1.1. The website available at the address www.5am.be (hereafter: the ‘Website’) is operated by and is the property of FIVE AM bv, with business number BE0840060877 and with registered office at Krakeleweg 39, 8000 Brugge (hereafter: ‘Controller’, ‘we’ or ‘our).
1.4. We are responsible for processing your personal data. As the Controller, we take all appropriate technical and organisational measures so that the processing is in compliance with Regulation (EU) 2016/679 of 27 April 2016 (hereafter: ‘GDPR’). Our appointees or employees who have access to your personal data are also required to comply with the obligations of the GDPR.
1.7. We must inform you that you must always have express permission from the relevant people before uploading to or placing information on the Website about these people.
2. Who are we and how can you contact us?
Legal form: bv
Company name: FIVE AM
Trade name: FIVE AM
Registered office: Krakeleweg 39, 8000 Brugge
VAT number: BE 0840 060 877
Telephone number: 0032 56 74 41 32
Hyperlink(s) Website: www.5am.be
3. Contact details Data Protection Officer
4. For which purposes do we process your personal data?
We process your personal data that was shared on or via the Website solely for:
5. What are the legal grounds for processing your personal data.
5.1. We process your personal data if:
a. the data subject has consented to the processing of their personal details for one or more specific purposes
6. Which personal data do we process?
6.1. On or via the Website, we only process the following personal data if and insofar as you have provided your consent:
a. Electronic identification (IP addresses, cookies, etc.) See 6.2
6.2. Among other things, we process the following data: device data, log file data such as the IP address, browser, and operating system, the external website that brought you to our Website, and the pages that you visit on the Website (and the date and time you visited these pages). This data is automatically (without any sort of registration) only processed for statistical purposes and with a view to further improving the Website.
7. Who receives and/or process your personal data, in addition to the Controller?
Your personal data is also processed on our behalf by, among others, our IT supplier SKINN. This processing is arranged in a controller contract that we have concluded with them.
8. Do we pass your personal data to companies or entities in non-EU countries?
9. Where, how and for how long do we retain your personal data?
9.1. Your personal data is stored on a secure server combell server and Google Inc.
9.2. We shall not store your personal data for any longer than required to achieve the purposes specified in Article 4. In this context, we could therefore store your personal data for some time. We will store your personal data for a minimum of 2 years.
10. What are your rights?
10.1. You have the right to request:
a review of your personal data;
improvement (rectification) or removal (deletion) of your personal data;
a restriction of the processing that relates to you.
10.2. You have the right to appeal against the processing of your personal data. You can object to the processing of your personal data for direct marketing at all times and at no cost.
10.3. You have the right to have your personal data transferred to another controller.
10.4. If the processing of your personal data is based on your permission, you have the right to revoke this permission at all times. However, the revocation of your permission is not retroactive and the lawfulness of the processing based on your permission before the revocation thereof shall remain intact.
10.5. You have the right to submit a complaint to the Privacy Commission/Data Protection Authority.
10.6. The exercise of the aforementioned rights is dependent upon the requirements and conditions as stipulated in the GDPR.
10.7. In order to exercise these rights, you can send a simple request to email@example.com, providing adequate proof of your identity.
11 What are our obligations?
11.1. We take all the appropriate measures to guarantee the security level that is aligned with the risks for and during the protection of your personal data.
11.2. We maintain a processing register in which the (category of) processing of your personal data is described.
11.3. [If applicable - We have appointed a Data Protection Officer who informs and advises us concerning our GDPR obligations, who supervises our compliance with the GDPR, and is the point of contact for the authorised privacy authorities.]
11.4. We cooperate with the authorised privacy authorities (at their request).
11.5. Where necessary and/or required, we shall immediately inform the Privacy Commission/National Data Protection Authority within 72 hours after detection of any security incidents or data leaks (including illegal processing, loss, unavailability, destruction, damage, or unauthorised distribution of your personal data).
We will also inform you under the terms and conditions specified in the GDPR if such a violation appears to entail a high risk for your rights.
If you become aware of a violation in relation to your personal data or that of others, you may contact us on the email address: firstname.lastname@example.org.
11.6. If we use new technologies or applications in order to process your personal data, which could correspond to high risks in relation to your data protection, we will conduct a so-called ‘Data Protection Impact Assessment’ (DPIA) under the conditions of GDPR and, if necessary, consult the Privacy Commission/Data Protection Authority in advance.
Questions? Feel free to contact us: email@example.com