You, BASE and GDPR: together we protect your privacy

This privacy policy only applies to the personal data that we process as the data controller (refer to point 2B of this privacy policy).

It applies to the processing of the personal data of our customers (individual persons, self-employed persons and companies) in connection with our mobile telephony products and services, as well as to the personal data of the end users who - through their relationship with our customer (for example: family members, friends, visitors and employees) - make use of these BASE products and services.

Furthermore, this privacy policy also applies to personal data processed when you visit our offices or BASE Shops and websites, use our apps, participate in market research, surveys, competitions, campaigns or events, or use our products and services in any other way. The personal data of former customers and prospects is also handled and secured as carefully as possible, in accordance with this privacy policy.

By "processing personal data", we mean any processing of data that could be used to identify a natural person. You can read more about what exactly is meant by "data" in point 3 of this privacy policy. The term "processing" is very broad, and covers, among other aspects, the collection, recording, organizing, saving, updating, modifying, retrieving, consulting, using, distributing or making available of data in any way whatsoever, as well as putting together, combining, archiving, deleting or eventually destroying that data.

To make it absolutely clear: any processing of the personal data of business customers is only appropriate where the business customer is a natural person (self-employed), or, if the business customer is a legal entity (a company), the privacy policy only applies to the personal data of the natural persons that we process in the context of their relationship with the business customer (such as authorized persons, contact persons and/or end users). 

Telenet Group NV/SA (trading under the commercial name BASE), with registered office at Neerveldstraat 107, 1200 Brussels and registered with the Crossroads Bank for Enterprises under number 462.925.669 (hereinafter referred to as "BASE") is the data controller for your personal data. This means that BASE determines the purpose and the resources for the processing of your personal data. This does not alter the fact that you have a number of obligations in connection with the processing of personal data of the end users that you allow to use your BASE products and services (see point 2C of this privacy policy). 

If you, as BASE customer, allow end users (such as family members, friends, visitors and employees) to make use of the BASE products and services that fall under the application of this privacy policy, you will have the following responsibilities in this respect:

• you must adequately inform the end users that BASE will process their personal data as a result of their use of the BASE products and services;
• you must obtain all the legally required consents from the end users before their personal data is communicated to BASE for processing in connection with the BASE products and services that you allow them to use;
• you must adequately inform the end users about the applicability of this privacy policy, in particular with regard to the privacy rights and how they can be exercised (see point 8 of this privacy policy);
• you may not use the BASE products and services to collect personal data that is in conflict with the applicable privacy legislation, nor to unlawfully gain access to any personal data of the end users;
• you must obtain information from BASE about the security level of the BASE products and services and, at your own discretion and to the best of your ability, take appropriate technical and organizational measures to adequately protect the personal data against unauthorized or unlawful processing, or against unlawful or unintentional destruction, accidental loss, forgery, unauthorized distribution, damage, modification and unauthorized access or disclosure;
• you must take all reasonable measures to ensure the trustworthiness of the end users who have access to the personal data.
• you may not do, cause or permit anything that could in any way whatsoever result in any violation of the privacy legislation.

Through our BASE products and services, you can also use services provided by other parties, such as chat, websites from third parties, forums, Facebook, Twitter, news groups and/or apps. BASE has no control over the information you provide to such third parties, or how this is processed, and we also have no responsibility in this respect. It is up to you to handle this wisely, and to carefully read through the privacy policy of these third parties. 

We process the personal data that you give us yourself. This can be done by telephone (for example, when you call customer service with a question or if you wish to report a malfunction), in writing (for example, when you fill in an (online) order form, send us a text or email, register for a competition or download a BASE app), electronically (for example, when reading your e-ID when entering into a contract), or verbally (for example, in one of the BASE Shops).

We assign personal data to you for the use of our products and services (for example, an IMSI number, telephone number, customer number, login code(s) and passwords). In addition, our systems also register personal data that is generated during your use of our products and services (for example, data relating to calls, call numbers and transit volumes, location and time of calls), including use by end users. 

