This privacy policy only applies to the personal data that we process as the data controller (refer to point 2B of this privacy policy).
It applies to the processing of the personal data of our customers (individual persons, self-employed persons and companies) in connection with our mobile telephony products and services, as well as to the personal data of the end users who - through their relationship with our customer (for example: family members, friends, visitors and employees) - make use of these BASE products and services.
Furthermore, this privacy policy also applies to personal data processed when you visit our offices or BASE Shops and websites, use our apps, participate in market research, surveys, competitions, campaigns or events, or use our products and services in any other way. The personal data of former customers and prospects is also handled and secured as carefully as possible, in accordance with this privacy policy.
By "processing personal data", we mean any processing of data that could be used to identify a natural person. You can read more about what exactly is meant by "data" in point 3 of this privacy policy. The term "processing" is very broad, and covers, among other aspects, the collection, recording, organizing, saving, updating, modifying, retrieving, consulting, using, distributing or making available of data in any way whatsoever, as well as putting together, combining, archiving, deleting or eventually destroying that data.
To make it absolutely clear: any processing of the personal data of business customers is only appropriate where the business customer is a natural person (self-employed), or, if the business customer is a legal entity (a company), the privacy policy only applies to the personal data of the natural persons that we process in the context of their relationship with the business customer (such as authorized persons, contact persons and/or end users).
Telenet Group NV/SA (trading under the commercial name BASE), with registered office at Liersesteenweg 4, 2800 Mechelen and registered with the Crossroads Bank for Enterprises under number 462.925.669 (hereinafter referred to as "BASE") is the data controller for your personal data. This means that BASE determines the purpose and the resources for the processing of your personal data. This does not alter the fact that you have a number of obligations in connection with the processing of personal data of the end users that you allow to use your BASE products and services (see point 2C of this privacy policy).
If you, as BASE customer, allow end users (such as family members, friends, visitors and employees) to make use of the BASE products and services that fall under the application of this privacy policy, you will have the following responsibilities in this respect:
Through our BASE products and services, you can also use services provided by other parties, such as chat, websites from third parties, forums, Facebook, Twitter, news groups and/or apps. BASE has no control over the information you provide to such third parties, or how this is processed, and we also have no responsibility in this respect. It is up to you to handle this wisely, and to carefully read through the privacy policy of these third parties.
We process the personal data that you give us yourself. This can be done by telephone (for example, when you call customer service with a question or if you wish to report a malfunction), in writing (for example, when you fill in an (online) order form, send us a text or email, register for a competition or download a BASE app), electronically (for example, when reading your e-ID when entering into a contract), or verbally (for example, in one of the BASE Shops).
We assign personal data to you for the use of our products and services (for example, an IMSI number, telephone number, customer number, login code(s) and passwords). In addition, our systems also register personal data that is generated during your use of our products and services (for example, data relating to calls, call numbers and transit volumes, location and time of calls), including use by end users.
We purchase socio-demographic data and consumer information (for example, the composition of your family and information about your home) from specialized big-data companies (such as Bisnode) in order to tailor our services even better to your needs. Furthermore, we receive periodic overviews from the DNCM vzw of persons who are on the Don't-call-me-again list (see more on this under point 7 of this privacy policy). Through market research agencies (such as CheckMarket), we receive consumer preferences (the fact that you like to go to the movies, for example). Other examples of personal data that we obtain from third parties include, for example, creditworthiness analyzes of prospects, which we obtain from credit controllers, or data regarding your mobile usage abroad, which is passed on to us by other telecom operators to ensure that we can correctly bill you. The company that transfers your personal data is responsible for having the appropriate legal basis for processing personal data and for transferring it to us so that we can use it for our own purposes. We do, of course, ensure that these companies, as well as we, respect the guidelines of the privacy legislation.
We may also obtain personal data from affiliated companies within the Telenet Group (e.g. Liberty Global BV and Telenet Group NV/SA), for example to inform you about products and services of the entire Telenet Group. The transfer of personal data is in the legitimate interest of the Telenet Group and only takes place for purposes that are compatible with the purpose for which the personal data were originally collected. In this context, the companies within the Telenet Group qualify as separate data controllers, and the data processing agreements are laid down contractually between the respective companies.
In our systems, we specify different types of personal data, which can be combined with each other:
As determined by law, we do not process sensitive data, such as data about your racial or ethnic origin, political opinions, sexual preferences and health.
Through various channels, such as competitions, promotions/campaigns, our websites/apps, and through the purchase of data from specialized big-data companies, we are able to collect personal data about persons who are not (yet) customers of BASE, with the intention of approaching these persons with the most relevant offer of BASE products and services. We thereby guarantee your right to information, and, as far as applicable, also contractually enforce this from the third parties who, with your consent where legally required, could collect your information (on our behalf) in this context.
We process personal data for various purposes, but always only process the data that is necessary to achieve the intended goal.
For example, we use personal data when this is necessary:
If the processing of your personal data is not necessary for one of these three reasons, we will always ask for your permission to process your personal data.
