1. General information

1.1 Who we are
Complissimo ("we," "our," or "us") are committed to protecting your privacy. This privacy policy (the “Privacy Policy”) regulates how we collect, use, disclose, and safeguard your personal data when you visit our website, https://www.complissimo.com (the “Website”), leave your contact details for further information (“Information Request”), or interact with us in other ways. Data processing is handled by Complissimo bv, having its registered office at Culliganlaan 2D, 1831 Diegem, Belgium with company number (EUID) BEKBOBCE.1012.942.987.

1.2 Scope
This Privacy Policy applies to all personal data processed by us through the Website or in relation to Information Requests. By using the Website or submitting an Information Request, you acknowledge that you have carefully read this Privacy Policy and agree with it. Your Information Request is subject to your express acceptance of the Privacy Policy.

While using the Website, you may encounter links to third-party websites. Those third-party websites are independent sites, unrelated to us, and we assume no responsibility or liability whatsoever regarding privacy or any other legal matters with respect to those sites. We strongly advise you to carefully read the privacy policies and the terms of use of the websites before accessing them.

1.3 Legal compliance
We undertake to comply with applicable data protection laws, including the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

1.4 Changes to the Privacy Policy
We may occasionally update this Privacy Policy, therefore please revisit this page regularly. Any changes will be posted on this page with an updated effective date. We may additionally inform you of updates to the Privacy Policy by email. This Privacy Policy was last updated on 17 January 2025.


2. Data Processing

2.1 Information we collect

We collect various types of data based on your interactions with the Website:

• Personal data: Defined as data about an identified or identifiable natural person. This includes your name, email address, phone number, and other contact details.
• Usage data: Information about how you interact with and use our Website, such as your IP address, browser type, and activity logs.
• Cookies and tracking technologies: Data collected through cookies and similar technologies to improve user experience and Website functionality (more information in our separate cookie banner).

This Privacy Policy applies to the extent any of those data constitute personal data.

2.2 Legal basis for processing personal data
We may process your personal data based on the following legal grounds:

• Consent: When you have given us explicit permission to process your data (e.g., for marketing communications). You can withdraw your consent anytime, in which case we will cease processing unless another legal ground applies. The foregoing will, however, not prevent us from retaining any personal data if this is necessary to comply with our legal obligations, in order to file a legal claim or to defend ourselves against a legal claim, or for evidential purposes.
• Contractual necessity: When processing is necessary to perform a contract to which you are a party or when you have asked us to take specific steps before entering into a contract.
• Legal obligation: When processing is required to comply with laws, regulatory requirements, or judicial or administrative orders.
• Legitimate interests: When processing is necessary for our legitimate interests or those of a third party, such as improving our services or ensuring the security of our platform, provided that these interests do not override your fundamental rights and freedoms.

To the extent that you provide us with any personal data in connection with any third party, you are solely responsible for obtaining, and hereby represent to have obtained, the informed consent of that person to allow the use of their personal data, and to allow us to access, store, collect, and process the personal data as detailed in this Privacy Policy.

We are committed to data minimisation, meaning that we collect and process only the personal data necessary to fulfil the specific purposes outlined in this Privacy Policy, and that your personal data will be processed only for as long as necessary to achieve those purposes or if applicable until you withdraw your consent.

Please do not provide us with any sensitive information, such as (non-exhaustive list) health information, information pertaining to criminal convictions, or credit card/account numbers.

2.3 Sharing personal data with third parties
We may share your personal data under the following circumstances:

2.3.1 Sharing with third-party service providers
We may share your personal data with third-party vendors and service providers who assist in making available the Website and processing Information Requests. Those third-party processors only process your personal data on our behalf, and must meet the necessary requirements to ensure the security and integrity of your personal data.

2.3.2 Public authorities
Your personal data may be shared with public authorities or law enforcement agencies when required by law, if requested to make such a disclosure by a court, or to protect your or our rights and interests, or those of another individual. This will be limited to what is strictly necessary and in compliance with applicable laws.

2.3.3 Business transfers
In the context of a corporate transaction (such as a merger, sale of company assets, acquisition, or other corporate reorganisation) your personal data may be transferred to the acquiring or merging entity.

2.3.4 Sharing anonymised or aggregated data
We may transmit anonymised or aggregated data to third parties for purposes such as improving products and services, as well as organising targeted marketing or sales activities. Those data do not allow to identify you.We may share your personal data in other manners with your explicit consent.

2.4 Data processing locations and international transfers

2.4.1 Data processing locations and transfers outside the EEA
We may process your personal data both within and outside the European Economic Area (“EEA”). While we process your personal data in the European Union (“EU”), some of our sub-processors may process personal data outside the EEA. For data transfers to countries outside the EEA, including the United States, we rely on (i) European Commission adequacy decisions (with respect to countries that are recognised by the European Commission to offer adequate personal data protection), including the EU-U.S. Data Privacy Framework (“DPF”) for service providers certified under this mechanism, (ii) EU Standard Contractual Clauses (“SCC”), and (iii) Transfer Impact Assessments (“TIA”) to assess and mitigate potential risks, each of the foregoing to ensure that your personal data receive the same level of protection as within the EEA, meeting GDPR compliance standards, when exported outside the EEA, including to countries that are not recognised by the European Commission to offer adequate personal data protection ((ii) and (iii)).

