Yes, we can supplement your data with inferred or assumed data. For example, if you live in a single-family home and at the same address, we have the data of another person, we will infer that they are in the same household as you. This does not mean that we assume any family relationship between you or that we know your marital status.

No.

The initial collection of data is based on the legal basis provided for in article 6 (1) under f) GDPR – “legitimate interest”, the subsequent collections of data (for verification or updating) are done on the legal basis provided for in article 6 (1) under c) GDPR – “Legal obligation”- and the processing carried out at the request of our customers are done on the legal basis provided for in article 6 (1) under f) GDPR – “legitimate interest”.

The processing carried out by Black Tiger Belgium is based on :

• article 6 (1) under f)

necessity for the protection of the legitimate interests of Black Tiger Belgium, namely the study, development, marketing and constant improvement of the quality of the products and services it offers to its customers. It goes without saying that this interest must be constantly balanced with the rights of the persons registered in our database. For this reason, we ensure that we are as transparent as possible in the use of the data and we scrupulously comply with the GDPR in terms of the rights of the persons concerned.

• article 6 (1) under c)

necessity for Black Tiger Belgium to comply with the requirement of article 5(1) under d) GDPR, which requires data controllers to ensure the accuracy of the data they process, to update it when necessary and to take all reasonable steps to promptly delete or rectify any personal data that is inaccurate, having regard to the purposes for which it is processed.

To ensure that we respect your rights and to ensure that we operate in accordance with the requirements of the GDPR, we have put in place a series of measures:

1. We carefully check that our sources comply with the GDPR, both during the collection of your data, and regarding the information they provide you about processing your data. More specifically, we ask that they are as transparent as possible when they pass on your data to Black Tiger Belgium and that they always refer to these web pages in their privacy policy for more information about our activities.
2. We have developed procedures to allow you to easily exercise your rights.
3. The security of your data is essential to us; we attach great importance to it and regularly carry out internal and external checks to ensure that the tools and procedures used are working correctly.
4. We have appointed a “Data Protection Officer” (“DPO”), whose role is to ensure the respect of the GDPR and of your rights.
5. We have carried out an impact analysis for the personal data processing operations we carry out. This analyses all possible risks of a breach of your data and lists the measures to be taken to avoid this risk as much as possible. The measures proposed in this impact analysis have been implemented in our IT system and in our procedures.

We keep your data for 15 years from the date of the last registration in our database.

This period is necessary to ensure data accuracy and to provide high quality services to our clients.

You can, of course, object to the use of your data at any time or exercise your right to be forgotten so that we can delete your data from our files. To do this, simply follow the procedure described here

We take all necessary measures to ensure that your data is treated with the utmost confidentiality and security. To this end, we process your data in compliance with all necessary technical and organizational measures.

Our network, infrastructure and information systems are protected. LCL is our highly secure data center in Belgium that has the following certifications: ISO certifications, Tier 3 IBM, EU Code of Conduct for data centers, …. Access to your personal data is only permitted to those persons for whom this is necessary for the performance of their task. They are bound by strict professional secrecy and must comply with all technical requirements to ensure the confidentiality of personal data. In this way, we want to prevent unauthorized persons from accessing, processing, modifying or destroying your data.

In the event of data leakage that could lead to a risk of a breach of your privacy, you will be notified personally, as will the Data Protection Authority, in accordance with our GDPR obligations. In this case, we will do everything in our power to put an end to this situation as quickly as possible and to limit any consequences.

Black Tiger Belgium aims to keep your data within the EEA. However, in certain cases, Black Tiger Belgium or one of its clients may transfer your personal data to countries outside the EEA. In this case, Black Tiger Belgium will ensure that your data are afforded an appropriate level of protection by applying the EU standard contractual clauses or other means to ensure that your personal data is transferred in a secure environment, taking into account the case law of the Court of Justice of the European Union and the Recommendations of the European Data Protection Board.

To whom do we disclose your information?

• To clients

We may disclose your data to our clients in connection with the performance of certain of our services, but only if they (or their clients) already have your data. Your data will hereby be used for data quality purposes.

This means that our clients may use your data to complement their own files, confirm or validate their data or that of their clients and/or improve its quality through formatting, normalization, correction, completion, updating (in particular through the provision of a new address, for example after a move) and/or internal linking (matching) of the mentioned data, for the sole purpose of :

• Complying (or assisting their clients to comply) with Article 5(1)(d) of the GDPR, which requires personal data to be accurate and, where necessary, updated, and/or;
• Assisting their clients in carrying out, on their behalf or of their clients, identity checks on individuals, for example for anti-money laundering purposes, national/public safety, crime prevention and detection, fraud prevention, debt/asset recovery, asset reunification and/or pre-employment screening.

For more information about the purposes for which your data may be used by Black Tiger Belgium, its clients (or their (end) clients), please refer to the “Why” section of this privacy policy.

Our clients are active in various sectors, including :

• Automotive sector: manufacturers, importers and dealers of various car brands and leasing companies
• Retail (chain stores, supermarkets, etc.), wholesale, e-commerce, mail order
• Durable goods: manufacturers of durable products such as household appliances (washing machines, coffee machines, etc.), television sets, furniture, etc. as well as the construction industry
• Fast moving consumer goods: manufacturers of consumer goods (food, beverages, pet food, cleaning products, detergents, personal care products, etc.) sold primarily in supermarkets
• Financial sector – Banks, insurance and credit institutions
• Health insurance funds
• Debt collection
• Fraud prevention and identity verification
• Fundraising: charities that raise money for good causes
• Health care and parapharmacy
• IT, software and data processing companies
• Government agencies: Administration, transportation, mail distribution, …
• Telecommunications: telephone (mobile and/or fixed), internet and TV providers
• Tourism: Travel agencies, vacation rentals, …
• Media and publishing: Newspapers, magazines and book publishing companies
• Utilities: Utility companies such as electricity, water and gas suppliers

• To other third parties:

We only transfer your data to certain other third parties in the cases and for the purposes set out below:

• To our subcontractors, in the context of services we ask them to perform on our behalf, e.g. data center and other IT service providers, etc.  They may only use your data within the strict limits of our instructions and in full compliance with the data protection. They are subject to strict confidentiality and security obligations and in no case become the owners of your data.
• To our possible legal successors and to affiliated companies, for the same purposes as those for which we process your data.
• In the context of administrative, judicial or regulatory procedures, to comply with requests from competent authorities for that purpose;
• To defend our rights and interests and/or to comply with our legal or contractual obligations.