We collect personal data for the following specific purposes:
BASE does not make automatic decisions – on the basis of profiling or otherwise – that have legal consequences for you, or where such decisions affect you to a considerable extent, unless:
In such situations, you will be informed in advance about the establishment of the automated decision, the fact that you have the right to demand human intervention, and the way in which you can challenge the decision.
We work hard to protect your personal data and privacy, and this in our offices, our shops, on our network and in your home.
Our employees are trained to correctly deal with confidential information. Within the context of every project that involves the processing of personal data, an assessment with regard to the safety and protection of personal data is made first, whereby your interests are our first priority. Our information security policy, our security requirements and management standards are, in fact, fully based on the international ISO27002 standard. To guarantee the security of your data, we employ specific people who monitor compliance with the legislation and our ethical beliefs, as outlined in this privacy policy. We also employ specialized persons who are responsible for the security of our network, our infrastructure and our information systems. Furthermore, we deploy all kinds of technical measures to protect your personal data against unauthorized access, unauthorized use and the loss or theft of your data, such as: password protection, hard disk encryption software, firewalls, antivirus, intrusion and anomaly detection and access controls for our employees. Should a breach of data occur with adverse consequences for your personal data, you, as a customer, will be informed personally in the circumstances provided for by law.
The number of employees of our company that has access to your personal data is limited, and our employees are carefully selected. They are only granted access to your personal data to the extent that they need this information to carry out their duties properly.
Your personal communications are confidential. We can process metadata (i.e. data that is processed to technically enable the communication), but the existence and content of the personal communication that is transmitted via our network (for example: mobile telephone calls, emails and text messages) are protected by the provisions regarding the secrecy of telecommunications. The secrecy of telecommunications implies that BASE is not permitted to take cognizance of the existence or content of such communication, except in the cases listed by law. BASE has taken the necessary security measures and has given its employees adequate instructions to comply with telecommunication secrecy.
We do not sell personal data to third parties without your consent, and we don't pass it on to third parties, except:
If personal data (with regard to the data transfers described in point 6A of this privacy policy) is processed outside of the European Union, we will ensure by means of contractual or other measures that this data has an adequate level of protection that is comparable to the level of protection it would have within the European Union, in accordance with the European legislation.
Some examples:
We use anonymous, aggregated data for commercial purposes and for internal/external reporting. This data can never be linked to a specific natural person, for example: location reporting ("how many people were at a given time in a given place") for event organizations, supermarkets and cities/municipalities. BASE always guarantees that all these parties can never trace the data they receive from us back to an identifiable natural person. This transfer of anonymous data will only take place if you have not opted out as described in point 7A of this privacy policy.
Your personal data can be processed for the promotion of similar products and services offered by BASE, unless you oppose this ("opt-out") via the BASE customer zone, the BASE customer service, or the BASE Shops. The processing of your opt-out could take a little time (up to 72 hours).
As long as you are under the age of sixteen and call with a prepaid card, an opt-out is always automatically registered. Otherwise, BASE will always request the prior consent of your parent(s) or guardian, insofar as this is required by law.
Please note that everyone (including prospects) can always to use the following external unsubscription options:
We will only send commercial messages via texts and/or emails to website users who are not BASE customers after they have given their unambiguous consent to this.
Please note: the fact that you no longer wish to receive commercial information from us naturally does not prejudice our right to contact you electronically in the context of the implementation of your contract, or if we are required to do so by law.
Your right of access to the data
You have the right to know at any time from BASE whether or not we are processing your personal data, and, if we are processing your data, to view that data and receive additional information about:
You also have the right to receive a free copy of the processed data in an understandable form. BASE may request a reasonable compensation to cover its administrative costs for any additional copy that you ask for.
Your right to the correction of personal data
You have the right to immediately have incomplete, incorrect, inappropriate or outdated data corrected.
In order to keep your data up-to-date, we in any case ask you to notify us of any changes, such as a move, a change of email address or the renewal of your identity card.
Your right to erasure ("right to be forgotten")
You have the right to have your personal data deleted without unreasonable delay in the following cases:
Please note that we are not always able to comply with the request to delete all the personal data, for example when its processing is necessary for the lodging, exercising or substantiation of a legal claim, or because we are obliged to retain data on the mobile phone traffic of our customers for 12 months, as required by the judicial authorities and the State Security. We will provide you with more details on this in our reply to your request.
Your right to the restriction of processing
You have the right to obtain the restriction of the processing of your personal data if one of the following aspects applies:
Your right to transferability of personal data ("data portability")
You have the right to "recover" your personal data, for example, in order to change your service provider more easily. This is only possible for the personal data you yourself have provided to BASE, based on consent or after agreement. In all other cases you will not be able to exercise this right (for example, if the processing of your data takes place on the basis of a legal obligation).