We purchase socio-demographic data and consumer information (for example, the composition of your family and information about your home) from specialized big-data companies (such as Bisnode) in order to tailor our services even better to your needs. Furthermore, we receive periodic overviews from the DNCM vzw of persons who are on the Don't-call-me-again list (see more on this under point 7 of this privacy policy). Through market research agencies (such as CheckMarket), we receive consumer preferences (the fact that you like to go to the movies, for example). Other examples of personal data that we obtain from third parties include, for example, creditworthiness analyzes of prospects, which we obtain from credit controllers, or data regarding your mobile usage abroad, which is passed on to us by other telecom operators to ensure that we can correctly bill you. The company that transfers your personal data is responsible for having the appropriate legal basis for processing personal data and for transferring it to us so that we can use it for our own purposes. We do, of course, ensure that these companies, as well as we, respect the guidelines of the privacy legislation.

We may also obtain personal data from affiliated companies within the Telenet Group (e.g. Liberty Global BV and Telenet Group NV/SA), for example to inform you about products and services of the entire Telenet Group. The transfer of personal data is in the legitimate interest of the Telenet Group and only takes place for purposes that are compatible with the purpose for which the personal data were originally collected. In this context, the companies within the Telenet Group qualify as separate data controllers, and the data processing agreements are laid down contractually between the respective companies.

In our systems, we specify different types of personal data, which can be combined with each other:

• User data: we distinguish between the personal data that could identify you as a user of our products and services (for example, your name and identification documents, such as a copy of the front of your identity card), the personal data that enables us to contact you (for example, your address, your email address and your telephone number), the personal data that indicates your personal characteristics (for example, your age and gender) or your living and consumption habits (for example, the composition of your family), or that relate to your billing and payment data (including the data related to your creditworthiness), and any other preferences that identify you through the settings on your BASE customer zone (for example, your opt-out for the processing of your traffic data for direct marketing, or your choice regarding inclusion in the telephone directory), through our customer service (for example, your language preference), or through our BASE Shops, social media, campaigns, websites and mobile applications, competitions, etc.;
• Technical data: we need this data in order to ensure the proper operation of our products and services. For example: the model and service number of your mobile phone, or the software version you use on one of our apps;
• Traffic data: we need this special technical data to handle your traffic by means of electronic communication networks, such as your number identification (CLI) for dial-up services, your IMSI number, MAC address and IP address;
• Location data: we can determine the location of your SIM card with this data. Location data indicates which transmitter mast or WiFi point your mobile device or tablet is connected to. We use this data for network planning and management, but also, for example, for passing on your location in the case of emergency calls, or in the context of a police or judicial investigation;
• Data about your use: the data we receive when you use our products and services. For example: the called (mobile) telephone numbers, the date, the time, the duration and the location of a call or Internet connection, or how you use our newsletters or websites. Among other things, we use this data in order to be able to correctly bill you as our customer, and to provide you with a better and more personalized experience. Information regarding the use of our websites and mobile apps is further explained in point 10 of this privacy policy.
  
• Cookies: we use cookies when you open our emails and/or when you visit our websites or mobile apps. Cookies are pieces of information that are stored on your own computer or mobile device and that are usually used to optimize the ease of use of websites and apps. For more information about cookies, please refer to the cookie policy.
  

As determined by law, we do not process sensitive data, such as data about your racial or ethnic origin, political opinions, sexual preferences and health.

Through various channels, such as competitions, promotions/campaigns, our websites/apps, and through the purchase of data from specialized big-data companies, we are able to collect personal data about persons who are not (yet) customers of BASE, with the intention of approaching these persons with the most relevant offer of BASE products and services. We thereby guarantee your right to information, and, as far as applicable, also contractually enforce this from the third parties who, with your consent where legally required, could collect your information (on our behalf) in this context. 

We process personal data for various purposes, but always only process the data that is necessary to achieve the intended goal.

For example, we use personal data when this is necessary:

• in the context of the preparation, execution or termination of our contract;
• in order to comply with the legal or regulatory provisions that are imposed on us; and/or
• to advance our legitimate interests, in which case we always aim for a balance between that interest and respect for your privacy, in particular when you are a minor (read more about this in point 7 of this privacy policy).

If the processing of your personal data is not necessary for one of these three reasons, we will always ask for your permission to process your personal data. 

