This privacy policy applies to the Quppa Service, App and Website. In the context of this privacy statement CORE is the legal entity that is the processor of your personal information.
CORE CVBA-SO
Legal address: Kapeldreef 75, 3001 Heverlee, Belgium
Business registration number: BE0845.955.806
RPR Leuven
Reference to this entity will be made using the terms "Quppa", "We" and "Us".
1.1. When you make use of our service, website or app or have provided the information to us, we may process the following types of information about you:
a. Information that you provide us when you first register an account, or when you complete it in a later phase: name, surname, e-mail address, telephone number, date of birth, postal code, gender, whether you're a student or not.
b. Transactional information regarding your use of our service: time of borrow/return, location of borrow/return, number of products borrowed/returned,and purchases made.
c. Financial information you provide when activating a subscription: chosen payment method, IBAN account number, credit card information and billing address.
d. Information you provide us about your preferences: settings regarding language, notifications, newsletters and cookies. Whenever you fill in a survey on our website or app, we may also process preference data.
e. Information you provide us when you contact us for questions or support.
f. Depending on which of our services that you use, and your app settings or device permissions, we may collect location information based on data such as GPS, IP address and WiFi.
g. Information about your device or connection, for example your internet protocol (IP) address, log-in data, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our products or services, and information we collect through cookies and other data collection technologies.
h. Information about your visits to our website and app, such as time of visit, the type of content you engaged with, on what pages and screens you clicked.
1.2. We may also receive information from other sources, such as:
a. Google and Facebook: if you registeror log in to your account using Google or Facebook, we receive your name and email address to authenticate you, as permitted by your Google or Facebook profile settings.
b. Our business partners and service providers, for example payment providers, social media services, analytics.
1.3. We do not collect sensitive personal data such as health, legal or racial information.
2.1. To be able to fulfill the contractual agreements we have with our customers and provide them with a secure, stable and working service.
2.2. To comply with legal or regulatory requirements
2.3. To satisfy our legitimate interest in marketing our goods to new and existing customers, and in gaining insight into how our service can be improved and scaled.
2.4. On the ground of consent, only when you explicitly opt-in for the collection of certain personal data.
To keep your personal information secure we take suitable technical and organizational measures, conforming to today's standards. Your connection to our website and app is encrypted and all information is stored on secured servers.
4.1. We share information with third parties that help us operate, improve, and market our products and services, for example third-party service providers who provide website and application development, data storage and backup, infrastructure, billing, payment processing, authentication, customer support, business analytics, and other services.
4.2. Third-party providers only get access to your personal information for the purpose of carrying out their services. We carefully select the third-party providers we work with, to ascertain that they offer the same level as protection we do.
4.3. We may share aggregated, anonymized data about our users and how they use our service with third parties for commercial or analytical purposes.
Your personal information is stored for an amount of time that is deemed reasonable in accordance to the goal for which it was collected.
6.1. You have the right to know why your personal information is collected, what happens with it and how long it is stored.
6.2. You have the right to access and view the personal data we collect about you.
6.3. You have the right to complete, correct, or remove your personal information whenever you want.
6.4. If you gave us the permission to collect your personal information, you have the right to withdraw this permission and have your data deleted.
6.5. You have the right to data portability: you can request all your personal information from the responsible processor and transfer it to another processor.
6.6. You can object to the processing of your personal information. We will fulfill your request, unless the processing is based on a valid legal ground.
Please contact us if you would like to exercise these rights. If you have a complaint about the way we handle your personal information, we would like to get into contact with you to resolve the issue, but you also have the right to file acomplaint with the relevant authority (Data Protection Authority).
Data Protection Authority
Rue du Printing 35, 1000 Brussels
Tel +32 (0)2 274 48 00
Fax +32 (0)2 274 48 35
contact@apd-gba.be
Version 1
30/11/2020
