Purpose

This Charter is established by CoScaleIT SRL, which operates the www.cactusbanner.com website ("Website"), and whose registered office is located at Rue Raymond Hernalsteen, 61, 1970 Wezembeek-Oppem, Belgium, and registered with the Crossroads Bank for Enterprises under number 0563.976.806 ("the controller").

The purpose of this Charter is to inform the persons whose data are collected and processed by the controller (the "data subject(s)" or "user(s)") about the way in which this data is collected and processed.

This Charter applies to data collected online via the controller's Website, which is hosted at www.cactusbanner.com.

This Charter is in line with the controller's desire to act transparently, in compliance with the Law of 8 December 1992 on the protection of privacy with regard to the processing of personal data (the "Privacy Law") and (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "Data Protection Regulation").

The controller is particularly focused on protecting the privacy of the data subjects and therefore agrees to take all reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorised use.

If the data subject wishes to react to one of the practices described below, he/she may contact the controller at the addresses mentioned under point "Contact data" of this Charter.

Consent

By registering on the Website and using it, the user declares that they have read the information set out below. The controller undertakes to gather and process personal data collected via the Website for the purposes indicated below, honestly and fairly and in accordance with the terms and conditions described in this Charter.

The user will be expressly required to consent to the collection and use of such personal data at the first stage of registration.

The user has the right to withdraw his consent at any time. The withdrawal of consent shall not compromise the lawfulness of the processing operation based on the prior consent given.

Collection methods

The controller shall collect personal data in the following manner:

• Using one or more cookie(s) present on the website of the controller; ;
• Through an online registration form on the Website or by subscribing to the service proposed by the controller;;
• Through an online form relating to credit card data which allows the user to pay for the service offered on the Website after the free period of one month.

What categories of data are collected?

1. The categories of data collected and processed by the controller are as follows:

• Electronic identification data (IP addresses, cookies, etc.);
• Personal identification data (name, first name, email address, etc.);
• Business data (company name, registered office, VAT number, business telephone number, logo, business email address, website URL, function, status, representative name);
• Financial identification data (credit card number, bank account number, etc.);
• Data relating to browsing behaviour and habits on the website of the controller;
• Any other data that you voluntarily communicate to the controller, for example during information surveys and/or registrations on the controller's site.

2. Bank card data will only be processed for the purposes of payment for the services made available on the Website by the controller on the basis of the legitimate interest of the controller in obtaining remuneration for these services.
3. The controller may also collect non-personal data. This data is called non-personal data because it does not directly or indirectly identify a particular person. It may then be used for any purpose whatsoever, for example to improve the website, the products and services offered by the controller or third party partners, or to improve the advertisements of the controller or third party partners.
4. In the event that non-personal data is combined with personal data, so that identification of the data subjects is possible, such data will be treated as personal data until such time as it is impossible to link it to a particular person.

Data collected by the user

When personal data is collected by the user and placed on the servers of the controller to enable optimal use of the services offered by the controller (e.g. data about the user's customers or suppliers), this data will simply be hosted by the controller and the user will remain personally responsible for this processing.

In this situation, the controller is only the technical provider ensuring all necessary and appropriate access and security guarantees for its activity.

Purposes of the processing

1. When personal data is collected via the controller's Website and the user has given his consent, this data is collected and processed only for the purposes mentioned below:

• ensure registration for the services offered by the Website;
• allow management and control of the services and options proposed by the controller;
• ensure communication between the user and the controller;
• improve the quality of the Website and the products and/or services offered by the controller;
• transmit information on new products and/or services of the controller;
• send promotional information on the products and services of the controller;
• respond to the user's questions.

2. Where personal data is collected through other sources (for example, from third parties in accordance with their privacy policy), such data shall only be collected and processed for the sole purpose of hosting such data, allowing optimal use of the services available on the website in accordance with point 5 of this Charter.
3. In the event that a controller is required to carry out processing operations not yet provided for in this Charter, he or she shall contact the data subject before re-using his or her personal data in order to inform him or her of the changes and give him or her the opportunity, where appropriate, to refuse such re-use.

Storage period

The controller shall retain personal data only as long as reasonably necessary for the purposes for which it is being processed and in accordance with legal and regulatory requirements.