We collect personal data for the following specific purposes:

• To process your application for our products and services.
  If you visit our website to collect and/or request information about our products and services, or if you sign up for our newsletter, for example, we will need your address information in any case. All information that we receive from you in this pre-contractual phase will only be used to provide you with the requested information, in the manner of your choice. If you ultimately decide to become a BASE customer, we will also ask you for some personal data that we will need in order to manage our contractual relationship, such as your name, address, telephone number, email address and a copy of the front of your identity card, and we will also assign data to you, such as your customer number and log-in data.
• To offer you the best possible service and to inform you about usage possibilities.
  We use your data to set up, maintain and support your products and services, as well as for our customer administration and dispute management. For example: we use your data to establish your connection and for the transmission of the communication through our network and that of other operators, to store text and voice messages, to store data relating to your location, to provide you with assistance in the event of technical (network) problems, to provide location-specific services if you have registered for this type of services with BASE or with a third party, or have given permission for them in advance in another manner, and to send out invoices/bills and process fault messages or complaints. We can also point out new functionalities to you in your mobile rate plan or in connection with our apps. We train our employees by recording certain telephone conversations with our customer service, and in this way continue to improve our service. If you wish to make use of certain data services, BASE may be required to specifically process certain personal information that is necessary in order to be able to provide the data services requested by you, and in order to ensure that you can obtain access to the requested data service.
• To optimize our network.
  We take care of the maintenance, planning and improvement of our network, such as the routing of traffic, troubleshooting, monitoring peaks and overloads. By analyzing the network usage, we receive essential information about the use and load of our network. We process your data for technical and statistical analyzes, and the outcomes are reported in an anonymized manner within BASE.
• To continue to improve our products and services.
  We can use the data about your use to assess and improve our offer. For example: we look at the type of hardware you use to optimize the use of our apps or to monitor the quality of your mobile telephony connection. This allows us to tailor our products and services even better to you.
• To inform you about (new) products and services that we and other companies within the Telenet Group provide.
  We can use your data to offer you (in writing, by telephone or electronically) new products, services or special promotions that we believe may be of interest to you. For example: when your bundle is almost used up, you may receive a text with the suggestion to switch to a new rate plan. It is also possible that we may approach you when you are no longer a BASE customer, up to 2 years after the end of our relationship.
• To combat fraud and violations.
  When you become a BASE customer, we will ask you for a copy of the front of your identity card, so that we can identify who you are and prevent identity theft. Depending on the BASE products and/or services you opt for, we will also check your creditworthiness. We carry out this check in order to prevent you from entering into obligations with us that you cannot financially support. We also want to avoid any invoices/bills from BASE remaining unpaid. In this respect, we can request information from internal and external databases, as already explained under point 3 of this privacy policy.
• To guarantee everyone's safety.
  You will also be filmed by our surveillance cameras in and around our offices and buildings. These images are only stored in the context of the safety of goods and persons, and to prevent abuse, fraud and other infringements of which our customers and ourselves could be the victim (we indicate the presence of cameras with pictograms that show our contact details).
• To monitor our performance.
  We can use your data and profile to assess our products and services. We do this on the basis of customer feedback about our services (for example, through market research), information that we obtain during our conversations with or interventions at our customers, customer inquiries, and the recording of calls to our customer service (this is announced at the beginning of the conversation).
• To comply with our legal obligations.
  In many cases, we have a legal obligation to keep certain personal information about you and/or communicate this to government agencies. In addition to general tax and accounting obligations, we have to report your location to the emergency services if you call 112, for example, (even if you have had your number display blocked), or to use your mobile telephone number and location data from the mobile network to send you texts at the request of the competent authorities in order to warn you in the event of imminent danger or a major disaster, and to retain your traffic data with regard to communication and connections for at least 12 months. In the context of a police or judicial investigation, we can be obliged to communicate certain information to the authorities in a confidential manner. At the request of the Ombudsman for Telecommunication, we also cooperate in combating malicious calls.
• To keep track of studies, tests and statistics for trend analyses and the like.
  We may use your data for internal and external reporting on the use of our services, for example. We use the information we obtain from these analyses to assess our current product and services portfolio and our processes, and to adjust them on the basis of new developments. Data that is reported externally is completely anonymized, which means that the data cannot be linked to a particular individual.

