ClauseBase is operated by ClauseBase BV, with registered office at Alfons Stesselstraat 9, 3012 Wilsele, Belgium and registered with the Crossroads Bank for Enterprises under company number 0723.768.270 (hereafter: “ClauseBase” or “we”).
This Privacy Statement explains how ClauseBase, as the data controller, uses any personal information about you when we do, or are preparing to do, business with each other.
1. Which categories of personal data do we collect?
When you create your profile to use ClauseBase, you are required to give information that allows us to identify you as a legitimate user. This includes your name, username, email address, password and any information you fill out on website (e.g. when booking a training session).
Furthermore, we also retain information that is generated about you, such as: a unique user ID number, the documents you export, login attempts and the organisation and groups of which you are a member (if your administrator designated you to a specific group).
To protect the privacy of its users, ClauseBase:
- does not store your user activities, e.g. which features are used or which files are being accessed (other than the most recent files list and the mere fact that you were using our services at a certain moment)
- only keeps track of your IP addresses for up to 24 hours.
We also process information specific to your account, such as your account rights (e.g.: as a regular user or an administrator), your ‘favourites’ (i.e.: the files and folders you include in your shortlist), your language and legal domain preferences, your personal styling (e.g.: font, layout, page settings, etc…) and an optional API key, which allows a third party server to send requests to ClauseBase’s server on the basis of your account.
When you subscribe to our newsletter, you enter your email address so that we can contact you and provide you with updates. We only store your email address and your first and last name, if you choose to provide it.
ClauseBase (and third parties such as Google Analytics) can store cookies when you visit any page of our website (www.clausebase.com) if you accept them. These may be ‘session’ cookies, which delete themselves when you leave our website, or ‘persistent’ cookies which do not delete themselves and help us recognise you when you return so we can provide a tailored service.
2. Why do we process your personal data?
ClauseBase primarily processes your personal data in order to provide the best experience of the ClauseBase Platform as we possibly can.
ClauseBase may in some cases be required to contact you in relation to your use of the services, e.g.: if you have submitted an error report, need technical assistance, etc… In these situations, we will use your contact details only insofar as necessary for resolving any issues that require direct contact. We will not use your contact details to send you marketing communication unless you have explicitly consented to receive such communication.
In all these cases, the legal basis for our processing activities is our legitimate interest to provide the best possible service to you and the organisation of which you are a part.
3. How long do we store your personal data?
ClauseBase will not store your information longer than is necessary for the purpose of providing the services of the ClauseBase Platform. This means that your personal data will be deleted upon termination of the agreement through which you are granted access to the Platform.
However, it is important to note that we may need to retain certain identification information and information on use of the platform in the interest of any potential claims. In any case, we will not retain your personal data for longer than 10 years after the termination of the abovementioned agreement.
4. What are your rights in relation to your personal data?
If you want to invoke your rights, please file your request to us via an e-mail to firstname.lastname@example.org.
Access right: You have the right to access your personal information processed by us.
Right of rectification and the right to erasure: At all times, you have the possibility to rectify or erase your personal data, provided that the applicable legal requirements are met. In the event of errors, we will, upon notification, immediately correct our information about you. Personal data will be erased when the legal requirements are met. Excluded from erasure are only the data we still require to enforce our rights and claims, as well as the data we must store for a longer period of time due to a statutory obligation.
Restriction of the processing: If the applicable legal provisions are met, you can require us to restrict the processing of your personal data. This means that your personal data will only be stored and not actively used anymore, unless you give consent for further use. Excluded from restriction are the personal data needed for the exercise or defence of legal claims.
Objection to the processing of data: Furthermore, you have the right to at all times object to the processing of your personal data by us. We will cease to process your personal data, unless we can demonstrate compelling legitimate grounds for further processing (according to the applicable legal provisions) that outweigh your objection rights. You can also choose at any time to stop receiving marketing communication from us like our newsletter. To do so, simply unsubscribe by clicking the designated button at the bottom of every marketing email.
Right to lodge a complaint with the supervisory authorities: You have the right to lodge a complaint with the supervisory authority. Therefore, you can contact the data protection authority that is competent for your place of residence. For Belgium, this is:
Gegevensbeschermingautoriteit / Data Protection Authority / L’Autorité de Protection des Données
Drukpersstraat 35, 1000 Brussel
Tel.: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
5. Who will receive your personal data?
ClauseBase’s server is hosted by one of Europe’s premium hosting facilities, physically located in a datacentre in the European Union. This datacentre hosts the information set out above, but the server can only be accessed by ClauseBase administrators, through an encrypted VPN connection secured with a strong password. The hosting party in question also does not transfer personal data outside of the European Economic Area.
ClauseBase may from time to time work with third parties to deliver an optimal service to you and your organisation. ClauseBase shall never sell information to these third parties or disclose your personal data in an unauthorised manner. Where you provide your personal data to such a third party, this Privacy Statement shall not apply and we instead refer to the privacy statement of the third party in question.
6. Changes to this Privacy Statement
ClauseBase reserves the right to amend this Privacy Statement from time to time. We will place any updates thereof on https://help.clausebase.com. This Privacy Statement was last modified and revised on 5 December 2020.
7. Contact information
For any further data protection related inquiries, please contact us at email@example.com.
5 December 2020: changed the email address to firstname.lastname@example.org and clarified that (a) IP addresses are merely temporarily stored; and (b) we register the fact that users were using our services at a certain moment in time.