Privacy policy
1. Who is responsible for your personal data?
S.R.L. ROGER THAT (or "Roger That," "we," or "the data controller"), with its registered office at 71, Avenue Charles Woeste, 1090 Jette, shall be considered, within the meaning of the General Data Protection Regulation ("GDPR"), as the data controller insofar as it processes the personal data of:
- Its B2C clients;
- Its potential future clients;
- Natural person representatives of its B2B clients;
- Natural person representatives of its B2B partners, such as event organizers;
- Natural person representatives of its suppliers.
("you" or "the data subjects").
This Privacy Policy ("Policy") aims to inform you, as transparently as possible, about how Roger That processes, collects, and retains your personal data.
This Policy is purely informative and does not affect the contractual provisions to which you are subject. These documents therefore remain fully valid and enforceable. |
2. Key Definitions
For the purposes of this Policy, the following definitions shall apply:
i) "Personal data" means any information that allows you to be identified as a natural person, directly or indirectly.
For example: name, email address, phone number, national registry number, address, etc.
ii) "Processing of personal data" means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means.
For example: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
iii) "Data controller" means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
In this case, the data controller is Roger That.
iv) "Processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.
v) "Third party" means any natural or legal person, public authority, agency, or body other than the data subject, the data controller, the processor, and the persons who, under the direct authority of the data controller or the processor, are authorized to process personal data.
vi) "Recipient" means a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered recipients; the processing of such data by those public authorities must comply with the applicable data protection rules according to the purposes of the processing.
3. What personal data do we process, and how do we access it?
a. Categories of data processed
To carry out the processing purposes listed below, Roger That may process the following categories of personal data:
- Identification data: name, first name, company name (if applicable), postal address;
- Electronic and telephone identification data: email address and phone number;
- Billing data;
- Data related to event organization;
- Any other data voluntarily provided by the data subject to Roger That.
b. Special categories of data
As a rule, Roger That does not process special categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning your sex life or sexual orientation, without your consent.
c. Non-personal data
We may also collect non-personal data.
These are considered non-personal data because they do not allow the direct or indirect identification of a particular person. Therefore, they may be used for any purpose.
However, if non-personal data are combined with personal data in a way that makes it possible to identify the data subjects, they will be treated as personal data until they can no longer be linked to a particular person.
d. Collection methods
- Direct collection. Most of the personal data concerning you are collected directly from you by Roger That, notably through email exchanges or other forms of contact you may have with us.
- Indirect collection. In some cases where we organize an event in partnership with a third party, such as Eventbrite, some of your data may be communicated to us by this partner.
4. Why do we process your personal data, and on what legal basis do we process your personal data?
Legal bases | Purposes |
Processing based on the legal basis of contract performance with Roger That | Your personal data are processed, notably, for the following purposes: As a client of the co-working space (B2B and B2C):
As a B2B supplier of the co-working space:
As a Roger That partner:
|
Processing based on Roger That's legitimate interests | As a client of the co-working space (B2B and B2C):
For processing activities based on this particular legal basis, we always ensure that there is a fair balance between your rights and interests and those of Roger That. |
Processing based on Roger That's compliance with a legal obligation | The processing of personal data may result from a legal obligation requiring Roger That, for example, to respond to a request from an authorized third party (see point 5b.§2) or to comply with tax and social security obligations. |
Processing based on your consent | The sending of commercial solicitations/newsletters is subject to your consent. |
Unforeseen Processing | Roger That may carry out processing activities that are not yet specified in this Policy. In such cases, you will be contacted before any further use of your personal data to inform you about the unforeseen processing activities and to give you the opportunity to refuse them if applicable. |
5. Who has access to your personal data?
a. Internal Recipients
Access to your personal data is strictly limited within Roger That to the following individuals:
- Roger That team members responsible for contract management and invoicing;
- Roger That team members in charge of communication (e.g., for sending newsletters);
- The reception staff at the co-working space.
b. External Recipients
As part of our activities, we may share your data with the following recipients:
- Our IT service provider and hosting provider;
- Our financial service providers responsible for processing online payments.
Roger That may also be required to disclose some of your personal data to authorized third parties if required by law, a court ruling, or a public authority order.
This may include disclosure to the following third parties: judicial or government authorities, banks, labor inspection services, tax authorities, police services, bailiffs, payroll agencies, the National Office for Annual Holidays, ONSS (Belgian social security agency), ONEM (National Employment Office), the Federal Public Service Finance, family allowance funds, sectoral social funds, etc.
None of your personal data is transferred to third countries located outside the European Union or to international organizations. If this were to become necessary, we commit to taking appropriate security measures to ensure an adequate level of protection for your personal data.
6. How long do we keep your data?
In general, your personal data is retained only for as long as necessary to fulfill the purpose for which we hold it. We ensure that these retention periods are relevant and comply with legal deadlines.
Regarding specific retention periods, we have defined the following durations:
- 10 years from the end of the contractual relationship that binds us;
- 3 years from the end of the commercial relationship for customer data used for marketing purposes;
- 3 years from their collection or the last contact from the prospect for prospect data used for marketing purposes. At the end of this period, Roger That may contact the prospect to inquire if they wish to continue receiving commercial communications. If there is no positive and explicit response, the data will be deleted or archived in accordance with applicable regulations.
7. What security measures are in place to protect your personal data?
We implement appropriate technical and organizational measures to ensure an adequate level of security when processing your personal data, particularly to prevent loss, theft, misuse, alteration, unauthorized disclosure, or unauthorized use. This security level is determined based on the risks associated with processing and the nature of the data to be protected.
In the unlikely and unfortunate event that your personal data is compromised due to a security breach, we commit to acting promptly to identify the cause of the breach and take appropriate corrective measures.
If necessary, in accordance with applicable law, we will inform you of this incident.
8. Your Rights
As a data subject, you have several rights regarding access to and control over your personal data, including:
If you wish to exercise any of these rights:
9. Questions, Complaints, or Grievances
If you wish to respond to any of the practices described in this Policy, you are advised to contact Roger That's GDPR Representative:
Ms. Déborah De Klerk. Email: deborah@rogerthat-pr.be
You may also file a complaint with the Belgian Data Protection Authority:
Data Protection Authority
Rue de la Presse, 35
1000 Brussels
Tel. +32 2 274 48 00
Fax. +32 2 274 48 35
Finally, you also have the option to file a complaint with the competent national courts.
10. Policy Changes
We reserve the right to modify this Policy, notably to adapt it to new legal requirements. Such changes will take effect immediately after this document is updated. You will be informed of the update through the means we deem appropriate.
***