In any event, the controller shall retain the personal data of a data subject for a maximum of three years after he has unsubscribed from the services.

At the end of the storage period, the controller shall make every effort to ensure that the personal data has indeed been made unavailable and inaccessible.

Access to data and copying

By making a dated and signed written request to the controller at the address referred to in point 18 "Contact data" of this Charter, the data subject may, free of charge and after proving his identity (by attaching a copy of his identity card), obtain the written communication or a copy of his personal data collected by the controller.

The controller may require payment of a reasonable fee based on administrative costs for any additional copy requested by the data subject. When making such a request by electronic means, the information shall be provided in a commonly used electronic form, unless the person concerned requests otherwise.

The copy of his data will be communicated to the data subject at the latest within one month after receipt of the request.

Right of rectification

By making a dated and signed written request to the controller at the address referred to in point 18 "Contact data" of this Charter, the data subject may, free of charge and after proving his identity (by attaching a copy of his identity card), have rectified any of his personal data which is inaccurate, incomplete or irrelevant, as soon as possible and at the latest within one month.

The data subject shall provide information to ensure that incomplete data is completed.

Right to limitation of treatment

By making a dated and signed written request to the controller at the address referred to in point 18 "Contact data" of this Charter, the data subject may, after proving his identity (by attaching a copy of his identity card), have a restriction placed on the processing of his personal data, in the cases listed below:

• Where the data subject disputes the accuracy of the data and only for as long as the controller is able to check the accuracy of the data;
• Where the processing is unlawful and the data subject prefers the processing to be limited to the deletion of the data;
• When, although no longer necessary for the purposes of the processing, the data subject needs it to establish, exercise or defend his rights in court;
• During the period required to examine the validity of an objection request submitted by the data subject, in other words, the time during which the controller is checking the balance of interests between the legitimate interests of the controller and those of the data subject.

The controller will inform the data subject when the processing restriction no longer applies.

Right to object to processing

1. By making a dated and signed written request to the controller at the address referred to in point 18 "Contact data" of this Charter, the data subject may, at any time and after having provided proof of his identity (by attaching a copy of his identity card), object, free of charge and without further justification, to the processing of his personal data when his data is collected for direct marketing purposes (including profiling).

2. Where personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with the Data Protection Regulation, the data subject shall have the right to object, for reasons relating to his particular situation, to the processing of his personal data, unless this processing is necessary to perform a task which is in the public interest.

3. The controller shall be obliged to reply to the data subject's request as soon as possible and at the latest within one month and to state the reasons for his reply where he intends not to comply with such a request. In the event of a dispute, the person concerned may lodge a complaint in accordance with point 17 "Claims and complaints" of this Charter.

Right to deletion (right to be forgotten)

1. By making a dated and signed written request to the controller at the address referred to in point 18 "Contact data" of this Charter, the data subject may, after proving his identity (by attaching a copy of his identity card), have his personal data deleted, where one of the following reasons applies:

• The data is no longer necessary for the purposes of the processing;
• The data subject has withdrawn his consent for his data to be processed and there is no other legal basis for the processing;
• The data subject objects to the processing and there are no compelling legitimate grounds for the processing and/or the data subject exercises his specific right to object to direct marketing (including profiling);
• Personal data has been unlawfully processed;
• Personal data must be erased to comply with one of the controller's legal obligations (under European Union or Member State law).

2. The controller shall be obliged to reply to the data subject's request as soon as possible and at the latest within one month and to state the reasons for his reply where he intends not to comply with such a request. In the event of a dispute, the person concerned may lodge a complaint in accordance with point 17 "Claims and complaints" of this Charter.

3. In the same way, the data subject shall also have the right to have prohibited or deleted any personal data concerning him which, for the purpose of the processing, is incomplete or irrelevant or whose recording, communication or storage is prohibited or which has been retained beyond the necessary and authorised period.

