Last modified on 31/10/2023

Privacy policy

This privacy policy (hereinafter, the “Privacy Policy“) governs the protection, collection and processing of your personal data by Caracal BV, whose registered office is at Rue Vanderkindere 542, 1180 Uccle, registered with the Crossroads Bank for Enterprises in Belgium under number 0770.832.571, (hereinafter referred to as “Caracal”, “we“, “us” or “our“).

We attach the utmost importance to the confidentiality and security of your (hereinafter referred to as “you“, “your” or “your“) personal data. The purpose of our Privacy Policy is to inform you about :

  • (categories of) personal data that we collect and process as part of the services that we provide, in particular via the website https://www.caracal.agency/ (hereinafter referred to as the “Website”),
  • the purposes for which we collect and process your personal data and the legal basis on which we do so,
  • how long we keep your personal data,
  • any disclosure of your personal data to third parties,
  • any transfer of your data outside the European Union or to international organisations,
  • the rights you may exercise with regard to your personal data or the processing thereof, and
  • the security measures we put in place to ensure the protection and confidentiality of your personal data.

We advise you to read this Privacy Policy carefully, of which our policy on the storage and use of cookies (the “Cookies Policy”), accessible here, forms an integral part.

1. General information and contact

For the purposes of this Privacy Policy, we are responsible for processing your personal data.

As a result of this classification, we have certain obligations under legislation on the protection of personal data. This legislation includes in particular:

  • the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016 or “GDPR”),
  • the Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of personal data, and
  • the law of 13 June 2005 on electronic communications, including future adaptations and amendments,

hereinafter collectively referred to as the ” Applicable Data Protection Legislation  “.

If you have any questions about our Privacy Policy or the processing of your personal data, or if you feel that your interests are not being represented or are not being represented adequately, you can always send us your questions, comments or complaints by sending an e-mail to [email protected].

You also have the right to lodge a complaint with the competent data protection authority or to request further information from it. You will find all the information you need to do this in article 8 below. If you have any questions or comments, or if you wish to lodge a complaint, we invite you to contact us first so that we can resolve any problems you may encounter.

2. Personal data collected and processed

The personal data we collect and process about you will always be linked to the specific purposes set out below.

We may receive your personal data directly from you, for example when you interact with us via e-mail or using our contact form on the Website. We may also receive your personal data by any means related to information and communication technologies, in particular by automated means, such as cookies. We refer you to our Cookies Policy for more information on this subject.

We are committed to protecting your data and processing it responsibly and transparently in accordance with the following principles:

  • You are not obliged to provide us with the data requested on our website. However, if you choose not to provide certain data, we may not be able to provide certain services or deliver certain products;
  • We collect and process your data only for the purposes described in this policy or for specific purposes of which we have informed you and/or for which you have given your consent;
  • We adopt the principle of minimisation, i.e. we collect and process only the data necessary for the purposes envisaged;
  • We endeavour to keep your Data as accurate and up to date as possible and offer you the opportunity to amend them at any time by sending an e-mail to [email protected] ;
  • If the Data is no longer required and there is no legal obligation for Us to retain it, We will use Our reasonable endeavours to delete, destroy or anonymise it.
  • Your data will not be sold or rented and will only be shared or disclosed for purposes related to this policy, unless disclosure is required by law and/or government authorities or for the purposes of litigation.

Below, we set out in more detail the different categories of personal data that we collect and process about you, the purposes of such processing and the way in which we process your personal data.

A. Processing of personal data when you visit the Website

1. Cookies[1]

Purposes We use different types of cookies:

–        technically essential cookies for functional purposes

We use Vercel to manage our Website and its content, and to manage our cookies. This software uses technically essential cookies. This means that these cookies are necessary for the proper functioning of the Website. It is not possible to refuse these cookies if you wish to visit our Website;

–        cookies for analytical purposes

We also use Google Analytics for analytical purposes. This analysis tool installs cookies that we use to quantify visits (traffic) to the Website. In particular, this allows us to know how many times a given page has been read. We use this information solely to improve the content of our Website.

Lawfulness basis –        Technically essential and functional cookies: necessary for the performance of the service (article 6.1.b of the RGPD)

–        Other cookies (analytical and social network sharing): The use of these third-party cookies, for which we are the joint controller, is subject to your prior consent (Article 6.1.a of the GDPR).

