Privacy statement

You may not always be fully aware of it but using our website implies disclosing some personal data. According to the legal definition, personal data is every data that allows the identification of a natural person. The collection and processing of personal data is governed by strict conditions, enforced by the law. The most important law applicable is the Belgian Act of 8 December 1992 on Privacy Protection in relation to the Processing of Personal Data (‘Privacy Act’).

Your privacy is very important to us; we want to be very clear and transparent about this. This is why we have designed this Privacy Policy. We assume that while using the website and its services, the User has taken notice of this Privacy Policy and agreed to the collection and processing of personal information that are in accordance thereto.

Our Privacy Policy may be subject to future amendment or modification. Any such change will be clearly indicated in the Privacy Policy. It is your responsibility as a User to examine and take notification of any change made to this document; this should be done on a regular basis. Any change we deem substantial enough will besides be clearly communicated to you.


1. Who is responsible for the data processing?

The Privacy Act draws a distinction between the ‘data controller’ and the ‘data processor’. This distinction is extremely important to avoid some ambiguity about responsibilities.


1.1. Data controller

The ‘data controller’ is every natural person and/or legal entity which alone or jointly with others determines the purposes and the (legal and technical) means of the processing of personal data.
The data controller behind our website is:
Flagstone bvba (Further on referred to as “Flagstone”)
Stedestraat 51
B-8530 Harelbeke
Ondernemingsnummer (BTW-BE) 0635.607.445.


1.2. Data processor

The ‘data processor’ is the natural or legal person that processes personal data on behalf of the controller. He is responsible for the proper technical operation of the website (data transmission). Persons who, under the direct authority of the data controller or the data processor, are authorised to process the data should not be regarded as processors (e.g. employees or similar personnel).
The data controller has of course carefully selected the processor. We’ve chosen a processor providing all the adequate guarantees in respect of technical and organizational security measures governing the processing to be carried out. The selected processor satisfies at the same time all the other requirements of Article 16, § 1 Privacy Act.
The controller is not responsible for any loss or corruption of personal data, identity theft, data theft, viruses or Trojans, SQL injections or other attacks on computer systems or online cloud-portals. The processor has gained professional expertise in this domain and decides therefore in an autonomous way about the application that is best suitable to process the data. It’s not possible to expect the same professional expertise from the data controller.


2. To which ends will my personal data be used?

We collect and process your personal information for one overarching goal, i.e. to offer you a safe, comfortable and personalized experience each time you visit the website. Dependant on whether the User makes intensive use of the website or relies on certain services, the collection of personal data may be more extensive.
The information we collect about you is primarily processed to help us ensure the proper technical functioning of our website and the related services. Your personal data will only be processed for the following (internal) purposes:

  • To provide and improve our (standard and customized) services, including billing and invoicing, offering information, newsletters and useful or necessary offers, collecting and processing users’ feedback, as well as providing support.
  • To detect and offer protection against all fraud, errors and criminal behaviours on the website.

We will never transfer any of your personal data to any third party for external analysis without having conducted a prior anonymization.
By using our website and its functionalities, you give your explicit consent to the processing of your personal data by Flagstone. If any personal data from third parties is processed, Flagstone explicitly states that this processing is necessary for the performance of a contract to which this person is party or in order to take steps at the request of this person prior to entering into a contract.
Given the fact that technology and innovation cannot be controlled, it is impossible to know what our future website and services will be like. This is why it is important to understand that a given consent will also apply to the use of personal data in the context of the development of new services or functions, as far as such use lays within the original purposes of our website.

  • 2.1. Website registration.
    Each User may subscribe at our website in order to receive more information about Flagstone’s activities. We collect all the data necessary to provide you with a personalized information (e.g. sex, age, demographic content, but also essential contact data such as address, e-mail address, phone- and fax number). The user will always have the final decision as to the quality and quantity of personal information that is disclosed.
    We will never collect sensitive information, such as data concerning race, political opinions, health, religion, sexual orientation or other similar information.
  • 2.2. Proper technical functioning.
    We furthermore collect and process personal data to guarantee the proper technical functioning of our website. Our website uses several means to optimize the user experience and detect possible (technical) issues. These means include:
    • Cookies: this information allows us to recognize the user and to make an efficient use of our website’s functionalities such as stay logged in, display personalized ads, etc.
    • Log-information: information such as the IP-address and other data related to telecommunication.
    • Information concerning the device that is being used to visit the website, such as hardware-, software- and network information.
    • Local storage information.

The website also collects anonymous user navigation data

  • 2.3. Location data
    Analytical data of Flagstone do indeed show location data. Based on these data, it is possible to display a probable location on a map. But these indications (based on IP-addresses) are not accurate at all, and thus largely inadequate to trace down the exact location of a user.
    This means we will not use this location data to identify you, but only to guarantee the proper technical functioning of our website.



3. Will my data be used outside the e.U. (or even transferred to third parties)?

Personal data are primarily processed for Flagstone’s internal purposes. This is why we can assure you that your personal data will not be sold, rent or otherwise transferred to any third party related to us, unless:

  • The user gives his explicit consent;
  • Such transfer is necessary for the execution of the agreement. This will be the case with employees, agents, subcontractors, suppliers, commercial partners, marketing services, etc.;
  • Such transfer is required for the conclusion or execution of an agreement between the data controller and a third party, which us in the interests of the user (e.g. in case of fraud);
  • Such transfer is legally required (an important public interest or right is at stake);

You can rest assured; in the event of a merger, acquisition, reorganization, sale of all or substantially all of our assets, or in connection with the sale of our website, we will utilize the highest level of security to protect your personal data and provide you with all the necessary information.
Flagstone is a company organized under Belgian laws. However, the processing and/or transfer of data to countries outside the European Union can occur. According to Article 21 Privacy Act, transfer of personal data outside the European Union may only take place if the country of final destination in question ensures an adequate level of protection. An adequate level of protection is to be determined on a case-by-case basis in light of all the circumstances surrounding a data transfer operation.
Flagstone guarantees that no data will be transferred to third countries without having taken the necessary measures to comply with the requirements of protection under the Privacy Act. Such transfer will only take place if one of the grounds mentioned in Article 2 is applicable.