This right involves 2 aspects:
Your right to oppose the processing of your personal data
You have the right to oppose the processing of your personal data on the basis of your special situation if the processing takes place in the context of a legitimate interest of BASE, or in the context of the general interest. BASE will discontinue the processing of your personal data unless BASE can demonstrate compelling and legitimate reasons for the processing that outweigh your reasons, or if the processing of the personal data relates to the lodging, exercising or substantiation of a legal claim (for example, the filing of a request at a court).
See point 7 of this privacy policy with regard to your right to objection in the context of direct marketing.
How can I exercise my privacy rights? Through the BASE customer zone (only for active BASE customers) and the BASE Shops. In order for you to exercise your privacy rights and to prevent any unauthorized disclosure of your personal data, we must verify your identity. If there is any doubt or ambiguity, we will first ask you for additional information (preferably a copy of the front of your identity card). The contact persons or authorized representatives of our business customers-legal entities who only purchase BASE products and services that are intended for large companies and organizations can exercise their privacy rights through the account manager of this business customer. If we cannot confirm your identity with certainty, we will not process your request.
Are there any costs associated with this? You can exercise your privacy rights free of charge, unless your request is manifestly unfounded or excessive, in particular if it is repetitive in nature. In accordance with the privacy legislation, we are at our discretion entitled, in such a case, (i) to charge you a reasonable fee (taking into account the administrative costs involved in providing you with the requested information or communication, as well as the costs associated with implementing the requested measures), or (ii) to refuse to comply with your request.
In what format will I receive a reply? If you submit your request electronically, the information will also be provided electronically, if this is possible and unless you request otherwise. In any case, we will provide you with a concise, transparent, understandable and easily accessible reply.
When will I receive a reply? We will respond to your request as soon as possible, and in any case within one month of the receipt of your request. Depending on the complexity of the requests and on the number of requests, this period could be extended by a further two months if necessary. If the response period is extended, we will notify you accordingly within one month of receipt of the request.
What happens if BASE does not comply with my request? In our reply, we will always inform you about the possibility to file a complaint with a supervisory authority, and to lodge an appeal with the court.
Point 11 of this privacy policy explains how you can contact us.
We are not permitted to retain personal data for longer than is necessary to achieve the goal for which we collect it. The retention period will therefore differ depending on the goal, and can sometimes be very short. For example, traffic data relating to calls and connections will never be retained for longer than 12 months, and your conversations with the BASE customer service that are recorded for training purposes are retained for up to 30 days. The retention period may sometimes be longer, for example in order to comply with our legal obligations (to meet our accounting and tax obligations, for example, we are obliged to retain your billing data for up to 7 years), or on the basis of a legal necessity to retain certain data (in particular your contract, invoices/bills and correspondence in connection with complaints in this respect) as proof in the case of disputes for up to 10 years after the termination of your contract. There is, of course, a restriction on the accessibility of such archived data.
After the applicable retention period(s) has (have) expired, the personal data will be deleted or anonymized.
Specific data of former customers can be used for a period of 2 years after termination of their contract to identify the former customer and to keep him/her informed of new BASE products and promotions, unless the customer has indicated that he/she does not agree with this according to the procedure specified under point 7A of this privacy policy.
If you visit our websites and use our apps, we will process the following personal data relating to you:
The personal data that we collect through our websites and apps is used for the following purposes:
To exercise your privacy rights (such as requesting what data BASE has from you or wanting to see your data deleted) you can go to your BASE customer zone as a customer. If you do not have a BASE customer zone or are not a customer, we will be happy to help you in in our BASE Shops. More information about your privacy rights and the formalities for exercising your rights (e.g. verification of your identity) can be found in point 8 of this privacy policy.
If you wish to choose how you would like to receive our marketing (e.g. only by email), you can make use of the external unsubscribe options mentioned in point 7 of the privacy policy.
If you do no longer wish to receive any commercial communications, please exercise your opt-out via your BASE customer zone. If you do not have a BASE customer zone or are not a customer, we will be happy to help you in our BASE Shops. More information can be found under point 7 of this privacy policy.
If you have a question about the processing of your personal data and you cannot find the answer in this privacy policy or in our our frequently asked questions, please contact us via your BASE customer zone. If you are not a BASE customer you can use this form. Always mention the word "Privacy" in the title.
Do you want to report a privacy incident? You can contact our Data Protection Officer ("DPO") using the contact form.
You can also send your question, complaint or request by letter for the attention of the Data Protection Officer ('DPO'):
Telenet Group NV
Liersesteenweg 4
2800 Mechelen
BASE may change this privacy policy from time to time, for example, in response to market developments and if BASE introduces new processing activities. We therefore invite you to always consult the most recent version of this policy on our website. It goes without saying that we will inform you in advance of any significant change in content via our websites or other commonly used communication channels, and will ask for your prior consent for our (new) processing activities when the law requires this.
Our general terms and conditions and the special terms and conditions that apply to specific BASE products and services will take precedence over this privacy policy in the case of contractions.
The Data Protection Authority is an independent body that ensures that your personal data are processed in accordance with the law. If you have a complaint regarding the processing of your personal data by Telenet or if you wish to initiate proceedings for mediation, you can contact the authority.