We ('Signpost Group,' as defined below) are aware that you trust us. Therefore, we consider it our responsibility to protect your personal data. We are responsible for processing your (personal) data and act as the data controller.

Signpost Group consists, among others, of the following companies and is collectively referred to as 'Signpost,' 'we,' or derivatives:

• Signpost NV, Wolfsakker 5a, 9160 Lokeren, 0746.851.005
• Signpost België NV, Wolfsakker 5a, 9160 Lokeren, 0886.007.502
• Signpost SARL, 889.064.887
• Signpost Education, BQ1999960
• Signpost Nederland BV, Nevelgaarde 8, 3436 ZZ Nieuwegein
• Leermiddel bv, Wolfsakker 5a, 9160 Lokeren, 0696.844.535
• WEZOOZ NV, Wolfsakker 5a, 9160 Lokeren, 0892.653.980
• ACSW NV, 0776.852.709
• Academic Software bv, 0635.738.394

Signpost Group includes websites such as signpost.eu, signpost.be, academicshop.eu.

We respect the privacy of all users of our websites and ensure that the personal data you provide us is treated confidentially. We will collect, store, process and transfer your personal data only in accordance with applicable national and European privacy laws and regulations, including but not limited to the General Data Protection Regulation 2016/679 ('GDPR').

We adhere to the principles below to safeguard the confidentiality of your personal data:

• We do not collect more information than necessary.
• We use your personal data only for the explicitly described or legally mandated purposes.
• We do not retain your personal data longer than necessary.
• We only disclose your personal data for the explicitly mentioned purposes.

On this page, you can read which personal data we collect when you use our website and/or services, how we collect this data, why we collect it, the legal bases and how we improve your user experience. We also outline who might share your personal data, what your rights are and how we protect your personal data. This helps you understand our operations.

By accepting the terms of this privacy policy, you agree that we process your personal data as outlined in this privacy policy.

This privacy policy only covers (personal) data processed by us. We accept no responsibility or liability for (the operation and/or content of) third-party services and/or websites unless legally permitted.

1. When do we collect your personal data?

We collect your personal data when you:

• use our products and/or services or inquire about them, visit our website, fill out the contact or chat form on our website or contact us in another way, such as via email, post or phone.
• send emails or other messages to us. These messages are stored by us. Sometimes we may ask for your (personal) data relevant to the specific situation or to confirm your identity, allowing us to process your queries and respond to your requests. We may use your personal data for direct marketing purposes, for example, when you subscribe to our newsletter via our website(s).
• apply with us or inquire about a specific vacancy.

2. What personal data do we process?

We may collect and process the following personal data:

• First and last name
• Address details
• Phone number(s)
• Email address
• School-related data such as name and registration number
• Teacher or student card number
• VAT number
• Payment details
• All data related to purchased products.

To optimize the website, automatically generated information about your website usage is collected and processed. Service optimization includes technical adjustments, such as displaying pages correctly and securing the website. The collected information includes the type of device (computer, mobile, tablet) you use, your IP address (device number allowing recognition), browser type, operating system and the pages you visit on our website, as well as the items you view. Additionally, we track the hostname associated with the IP address, login session data and selected values. Refer to section 7 of this privacy policy and our cookie policy for information on processing cookies.

If you do not provide your personal data, the possible consequence may be that we cannot offer our products or provide our services (optimally). We will inform you if this is the case.

3. For what purposes and on what legal basis do we use your personal data?

Your personal data is used for the following purposes based on the following legal grounds:

• The use is necessary for the performance of a contract in which you are a party:
  • to enable website usage
  • to invoice the use/purchase of our products and services to you
  • to make our products and services available to you
• The processing is necessary for the pursuit of our legitimate interests, particularly our business operations and the development of our commercial activities, as well as the improvement of our products and services, which outweigh your right to privacy:
  • to send you information about our similar products and services
  • to respond to your questions and/or complaints
  • to keep you informed of our promotions if you have given your consent
  • to compile anonymized statistical data
  • to secure, adapt and improve the website
• You have given consent for the use or processing of personal data. This is necessary to comply with a legal obligation imposed on us, such as:
  • to provide information about you to third parties if you have given your consent or based on legislation and/or regulations.