You may refuse to have these cookies installed on your device. This will not prevent you from accessing our Website. However, certain functions may not be available.

Data categories Please refer to our Cookies Policy for details of the different types of data collected depending on your choices.
Retention period Cookies generally also have an expiry date. Some cookies, for example, are automatically deleted when you close your browser (so-called session cookies), while others remain on your computer for longer, sometimes even until you delete them manually (so-called permanent cookies)[2] .
Recipient(s) –        X ;

–        Sortlist ;

–        LinkedIn; and

–        Instagram.

It may also be necessary to communicate this information to our service providers and sub-contractors (IT service providers, hosting companies).

[1] Please refer to our Cookies Policy for full technical information on cookies.

[2] We refer you to our Cookies Policy for details of the different retention periods for our cookies.

B. Processing of personal data when you interact with us

1. Correspondence by email or via the Website’s contact form

Purpose(s) If you wish to benefit from our services, your data will be processed in order to contact you.
Lawfulness basis The processing of this data is essential for the performance of our services (article 6.1.b) RGPD).
Data category This is your identification data ( surname, first name, company name, address, e-mail address).
Retention period Data is processed for a period of 10 years from the date of your last interaction with Caracal.
Recipient(s) This information will be passed on to the tax authorities.

It may also be necessary to communicate with our service providers and subcontractors (IT service providers, accountants, auditors).

2. Administrative and accounting management

Purpose(s) The data you send us is processed to ensure the administrative, accounting and tax management of the services you order from us.
Lawfulness basis The processing of this data is essential for the performance of the contract between us (article 6.1.b) RGPD), in particular the preparation of invoices, order tracking, notification of a change in our terms of service or Privacy Policy (in particular new purposes).

The processing of this data is also necessary for the fulfilment of our legal obligations, in particular under the Code of Economic Law and the VAT Code in tax and accounting matters (article 6.1.c) RGPD).

Data categories These are :

–        your identification data (surname, first name, e-mail, address, telephone number, company number, VAT number);

–        invoices issued and payments ;

–        your financial details (bank, account number).

Retention period Data is processed for a period of 10 years from the end of the provision of our services.
Recipient(s) This information will be passed on to the tax authorities.

It may also be necessary to communicate with our service providers and subcontractors (IT service providers, accountants, auditors).

3. Newsletter

Purpose(s) If you have subscribed to our information service, we will process your data in order to send you free newsletters.
Lawfulness basis The data is processed on the basis of the performance of the service supply contract (article 6.1.b) of the RGPD).
Data category These are your surname, first name and e-mail address.
Retention period The data will be processed until you terminate this free service.
Recipient(s) It may also be necessary to pass on your data to our service providers and sub-contractors (IT service providers, emailing and direct mail, etc.).

C. Processing of personal data when you provide services to Caracal

Purpose(s) The data you send us is processed for the purpose of managing our contractual relationship: managing orders, offers, delivery, invoicing and payment and evaluating the supplier’s performance (where applicable).
Lawfulness basis The processing of data is essential for the performance of the contract. Without the processing of this data, we cannot perform the contract (article 6.1.b) RGPD).
Data categories These may include :

–        your identification details (surname, first name) ;

–        your contact details (e-mail address, telephone number);

–        your professional details (company, job title) ;

–        financial/accounting information (bank account number, account holder);

–        data relating to the monitoring of services .

Retention period Your data will be kept at for 10 years after the end of your last contract with us .
Recipient(s) This information will be passed on to the tax authorities.

It may also be necessary to communicate with our service providers (IT service providers, accountants, auditors).

In the event of a dispute, it may be necessary to communicate your data to our lawyer, to the other parties or their lawyers, to the courts, to experts, technical advisers, notaries, mediators, arbitrators or bailiffs, and to banking or insurance organisations.

3. International data transfers

Our offices are located in Belgium and the personal data we collect is stored on servers in Belgium .

However, for the purposes set out in Article 2, your personal data may be transferred to other jurisdictions outside the European Economic Area (EEA), and therefore not bound by the GDPR. Your data may also be hosted on servers outside the EEA.

