The user of the BIZZCARDZ application uses the services of the company V&D EXPERTS, whose registered office is located at rue de la Réunion, 2/4, 7000 Mons (Belgium), registered with the ECB under number 0731.880.737.
V&D EXPERTS has developed a BIZZCARDZ application offering us a dematerialised business card management service. BIZZCARDZ allows us to manage, collect and update the professional data of our employees and to provide each of them with a virtual business card using QR Code and NRC technologies. In addition, this system offers us the possibility of importing personal data from people outside our company who also use BIZZCARDZ into CRM software.
Our company is concerned about privacy and your rights regarding the protection of personal data, including the European Regulation 2016/679 which came into force on 25 May 2018(hereinafter “GDPR”). Therefore, the purpose of this document is to inform you in a comprehensive and transparent manner about how your data may be processed.
1. DATA CONTROLLER
On the one hand, our company has the possibility of hosting personal data relating to the identification of its employees on the BIZZCARDZ application.
On the other hand, if you are a person external to our company and you use the BIZZCARDZ application, we may also import and process your personal data.
As a user and administrator of a BIZZCARDZ company account, we act as the data controller.
2. OUTSOURCING
Via the BIZZCARDZ application, V&D EXPERTS offers us a service with standardised functionalities. In this respect, V&D EXPERTS only acts as a subcontractor and only according to our instructions.
However, V&D EXPERTS undertakes to process your personal data in accordance with Article 28 of the GDPR and guarantees the confidentiality of your data. For more information, we refer you to the subcontracting agreement concluded with V&D EXPERTS.
3. WHY AND HOW DO WE PROCESS YOUR DATA[1]?
A. Creation of a BIZZCARDZ “employee account

Categories of business, personal and sensitive data
– Login data: e-mail address.
– Identification data: employee’s name, employee’s first name, employee’s position, date of entry, employee’s telephone number, employee’s e-mail address, department.
– Geolocation data: Based on your permission, your geolocation data is processed during the time when the “Lounge mode” is activated. The lounge mode is an additional, non-mandatory feature that allows you to have a limited view of the users around you (25m radius). The view of the information of the people around you is reduced in order to favour human interaction and to limit the exchange of complete information only with the consent of the users. This mode requires specific permission to access your location data. This data is neither processed nor stored on BizzCardz servers. The collection of your geolocation data ends if you deactivate the lounge mode or if you close the application. On the other hand, if the lounge mode is activated and the application is running in the background, other users will be able to see you because the data are directly interpreted. In any case, this data is not stored on our servers.

– Written and voice note data: We also collect the written and voice notes you choose to save in the app. These ratings are stored on our servers and used only to provide the service and improve the functionality of the app. We do not share, sell or disclose this information to third parties. It is important to note that we are not responsible for the content of any notes you choose to save. It is your responsibility not to include sensitive or personal information in your notes unless absolutely necessary. We retain written and voice notes for as long as you maintain an account with us and for a limited period of time after your account is closed, in accordance with our internal data retention procedures and applicable laws.
– Purpose of the processing – We allow you to create a password in order to have access to your virtual business card available on the BIZZCARDS mobile application. You can then use the features of the application.
Legal basis – Our legitimate interest in expanding our company’s professional network justifies that we provide our employees with a dematerialized business card system. Therefore, we provide you with access to the BIZZCARDS mobile application on which your business card is made available to you. We process your data in accordance with Article 6.1 f) of the GDPR.
Recipients of the data – Your data may be processed by the host and the provider of our IT services, including V&D EXPERTS, for the purposes strictly necessary to comply with the instructions we give them. They act as a subcontractor in this respect.
Retention Period – The data you entrust to us is kept until your BIZZCARDZ account is deleted.
B. Importing a business card from a contact outside our company into BIZZCARDZ
Categories of data
– Identification data: Contact’s name, contact’s first name, contact’s position, contact’s phone number, contact’s email address
– Data about the contact’s company.
Purpose – This data is used for the purpose of importing business cards from people outside our company into the BIZZCARDZ application and to enable us to integrate them into CRM software.

