Privacy Policy
Last updated November 16, 2023
Whitney Eston
Your privacy is very important to us. Our aim is to process Personal Information in a manner that is lawful, fair, and transparent. In this Privacy Policy, we explain what information we gather about you, what we use that information, and to who we give that information. It also sets out your rights in relation to your information and who you can contact for more information or queries.
This Privacy Policy sets out how we will collect, handle, store, and protect information about you when (i) providing services to you or our clients, (ii) you use our website https://www.whitneyeston.com (the “Site”), or (iii) performing any other activities that form part of the operation of our business.
This Privacy Policy also contains information about when we share your Personal Information with other third parties (for example, our service providers).
We recommend that you read this Privacy Policy carefully so that you know the purposes for which we may use your Personal Information.
What is Personal Information?
Personal Information is any kind of information that can be directly or indirectly attributed to you. Examples of Personal Information are names, addresses, e-mail addresses, telephone numbers, usage history, and IP addresses…; so can be other types of information you provide us with when you use our services or visit our Site.
Who is responsible for processing your Personal Information?
Whitney Eston, a company incorporated under the laws of Belgium, bearing the company number 0729.642.413, with a registered address at 2970 Schilde, Turnhoutsebaan 327 Bus 1 is responsible for the processing of your Personal Information in accordance with the applicable laws concerning the protection of your privacy.
Which Personal Information may we collect?
In the course of (i) providing services to you or our clients, (ii) our marketing and recruiting campaigns/events, and (iii) performing due diligence checks in connection with our services (or discussing possible services we might provide), we will collect or obtain Personal Information about you. We may also collect Personal Information from you when you use our Site.
We may collect or obtain such data because (i) you give it to us (for example in a form on our Site), (ii) other people give that data to us (for example your employer or advisor, or third-party service providers that we use to help operate our business), (iii) it is publicly available, or (iv) we observe or infer that data about you from the way you interact with us or others (for example, to improve your experience when you use our Site and ensure that it is functioning effectively, we may use Cookies, Log Files, Web beacons, Tags and Pixels which may collect Personal Information as described under the section “Device Information”).
User/Client Information
We may collect the following information about you, which we refer to as “User/Client Information” :
- basic information: name, age, date of birth;
- contact information: e-mail address, telephone number, home address;
- country of residence;
- gender;
- lifestyle and social circumstances;
- family circumstances;
- employment and education details;
- financial and tax-related information;
- complaint details;
- details of how you use our services;
- details of how you like to interact with us and other similar information; and
- any other information which you may provide to us.
The information we collect may also include so-called “sensitive” or “special categories” of information, such as :
- information on your dietary requirements (for example, when we would like to provide you with lunch during a meeting);
- your health details (for example, this allows us to make reasonable accommodations for you in our buildings, products, and services);
- your sexual orientation (for example, if you provide us with details of your spouse or partner); and
- a copy of your ID card (for example, for anti-money laundering purposes).
Device Information
When you visit or use our Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. When you access our Site through a mobile device, we automatically collect certain information about your device, including the type of mobile device you use, the mobile device's unique ID, IP Address, operating system, type of mobile internet browser, and some of the cookies that are installed on your device. Additionally, as you browse our Site, we collect information about the individual web pages or services that you view, what websites or search terms referred you to our Site, and information on how you interact with our Site. We refer to this automatically-collected information as “Device Information”. We collect Device Information using the following technologies :
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit https://www.allaboutcookies.org. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
- “Log files” track actions occurring on our Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons” “tags” and “pixels” are electronic files used to record information about how you browse our Site.
Additionally, when you use our Services through our Site, we might collect certain information from you, including your name, residency, nationality, billing address, and payment information. We refer to this information as “Service Information”.
When we talk about “Personal Information” in this Privacy Policy, we are talking about Meer/Client Information, Device Information, and Service Information.