BASE does not make automatic decisions – on the basis of profiling or otherwise – that have legal consequences for you, or where such decisions affect you to a considerable extent, unless:

• this is necessary for entering into or implementing your agreement (for example, a creditworthiness check or the discontinuation of your BASE products or services in the case of non-payment);
• this is permitted by the legislation (for example, for tracing tax fraud); or
• if we have obtained your express permission for this.

In such situations, you will be informed in advance about the establishment of the automated decision, the fact that you have the right to demand human intervention, and the way in which you can challenge the decision. 

We work hard to protect your personal data and privacy, and this in our offices, our shops, on our network and in your home.

Our employees are trained to correctly deal with confidential information. Within the context of every project that involves the processing of personal data, an assessment with regard to the safety and protection of personal data is made first, whereby your interests are our first priority. Our information security policy, our security requirements and management standards are, in fact, fully based on the international ISO27002 standard. To guarantee the security of your data, we employ specific people who monitor compliance with the legislation and our ethical beliefs, as outlined in this privacy policy. We also employ specialized persons who are responsible for the security of our network, our infrastructure and our information systems. Furthermore, we deploy all kinds of technical measures to protect your personal data against unauthorized access, unauthorized use and the loss or theft of your data, such as: password protection, hard disk encryption software, firewalls, antivirus, intrusion and anomaly detection and access controls for our employees. Should a breach of data occur with adverse consequences for your personal data, you, as a customer, will be informed personally in the circumstances provided for by law.

The number of employees of our company that has access to your personal data is limited, and our employees are carefully selected. They are only granted access to your personal data to the extent that they need this information to carry out their duties properly.

Your personal communications are confidential. We can process metadata (i.e. data that is processed to technically enable the communication), but the existence and content of the personal communication that is transmitted via our network (for example: mobile telephone calls, emails and text messages) are protected by the provisions regarding the secrecy of telecommunications. The secrecy of telecommunications implies that BASE is not permitted to take cognizance of the existence or content of such communication, except in the cases listed by law. BASE has taken the necessary security measures and has given its employees adequate instructions to comply with telecommunication secrecy.

We do not sell personal data to third parties without your consent, and we don't pass it on to third parties, except:

• To our legal successors and other companies within the Telenet group.
  We pass on your personal data to our potential legal successors and affiliated companies within the Telenet Group (for example, Liberty Global BV and Telenet BVBA/SPRL) for the same purposes as those stated in this privacy policy, for example, to inform you of the products and services of the whole Telenet group. In case of non-payment, we can also pass on your payment habits in order to protect the legitimate interests of the Telenet group. In this context, the companies within the Telenet group qualify as separate data controllers, and the agreements regarding data processing are laid down contractually between the respective companies.
• This is necessary for our service provision.
  We make some of our databases accessible to third parties who work on our behalf, and who support us in the provision of our products and services. These third parties are, for example, our commercial agents, the independent technicians who maintain our network, and the (external) customer service staff who assist our customers on a daily basis. We also use a third party (Doccle) to manage our legal archives (e.g. for invoices). Your data is only passed on for the same purposes as those for which BASE processes your data itself, and is limited to the data that they need in order to carry out their work on our behalf. We ensure that they manage your data in a secure and respectful manner, with due care and diligence, as we do ourselves, and we provide adequate contractual guarantees in this respect.
• If there is a legal obligation.
  We refer to point 4 of this privacy policy in this connection.
• If there is a legitimate interest for BASE or for the third party involved.
  We will only pass on your personal data if your interest or your fundamental rights and freedoms do not carry more weight, and you will always be informed accordingly in a transparent manner (except for the exceptions stipulated by law). Your personal data may be passed on, for example, to credit controllers, debt recovery agencies and legal service providers, as well as to the partners we are working with in the context of a specific campaign (for example to a travel agency in the case of a BASE competition where you can win a city trip). Personal data is also passed on to other telecom operators to enable network interconnection (connection to electronic communication networks of other operators), as well as its administration (invoicing and settlement between operators).
  