Where your personal data is transferred to third parties residing in such jurisdictions, we will implement appropriate safeguards in our agreement with such third parties in order to provide your personal data with a level of data protection that is adequate and at least equivalent to the level to which you are entitled under the GDPR. To this end, we assess the level of data protection in the country of transit or destination, taking into account in particular the relevant decisions taken by the European Commission. We may use the Standard Contractual Clauses adopted by the European Commission and any other appropriate solution, as required or permitted by Applicable Data Protection Legislation.

4. Your data protection rights

Under Applicable Data Protection Legislation, you have certain rights in relation to your personal data that we collect and process.

If you would like further information about your rights as listed below or if you wish to exercise them, please do not hesitate to send us an e-mail to [email protected]. We simply ask you, when exercising your data protection rights, to identify yourself correctly so that we can respond to your request within the time limits indicated below.

Exercising your rights is free of charge and will be carried out within one (1) month of receipt of your request. We may extend this period by a further two (2) months for a total period of three (3) months if your request is particularly complex. If we decide to extend the initial deadline, we will inform you of this decision in good time.

In cases where we consider that your request is manifestly unfounded or excessive, we reserve the right to charge you an administrative fee for fulfilling your request, or even to refuse to fulfil it. You will be informed of our decision within the above-mentioned time limits.

Below is a brief overview of the rights you can exercise in relation to your personal data:

  • Withdrawal of consent: you have the right to withdraw your consent for all processing activities subject to it;
  • Right of access: you have the right to request a copy of the data we process and store about you, in an understandable format;
  • Right to rectification: you have the right to ask us to correct, amend or supplement your personal data;
  • Right to erasure: you have the right to request the erasure of personal data that we process or store about you;
  • Right to restrict processing: in certain circumstances, you have the right to ask us to restrict the processing of your personal data. If you exercise this right, the relevant personal data will remain in our possession, but we will not be able to process it further;
  • Right to object to processing: where we process and collect your personal data on the basis of our legitimate interest, you have the right to object to the processing of that data;
  • this means that we can, at the request of the data subject, provide him/her with his/her personal data and/or supply it to third parties in a structured and machine-readable form.Right to the portability of your data:

5. Security of your personal data

We use generally accepted and reasonable technical and organisational methods, in line with current technological developments in operational security, to provide protection against the loss, misuse, alteration or destruction of all personal data that we store and process.

Our technical and organisational measures are frequently updated to adapt them to new technical and organisational procedures and to guarantee the ongoing security of your personal data.

Our Website contains links to other websites or Internet resources (hereinafter referred to collectively as “Third Party Websites”), which may also collect personal data, in particular by means of cookies or other technologies. We are not responsible for and have no control over these Third Party Websites or their collection, use or disclosure of your personal data. We invite you to examine the privacy policies of these Third Party Websites in order to understand how they collect and process your personal data.

6. Changes to the Privacy Policy

We may adapt and amend our Privacy Policy from time to time, in particular to take account of new data protection practices and to give you greater control over your personal data.

We will always make our Privacy Policy available on the Website in its most recent version. You can also ask us to send you the current or previous versions of our Privacy Policy by sending us an e-mail to [email protected]. At the top of this document, you will be able to check the date on which we last amended our Privacy Policy.

7. Questions and requests

You undertake to provide us with accurate personal data. You can change your personal details at any time by sending us an e-mail to [email protected]. We cannot be held responsible for any failure of our services due to incorrect information provided by you.

If you have any questions about our Privacy Policy or if you feel that your interests are not or are not adequately represented, you can send us all your questions to the e-mail address given above.

8. Applicable law and settlement of disputes

Our Privacy Policy is governed by and interpreted in accordance with Belgian law, unless mandatory legal provisions state otherwise.

You have the right to lodge a complaint with the competent data protection authority, i.e. the authority of the Member State of your habitual residence, your place of work or the place of the alleged breach of the Applicable Data Protection Legislation.

The main data protection authority is the Belgian Data Protection Authority (Autorité belge de protection des données or Gegevensbeschermingsautoriteit ), which can be contacted by the following means of communication:

  • Follow the instructions and fill in the form at ;
  • By sending a letter to the following address: rue de la presse 35, 1000 Brussels, Belgium;
  • By calling the following telephone number: +32 (0)2 274 48 00 ;
  • By sending an e-mail to the following address: [email protected].