The types of Personal Information and special categories of Personal Information that we collect may vary depending on the nature of the services that we provide to you or our client, or how you use our Site. In some rare circumstances, we might also gather other special categories of Personal Information about you because you volunteer that information to us or we are required to gather such Personal Information as a result of legal requirements imposed on us.
Children’s Privacy
Our Site and our services do not address anyone under the age of 18 (“children”). We do not knowingly collect Personal Information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided us with Personal Information, please contact us in accordance with the “contact us” section below. If we become aware of the fact that we have collected Personal Information from children, we take steps to remove that Personal Information from our servers.
How we may use your Personal Information?
We use the Personal Information that we collect to provide you or our client with the requested services. As part of this, we may also use your Personal Information in the course of correspondence relating to our services or any changes to our services. Such correspondence may be with (i) you, (ii) our client, (iii) our service providers, or (iv) the competent authorities. We may also use your Personal Information for recruiting and marketing purposes, as well as to conduct due diligence checks relating to our services.
We may also use your Personal Information to or in connection with :
- applicable legal or regulatory requirements;
- requests and communications from competent authorities;
- administrative purposes;
- Financial accounting, invoicing, and risk analysis purposes;
- Relationship management, which may involve :
- re-contacting you if we have not heard from you in a while;
- allowing you to participate in interactive features of our services;
- providing you with information or advertisement relating to our own and our partner’s services (when in line with the preferences you have shared with us);
- permitting you to participate in social sharing, including social media feeds;
- manage and respond to any request you submit through our Site;
- provide customer care and support;
- provide analysis or valuable information to improve our services and our Site;
- tailor the content of our Site to provide you with a more personalized experience;
- detect, prevent and address technical issues;
- screen our services for potential risk or fraud;
- services we receive from our professional advisors, such as lawyers, accountants, and consultants; and
- protecting our rights and those of our clients.
In all the above cases, we give you the opportunity to decline our offers and requests at any time. In specific cases, for example, in case you are not yet a client, we will make sure to obtain your prior consent, if needed, before sending you communication materials or other marketing requests.
When can we process your Personal Information?
We are not allowed to collect, process, use or store Personal Information without a valid lawful basis. Lawfulness may be derived from the following basis :
Consent - When you give us your consent, we will process your Personal Information for the specific purpose you have consented to. This basis is for example used when you request us to send you one of our newsletters or any other (marketing) materials.
Contract - When making services available to you we will process your Personal Information necessary for the fulfillment of a contract with you and to fulfill any obligations derived from that contract.
Legitimate Interest - We may process your Personal Information when necessary for our legitimate interests and when these interests do not outweigh your own rights and interests. This covers processing for purposes such as our service support, delivering, improving or developing our services, exercising, establishing or defending legal claims, and security purposes including fraud prevention.
Legal requirement - Whenever the processing of your Personal Information is necessary for us to fulfill our legal obligations of the country of operation (for example, keeping records for regulatory or tax purposes, providing information to a public body or law enforcement agency
To the extent that we process any sensitive Personal Information relating to you for any of the purposes outlined above, we will do so because either (i) you have given us your explicit consent to process that Personal Information, (ii) we are required by law to process that Personal Information in order to ensure we meet our “know your client” and “anti-money laundering” obligations (or other legal obligations imposed on us), (iii) the processing is necessary to carry out our obligations under employment, social security or social protection law, (iv) the processing is necessary for the establishment, exercise or defense of legal claims, or (v) you have made the information public.
For each specific purpose of processing of Personal Information, we will inform you on request about which of the above lawful bases will apply.
Who do we share your Personal Information with?
We do not sell, trade, or otherwise transfer to outside parties your Personal Information unless we provide users with advance notice and obtain their consent. This does not include website hosting partners and other parties who assist us in operating the Site, conducting our business, or serving our users/clients. In addition, we may use third-party service providers to monitor and analyze the use of our services. These third parties may have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purposes.
We may also release Personal Information, within the given legal boundaries, when its release is appropriate to enforce our policies or protect our or others’ rights, property, or safety. Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful requests for information we receive, or to otherwise protect our rights.
