EN
NL

Privacy Policy Website

  1. Who we are
    1. “We”, “us” or “our” means Waves BV, with its registered office at Engels Plein 37-39 and with company number BE0763.971.208. We will be considered as controller with regard to the personal data that we collect in the context of your use of our website.
    2. This privacy policy is only aimed at providing you with information regarding the processing of personal data in the context of our website. For our privacy practices regarding our services, we refer to the agreement that you have concluded with us or the contact person as indicated below. Our website, www.wavesleuven.be, is owned and managed by Waves BV. The website is hosted by Waves BV. For further information, please refer to article 5 of this Privacy Policy.
    3. Your privacy is important to us, so we’ve developed this Privacy Policy that sets out how we collect, disclose, transfer and use (“process”) the personal data that you share with us, and which rights you have. Please take a moment to read through this policy.
    4. If you have any questions, concerns or complaints regarding this Privacy Policy or our processing of your personal data or you wish to submit a request to exercise your rights as set out in article 4, you can contact us:
      1. Via mail: hello@wavesleuven.be, to the attention of Katina McCulloch
      2. By post: Engels Plein 37-39 + Katina McCulloch

This Privacy Policy was revised last on 07/06/2022.

  1. How we use and collect your personal data
    1. Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify a natural person.
    2. The personal data we collect, is collected and used for the purposes as listed hereunder:
      1. In the event you use the contact form on our website, we will use your personal data in order to reply to your query, via e-mail or telephone.
      2. In the event you register for our newsletter, your e-mail address will be used in order to send you our newsletters, which may include invites to events, seminars, etc. organized by us.
      3. We process your personal data for the purpose of supporting the website and enhancing your user experience, which includes ensuring the security, availability, performance, capacity and health of the website.
      4. We process your personal data to enforce or exercise any rights that are available to us based on the applicable law, such as use for the establishment, exercise or defense of legal claims. We may also use your personal data to fulfil our obligations as set out by the applicable law.
    3. The following categories of personal data can be distinguished:
      1. Contact data: in the event you make use of the contact form, you will be asked to provide the following information: name, address, e-mail address, phone number, and any personal data that you choose to put in the designated blank field (please do not provide us with any sensitive information, such as health information, information pertaining to criminal convictions, or credit card/account numbers). This is information that is provided directly by you.
      2. Newsletter: If you register for our newsletter, you will be asked to provide your e-mail address. This is information provided directly by you.
      3. Usage data: We collect personal data regarding your activities on our website: IP address, device ID and type, referral source, language settings, browser type, operating system, geographical location, length of visit, page views, or information about the timing, frequency and pattern of your service use. This information may be aggregated and used to help us provide more useful information regarding the use of our website. In the event the usage data is completely anonymized (and can therefore not be traced back to you as an individual), this will not be considered personal data for the purpose of this Privacy Policy. This is personal data that is automatically collected through your use of the website.
      4. Log in data: We collect personal data regarding your digital marketing strategy: login data (account name, password, e-mail address). This personal data is made available by you. Credit card details are only entered by our customer and are impossible to use without permission.
    4. The legal grounds for using your personal data are
      1. Contractual ground: the processing is necessary for the implementation of the agreements made in the employment contract.
      2. Permission. Waves Leuven has obtained unambiguous and explicit permission from the person. We received this permission when the employment contract was signed. You have the right to withdraw your consent at any time. This will not affect the legality of the processing that took place prior to the withdrawal of your consent.
      3. Justification: the processing is necessary for the representation of the legitimate interests, in particular the promise of the best Waves Leuven customer experience. (eg offering new services). The aforementioned target will not be feasible without processing.
    5. Your personal data will only be used for the purposes set out in Article 2.2.
  1. Retention of your data and deletion
    1. Your personal data will not be kept for longer than is necessary to serve a specific purpose. However, since it is not possible to indicate a period in advance, the period will be decided as follows:
      1. The period depends on which services the Waves Leuven provides. These are contractually agreed and recorded. When use is made of our Hosting service, an agreement of indefinite duration is drawn up as standard. This agreement can be canceled at any time. Deadlines regarding digital strategy are laid down as well as at the conclusion of the agreement. The duration of these agreements depend on demand and contractually agreed..
      2. If you withdraw your consent or if you object to the processing of personal data, and such objection is withheld, we will remove your personal data. We will, however, keep that personal data necessary to respect your preferences for the future.
      3. We are, however, entitled to keep track of your personal data if this is necessary to comply with our legal obligations, to institute a legal claim or to defend ourselves against such a claim or for reasons of proof.
  1. Your rights as an individual
    1. This article lists your principal rights under data protection law. We have tried to summarize them for you in a clear and legible way.
    2. To exercise any of your rights, please send us a written request in accordance with article 1 of this Privacy Policy. We will respond to your request without undue delay, but in any event within one month of the receipt of the request. In the event of an extension of the term to respond or in the event we do not take action on your request, we will notify you.
    3. The right to access
