Privacy statement

Title

This Privacy Policy describes how We, acting as data controller, may process (collect, use and share…)  personal data, i.e. any information relating to You as an identified or identifiable natural person (“Personal Data”) in compliance with applicable legislation.

 

  1. Which Personal Data do We process?

 

We may process the following Personal Data for the purposes described below:

 

Personal Data

Explanation

Personal identification details

Last name, first name, e-mail address, postal address, phone number (direct line and mobile)

Personal details

Age, gender, date of birth, place of birth, nationality

Electronic identification data

IP address

Professional aptitude and occupation 

Current occupation, revenues

Identification numbers from authorities

National registration number/Social security number

Financial identification data

 

Identification and bank account details, credit and debit cards

Health data 

Physical and mental health, medical file, medical report, diagnostic information, therapy, physical disabilities..

Judicial information

Suspicions of criminal violations or conspiracy with criminals. Investigations or legal action (civil or criminal) which have been conducted with regard to the person.

Audio recording

Audio recording (phone conversation for instance)

 

  1. How do We collect Your Personal Data?

 

We will collect Personal Data about You, directly and indirectly from:

 

  • the Card Account application form and other forms You provide to Us;
  • checks at credit reference agencies and fraud prevention agencies as applicable;
  • Yourself, in order to manage the Card Account and through the way You use the Card Account and our other services including Transactions made using the Card Account with Merchants or ATM operators;
  • surveys and statistical research;
  • third parties, such as marketing lists which We lawfully obtain;
  • via our website (request forms, online contact forms, callback button, FAQBOT).

 

We may also obtain Personal Data from the parties listed in the ‘Data sharing section below.

 

  1. Data sharing

 

We may disclose Personal Data (which may include details of goods and/or services You purchase) to:

 

  • third parties who process transactions submitted by Merchants on the Visa or MasterCard network where You use the Card (worldwide);
  • parties who distribute the Card;
  • any party approved by You;
  • Our processors and suppliers;
  • the providers of services and benefits associated with the Card Account;
  • collection agencies and lawyers for the purpose of collecting debts on Your Card Account.
  • parties who accept the Card in payment for goods and/or services purchased by You;
  • anyone to whom We may transfer our contractual rights;
  • competent authorities; and
  • credit reference agencies and fraud prevention agencies as applicable.

 

  1. For which purposes do We process Your Personal Data?

 

We may use Personal Data, including aggregated or combined with other Personal Data for any of the following purposes:

 

  • Delivering our products and services to You

 

This will include:

 

  • processing applications for Our products including making decisions about whether to approve Your application;
  • helping Us better understand your financial circumstances and behavior so that We may make decisions about how to manage the Card Account, such as the level of spending limit to grant You;
  • administering and manage the Card Account including to process Transactions You make on the Card Account;
  • communicating with You, including by e-mail and SMS, about any Card Accounts, products, and services You hold (including for the purpose of servicing and by way of account alerts);
  • giving You important information about updated and new features and benefits;
  • answering questions and respond to Your requests via our website and other sources; and
  • administering, servicing and managing any benefits or insurance programs
  • provided alongside the card.

 

We may use Personal Data to prepare reports for third party business partners about Card Account usage. Reports only contain aggregated and anonymized data and we will not disclose any Personal Data which identifies You.

 

  • Improving our products and services and to conduct research and analysis

 

This will include:

 

  • learning about You and other customers, including needs, preferences and behaviors;
  • analysing the effectiveness of Our ads, promotions and offers;
  • conducting testing (when We update Our systems), data processing, website administration and information technology systems support and development;
  • conducting market research including to give You the opportunity to provide feedback, ratings or reviews of our products and services, and those of Our business partners, including through transaction experience surveys; and
  • producing data analytics, statistical research and reports including on an aggregated basis.

 

  • Advertising and marketing Our products and services, and those of our third party business partners (business partners including group companies, distribution partners, co-brand partner, processors and suppliers, providers of services and benefits associated with the Card Account and partners who accept the Card).

 

This will include any of the following (with Your consent obtained by a separate form, where necessary):

 

  • sending promotions and offers by email, SMS, direct mail and through telemarketing in accordance with your marketing preferences;
  • personalising our communications for You;

 

If You wish to opt-out of receiving marketing from Us, Our third party business partners (business partners including group companies, distribution partners, co-brand partner, processors and suppliers, providers of services and benefits associated with the Card Account and partners who accept the Card), please contact our Data Protection Officer (see below). We will also, from time to time, contact You to ensure that the Personal Data We hold about Your marketing preferences is up to date.

 

  • Managing risks relating to Our business, including credit risk, fraud risk and operational risk.