Non-personally identifiable information may, within the given legal boundaries, be provided to third parties for data analytics, research, submission, marketing, advertising, or other uses. We will not disclose such information to third parties if we have received and processed a request from you not to do so. To submit such a request, please contact us in accordance with the “contact us” section below.
We reserve the right to transfer any Personal Information we have about you in the event that we merge with or are acquired by a third party, undergo other business transactions such as a reorganization, or should any such transaction be proposed.
Whenever necessary to fulfill the intended processing purpose we may share your Personal Information with companies that act as so-called personal data processors. A personal data processor is a company that processes the information on our behalf and according to our instructions. We make sure all personal data processors can provide adequate guarantees regarding the security and confidentiality of your Personal Information. We make sure that we have agreements with all personal data processors through which they guarantee the security of your Personal Information.
We may also share your Personal Information with companies that are independently responsible for data processing. This means that we are not in control of how the information provided to the company is to be processed. For example, when you engage with us on social media platforms, such as Facebook, Twitter, and Instagram, all text messages and pictures are shared with us and the named platform provider. You do this according to the platform's terms of use and privacy policy to which you have agreed when you signed up as a user. When your Personal Information is shared with a company that is independently responsible for Personal Information, that company's privacy policy and data management apply.
Where do we process your Personal Information?
The Personal Information that we collect from you is normally processed in your country or within a country of the European Union or the European Economic Area (“EU/EEA”) but may also, whenever necessary, be transferred to and processed in a country outside of the EU/EEA to support our global operations. Any such transfer of your Personal Information will be carried out in compliance with applicable laws and without undermining your statutory rights. We will ensure that relevant safeguards are in place to ensure adequate protection for your Personal Information (for example, by entering into standard contractual clauses with the recipients of your Personal Information).
What’s our policy concerning third-party sites and integrations?
Our Site and the services provided within it may contain links to other sites that are not operated by us. If you click on a third-party link, you will be redirected to that third-party’s site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
How do we protect your Personal Information?
We use a range of measures to ensure that we keep your Personal Information secure, accurate, and up-to-date. These measures include :
- education and training to relevant staff to ensure they are aware of our privacy obligations when handling Personal Information;
- administrative and technical controls to restrict access to Personal Information on a “need-to-know” basis;
- technological security measures, including firewalls, encryption, and anti-virus software; and
- physical security measures (if applicable).
Although we use appropriate security measures once we have received your Personal Information to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your Personal Information, no (digital) system or network can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “contact us” section below.
How long may we keep your information?
Your Personal Information will be retained for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted for legal, auditing, or compliance purposes. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
What are your rights?
When it comes to your rights, we want to make sure you have everything you need to make informed decisions. You have the right to (i) obtain confirmation that we are processing your Personal Information, (ii) know how your Personal Information is used, (iii) access, request, and receive the Personal Information we have collected in a structured, commonly used and machine-readable format, (iv) request that we correct, update or delete your Personal Information or restrict the way in which we use such Personal Information, (v) object to our processing of your Personal Information, and (vi) consent to our processing of your Personal Information at any time (to the extent such processing is based on consent).
To submit such a request, please contact us in accordance with the “contact us” section below.
Contact us
For more information about our privacy practices, if you have questions, if you would like to exercise any of your rights, or if you would like to make a complaint, please contact us by email at [email protected]. In case of reasonable doubt as to your identity, we may need proof of who you are in order to answer your request. Please note that your rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.
Please note that email communications are not always secure, so please do not include unnecessary sensitive information in any emails
Changes to this Privacy Policy
We may modify or amend this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. To let you know when we make changes to this Privacy Policy, we will amend the revision date at the top of this page. The modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to periodically review this Privacy Policy to be informed about how we are protecting your Personal Information.
Right to complain to a supervisory authority
If you have complaints about the way we process and protect your Personal Information and privacy, you have the right to make a complaint to the Belgian Data Protection Authority or any other competent Data Protection Authority in your country of residence.