      1. You have the right to confirmation as to whether or not we process your personal data and, in the event we do so, you have the right to access such personal data, together with certain additional information that you also find listed in this Privacy Policy.
      2. You have the right to receive from us a copy of your personal data we have in our possession, provided that this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but we reserve the right to charge a reasonable fee if you request further copies.
    4. The right to rectification
      1. If the personal data we hold about you is inaccurate or incomplete, you have the right to have this information rectified or, taking into account the purposes of the processing, completed.
    5. The right to erasure (right to be forgotten)
      1. In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include:
        1. The personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed;
        2. You withdraw your consent, and no other lawful ground exists;
        3. The processing is for direct marketing purposes;
        4. The personal data have been unlawfully processed or erasure is necessary for compliance with EU law or Belgian law;
      2. There are certain exclusions to the right to erasure. Those exclusions include where processing is necessary,
        1. for exercising the right of freedom of expression and information;
        2. For reasons of public interest in the area of public health;
        3. For the purpose of archiving in the public interest or for statistical purposes;
        4. for compliance with a legal obligation; or,
        5. for the establishment, exercise or defense of legal claims.
    6. The right to restrict processing
      1. You have the right to restrict the processing of your personal data (meaning that the personal data may only be stored by us and may only be used for limited purposes), if:
        1. You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
        2. The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
        3. We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; or,
        4. You have objected to processing, pending the verification of that objection.
      2. In addition to our right to store your personal data, we may still otherwise process it but only:
        1. with your consent;
        2. for the establishment, exercise or defense of legal claims;
        3. for the protection of the rights of another natural or legal person; or,
        4. for reasons of important public interest.
      3. We will inform you before we lift the restriction of processing.
    7. The right to data portability.
      1. To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
      2. You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.
    8. The right to object to processing.
      1. You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for:
        1. The performance of a task carried out in the public interest or in the exercise of any official authority vested in us;
        2. The purposes of the legitimate interests pursued by us or by a third party.
      2. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
      3. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
    9. The right to complain to a supervisory authority.
      1. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Belgium, you can submit a complaint to Privacy Commissie, Drukpersstraat 35, 1000 Brussel (commission@privacycommission.be), https://www.privacycommission.be/nl/contact.
  1. Providing your personal data to others
    1. In order to provide you with our website, we work with service provider to process and store your personal information. We use the following categories of service providers:
      1. Combell
      2. If agreed a third party who has access to the website dashboard
      3. If contractually agreed under the name SEA, we work together with Facebook business, Google adwords, LinkedIn business.
      4. (…)
    2. We may also disclose your personal data in the event such disclosure is required or necessary in order to fulfil a legal obligation. We may also disclose personal data in order to protect your vital interests or the vital interest of another natural person.
    3. As such, we do not disclose your personal data to our social media partners. We do, however, make use of social media plugins to direct you to our social media channels and to allow you to interact with our content. These social media channels are (LinkedIn and Twitter). In the event you click such link, such social media service provider may collect personal data about you and may link this information to your existing profile on such social media.
    4. We are not responsible for the use of your personal data by such social media service provider. In such case, the social media service provider will act as controller. For your information only, we have included the relevant links (these may be changed from time to time by the relevant service provider):
      1. Facebook: http://facebook.com/about/privacy;
      2. Instagram: https://help.instagram.com/155833707900388;
      3. LinkedIn: http://linkedin.com/legal/privacy-policy;
      4. Twitter: http://twitter.com/privacy;
      5. Google+: https://www.google.com/intl/en/policies/privacy/;
  1. International transfers
    1. We will not transfer your personal data outside of the European Economic Area.
    2. We will ensure that any transfer of personal data to countries outside of the European Economic Area will take place pursuant to the appropriate safeguards.
    3. You agree to the transfer of personal data to a third country.
  1. Cookies
    1. Our website makes use of cookies. For further information relating to our use of cookies, we refer you to our cookie policy.
  1. Amendments to the privacy policy 
    1. From time to time, we have the right to modify this Privacy Policy. You will always be able to consult the most recent version of the Privacy Policy on the website.

Privacy Policy Bsport

All information regarding the Privacy Policy for Bsport – the booking programme for our Gym and Pilates services – can be found via the following link: . On registration and creation of an account, every members is asked to agree to the general terms and conditions that include these GDPR/AVG Guidelines.

Privacy Policy Crossuite

Crossuite is the booking programme in Waves used by our Health pillar to do all administration and notetaking for our clients. Below is the GDPR/AVG outline which all clients are requested to sign on sign-up on their first appointment. The confirmation status of this GDPR/AVG statement can be individually checked in their personal crossuite client profile.

WAVESLEUVEN places great value on the protection of your personal data. In this Privacy Policy, we aim to provide clear and transparent information on how we handle personal data. We strive to safeguard your privacy and therefore handle personal data with care.