Right to "data portability"

By making a dated and signed written request to the controller at the address referred to in point 18 "Contact data" of this Charter and after having provided proof of his identity (by attaching a legible copy of his identity card), the data subject may at any time request that he receive his personal data free of charge in a structured, commonly used and machine-readable format, in particular with a view to sending them to another controller, when:

• Data processing shall be carried out using automated processes; and where
• The lawfulness of the processing is based on the consent of the data subject or on a contract concluded between the data subject and the controller.

Under the same conditions and in the same way, the data subject shall have the right to have the controller send his personal data directly to another controller, insofar as this is technically possible.

Data recipients and disclosure to third parties

1. The recipients of the data collected and processed are, in addition to the controller himself, his employees or other subcontractors, his carefully selected business partners, located mainly in Belgium or in the European Union, and who collaborate with the controller in the context of the marketing of products or the provision of services.
2. The data collected via the website of the controller is not disclosed to any third party.
3. The controller respects the legal and regulatory provisions in force and will in all cases ensure that his partners, employees, subcontractors or other third parties with access to this personal data comply with this Charter.
4. The controller reserves the right to disclose the personal data of the data subject in the event that a law, court proceedings or a public authority order makes such disclosure necessary.
5. In the event of use of certain services, some personal data is sent to and processed in the United States. In this context, the controller will only send your data to institutions providing appropriate guarantees in relation to the processing of personal data under European Union law.

Security

The controller shall implement appropriate technical and organisational measures to guarantee an appropriate level of security in the processing and data collected in terms of the controller's activity and the risks presented by the processing and the nature of the data to be protected. This takes into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of the data subjects.

The controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the Website.

The controller has put in place appropriate security measures to protect the personal data collected against loss, theft, misuse or alteration of the information received, disclosure or unauthorised use.

Communications with the controller by post, telephone or electronically

Communication by mail

When the user communicates his postal address to the controller via the Website, his data is recorded in the controller's address file to respond to his request and to keep him informed of the products and services offered by the controller.

The user may at any time consult, correct or delete his data in the controller's file. To do so, he should contact the controller at the address referred to in point 18 "Contact data" of this Charter, not forgetting to specify his exact name and address (spelled correctly).

Telephone communication

If the user provides the controller with his telephone number via the website, he may receive a telephone call from the controller to inform him about the controller's products, services or upcoming events.

If the user does not wish/no longer wishes to receive such telephone calls, he may contact the controller at the address referred to in point 18 "Contact Data" of this Charter, not forgetting to specify his exact name and address (spelled correctly).

If the user provides the controller with his mobile phone number via the Website, he will only receive messages (SMS/MMS) from the controller that are necessary to effectively operate the services available on the Website.

Communication by email

When the user provides the controller with his email address via the Website, he may receive emails from the controller in order to inform him about the controller's future products, services or events (for direct marketing purposes), provided that the user has expressly consented to this.

If the user does not wish/no longer wishes to receive such emails, he may contact the controller at the address referred to in point 18 "Contact Data" of this Charter, not forgetting to specify his exact name and address (spelled correctly).

Claims and complaints

1. If the data subject wishes to react to one of the actions described in this Charter, he may contact the controller at the addresses mentioned under point "Contact Data".

2. The data subject may lodge a complaint with the Belgian Privacy Commission at the following address: Privacy Commission Rue de la Presse, 35 1000 Bruxelles Tél. + 32 2 274 48 00 Fax. + 32 2 274 48 35 commission@privacycommission.be

3. The data subject may also lodge a complaint with the Brussels Court of First Instance.

4. For further information on complaints and possible remedies, the data subject is invited to consult the information available on the Belgian Privacy Commission website: https://www.privacycommission.be/en/node/19254

Contact Data

The data subject may contact the controller with any questions and/or complaints, in particular concerning the clear and accessible nature of this Charter:

By email: support@cactusbanner.com

By post: Rue Raymond Hernalsteen, 61, 1970 Wezembeek-Oppem, Belgium

Applicable law and competent jurisdiction

This Charter is governed by Belgian law.

Any disputes relating to the interpretation or execution of this Charter shall be subject to Belgian law and shall fall under the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels.

Miscellaneous provisions

The controller reserves the right to change the provisions of this Charter at any time. Changes will be published with notification of their coming into force on www.cactusbanner.com.

This version of the Charter comes into force and has been updated as of 5 May 2018.