Legal basis – Our legitimate interest in expanding our company’s professional network justifies that we import data from virtual business cards members external to our company using the BIZZCARDZ mobile application. We process this data in accordance with Article 6.1 f) of the GDPR.
Recipients of the data – This data may be processed by the host and provider of our IT services, including V&D EXPERTS, for the purposes strictly necessary to comply with the instructions we give them. They act as a subcontractor in this respect.
Duration – The data that you entrust to us is kept until your BIZZCARDZ account is deleted.
C. Proof of Deletion of Your Data
Categories of Data – This includes your full name, deletion request, date of actual deletion and database deletion logs.
Purposes – When you exercise your right to erasure, we retain the data necessary to prove that the erasure has taken place. This data retention is for evidentiary purposes only and contains only the data strictly necessary to establish proof of erasure.
Legal basis – The retention of proof of deletion is based on the legal obligation imposed by Article 5.2 of the GDPR, namely the duty of accountability. This provision is the basis for a legal obligation within the meaning of Article 17 of the RGPD which can justify an exception to the total erasure of data. The retention of this data is also justified by our legitimate interest in providing evidence of compliance with our legal obligations under the GDPR.
Recipient of the data – The data in the erasure register is not passed on to any recipient other than the data protection supervisory authority.
Duration – We retain your data for as long as we are liable for non-compliance with deletion requests, i.e. for a maximum of 10 years.
4. CHANGES
We may update this policy by posting a new version on our website. We encourage you to check this page regularly to ensure that you are aware of any changes to this policy. Only the latest version will prevail. We may notify you of changes to this policy by email or through the private messaging service on our website.
5. LOCATION OF YOUR DATA
Within the European Union and Switzerland – Your data is stored exclusively on servers located within the EU and Switzerland.
In case of transfer outside the European Union – Your data is only transferred to a country that does not offer an adequate level of protection if the processing of your request requires the sharing of information with third parties located in non-EU countries.
In this case, we will of course ensure that the recipients are obliged to comply with the same data protection standards as in the EU by means of appropriate contractual clauses. You can obtain a copy of these guarantees on request.
6. SECURITY OF YOUR DATA

Technical and organisational security – We take all necessary steps to ensure an adequate level of security for your data, including protecting it from leakage, loss, destruction, public disclosure, unauthorised access or other misuse.

1. Personal data processing

a. Storage and Management of Virtual Business Cards

• Nature of processing: Storage.
• Purpose: To enable the management and administration of virtual business cards by the administrator of a BIZZCARDZ account.
• Personal data processed:
  • Company employee data: last name, first name, company name, position, date of entry, telephone, email address, department, employee photo, QR Code (unique identifier), notes, and vocal notes.
  • Images and Contacts: Collection and use of contact images, employee photos, scanned paper business cards, notes, and vocal notes for the creation and customization of virtual business cards.
• Categories of data subjects: Data controller – User of the BIZZCARDZ application.

b. Importing Photos of Physical Business Cards and Contacts from a Phone Directory

• Nature of processing: Data import.
• Purpose: To enable the importation of information related to external members of a company (external card) into a BIZZCARDZ account and their integration into CRM software.
• Personal data processed:
  • Identification data of non-company members: first name, last name, company name, position, email address, telephone number.
  • External Images and Contacts: Collection and use of images and contact information from external virtual business cards and scanned paper business cards.
• Categories of data subjects: Data controller – User of the BIZZCARDZ application.
• Duration of processing: Corresponds to the duration of the data controller’s use of the subcontractor’s IT infrastructure / duration of the subscription.

2. Contact Details

• V&D EXPERTS uses the data provided by users when registering for the service to contact them in case of an incident or personal data breach. Users ensure that this data is always up to date.
• Technical and organisational security – We take all necessary steps to ensure an adequate level of security for your data, including protecting it from leakage, loss, destruction, public disclosure, unauthorised access or other misuse.

7. WHAT ARE YOUR RIGHTS?
Information – This right is exercised through this document.
Access and rectification – You have the right to access your data and have it rectified if necessary. You can exercise these rights by editing your data in the application or by using the button for this purpose in our application.
Opposition – You can object to the processing of your data by us on the basis of our legitimate interest.
Withdrawing your consent – Where data is processed on the basis of your consent, you can withdraw that decision at any time, without calling into question the past processing.
Erasure – You may obtain the erasure of your data or the restriction of processing under the conditions set out in Articles 17 and 18 of the General Data Protection Regulation.
Portability – The data you have provided to us may be communicated or transmitted to you in electronic format. You can exercise this right by using the button for this purpose in our application.
8. Who to contact?
The person responsible for processing your data, V&D Experts, whose registered office is located at Rue de la réunion 2-4, registered with the ECB under number 0731.880.737; e-mail: info@bizzcardz.eu; tel. +32472326210, is at your disposal for any questions or requests relating to the rights set out above.
If you have any questions about this policy or about the use of your personal data, you can contact us by email at support@bizzcardz.eu or by post at the above address, subject to proof of identity.
If you require further information, or if you wish to lodge a complaint, you may also contact the Data Protection Authority (rue de la Presse, 35 – 1000 Brussels, Tel. + 32 2 274 48 00 – https://www.autoriteprotectiondonnees.be/introduire-une-requete-une-plainte ; contact@apd-gba.be).
9. Applicable law
This policy is governed by Belgian law. Any dispute relating to the interpretation or execution of this policy shall be subject to Belgian law.

Version of 14 October 2022
Revised on 03 July 2023