WAVESLEUVEN always complies with the applicable laws and regulations, including the General Data Protection Regulation. This means that we, at the very least:

– Process your personal data in accordance with the purpose for which they were provided, and these purposes and types of personal data are described in this Privacy Policy.
– Limit the processing of your personal data to only those data that are minimally necessary for the purposes for which they are processed.
– Have taken appropriate technical and organizational measures to ensure the security of your personal data.
– Do not pass on personal data to other parties, unless necessary for the execution of the purposes for which they were provided.
– Are aware of your rights regarding your personal data, wish to point them out to you, and respect them.

WAVESLEUVEN is responsible for processing your personal data. If you have any questions after reading our Privacy Policy, or in a more general sense, wish to contact us, you can do so via the contact details at the bottom of this document.

Processing of personal data of patients or clients by WAVESLEUVEN is carried out for the following purpose:

Recording patient data for the treatment process

What personal data is this?

– First name
– Last name
– Address
– Phone number
– Email address
– Gender
– Date of birth
– National registry number
– Health insurance data

These can be supplemented with information regarding sports, hobbies, and occupational situation. Additionally, we also keep track of any familial relations among patients.

Your personal data is stored by WAVESLEUVEN for the purpose of the abovementioned processing(s) for the duration of the treatment and the legal retention period.

For the physiotherapist, this is done in an accredited software package, Crossuite, which is secured by a constantly changing token as 2-way authentication.

Privacy Policy – GDPR

Processing of personal data of Healthcare Providers
Personal data of healthcare providers are processed by WAVESLEUVEN for the following purpose:

Exchange of patient data for treatment, with the aim of referral (to a doctor, insurance, or health insurance provider)

For the above purpose(s), WAVESLEUVEN may request the following personal data from you:

– First name
– Last name
– Email address
– Phone number
– National registry number and/or health insurance number
– Address

Your personal data is stored by WAVESLEUVEN for the purpose of the above processing(s) throughout the duration of the patient’s treatment and the legal data retention period.

Processing of personal data of prospects, stakeholder/lobby contacts, and/or interested parties Personal data of prospects, stakeholder/lobby contacts, and/or interested parties are processed by WAVESLEUVEN for the following purpose:

Information provision in the form of newsletters and/or targeted contacts

The basis for this personal data is:

– Oral consent, provision of a business card, and/or via social media;

For the above purpose(s), WAVESLEUVEN may request the following personal data from you:
– First name
– Middle name
– Last name
– Address
– City
– Phone number
– Email address
– …

Privacy Policy – GDPR

Your personal data is stored by WAVESLEUVEN for the purpose of the abovementioned processing(s) for the period in which one is considered a prospect, stakeholder/lobby contact, and/or interested party.

We never disclose personal data to parties with whom we have not entered into a data processing agreement. With these parties (data processors), we naturally make the necessary arrangements to safeguard the security of your personal data. Furthermore, we will not provide the data you have provided to other parties unless it is required by law and permitted. An example of this is if the police requests (personal) data from us as part of an investigation. In such a case, we are required to cooperate and therefore obliged to provide this information. Additionally, we may share personal data with third parties if you provide us with written consent to do so.

Within the EU
We do not provide personal data to parties established outside the EU.

Minors
We only process personal data of minors (individuals under the age of 16) if written consent has been provided by a parent, caregiver, or legal representative.

Retention Period
Your personal data will be stored by WAVESLEUVEN during the treatment duration of the patient and the legal retention period of data for 5 years after your last appointment unless a longer retention period is required by your provider or permitted by legislation. After this period, your personal data will be deleted from our systems. If you wish to have your data deleted earlier without violating the legally specified deadlines, you can always request this by contacting us via email at hello@wavesleuven.be.

Security
We have taken appropriate technical and organizational measures to protect your personal data against unlawful processing. For example, we have taken the following measures:

– All persons who have access to your data on behalf of WAVESLEUVEN are obliged to maintain confidentiality.
– We implement a username and password policy with 2-way authentication on all our systems.
– We pseudonymize and encrypt personal data where necessary.
– We create backups of personal data to restore them in case of physical or technical incidents.
– We regularly test and assess our measures.
– Our employees are informed about the importance of personal data protection.

Privacy Policy – GDPR
Rights regarding your data
You have the right to access, rectify, or delete the personal data we have received from you. You can also object to the processing of your personal data (or a part thereof) by us or by one of our data processors. Moreover, you have the right to have the data you provided to us transferred to you or directly to another party at your request. We may ask you to identify yourself before we can comply with the abovementioned requests.

If we process your personal data based on your consent, you always have the right to withdraw this consent.

Complaints
If you have a complaint about the processing of your personal data, we ask you to contact us directly. If we cannot resolve the issue together, we naturally find this situation regrettable. You always have the right to file a complaint with the Data Protection Authority, which is the supervisory authority in the field of data protection.

Questions
If you have any questions or comments following our Privacy Statement, please contact us!
Contact information WAVESLEUVEN: Engels Plein 37, 3000 Leuven
Bavo Wouters, Bavo@wavesleuven.be