 

This will include:

 

  • making decisions about how We manage specific customers’ accounts, such as the level of spending limit to grant to customers (where relevant) and whether to approve individual transactions;
  • developing risk management policies, models and procedures used in the management of customers’ accounts and Our business generally;
  • reporting Personal Data to and receiving Personal Data from credit reference agencies and fraud management agencies as applicable.

 

Your Personal Data may also be used for other purposes for which You give specific permission or, in very limited circumstances, when required by law (e.g. to comply with statutory retention obligations, or requests from competent authorities) or e.g. to protect Our charges and prevent, detect or combat fraud.

 

In order to fulfill our legal duties related to anti-money laundering and against financing international terrorism as well as the execution of financial sanctions We have deployed a monitoring system for our Cardholders and their transactions in accordance with the Law on anti-money laundering and financing terrorism.

 

  1. Third Party Consents

 

Where You provide Us with Personal Data relating to a third party, or where You purchase goods and/or services on behalf of a third party, You confirm that You have informed and obtained consent, if necessary, of that third party to the processing of his/her Personal Data by Us and third parties as described in this Privacy Policy.

 

  1. Marketing

 

We may, with Your consent obtained by a separate form, where necessary:

 

  • have access to and use Personal Data about You and how You use the Card Account to identify goods and services in which You may be interested;
  • market offers to You (by mail, e-mail, telephone, SMS, via the internet or using other electronic means) in relation to goods and services which are similar to any Visa/MasterCard accounts, products, and services You hold that We think You may be interested in; and
  • market other offers to You (by mail, email, telephone, SMS or via the internet) in relation to other products and services that We think You may be interested in.

 

If You wish to opt-out of receiving marketing from Us, please contact our Data Protection Officer (See below). We will also, from time to time, contact You to ensure that the Personal Data We hold about Your marketing preferences is up to date.

 

The Personal Data used to develop marketing lists may be obtained from:

 

  • the application form;
  • transactions made using the Card with Merchants;
  • surveys and research (which may involve, where allowed, contacting You by mail, email, telephone, SMS or via the internet); and
  • from external sources such as Merchants or marketing organizations, to the extent permitted by law.

 

  1. Credit reference agencies and Fraud Prevention

 

We may exchange Personal Data with credit reference agencies. We may tell credit reference agencies the current balance on your Account and We may tell them if You do not make payments when due. They will record this information on your personal and business credit files (as applicable) and it may be shared with other organizations for the purpose of assessing applications from You, and applications from any other party with a financial association with You, for credit or other facilities, for other risk management purposes and for preventing fraud and tracing debtors.

 

We may carry out credit checks whilst any money is owed by You on the Card Account (including contacting your bank or any referee approved by You).

 

We may perform checks including but not limited to credit checks to the extent permitted by law and analyze Personal Data to assist in managing the Card Account and to prevent fraud or any other unlawful activity.

 

We will check your details with fraud prevention agencies. If false or inaccurate Personal Data is provided by You and We suspect any unlawful activity such as fraud or fraud is identified, this will be recorded, and We may pass details to fraud prevention agencies. Law enforcement agencies may access and use this information.

 

We and other organizations may to the extent permitted by law also access and use these Personal Data to prevent fraud and money laundering, for example, when:

 

  • checking details on applications for insurance, credit and credit related or other facilities;
  • managing credit, credit related accounts or facilities, and insurance policies;
  • recovering debt;
  • checking details on applications, proposals and claims for all types of insurance; or
  • checking details of job applicants and employees.

 

We and other organizations may access and use from other countries the Personal Data recorded by fraud prevention agencies.

 

Further information about how your Personal Data may be used by Credit reference agencies and fraud prevention agencies is available upon request.

 

  1. Electronic or telephone communications

 

If You contact Us by any electronic means, We may record the telephone number or internet protocol address, associated with that means of contacting Us at the time.

 

We may monitor and/or record telephone calls, either ourselves or by reputable organizations selected by Us, to ensure consistent servicing levels (including staff training) and account operation, to assist, where appropriate, in dispute resolution and to assist Us in ensuring We comply with our legal obligations.

 

  1. On which legal grounds do We process Your Personal Data?

 

We must comply with legal obligations
By way of example, We process Your Personal Data in order to comply with Law on anti-money laundering and financing terrorism, Book VII of the Code of Economic Law .

We must be able to judge whether We can enter into a contract with You
Before concluding a contract, We must have certain Personal Data in order to process the request and to correctly estimate whether the contract can be concluded and under which conditions (decision-making process regarding the acceptance or non-acceptance of the application).

We must be able to perform the contract entered with You
For example, We process your Personal Data in order to deliver Our products and services to You and in particular to administer and manage Your Card Account, including Transactions that You operate on Your Card Account, contact You about any Card Account.

We process Personal Data for a Legitimate Interest
We also reserve the right to process Your Personal Data for the pursuit of Our legitimate interests as described below, while ensuring that a fair balance is maintained with fundamental rights and freedoms, including Your right to privacy.