4. Ons cookie policy?

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. Cookies may have different purposes: there are technical (functional) cookies (e.g. language settings), session (temporary) cookies, and tracking (analytical) cookies (which analyse and record the behaviour you adopt on the website in order to offer you the best possible experience).
Flagstone wants to keep you informed about our use of cookies. Cookies are essential for us in order to optimise your visit on our website. Cookies, for example, remember every technical choice you have made (e.g. language settings), and help us offer you more relevant services and suggestions.
We can guarantee you that our cookies are safe. The information that is collected through the use of cookies allows us to detect possible errors and/or to propose specific services that we presume you will like. We may store information that can be directly linked to a user. Some of our cookies may moreover come from carefully selected partners with whom we cooperate and that advertise our services on their website.

We recommend the User to enable cookies on your computer, tablet or mobile phone. If cookies are not enabled, there is a real possibility that we are not able to guarantee an optimized use of our website. If, however, you feel the urgent need to restrict, block or remove cookies of Flagstone, following instructions are useful.

For Microsoft Internet Explorer

  • In Internet Explorer, click on ‘Internet Options’ in the ‘Extra’ menu.
  • Under the ‘Privacy’ tab, set the settings to ’low’ or ‘accept all cookies’ (any setting above ‘medium’ will disable cookies).
  • Click on ‘OK’.

For Mozilla Firefox

  • Click on ‘Firefox’ in the top left corner of your browser and then select ‘Options’.
  • Under the ‘Privacy’ tab, make sure ‘Tell websites I do not want to be tracked’ is not ticked.
  • Click on ‘OK’.

For Google Chrome

  • Click on ‘Extra’ in the top of your browser window and select ‘Options’.
  • Under the ‘Under the Hood’ tab, look for ‘Privacy’ and select ‘Content Settings’.
  • Now select ‘Allow local data to be set’.

For Safari

  • Click on to ‘Cog’ icon in the top of your browser window and select ‘Preferences’.
  • Click on ‘Security’ and then tick the option that says: ‘Block cookies from third parties and advertisers’.
  • Click ‘Save’.


5. My rights as a data subject?

5.1. Guarantee of a lawful and safe process of personal data

Every user can be assured that his personal data will be processed in a fair and lawfully manner. This means that the data will only be processed for the legitimate purposes that have been described above. Flagstone guarantees moreover that such processing will always be sufficient, proportionate and not excessive.
We will never store your personal data any longer than strictly necessary. We will however keep an archive of your data as long as your account is active or as long as your personal data appears necessary to offer you a certain service.
Flagstone has taken sufficient technical and organizational measures to guarantee a safe processing of your personal data. These measures are consistent with the nature of the personal data and proportional to the potential severity of the risk.
The risks of an accidental or unauthorized destruction, loss, alteration of or access to, and any other unauthorized processing of the data are reduced to a minimum. Sadly though, no risk can be completely removed. In case of breach of Flagstone’s IT-system, we will immediately take all possible measures to limit the damages and/or thefts to a minimum.


5.2. Right to object

Each user can oppose the processing of his personal data. This right to object exists only if there are sufficient legitimate and weighty grounds relating to his particular situation. The exceptions provided in the Privacy Act are also applicable to this right of objection. You may at any time, free of charge and without further ado oppose the proposed processing of your personal data if those data were obtained for the purpose of direct marketing.
You are also entitled to obtain the removal and/or the ban on the use of all your personal data which have been obtained and which are incomplete or irrelevant, regarded from the view of the purpose of the processing. This is also applicable to any personal data of which the registration, disclosure, and retention are prohibited, or personal data preserved after expiry of the authorized period. This right can be used at any time, free of charge and without further justification.
The user shall exercise his right through a signed, written request to Flagstone, by post or e-mail to Flagstone undertakes the appropriate action following a request within fifteen (15) working days.


5.3. Right to access

Each user who proves his identity has a right of access to all information regarding the processing of his personal data by Flagstone, as defined in the Privacy Act. This includes information on the purposes of the processing, the categories of information processed and relate the categories of recipients to whom the data are provided. This Privacy Policy is a first indication.
The user shall exercise his right through a signed, written request to Flagstone, by post or e-mail to Flagstone undertakes the appropriate action following a request within fifteen (15) working days.


5.4. Right to correct

Flagstone attaches a great importance to an accurate data collection. Inaccurate or incomplete personal data can therefore always be improved or even obliterated. Because it is impossible for us to continuously be aware of any mistakes, incompleteness or falseness of your personal data, it is up to you as a user to report inaccuracies or omissions and to perform the necessary adjustments regarding ones registration details.
If your personal actions seem not enough, feel free to contact us using a signed, written request directed at Flagstone performs the necessary actions within fifteen (15) working days by making additions, correcting or deleting the personal data. The removal is mainly related to the visibility, so it is possible that the deleted personal data remains temporarily stored.