• If you give us permission.
  If BASE were to pass on personal data to third parties in any other situation, this would be done with an explicit notification providing information about the third party, the reasons why your data will be passed on and how it will be processed. We will obtain your explicit consent where this is required by law. Example: depending on your choice when concluding the contract, your necessary subscription data will be passed on and included in the telephone directory and/or in the directory of the information service.

If personal data (with regard to the data transfers described in point 6A of this privacy policy) is processed outside of the European Union, we will ensure by means of contractual or other measures that this data has an adequate level of protection that is comparable to the level of protection it would have within the European Union, in accordance with the European legislation.

Some examples:

• Access to our customer database and mediation tools by external call centers (e.g. in Morocco for our French-speaking customers)
• The maintenance of specific software tools (that contain personal data) by external IT consultants (e.g. in India). 

We use anonymous, aggregated data for commercial purposes and for internal/external reporting. This data can never be linked to a specific natural person, for example: location reporting ("how many people were at a given time in a given place") for event organizations, supermarkets and cities/municipalities. BASE always guarantees that all these parties can never trace the data they receive from us back to an identifiable natural person. This transfer of anonymous data will only take place if you have not opted out as described in point 7A of this privacy policy.

Your personal data can be processed for the promotion of similar products and services offered by BASE, unless you oppose this ("opt-out") via the BASE customer zone, the BASE customer service, or the BASE Shops. The processing of your opt-out could take a little time (up to 72 hours).

As long as you are under the age of sixteen and call with a prepaid card, an opt-out is always automatically registered. Otherwise, BASE will always request the prior consent of your parent(s) or guardian, insofar as this is required by law.

Please note that everyone (including prospects) can always to use the following external unsubscription options:

• If you no longer wish to receive commercial phone calls: register yourself on the so-called Don't-call-me-again list (www.dncm.be). As co-founder of this service, BASE will take this into account, and this also applies if you already are one of our clients;
• If you no longer wish to receive commercial letters: register yourself on the so-called Robinson list (www.robinsonlist.be). As a member of the Belgian Direct Marketing Association, BASE will take this into account when approaching non-customers. If you, as a customer, also do not wish to receive advertising by post, please contact the BASE customer service or visit one of the BASE Shops.
• If you no longer wish to receive commercial texts: respond by sending "STOP" to the number that sent you the text;
• If you no longer wish to receive commercial emails: use the unsubscribe option in the email in question. In order to make email campaigns more efficient, we use software to identify whether our emails have been opened and which links were clicked;
• If you wish to unsubscribe from newsletters: indicate via the BASE customer zone which newsletters you no longer wish to receive. You can also unsubscribe from the newsletter by using the unsubscribe option in the newsletter in question.

We will only send commercial messages via texts and/or emails to website users who are not BASE customers after they have given their unambiguous consent to this.

Please note: the fact that you no longer wish to receive commercial information from us naturally does not prejudice our right to contact you electronically in the context of the implementation of your contract, or if we are required to do so by law.

Your right of access to the data

You have the right to know at any time from BASE whether or not we are processing your personal data, and, if we are processing your data, to view that data and receive additional information about:

• the processing goals;
• the categories of the personal data involved;
• the recipients or categories of recipients (in particular recipients in third countries);
• if possible, the retention period or, if this is not possible, the criteria for the determination of this period;
• the existence of your privacy rights;
• the right to submit a complaint to the supervisory authority;
• the information that we have about the source of the data if we obtain the personal data from a third party; and
• the existence of automated decision-making.

You also have the right to receive a free copy of the processed data in an understandable form. BASE may request a reasonable compensation to cover its administrative costs for any additional copy that you ask for.

Your right to the correction of personal data

You have the right to immediately have incomplete, incorrect, inappropriate or outdated data corrected.

In order to keep your data up-to-date, we in any case ask you to notify us of any changes, such as a move, a change of email address or the renewal of your identity card.

Your right to erasure ("right to be forgotten")

You have the right to have your personal data deleted without unreasonable delay in the following cases:

• your personal data is not longer necessary for the purposes for which it has been collected or otherwise processed by BASE;
• you withdraw your prior consent to the processing, and there is no other legal basis BASE can invoke for the (further) processing;
• you object to the processing of your personal data and there are no more weighty, legitimate reasons for the (further) processing by BASE;
• your personal data is processed in an unlawful manner;
• your personal data must be deleted in order to comply with a legal obligation;
• your personal data was collected when you were still underage.

