NETEXPAT PRIVACY POLICY

January 2022

1. General Provisions

The following Privacy Policy governs the processing of personal data by NetExpat S.A., with registered offices at 11, rue des Colonies 1000 Brussels, Belgium a company listed in the Belgian Trade and Companies Register under number 0463.397.902, as well as processing of personal data by our affiliates and associated companies (hereinafter “NetExpat” or “we” or “us”).

NetExpat is committed to protecting and respecting your privacy.

The purpose of this Privacy Policy is to specify which categories of personal data NetExpat collects through its business activities, its website (https://www.netexpat.com/), subdomains and/or folders, applications, tools, services and any other means relating to information or communication, including emails (hereinafter collectively referred to as the “Services”). It also describes how such data may be processed and disclosed to others. The Privacy Policy further sets out the different measures NetExpat has implemented to safeguard the security and confidentiality of the personal data it collects, how you can exercise your rights and how you can contact us about our privacy practices.

NetExpat cares about the privacy of the users of its Services and all others whose personal data may be collected (hereinafter “User” or “you” or “your”) and will only collect and process personal data in accordance with the provisions of this Privacy Policy.

Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements (“Applicable Data Protection Laws”). In most cases this will be the law of the country in which you are located.

Should you have any questions about this Privacy Policy or the feeling that your interests are not or inadequately represented, you can contact our Data Protection Officer (“DPO”) either via email at dpo@netexpat.com or by addressing a letter to the following address: 

NetExpat S.A.
To the attention of the DPO
11, rue des Colonies 
1000 Brussels, Belgium

According to the Applicable Data Protection laws, you may be entitled to file a complaint with your local Supervisory Authority or the lead Supervisory Authority, being the Belgian Data Protection Authority (address: Rue de la Presse 35, 1000 Brussels).

This will generally be the case when are you located within the European Economic Area (hereinafter the “EEA”). We would appreciate it however that, prior to filing any complaint, you contact us in order for us to assist you with your request or concern. 

NetExpat may change this Privacy Policy from time to time. But when we do, we’ll let you know one way or another. Sometimes, we’ll let you know by revising the date at the top of the Privacy Policy that’s available on our website our through our other applications, tools, ... Other times, we may provide you with additional notice (such as adding a statement to our website’s homepage or providing you with an in-app notification). Modified versions will have immediate effect, unless stated otherwise.

Please note that the Services may contain links to other websites digital platforms or Internet resources which may collect personal data voluntarily or through cookies or other technologies. NetExpat has no responsibility, liability for, or control over those other websites or Internet resources or their collection, use and disclosure of your personal data. NetExpat recommends you review the privacy policies of those other websites and Internet resources to understand how they collect and use personal data.

2. Data Processed by NetExpat

According to Applicable Data Protection Laws, you may be entitled to know the identity of your “Data Controller” i.e. the legal entity which determines why and how your personal data is processed. This will generally be the case when are you located within the EEA. 

Your relevant Data Controller may vary, depending on how you are receiving Services from us. For example:

1. Individuals : If you are being relocated as part of your employment, your relevant Data Controller may be your relevant employer who has engaged us to provide services to you. In such case, this Policy may not apply to you and please refer, instead, to your employer’s privacy policy or employee handbook for further information as to how your personal data may be handled. Even if this Policy does not directly apply to you, NetExpat, as a “Data Processor” within the meaning of Applicable Data Protection Laws, will process the personal data under the Data Controller’s sole instructions, and will take all steps necessary to preserve the security and confidentiality of the personal data, and prevent their alteration, damage, or access by unauthorized persons.
2. Corporate Clients or Direct consumers : If you are engaging NetExpat directly to provide services for you, then your relevant Data Controller is likely to be that particular NetExpat entity which is providing those services to you, and this will typically be that NetExpat entity which is based in your current location and which processes your personal data and which is named in any relevant correspondence with you. 
3. Referred / Partners : If you normally deal with one of our business partners but have been referred to us to receive specific services at the request of that business partner, then that business partner may be your relevant Data Controller. In such case, this Policy may not apply to you and please refer, instead, to that business partner’s privacy policy. Even if this Policy does not directly apply to you, NetExpat, as a Data Processor, will process the personal data under the Data Controller’s sole instructions, and will take all steps necessary to preserve the security and the confidentiality of the personal data, and prevent their alteration, damage, or access by unauthorized persons.
4. Consultants : if you are providing consultancy services to NetExpat, then your relevant Data Controller is likely to be that particular NetExpat entity with whom you have concluded your consultancy agreement.

