Privacy Policy
Last updated on November 8, 2024
The following Privacy Policy is applicable on the use of our websites, products, services, or otherwise by interacting with Us. It applies to the processing of personal data carried out by Sai Consultancy & Management (“we”, “our” or “us”) hereafter referred to as SCM. We encourage you to read this privacy policy.
SCM processes personal data in accordance with the legal requirements laid down in the General Data Protection Regulation ("GDPR"), and, where applicable, the Belgian law on the protection of natural persons with regards to the processing of personal data.
1. Why we are informing you
To enable us to fulfil our legal and contractual obligations, to conduct business securely and efficiently and for other specific purposes that are described in this policy, we need to process certain personal information about you (referred to as “personal data”).
Personal data is any information that relates to an identified or identifiable individual. Different pieces of information, which when collected together or combined with other information can lead to the identification of a particular person, is also personal data.
Depending on the purpose, SCM can act as Controller or Processor.
SCM as a Controller
SCM in some cases acts as the “controller”. That means that we are responsible for the processing of your personal data and if you want to use your rights, have any questions or complaints concerning what we do, you can contact us.
This Privacy Policy outlines the kind of personal data that is processed by SCM in relation to you, how and why we need this personal data, how we ensure equal and secure treatment of personal data, how we inform you about your and SCM’s rights, and ensure that SCM is in compliance with data protection law, including the general data protection regulation (the “GDPR”).
For more information on which personal data we are processing, please read further below.
SCM as a Processor
SCM also acts as a “processor” for most of our services. In that case we process personal data on behalf of our customers (which are mainly companies and institutions). As Processor, SCM will only process Personal Data pursuant to the instructions of our customer.
We encourage you to also read the privacy policies and policies of your providers. SCM does not review, comment upon, or monitor its Customers’ compliance with their respective privacy policies and policies, nor does SCM review Customer instructions to determine whether they are in compliance or conflict with the terms of a Customer’s published privacy policy or policies.
If you have a data subject rights request that is connected to data for which We are the processor, we will ask you to contact the company or institution that is the controller of your personal data.
2. Processing of Personal Data: why do we process your personal data and on what legal ground?
There are three sources that provide us with personal data: you yourself, SCM, and third parties.
We might ask you to provide us with personal data in preparation of or when conducting a customer agreement or when you are in contact with SCM or want to stay up to date and ask for newsletters.
Third parties may also have provided information about you. For example: if we are working with a third party that helps us collect with your data, you use tooling provided by them or might be approached by them to provide information (if you agreed to this). They are responsible for ensuring that the data they provide to us is provided in compliance with applicable data protection law.
And thirdly, SCM may also produce new personal data. For example: When you are included in our CRM system as you have showed interest in receiving a newsletter or want to be contacted by our salesperson, we may also add information on what kind of information we have provided you with, why you are interested in our services, etc.
We do not process personal data of children
Protecting the privacy of children is important to SCM. For that reason, the Site is structured specifically to not attract anyone under 13, nor do We collect or maintain Personal Data on the Site from those who SCM actually knows are under 13. If SCM learns or is notified that it has collected information from users under the age of 13, SCM will immediately delete such Personal Data. If you think that we have collected information from your children or children that are in your care, please contact privacy@saply.ai
We don’t sell personal data
As a matter of policy, We do not sell or rent any of your information to third parties for any advertising or marketing purposes. We may disclose your information in the normal course of providing Our services or sending of Information (so towards subprocessors that act on behalf of SCM).
2.1. Which information will we have and what will we use the data for?
SCM will process personal data solely to fulfill the purposes stated in this notice and in the Data Processing Matrix below, and to comply with applicable legal requirements in each jurisdiction.
Purpose: To enable SCM to provide requested services, such as answering questions submitted through a form or delivering white papers.
Personal data type: Contact data (e.g., phone number, email address, address, name, company, position, contact preference, and any other information provided to SCM).
Source: Directly from the individual, via a third party, or created by SCM.
Legal ground: Consent, legitimate interest, or legal requirements.
Retention time/criteria: As required by applicable law, or 2 years after last contact without a business relationship, or 5 years after the end of the business relationship, or upon a valid deletion request.
Purpose: To administer consent/opt-out/opt-in preferences and send emails such as newsletters or seminar/webinar invites.
Personal data type: Contact data.
Source: Directly from the individual, via a third party, or created by SCM.
Legal ground: Consent or legal requirements.
Retention time/criteria: As required by law or business process (individuals are informed when providing information) or until the individual requests removal from opt-out/opt-in lists or revokes consent.
Purpose: To fulfill contractual obligations, such as sending service announcements or managing customer service inquiries.
Personal data type: Contact data.
Source: Directly from the individual, via a third party, or created by SCM.
Legal ground: Consent, legitimate interest, legal requirements, or contract administration.
Retention time/criteria: As required by applicable law, 2 years after last contact without a business relationship, 5 years after the end of the business relationship, or upon a valid deletion request.
Purpose: To administer, foster, and develop customer relationships, perform credit checks, and verify personal or business data.
Personal data type: Contact and financial data (e.g., phone number, email address, address, name, company, position, and limited personal financial information).
Source: Directly from the individual, via a third party, or created by SCM.
Legal ground: Consent, legitimate interest, legal requirements, or contract administration.
Retention time/criteria: As required by applicable law, 2 years after last contact without a business relationship, 5 years after the end of the business relationship, or upon a valid deletion request.
Purpose: To operate and secure forums, websites, and portals, including sending service announcements and addressing security threats.
