port, accom­plish mar­ket research, or pro­vid­ing user ser­vices;
(iii) if it is required or per­mit­ted by the applic­a­ble law.
Any trans­fer of Per­son­al Data to one of the third par­ties men­tioned in the list above is in accor­dance with the stip­u­la­tions of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) 2016/679.

We ensure that mea­sures are tak­en to make sure that third par­ties can­not use your Per­son­al Data for oth­er pur­pos­es than the pur­pos­es men­tioned exhaus­tive­ly in Arti­cle 2 and that these third par­ties have tak­en the nec­es­sary tech­ni­cal and orga­ni­za­tion­al mea­sures to pro­tect these data.

We will have data pro­cess­ing agree­ments in place with the afore­men­tioned third par­ties in order to ensure the secu­ri­ty of the Per­son­al Data.

We shall take all nec­es­sary pre­cau­tion­ary mea­sures to assure that our employ­ees and asso­ciates who have access to Per­son­al Data will process these Per­son­al Data exclu­sive­ly in accor­dance with this pri­va­cy state­ment and the oblig­a­tions under the applic­a­ble pri­va­cy reg­u­la­tions.

Arti­cle 6 – Rights of the data sub­ject

By virtue of both Bel­gian and Euro­pean leg­is­la­tion con­cern­ing data pro­tec­tion, you have the rights as men­tioned below. If you want to exer­cise these rights, you have to send us a writ­ten request and pro­vide a copy of your ID card to privacy@​bmileisure.​com

We will pro­vide you with infor­ma­tion with­in one (1) month of receipt of the request on the action that will be tak­en. We can extend this one-month peri­od to a max­i­mum of three (3) months, in which case you will be informed about the rea­sons for such delay with­in one (1) month of the orig­i­nal request.

The right of access to Per­son­al DataY­ou have the right to instruct us to pro­vide you with any Per­son­al Data we hold about you, pro­vid­ing the rights of oth­er data sub­jects are not affect­ed.

The right to rec­ti­fi­ca­tion of Per­son­al DataWe kind­ly ask you to help to make sure that the Per­son­al Data in our records are as accu­rate and up-to-date as pos­si­ble. If you believe that the Per­son­al Data sub­mit­ted to us are incor­rect or incom­plete, please noti­fy us as described above. We will cor­rect or adapt your Per­son­al Data as soon as pos­si­ble.

The right to the era­sure of Per­son­al DataIn some cir­cum­stances, you have the right to the era­sure of your Per­son­al Data with­out undue delay. Those cir­cum­stances include:

(i) the unneces­si­ty to hold the Per­son­al Data any longer in rela­tion to the pur­pos­es for which they were col­lect­ed or oth­er­wise processed;
(ii) the with­draw­ing of the con­sent to con­sent-based pro­cess­ing;
(iii) the pro­cess­ing that is for direct mar­ket­ing pur­pos­es; and
(iv) in case the Per­son­al Data has been unlaw­ful­ly processed.
How­ev­er, there are cer­tain gen­er­al exclu­sions of the right to era­sure. Those gen­er­al exclu­sions include where pro­cess­ing is nec­es­sary:

(i) for exer­cis­ing the right of free­dom of expres­sion and infor­ma­tion;
(ii) for com­pli­ance with a legal oblig­a­tion; or
(iii) for the estab­lish­ment, exer­cise, or defense of legal claims.
The right to restrict the pro­cess­ing of Per­son­al DataIn the fol­low­ing cir­cum­stances you have the right to restrict the pro­cess­ing of your Per­son­al Data:

(i) for con­test­ing the accu­ra­cy of the Per­son­al Data;
(ii) when the process is unlaw­ful but you don’t want the Per­son­al Data to be erased; or
(iii) when you object­ed to pro­cess­ing, pend­ing the ver­i­fi­ca­tion of that objec­tion.
Where pro­cess­ing has been restrict­ed on this basis, we may con­tin­ue to store your Per­son­al Data. How­ev­er, we will only process it with your explic­it con­sent, for the estab­lish­ment, exer­cise, or defense of legal claims, for the pro­tec­tion of the rights of anoth­er nat­ur­al or legal per­son, or for rea­sons of impor­tant pub­lic inter­est.

The right to objec­tY­ou have the right to object to our pro­cess­ing of your Per­son­al Data.

The right to data porta­bil­i­tyIf you wish to exer­cise your right to data porta­bil­i­ty, we will send the Per­son­al Data in a struc­tured, com­mon­ly used, and machine-read­able for­mat to a con­troller of your choice.

The right to with­draw con­sent­To the extent that the legal basis for our pro­cess­ing of your Per­son­al Data is con­sent, you have the right to with­draw that con­sent at any time. How­ev­er, the with­draw­al will not affect the law­ful­ness of pro­cess­ing before the with­draw­al.

The right to com­plain to a super­vi­so­ry author­i­tyY­ou can file a com­plaint with the Data Pro­tec­tion Author­i­ty (“Gegevens­bescher­mingsautoriteit”) by send­ing an e‑mail tocontact@​apd-​gba.​be or by send­ing a writ­ten request to the Data Pro­tec­tion Author­i­ty with a reg­is­tered address locat­ed at 1000 Brus­sels, Drukpersstraat 35.

Arti­cle 7 – Third-par­ty link

The Web­site may con­tain links to web­sites of third par­ties which are not con­trolled by us. Although we will do our utmost to make sure that the links on the Web­site lead exclu­sive­ly to web­sites that share the safe­ty and con­fi­den­tial­i­ty stan­dards of BMI Leisure, we are not respon­si­ble for the pro­tec­tion and con­fi­den­tial­i­ty of data, among Per­son­al Data that you sub­mit on oth­er web­sites after you have left the Web­site.

Before sub­mit­ting Per­son­al Data we rec­om­mend that you pro­ceed care­ful­ly and con­sult the pri­va­cy state­ment which applies on the web­site con­cerned.