Platform Privacy Policy

This Privacy Policy ("Policy") is intended to inform users of websites and apps using the services offered by:

Trackuity bvba (hereafter "Trackuity" or "we", "us", "our")
Ridderstraat 15A
9000 Ghent
Belgium

VAT BE 0549.953.277

legal@trackuity.com
+32 (0)9 391 62 39

The privacy policy of our corporate website can be found here. Feel free to contact us should you have any privacy-related questions regarding our services. We promise to reply soon!

Why this privacy statement?

We provide a service to websites and apps that allows to personalize content based on your behavior. Because this could impact your privacy if you visit one of these websites, we want to inform you how this data is used and what your rights are.

Note that we always respect your privacy and only process your personal data in accordance with the GDPR and any replacement legislation, or any similar regulation under any applicable law, and any regulatory requirements or codes of practice governing the use, storage or transmission of personal data. Every reference in this Privacy Statement to the 'GDPR' is a reference to the Regulation of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation).

What we do

Our​ ​goal​ ​at​ ​Trackuity​ ​is​ ​to​ ​help​ ​you​ ​find​ ​the​ ​items​ ​you're​ ​interested​ ​in​ ​as​ ​quickly​ ​and conveniently​ ​as​ ​possible.​ ​For​ ​example,​ ​if​ ​you​ ​are​ ​searching​ ​for​ ​a​ ​house,​ ​we​ ​ensure​ ​that​ ​you are​ ​automatically​ ​notified​ ​of​ ​new, ​interesting​ ​houses​ ​as​ ​fast​ ​as​ ​possible​ ​and​ ​without​ ​the​ ​need to​ ​constantly​ ​refresh​ ​real​ ​estate​ ​sites.​ ​We​ ​think​ ​this​ ​benefits​ ​you​ ​as​ ​a​ ​user​ ​tremendously,​ ​as you​ ​are​ ​freed​ ​from​ ​the​ ​burden​ ​of​ ​manually​ ​having​ ​to​ ​check​ ​sites​ ​for​ ​new​ ​content​ ​or​ ​having​ ​to figure​ ​out​ ​the​ ​optimal​ ​search​ ​parameters​ ​for​ ​your​ ​interests.

For​ ​our​ ​technology​ ​to​ ​work,​ ​we​ ​need​ ​to​ ​track​ ​your​ ​behaviour​ ​on​ ​our​ ​client​ ​websites.​ ​While this​ ​might​ ​sound​ ​a​ ​bit​ ​scary,​ ​bear​ ​in​ ​mind​ ​that​ ​we​ ​absolutely​ ​do​ ​not​ ​know​ ​anything​ ​about​ ​you personally​ ​and​ ​do​ ​not​ ​have​ ​the​ ​intention​ ​of​ ​getting​ ​to​ ​know​ ​you​ ​that​ ​intensely​ ​(sorry!).​ ​All​ ​we really​ ​want​ ​to​ ​know​ ​is​ ​whether​ ​a​ ​given​ ​computer​ ​visited​ ​one​ ​of​ ​our​ ​client​ ​websites​ ​and,​ ​for example,​ ​searched​ ​for​ ​houses​ ​in​ ​a​ ​certain​ ​area.​ ​Who​ ​this​ ​computer​ ​belongs​ ​to,​ ​where​ ​this person​ ​lives,​ ​who​ ​his/her​ ​friends​ ​are,​ ​etc.​ ​are​ ​all​ ​things​ ​that​ ​we​ ​do​ ​not​ ​care​ ​about​ ​nor​ ​need​ ​to know​ ​to​ ​provide​ ​you​ ​with​ ​our​ ​service.

Who is responsible for the processing of personal data?

Controller

Our clients are responsible for the processing and decide alone or in cooperation with others which personal data are being collected, as well as the purpose and the technical and organisational means with regard to the processing of those data.

Processor

We are a processor of our client's data. A processor is the natural or legal person who processes your personal data upon request and on behalf of the data controller. The processor is required to ensure the security and confidentiality of the data. The processor shall always act on the instructions of the data controller.

Sub-processor(s)

A sub-processor is a processor that is invoked by a processor. A sub-processor has the same obligations as a processor with respect to the processing of personal data.

We rely on the following categories of sub-processors:

  • Hosting services such as Google Cloud and Amazon Web Services for hosting the web application that powers our platform and storing data.
  • Content delivery networks such as CloudFlare and KeyCDN for optimizing the speed and response time of our platform.
  • Performance and issue monitoring tools such as New Relic.

What data is being processed?