Please note that we are not always able to comply with the request to delete all the personal data, for example when its processing is necessary for the lodging, exercising or substantiation of a legal claim, or because we are obliged to retain data on the mobile phone traffic of our customers for 12 months, as required by the judicial authorities and the State Security. We will provide you with more details on this in our reply to your request.

Your right to the restriction of processing

You have the right to obtain the restriction of the processing of your personal data if one of the following aspects applies:

• you dispute the accuracy of this personal data: the use will be restricted for a period that will enable BASE to verify the correctness of the data;
• your personal data is processed in an unlawful manner: instead of the deletion of your data, you request the restriction of its use;
• BASE no longer needs your data for the original processing purposes, but you require it for the lodging, exercising or substantiation of a legal claim: instead of the deletion of your data, its use is restricted to the lodging, exercising or substantiation of the legal claim;
• as long as no decision has been reached regarding the exercising of your right to oppose the processing, you request the restriction of the use of your personal data.

Your right to transferability of personal data ("data portability")

You have the right to "recover" your personal data, for example, in order to change your service provider more easily. This is only possible for the personal data you yourself have provided to BASE, based on consent or after agreement. In all other cases you will not be able to exercise this right (for example, if the processing of your data takes place on the basis of a legal obligation).

This right involves 2 aspects:

• you may ask BASE to return the personal data concerned to you in a structured, standard and machine-readable form; and
• you may ask BASE to directly transfer the personal data to another data controller. You will thereby be responsible for the correctness and security of the (email) address that you provide for the transfer. BASE has the right to refuse this if the transfer is not possible from a technical point of view.

Your right to oppose the processing of your personal data

You have the right to oppose the processing of your personal data on the basis of your special situation if the processing takes place in the context of a legitimate interest of BASE, or in the context of the general interest. BASE will discontinue the processing of your personal data unless BASE can demonstrate compelling and legitimate reasons for the processing that outweigh your reasons, or if the processing of the personal data relates to the lodging, exercising or substantiation of a legal claim (for example, the filing of a request at a court).

See point 7 of this privacy policy with regard to your right to objection in the context of direct marketing.

How can I exercise my privacy rights? Through the BASE customer zone (only for active BASE customers) and the BASE Shops. In order for you to exercise your privacy rights and to prevent any unauthorized disclosure of your personal data, we must verify your identity. If there is any doubt or ambiguity, we will first ask you for additional information (preferably a copy of the front of your identity card). The contact persons or authorized representatives of our business customers-legal entities who only purchase BASE products and services that are intended for large companies and organizations can exercise their privacy rights through the account manager of this business customer. If we cannot confirm your identity with certainty, we will not process your request.

Are there any costs associated with this? You can exercise your privacy rights free of charge, unless your request is manifestly unfounded or excessive, in particular if it is repetitive in nature. In accordance with the privacy legislation, we are at our discretion entitled, in such a case, (i) to charge you a reasonable fee (taking into account the administrative costs involved in providing you with the requested information or communication, as well as the costs associated with implementing the requested measures), or (ii) to refuse to comply with your request.

In what format will I receive a reply? If you submit your request electronically, the information will also be provided electronically, if this is possible and unless you request otherwise. In any case, we will provide you with a concise, transparent, understandable and easily accessible reply.

When will I receive a reply? We will respond to your request as soon as possible, and in any case within one month of the receipt of your request. Depending on the complexity of the requests and on the number of requests, this period could be extended by a further two months if necessary. If the response period is extended, we will notify you accordingly within one month of receipt of the request.

What happens if BASE does not comply with my request? In our reply, we will always inform you about the possibility to file a complaint with a supervisory authority, and to lodge an appeal with the court.

Point 11 of this privacy policy explains how you can contact us.

