Data protection is of a particularly high priority for Apogado CVBA. If a data subject wants to use our consulting expertise or special enterprise services via our website, processing of personal data could become necessary.
By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process.
1. Definitions
In this data protection declaration, we use, inter alia, the following terms:
a) Personal data
- Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
- Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing
- Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.
d) Controller
- A controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data;
e) Processor
- Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
2. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Apogado CVBA, Nattehofstraat 33B, 2800 Mechelen, Belgium
Phone: +32 (0)15 800 620
DPO-Email: DPO@apogado.com
Website: www.apogado.com
3. Collection of general data and information
| Purpose | Legal Basis | Categories of personal data | Retention period |
| Maintaining security and functionality of the website through cookies | Consent | General data and information such as: browser type, operating system, referrer, IP adress | Variable (see cookie policy) |
| Communication through the website contact sheet | Consent | Contact information | 1 year |
| Archiving for the GDPRBox service | Legitimate interest, legal obligation | Identification data, contact information | 2 years |
| Processing details for job applicants | Legitimate interest, legal obligation | Identification data, contact information | 2 years |
| Processing information for consulting practices | Performance of a contract | Contact information, various internal company data that may include personal information | 5 years after the contract ends |
4. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
5. Your rights as data subject
a) Right of confirmation: We will confirm if we are processing your personal data.
b) Right of access: We will provide you with a copy of your personal information including the purposes, goals and other information related to the processing.
c) Right to rectification: Any faulty information in your personal data needs to be corrected.
d) Right to erasure (Right to be forgotten): You may have your personal data removed if it is no longer necessary, you withdraw your consent, the processing is unlawful or for other legal reasons.
e) Right of restriction of processing: During the process of exercising the other rights, you can temporarily halt certain aspects of the processing.
f) Right to data portability: If you wish to transfer your personal data to another (similar) platform, we can provide you a copy in a common format.
g) Right to object: At any time you may object to the processing by contacting the local data protection authority (https://www.gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen).
h) Automated individual decision-making, including profiling: Your personal data may not be used to make automated decisions that significantly affect you.
i) Right to withdraw data protection consent: If consent is used for the processing, you may withdraw this consent at any time.
In order to exercise these rights, we ask you to supply a written request to the address mentioned above, or provide a mail to DPO@apogado.com. In some cases, in order to confirm that the correct person is providing the request, we may ask you to include a copy of your ID card wherein you black-out all of the unnecessary information (photo, birthdate, birthplace, sex, nationality, card number, registry number). Alternatively, we prefer you use our automated application with which you can use e-ID to confirm your identity: app.acceptance.smartgdpr.com
6. Cookies
Cookies are text files that are stored in a computer system via an Internet browser. The website of Apogado CVBA uses this to collect a series of general data. Apogado CVBA analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process.
Many cookies contain a so-called cookie ID, a unique identifier. A specific Internet browser can be recognized and identified using the unique cookie ID.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs.
The website also uses external links to document certain information. These links are marked by an icon that will prompt the user that they are leaving the website. The activation of these links is the responsibility of the user. We recommend reading both the privacy policy and cookie policy of these websites.
7. Data protection provisions about the application and use of Google Analytics (with anonymization function)
On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
Among other things, we collect this data: IP address (is made partially anonymous), which pages you visit and in which order, which browser you use (Chrome, Firefox, Internet Explorer …), whether you surf on our website with a laptop or smartphone, how long your visit lasts and how long you stay on pages.
We have a processor agreement with Google. Your personal data is not visible and will not be shared with other parties.
In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it.
Cookies we use:
| Name | Type | Goal | Retention Period |
| CONSENT, CONSENT, CookieConsent | Essential | Save cookie preference | Session |
| Pll_Language | Essential | Save language preference | 1 year |
| SAPISID, APISID, | Analytical | For targeting purposes to build a profile of the website visitor’s interest to provide personalized ads | 2 years |
| HSID, SID, SSID | Analytical | Used for security purposes to store digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time which allows Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties. This can also be used for targeting purposes to show relevant & personalised ad content. | 1-2 Years |
| SIDCC | Analytical | Security cookie to protect a user’s data from unauthorized access | Persistent |
| _Secure-3PSID, _Secure-3PAPISID, _Secure-3PSIDCC, | Analytical | For targeting purposes to build a profile of the website visitor’s interest to provide personalized ads | 1-2 years |
| 1P_JAR, DV | Analytical | Collects website statistics and tracks conversion rates | 30 days, session |
| NID | Analytical | Used to store preferences in a unique Google ID to remember your information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on. These preferences can be used for optimised &/or personalised advertising on Google networks | 1 Year |
| OTZ | Analytical | Cookie used by Google Analytics that provides an aggregate analysis of Website visitors | 1 Month |
| _ga | Analytical | Used to distinguish users | 2 years |
| _gid | Analytical | Used to distinguish users | 48 hours |
| _gali | Analytical | Determines which links are being used on the webpage | 30 seconds |
| _gat | Analytical | Used to throttle request rate. | 1 minute |