We commit to only collect and process adequate and relevant data, limited to what is necessary to provide our services. The following categories of personal data are processed by us:

Browsing information

To​ ​show​ ​recommendations​ ​on​ ​our​ ​partner's​ ​website(s),​ ​we​ ​need​ ​to​ ​be​ ​able​ ​to​ ​derive​ ​user interests​ ​based​ ​on​ ​global​ ​behavior.​ ​This​ ​means​ ​we​ ​need​ ​to​ ​analyze​ ​the​ ​actions​ ​users perform​ ​on​ ​our​ ​partner's​ ​website. We however ​do​ ​not​ ​need​ ​to​ ​know​ ​who​ ​these​ ​users​ ​are​ ​and therefore​ ​never​ ​willingly​ ​store​ ​any​ ​information​ ​that​ ​would​ ​allow​ ​to​ ​directly​ ​identify​ ​you,​ ​such as​ ​your​ ​name,​ ​address,​ ​e-mail​ ​address,​ ​etc.​ ​All​ ​data​ ​gathering​ ​we​ ​perform​ ​is​ ​done​ ​via cookies​ ​(for​ ​websites)​ ​or​ ​device​ ​IDs​ ​(for​ ​apps)​ ​and​ ​IDs​ ​are​ ​not​ ​shared​ ​across​ ​different websites​ ​or​ ​apps,​ ​unless​ ​there​ ​is​ ​a​ ​legitimate​ ​reason​ ​for​ ​doing​ ​so​ ​(e.g.​ ​when​ ​the​ ​websites are​ ​part​ ​of​ ​the​ ​same​ ​company).​ This data is furthermore only processed if you gave your explicit consent (e.g. via a cookie banner). ​The​ ​data​ ​we​ ​gather​ ​using​ ​these​ ​cookies​ ​or​ ​device​ ​IDs​ ​is​ ​the following:

  • Actions​ ​performed​ ​on​ ​our​ ​partner's​ ​website(s).​ ​This​ ​includes​ ​the​ ​pages​ ​you​ ​viewed, the​ ​products​ ​you​ ​viewed,​ ​the​ ​actions​ ​you​ ​performed​ ​on​ ​the​ ​viewed​ ​pages,​ ​any searches​ ​you​ ​performed​ ​and​ ​certain​ ​interest​ ​information​ ​ you​ ​provided​ ​to​ ​the​ ​website.
  • Actions​ ​performed​ ​on​ ​our​ ​recommendations.​ ​This​ ​includes​ ​e.g.​ ​the​ ​number​ ​of recommendations​ ​shown​ ​to​ ​you,​ ​whether​ ​you​ ​clicked​ ​on​ ​any​ ​of​ ​the recommendations,​ ​the​ ​page​ ​on​ ​which​ ​the​ ​recommendations​ ​were​ ​shown,​ ​etc.
  • The​ ​time​ ​at​ ​which​ ​any​ ​of​ ​the​ ​aforementioned​ ​actions​ ​was​ ​taken.
  • Device​ ​information​ ​such​ ​as​ ​your​ ​IP​ ​address​, user​ ​agent and derived information such as your operating system and browser version.
  • Information​ ​automatically​ ​derived​ ​from​ ​your​ ​IP​ ​address​ ​such​ ​as​ ​your​ ​broad​ ​location (e.g.​ ​the​ ​city​ ​or​ ​ country​ ​you​ ​are​ ​browsing​ ​from).
  • The​ ​referring​ ​page​ ​of​ ​the​ ​page​ ​on​ ​which​ ​the​ ​action​ ​was​ ​taken.
  • The​ ​requests​ ​to​ ​any​ ​of​ ​our​ ​domains​ ​that​ ​were​ ​performed​ ​by​ ​you​ ​or​ ​your​ ​browser.

This data is processed for a maximum of 13 months. The products you viewed on a website are processed until you withdraw your consent or until we no longer need to fulfill our contractual obligations with a client.

General data

For our legitimate interests in preventing ​DDoS-attacks,​ ​combatting​ ​fraud,​ ​investigating​ ​anomalies​ ​and​ ​perform​ing ​other​ ​basic systems​ ​management,​ ​we​ keep​ ​track​ ​of​ ​every​ ​request​ ​to​ ​our​ ​API.​ ​These​ ​requests​ ​contain the​ ​following​ ​personal​ ​data:

  • The​ ​IP​ ​address​ ​used​ ​to​ ​perform​ ​the​ ​request.
  • The​ ​user​ ​agent​ ​used​ ​to​ ​perform​ ​the​ ​request.
  • The​ ​URL​ ​that​ ​was​ ​requested.

This​ ​data​ ​is​ ​stored​ ​for​ ​a​ ​maximum​ ​of​ ​6​ ​months.

Personally​ ​identifiable​ ​information

We​ ​do​ ​not​ ​collect​ ​any​ ​data​ ​that​ ​permits​ ​to​ ​identify​ ​you​ ​directly​ ​and​ ​do​ ​not​ ​intend​ ​to​ ​do​ ​so. This​ ​means​ ​we​ ​do​ ​not​ ​store​ ​your​ ​name,​ ​address,​ ​e-mail​ ​address,​ ​phone​ ​number,​ ​MAC address,​ ​sensitive​ ​information​ ​or​ ​any​ ​other​ ​ such​ ​information.