If You have any objections against this processing, You may exercise Your right of opposition (see below).

We may process Your Personal Data in particular to improve Our products and services and to conduct research and analysis.

 

We process Your Personal Data based on your consent

When We process Your Personal Data for marketing purposes, it is only based on Your consent except if you are already customer and that it is for the similar products and services.

 

  1. International Transfer of Personal Data

 

We may undertake all of the above outside Belgium and the European Economic Area (EEA). In these cases, We always take the same level of protection for your Personal Data as there is in the EEA.

 

Therefore, if these countries do not grant an adequate level of protection for the European Commission, We guarantee that We shall offer tan adequate level of protection to Your Personal Data by executing EU Standard Contractual Clauses or any other mechanism which ensure that Your Personal Data are transferred in a secured environment.

When transfers occur within Our Group, they are governed by contracts which guarantee an adequate level of protection that in Your country of origin.

 

  1. Security

 

We use advanced technology and well-defined employee practices to help ensure that your Personal Data is processed promptly, accurately, completely and securely. The processing of your Personal Data will be performed by manual and automated means. In order to maintain the effectiveness and security of these systems, policies and procedures, We may also from time to time process your Personal Data for internal  testing purposes.

 

Persons who have access to Your Personal Data are bound by a strict duty of confidentiality and are required to comply with all technical requirements to ensure the confidentiality of your Personal Data and the security of the systems that contain them. They are required to respect a policy of integrity in particular and to follow different trainings.

For the processing of Your Personal Data, We sometimes work with processors located in Belgium or abroad. These are persons/entities that process Your Personal Data on Our behalf under a contract between the two parties, which incorporates the provisions and obligations of the Privacy Policy.

 

  1. Retention of Personal Data

 

We process Your Personal Data only for the purposes mentioned above. If all the purposes relating to Your Personal Data disappear, We delete or anonymize them.

 

We keep Your Personal Data for no longer than the purposes described in this Privacy Policy or as long as is appropriate to fulfill Our legal obligations in accordance with applicable law.

 

  1. Your rights

 

Access to Your Personal Data

You have the right to request a copy of the Personal Data that We hold about You.
If You would like a copy of some or all of your Personal Data, please write to the Data Protection Officer (see below). There may be a small charge for this, as permitted by Law.

 

Correction of inaccurate Personal Data

If You believe that any Personal Data We hold about You is incorrect, incomplete, irrelevant, or processed in any way which infringes a legal provision, You may ask Us to correct, supplement, delete, or block this Personal Data from Our records. Please contact the Data Protection Officer (see below). Any Personal Data which is found to be incorrect, irrelevant, or incomplete will be corrected promptly.

 

Erasure of Personal Data

If You believe that We are processing some of Your Personal Data in an unjustified manner, You may request that Your Personal Data are deleted. We will accept Your request unless a legal provision requires to retain such Personal Data or if it is required, for example, to defend a legal action.

 

Right to object to a specific use of Your Personal Data

If You do not agree with the way in which We process some of Your Personal Data on the basis of its legitimate interests, You have the right to oppose to it. We will accept Your request unless there is compelling reason. In case of direct marketing, we will always accept your request.

 

Limitation of Use of Personal Data

You have the right to obtain the limitation of the processing of Your Personal Data when the processing is illicit and We oppose to the erasure of the Personal Data (for example when We no longer need Personal Data for the processing but these are still necessary for Us to find, exercise or defend legal rights).

 

Right to portability of Personal Data

You have the right to request to transfer directly to a third party or to yourself the Personal Data that You have communicated to Us. We will accept this request within the limits granted by the data protection legislation.

 

Right to withdraw consent

If We request Your consent for a specific processing, You may withdraw Your consent at any time thereafter for free.

 

  1. Changes to clause

 

We may change any provision of this statement at any time. We may, but are not obliged to, inform You in advance of any such change in accordance with the “Communications” section of Your Agreement with Us or by publication on Our website.

 

  1. Query or Complaint

 

In the event of any query or complaint in connection with the Personal Data We hold about You, please write to Data Protection Officer (see below).

 

  1. Data Protection Officer

 

If You have questions about the protection of Your Personal Data and more specifically about this Privacy Policy or if You wish to exercise Your rights or make a complaint, You may contact the Data Protection Officer in writing to the following address: AirPlus International SA/NV, Data Protection Officer, or by sending an email to our Customer Service (mentioning DPO in the subject).

 

  1. Right to lodge a complaint

 

If You have a complaint regarding the processing of Your Personal Data, You may contact the Privacy Commission (soon Data Protection Authority), either by mail to Rue de la Presse 35 at 1000 Brussels, either by e-mail to commission@privacycommission.be or by phone at +32 2 274 48 00.