Personal data type: Contact data and technical data (e.g., HTTP headers, computer settings, log information).
Source: Directly from the individual, via a third party, or created by SCM.
Legal ground: Consent, legitimate interest, legal requirements, or contract administration.
Retention time/criteria: As required by applicable law, 2 years after last contact, 5 years after the end of the business relationship, or upon a valid deletion request.
Purpose: To process data for job applications at SCM.
Personal data type: Contact data and information created during communication with the applicant.
Source: Directly from the individual, via a third party, or created by SCM.
Legal ground: Legitimate interest or legal requirements.
Retention time/criteria: As required by applicable law.
Purpose: To fulfill obligations under mandatory law, including providing accurate information to authorities.
Personal data type: Contact and technical data.
Source: Directly from the individual, via a third party, or created by SCM.
Legal ground: Legitimate interest or legal requirements.
Retention time/criteria: As required by applicable law.
Purpose: To provide integrations with third-party software, such as Google Workspace APIs.
Personal data type: Google user data (e.g., name, cell phone number, address).
Source: Google Workspace APIs and data provided by the individual.
Legal ground: Consent, legitimate interest, legal requirements, or contract administration.
Retention time/criteria: For the duration needed to fulfill purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.
2.2. Which information shall we not use or share?
For customers that wish to sign in with Google and thus use the Google Workspace APIs, SCM confirms that it shall not use this data to develop, improve, or train generalized AI and/or ML models. The sharing, transfer or disclosure of Google user data will be subject to our Data Processing Agreement (DPA). SCM undertakes to not process Google user data for another purpose than the performance of its services and the compliance with applicable law.
3. Your rights with regards to your personal data
3.1 Right of access
You have the right to ask us whether we process your personal data and, if so, to inspect those data and receive additional information on:
the purposes for which We processes your personal data;
the categories of personal data concerned;
the recipients (if your data are effectively transmitted to other parties);
the retention period;
the existence of automated decision-making;
the information available to Us on the source of the data if We obtain personal data through a third party.
Upon request, you will receive a free copy of the processed data. An administrative fee will be charged for each additional copy requested.
3.2 Right to rectification
If your personal data processed by Us are incomplete, erroneous, or out of date, you have the right to have this rectified.
3.3 Right to data erasure ('right to be forgotten’)
The GDPR also provides for the right to have your personal data processed by Us being deleted. Such request can be made in the following circumstances:
Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed by Us;
You withdraw your previous consent to the processing and there is no other legal basis on which We can rely for the (further) processing;
You object to the processing of your personal data and there are no more compelling legitimate grounds for the (further) processing by Us;
Your personal data are processed unlawfully;
Your personal data must be deleted to comply with a legal obligation;
Your personal data were collected when you were a minor.
3.4 Right to restriction of processing
You have the right to request the restriction of the processing of your personal data if any of the following applies:
You dispute the accuracy of your personal data: its use is restricted for a period that allows Us to verify the accuracy of the data;
The processing of your personal data is unlawful: instead of erasing your data, you request that its use shall be restricted;
As long as no decision has been taken on the exercise of your right to object to the processing, you request that the use of your personal data will be restricted;
3.5 Right to data portability
You have the right to request and obtain your personal data in a structured, common and machine-readable form. This is only possible for the personal data you have provided to Us yourself, based on consent or following agreement. In all other cases, this right does not apply.
3.6 Right to object to the processing of your personal data
You have the right to object to the processing of your personal data if the processing is in the legitimate interest of Us or in the public interest.
This is the case, for example, if we send you direct marketing communications based on our legitimate interest for similar products or services you have already purchased from Us and you no longer wish to receive this information.
3.7 Right to lodge a complaint
If, at any time, you believe that SCM infringes your privacy, you have the right to lodge a complaint with the Belgian Data Protection Authority: Gegevensbeschermingsautoriteit, Drukpersstraat 35, 1000 Brussels, Tel +32 (0)2 274 48 00, e-mail: contact@apd-gba.be.
If you are not located within the EU: you should reach out to the relevant authority in Europe where the infringement has occurred. If you are unsure of which competent authority to turn to please contact Us.
Making use of above rights
If you want to use any of the rights that are listed above, you can contact privacy@saply.ai. You can use the same contact details if you should have any questions in relation to the processing of your personal data.
4. Security and Confidentiality of your Personal Data
SCM has taken several technical and organisational security measures to prevent the destruction, loss, falsification, alteration, unauthorized access or disclosure of your personal data to third parties and any other unauthorised processing of these data. We have made every effort to ensure the confidentiality, integrity and availability of the information systems and services that process personal data. These measures include physical and operational security measures, access control, awareness raising and confidentiality clauses. All our employees and third parties engaged by us are obliged to respect the privacy and security of your data.
5. Authorities
SCM may need to provide personal data to relevant authorities (e.g. social insurance agencies and the tax authority or data authorities) in accordance with mandatory law, in order to fulfil legal obligations in the jurisdiction where we (in the future) employ our employees and/or when we get a request of an authority. We will only do this when we have a legal ground to do this and will ensure to take appropriate security measure to protect the personal data.
6. Contact Details
If you have any comments, questions or concerns about any of the information in this policy, or any other issues relating to the processing of your personal data by SCM please contact us via privacy@saply.ai
7. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time, so please review it regularly. If We make changes to this Privacy policy, we will post the revised policy on the website and other places We deem it to be appropriate. If we change material content of this policy, We will summarize these within the next policy. All such changes shall be binding on moment of publication.