Details related to the Website:

• Flexmail
  • Name: Flexmail
  • Purpose: E-mail marketing
  • Data Processed: Name, email, company
  • Country (outside EEA): N/A
  • Protection Mechanism: N/A

• Google Analytics 4
  • Name: Flexmail
  • Purpose: Website use analytics
  • Data Processed: IP address and diagnostic data
  • Country (outside EEA): USA
  • Protection Mechanism: DPF

2.5 Retention period
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by law. If you request the deletion of your personal data, we will comply unless legal or regulatory obligations require us to retain it.

3. Specific personal data processing use cases

3.1 Usage monitoring
• What: We collect personal data, which may include your device’s Internet Protocol address, browser type, browser version, the Website pages that you visit, time and date of your visit, time spent on those pages, unique device identifiers and other diagnostic data. When you access the Website through a mobile device, we may collect certain information automatically, such as the type of mobile device, mobile operating system, type of mobile Internet browser you use, unique device identifiers and other diagnostic data. We may also collect information that your browser sends whenever you visit the Website through a mobile device.
• Why: To improve your user experience, and to provide, maintain and improve the Website through analysing their usage.
• Legal Ground: Necessary for delivering a service in the performance of a contract, legitimate interest, or consent.
• Retention Time: Subject to any mandatory legal limitations:
(i) we will retain the personal data for a period of six months since the user’s last activity. When the retention period is over, the personal data may be retained in anonymised form.
• Third-party recipients: We refer to §2.4 of the Privacy Policy.

3.2 Information requests

• What: We collect personal data (which may include your name, email, company and country detail) when you request to receive documents or other material from us.
• Why: To deliver the requested materials to you.
• Legal Ground: Necessary for fulfilling a service request in the performance of a contract between us, for potentially entering into a contract between us, or your consent.
• Retention Time: We remove your personal data upon request or after 18 months of inactivity with our marketing or sales activities or through the Website.
• Third-party recipients: We refer to §2.4 of the Privacy Policy.

3.5 Requesting a quote

• What: We collect personal data, which may include your name, email, company, industry, country, phone number, solutions of interest, and specific details related to the solutions, to provide you with a quote.
• Why: To tailor the quote to your needs.
• Legal Ground: Necessary for potential agreement preparation.
• Retention Time: We remove your personal data upon request or after 18 months of inactivity with our marketing or sales activities or through the Website.
• Third-party recipients: None.

3.6 Direct Marketing

• What: We collect personal data, which may include your name, email, company, country, and phone number.
• Why: To send you relevant Solution or marketing information.
• Legal Ground: Your informed consent.
• Retention Time: We remove your personal data upon request.
• Third-party recipients: None.

3.7 Cookies

• As per our separate cookie banner.

4. Your rights
Under the GDPR, you have the following rights:

• Right to be informed: The right to be informed about how we will collect, process, and share your personal data in a concise, transparent, intelligible, and easily accessible format, written in clear and plain language. This information is set out in this Privacy Policy, and additional information can be requested in accordance with § 6.1 (Contact Us).
• Access: The right to request a copy of the personal data we hold about you (provided that this does not adversely affect the rights and freedoms of others), together with information regarding how your personal data is being used, which information you also find in this Privacy Policy.
• Rectification: The right to have your personal data rectified or, taking into account the purposes of the processing, completed if it is inaccurate or incomplete. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification request where possible.
• Erasure (Right to be forgotten): The right to request the deletion of your personal data, such as when the data is no longer necessary, you withdraw consent, or the data was unlawfully processed. You acknowledge that this is not a blanket right to require all of your personal data to be erased. We will carefully consider each request in accordance with the requirements under applicable law.
• Restriction: The right to request to restrict the processing of your personal data in certain circumstances.
• Data portability: The right to request transfer of your personal data to another legal person under the legally defined conditions.
• Objection: The right to object to processing based on legitimate interests or for direct marketing purposes. If you so object, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defence of a legal claim.
• Consent withdrawal: You can withdraw your earlier given consent at any time.

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

5. Technical and organisational measures
We take personal data protection security seriously and implement technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction.

6. Contact

6.1 If you have any concerns or complaints regarding our personal data processing practices or adherence to applicable data protection law, please contact us. We are committed to resolving disputes in a timely manner.

For GDPR-related complaints, you have the right to lodge a complaint with your local data protection authority. Since we are headquartered in Belgium, you may contact the Belgian Data Protection Authority (‘Autorité de protection des données’ / ‘Gegevensbeschermingsautoriteit’): www.dataprotectionauthority.be.

If a complaint cannot be resolved through our internal processes, we will comply with the dispute resolution procedures established under GDPR.

6.2 If you have any questions about this Privacy Policy or want to exercise your rights under the GDPR, please contact us with the specific right you wish to exercise. We may need to verify your identity before being able to process your request. If your request is valid, we will respond as quickly as reasonably possible and no later than 30 days from the date of your request.

Our Data Protection Officer:
Ignace Leroy
Culliganlaan 2D, 1831 Diegem, Belgium
Email: ignace@complissimo.com