Data​ ​sharing

In​ ​accordance​ ​to​ ​our​ ​commercial​ ​agreements,​ ​all​ ​of​ ​our​ ​partners​ ​remain​ ​the​ ​owner​ ​of​ ​the data​ ​we​ ​gather​ ​on​ ​their​ ​website(s).​ ​This​ ​means​ ​the​ ​data​ ​we​ ​gather​ ​can​ ​only​ ​be​ ​shared​ ​with this​ ​partner,​ ​unless​ ​they​ ​instruct​ ​us​ ​ to​ ​share​ ​it​ ​with​ ​others.

The​ ​data​ ​we​ ​gather​ ​can​ ​furthermore​ ​be​ ​stored​ ​by​ ​third-parties​ ​such​ ​as​ ​data​ ​centers​ ​and hosting​ ​providers​ ​who​ ​provide​ ​their​ ​services​ ​to​ ​us, as detailed in the section on sub-processors.​ ​They​ ​have​ ​access​ ​to​ ​this​ ​data​ ​only​ ​when necessary​ ​to​ ​provide​ ​these​ ​services.

Where is the data processed?

All​ ​data​ ​is​ ​stored​ or processed ​either​ ​in​ ​the​ ​EU​ ​or​ ​on​ ​servers​ ​of​ ​companies​ based in third countries with adequate levels of protection, as defined in the GDPR.

As​ ​mentioned​ ​in​ ​"​What data is being processed", ​all​ ​data​ ​gathering​ ​is​ ​either​ ​done​ ​via cookies​ ​or​ ​device​ ​IDs,​ ​depending​ ​on​ ​whether​ ​our​ ​service​ ​is​ ​used​ ​by​ ​a​ ​website​ ​(cookie)​ ​or​ ​an app​ ​(device​ ​ID).​ ​For​ ​more​ ​information​ ​regarding​ ​the​ ​cookies​ ​we​ ​use,​ ​see​ ​our​ c​​ookie​ ​policy​.

How is my data secured?

Even though the data we process is very limited in its potential for abuse, we still feel responsible for your data and thus do our utter most best to ensure it is well-protected. Besides the basics of securing our systems and having procedures and policies in place that should minimize security issues, we take it up a notch and additionally strip all logging data from any identifiers that could be used to track you across websites not owned by the same parent company. This makes it virtually impossible for anyone (including us) to create a broad user profile from you based on the websites you visited.

What are my rights?

Guarantee of a legitimate and secure processing of your personal data

Your personal data are always processed for the legitimate purpose of fulfilling our contractual obligations with our clients for providing the services explained in "What we do". They are collected and processed in an appropriate, relevant and non-excessive manner, and are not kept longer than necessary to achieve the intended purposes.

Right to access

If you can prove your identity, you have the right to obtain information about the processing of your data. Thus, you have the right to know the purposes of the processing, the categories of data concerned, the categories of recipients to whom the data are transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your data.

Right to rectification of your personal data

Inaccurate or incomplete personal data may be corrected. You can exercise this right most easily by deleting your cookies, as detailed in the guides below:

Right to erasure (or "right to be forgotten")

You also have the right to obtain the erasure of your personal data under the following assumptions:

  • Your personal data are no longer necessary for the intended purposes;
  • You withdraw your consent to the processing and there is no other legal ground for processing;
  • You have validly exercised your right of opposition;
  • Your data has been illegally processed;
  • Your data must be deleted to comply with a legal obligation.

The deletion of data is mainly related to visibility; it is possible that the deleted data are still temporarily stored.

You can exercise this right by going to our opt-out page.

Right to limitation of processing

In certain cases, you have the right to request the limitation of the processing of your personal data, especially in case of dispute as to the accuracy of the data, if the data are necessary in the context of legal proceedings or the time required by us to verify that you can validly exercise your right to erasure.

You can exercise this right by going to our opt-out page.

Right to object

You have the right to object at any time to the processing of your personal data for direct marketing purposes. We will stop processing your personal data unless it can demonstrate that there are compelling legitimate reasons for the processing which prevail over your right to object.

You can exercise this right by going to our opt-out page.

You may withdraw your consent to the processing of your personal data at any time, for example for direct marketing purposes.

You can exercise this right by going to our opt-out page.

Right to data portability

You have the right to obtain any personal data which you have provided us in a structured, commonly used and machine readable format. At your request, this data may be transferred to another provider unless it is technically impossible.

How can I exercise my rights?

If you want to exercise any of the following rights:

Please refer to the relevant section in this privacy policy, where this is detailed.

If you wish to exercise any of your other rights, you must send a written request and proof of identity by registered mail to us, Ridderstraat 15A, 9000 Ghent, Belgium or by email to legal@trackuity.com. We will respond as soon as possible, and no later than one (1) month after receipt of the request.

Possibility to lodge a complaint

If you are not satisfied with the processing of your personal data by us, you have the right to lodge a complaint with the competent Data Protection Authority (for Belgium: https://www.privacycommission.be).