If you have any questions in regard to the above, please contact our DPO as indicated under section 1. The categories of personal data which can be processed while using our Services or while communicating with NetExpat can be divided in 3 basic categories: 

1. Information you give us
2. Information we get when you use our Services.
3. Information we get from third parties.

Here’s a little more detail on each of these categories.

1. Information you give us . This is information that you and/or your family give us by filling in forms on our website or other digital assets (such as our applications, tools, …) or by corresponding with us by phone, email or otherwise. This includes when you use our Services to inquire about, or use, any of our intercultural or spousal assistance services. The information may include without limitation your and /or your family’s name, address, e-mail address, phone number or other contact details, marital status, age, occupation, role/title/area of responsibilities, employment history, ... Unless explicitly authorized by NetExpat you commit not to share any sensitive data, as further defined.
   While we make every effort to ensure that your personal data is accurate, complete and up to date, you can help us considerably in this by promptly notifying us if there are any changes to your data by contacting our DPO as indicated under section 1.
2. Information we collect about you . We and our consultants might collect certain information by using automated means, such as cookies, when you interact with our mobile applications, or visit our website, pages or use other of our digital assets. This information may include your IP address, browser type, operating system, the full URLs, referring URLs and information on actions taken or interaction with our digital assets. We may use third-party web analytics services on our websites and other digital assets, to help us analyze how visitors use our website and other digital assets. For more details please see our Cookie Policy at www.netexpat.com.
3. Information we may receive from third parties. We are working closely with third parties (including, for example, your employer, business partners and consultants and may receive information about you from them). These third parties may be based outside of the EEA (for more information, see sections 5 and 7).

 
The processing of personal data identified under points (a) and (c) is necessary for the performance of the contract NetExpat has either with its Corporate Clients or Direct Consumers. NetExpat shall not be able to provide the Services in absence of the concerning personal data. The processing of personal data identified under point (b) is necessary for NetExpat’s legitimate interests in order to deliver and improve its Services.

Users can’t disclose personal data to NetExpat about another person unless this person has consented to this in accordance with this Privacy Policy.

NetExpat will not collect any sensitive data. This includes data such as: data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation from Users. NetExpat will, if necessary, obtain your explicit consent to collect such data.

Children under the age of 18 are not eligible for the Services and are therefore not allowed to submit their personal data to NetExpat. Children cannot consent to this Privacy Policy. In the event that a child receives Services from NetExpat, the processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child. The User undertakes to provide correct and up-to-date personal data to NetExpat. It will be entitled to change at all times its personal information by contacting our DPO as indicated under section 1. NetExpat cannot be held liable for any failure in its Services due to incorrect personal data provided by the User. 

3. Purpose of the processing

When acting as Data Controller, NetExpat will process these data for the following purposes:

• to provide you and/or your family with the Services (as applicable);
• to administer, operate, facilitate and manage your and/or your family’s relationship and/or account with us, and to otherwise, including contacting you or, if applicable, your designated representative(s) by post, telephone, email etc.;
• to provide you, or permit selected third parties to provide you, with information (such as relocation research), recommendations or advice concerning our offers, promotions, products and services, including those products and services which you request from us. If you are an existing customer (and save for where this is permitted under Applicable Data Protection Laws or where you have provided your consent to further marketing) we will only contact you by electronic means (email) with information about goods and services similar to those which were the subject of a previous sale or negotiation of a sale to you. If you are a new customer, and where we permit selected third parties to use personal information, we (or they) will contact you by electronic means only if you have consented to this, save for where this is otherwise permitted under Applicable Data Protection Laws.;
• to notify you about changes to the Services;
• to operate, evaluate and improve our business (including developing new products and services, troubleshooting, data analysis, testing and research and statistical and survey purposes); managing our communications; determining the effectiveness of and optimizing our advertising; analyzing our products, services, websites, mobile applications and any other digital assets; facilitating the functionality of our websites, mobile applications and any other digital assets; to ensure the content of our website is presented in the most effective manner for you and for your computer; and performing accounting, auditing and billing activities;
• as may be required by applicable laws and regulations or requested by any relevant judicial process or governmental agency; and
• to comply with industry standards and our policies.