We are not permitted to retain personal data for longer than is necessary to achieve the goal for which we collect it. The retention period will therefore differ depending on the goal, and can sometimes be very short. For example, traffic data relating to calls and connections will never be retained for longer than 12 months, and your conversations with the BASE customer service that are recorded for training purposes are retained for up to 30 days. The retention period may sometimes be longer, for example in order to comply with our legal obligations (to meet our accounting and tax obligations, for example, we are obliged to retain your billing data for up to 7 years), or on the basis of a legal necessity to retain certain data (in particular your contract, invoices/bills and correspondence in connection with complaints in this respect) as proof in the case of disputes for up to 10 years after the termination of your contract. There is, of course, a restriction on the accessibility of such archived data.

After the applicable retention period(s) has (have) expired, the personal data will be deleted or anonymized.

Specific data of former customers can be used for a period of 2 years after termination of their contract to identify the former customer and to keep him/her informed of new BASE products and promotions, unless the customer has indicated that he/she does not agree with this according to the procedure specified under point 7A of this privacy policy.

If you visit our websites and use our apps, we will process the following personal data relating to you:

• Your IP address, the type and language of your browser, the software, type and brand of equipment that you use during the connection with our websites and apps, the time of your website visit or app use, as well as the web address from which you connected to our website, the pages you visit, the links you click on and any other actions you take on our websites and apps. We do this by means of cookies. You will find more information about the cookies we use and the choices you can make in this respect in our cookie policy.
• On some BASE websites and apps, we ask for additional personal information, such as your email address, name, address or a telephone number. When you make a purchase or subscribe to a paid service, we ask for additional personal information, such as your bank account number or the number of an identification card. In addition, you will sometimes be asked for your profile or demographic information, such as your zip code, age, gender, preferences, interests and favorites;
• We will ask for your username and password when you log in to your BASE customer zone. We will then identify your IP address and link it to your customer data. It's worth knowing that your log-in session will remain active for 15 minutes after you have signed off.
• If our apps make use of your location, we will provide you with information on this and the option of switching these location services on or off.

The personal data that we collect through our websites and apps is used for the following purposes:

• To enable us to provide you with our (web) services (placing orders online, for example) and to communicate with you (in connection with your charges, for example, or to send you a warning if phishing emails are circulating).
• To compile statistics and carry out analyzes with the aim of improving the quality of our websites and service provision. For example, if we are aware that many website users still call the customer service, even if a "help" article has been posted on the customer service page, we will learn from this and can improve our online services.
• To serve you better and at a more personal level, for example, by tailoring the advertising displayed on our websites and our offer of products and services to your personal preferences.
• To approach you with offers and information about other BASE products or services.

To exercise your privacy rights (such as requesting what data BASE has from you or wanting to see your data deleted) you can go to your BASE customer zone as a customer. If you do not have a BASE customer zone or are not a customer, we will be happy to help you in in our BASE Shops. More information about your privacy rights and the formalities for exercising your rights (e.g. verification of your identity) can be found in point 8 of this privacy policy.

If you wish to choose how you would like to receive our marketing (e.g. only by email), you can make use of the external unsubscribe options mentioned in point 7 of the privacy policy.

If you do no longer wish to receive any commercial communications, please exercise your opt-out via your BASE customer zone. If you do not have a BASE customer zone or are not a customer, we will be happy to help you in our BASE Shops.  More information can be found under point 7 of this privacy policy.

If you have a question about the processing of your personal data and you cannot find the answer in this privacy policy or in our our frequently asked questions, please contact us via your BASE customer zone. If you are not a BASE customer you can use this form. Always mention the word "Privacy" in the title.

Do you want to report a privacy incident? You can contact our Data Protection Officer ("DPO") using the contact form.

BASE may change this privacy policy from time to time, for example, in response to market developments and if BASE introduces new processing activities. We therefore invite you to always consult the most recent version of this policy on our website. It goes without saying that we will inform you in advance of any significant change in content via our websites or other commonly used communication channels, and will ask for your prior consent for our (new) processing activities when the law requires this.

Our general terms and conditions and the special terms and conditions that apply to specific BASE products and services will take precedence over this privacy policy in the case of contractions.

The Data Protection Authority is an independent body that ensures that your personal data are processed in accordance with the law. If you have a complaint regarding the processing of your personal data by Telenet or if you wish to initiate proceedings for mediation, you can contact the authority.