4. Your rights

Under Applicable Data Protection Law, you may have certain rights regarding the personal data we maintain about you. We also offer you certain choices about what personal data we collect from you, how we use that data, and how we communicate with you.

You can choose not to provide personal data to us. You also may refrain from submitting data directly to us. However, if you do not provide your personal data when requested, or if you exercise your rights you and/or your family may not be able to benefit from the Services (as applicable), and we may not be able to provide you with information about Services.

To the extent provided by Applicable Data Protection Law, you may withdraw any consent you previously provided to us, or object at any time to the processing of your personal data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to our use or disclosure of your personal data will mean that you cannot take advantage of certain Services. In addition, you may have the right to: request access to and receive information about the personal data we maintain about you, receive copies of the personal data we maintain about you, update and correct inaccuracies in your personal data, object to the processing of your personal data, and have the information blocked, anonymized or deleted, as appropriate. You may also have a right to data portability, which implies that NetExpat can supply (at your request) your data to you and / or to a third party in a structured and machine-readable form.

To exercise these rights, please contact our DPO as indicated under section 1. 

The rights above are likely to apply to you if you are based in the EEA and may be limited in some circumstances by local law requirements including Applicable Data Protection Law. The rights can be exercised free of charge unless the requests are manifestly unfounded or excessive. In the latter cases, NetExpat can either charge a reasonable fee or refuse the requested action.

NetExpat will ensure that for its marketing activities it will comply with the applicable legislation (including the Applicable Data Protection Laws) and that it will obtain, where required, the necessary consents before the User receives any emails or other electronic communication from NetExpat or one of its partners. You can demand at any time to stop the sending of such information by clicking on the unsubscribe button in the received electronic communication.

5. Disclosure of personal data

Although NetExpat may transfer personal data to so-called business partners and consultants for the performance of the Services (as applicable) or any other contract we enter into with them or you, we will not share data with third parties for secondary or unrelated purposes unless otherwise stated when collecting these data.

If NetExpat gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes.

Where appropriate or required, NetExpat will be entitled to transmit personal data to law enforcement authorities, regulatory or other government agencies, or third parties where necessary or desirable to comply with legal or regulatory obligations or in the context of the above-mentioned purposes.

As the case may be, one or more of the above may be located outside of the EEA. Where applicable, your personal information will be processed in compliance with section 7.

6. Retention period

NetExpat does not store the data longer than legally admissible and in any case not longer than required for the purposes for which it was collected – as mentioned in section 3 – unless otherwise required or authorized by Applicable Data Protection Law. We take measures to destroy or permanently de-identify your personal data if required by law or if your personal data is no longer required for the purpose for which we collected it. 

7. International data transfers

NetExpat is active worldwide. To offer and perform our Services, we may need to transfer your personal data among several countries. The personal data that we collect from you may be transferred to, and stored at, a destination outside the EEA or Switzerland, including the United States of America. Those countries may not have the same data protection laws as the country in which you initially provided the information. It may also be processed by consultants or staff operating outside the EEA who work for us or for one of our business partners or subcontractors. This includes consultants or staff engaged in, among other things, providing you and/or your family with the Services (as applicable) and the provision of support services. We will take all steps reasonably necessary to ensure that your personal data is processed and treated securely and in accordance with this Privacy Policy and with the Applicable Data Protection Law. 

8. Security of data

The security of personal data is important to us. NetExpat shall take all reasonable and appropriate technical and organizational measures to protect the security, confidentiality and integrity of personal data. In particular, NetExpat will take appropriate measures to prevent any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or other digital assets, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not without any risks. The User consequently acknowledges that we cannot guarantee the security of her/his personal data to our website or other digital assets (such as our applications, tools, …); any transmission is at your own risk. We will however do our best to protect your personal data once we have received it and will use strict procedures and security features to try to prevent unauthorized access. 

* *

*