You can withdraw or modify your consent at any time by sending an email to privacy@signpost.eu or through the designated opt-out in our communications.

4. Transfer of personal data to third parties

If you provide personal data to us in connection with our products and services, this personal data will only be shared with third parties on our behalf and for the benefit of (the purposes of) us or to have your product delivered or your service operational. For example, your name and address details may be shared with a supplier to send the products to you and your name, address details, email address and school-related data may be shared with the software supplier to validate that you indeed have the right to use this software, as well as with the educational institution that has entered into an agreement with us to allow you to use the software. These suppliers have confirmed to us that this personal data will only be used for the strictly necessary execution of the agreement and will not be used for marketing purposes. These suppliers have confirmed compliance with the GDPR and will not use the data for other purposes.

We may provide your data to third parties as far as you have explicitly indicated your consent for a particular third party and this is required in the context of your use of our services and/or to the extent that this data cannot be traced back to you personally (such as automatically generated information, excluding your IP address).

We may engage third parties to outsource work. These third parties process your personal data only on our behalf and for our purposes. When processing on our behalf by a third party, we only rely on processors (the third party in question) that provide sufficient guarantees regarding the application of appropriate technical and organizational measures to ensure the protection of your rights. In some occasional cases, information may be shared internally if it has favourable effects on customer service. Our employees are obligated to respect the confidentiality of your personal data.

Finally, we may provide your personal data to third parties if we are legally obliged to do so based on legislation and/or regulations, we are obliged to do so because of legal proceedings and/or if we deem it necessary to protect our own rights.

5. How long do we retain your personal data?

Your personal data is carefully stored and not retained longer than necessary for the purpose for which it was obtained. Unless we are obliged to keep your data for a longer period under legislation, we adhere to the general statutory retention periods of 10 years. In any case, we never process your personal data for a period longer than strictly necessary. If we process your personal data based on the performance of a contract, the maximum retention period is 5 years after the termination of the relevant agreement.

After the expiration of the above-mentioned limitation periods, we delete or anonymize all your personal data.

6. How are your personal data protected?

We have implemented appropriate technical and organizational measures to secure your personal data against loss or any form of unlawful processing. We ensure that your personal data is stored in a sufficiently shielded environment and only necessary persons have access to your personal data. Your personal data is stored on our secure servers or those of a third party, each time within the European Economic Area.

For more information on how we configure this security, you can contact privacy@signpost.eu.

7. Cookies

We may use cookies on this website. This involves storing information in the form of a text file on the hard drive of your device. Cookies are used to deliver the website in a user-friendly manner or to obtain information about the quality or effectiveness of the website. See our cookie policy for more information.

8. Your rights

You have the following rights concerning your personal data:

• Access and rectification: you have the right to access your personal data. If we acknowledge that we are obliged to provide your personal data, we will generally provide you with this information free of charge. Before we can provide your personal data, we may ask you to provide proof of identification and sufficient information about your interactions with us so that we can retrieve your personal data and ensure your identity. If the personal data we hold about you is incorrect, you can ask us to correct any inaccuracies in the personal data.
• Objection to processing: you have the right to object to the processing of your personal data by us if we no longer have the right to use it, to demand that we delete your data if we keep it for too long or to demand that, under certain circumstances, the processing be subject to restrictions. You specifically have the right to object to direct marketing (e.g., emails) free of charge and without any justification.
• Right to restriction of processing: you have the right to request restriction of the processing of your personal data, for example, while the accuracy of your personal data is being verified.
• Right to erasure: you have the right to have all data related to you deleted, except in some cases, such as proving a transaction or a legal requirement.
• Right to data portability: under certain conditions, you have the right to receive your personal data provided to us in a commonly used, structured, machine-readable format and to pass your personal data on to a third party of your choice.
• Right to withdraw consent: when your personal data is processed based on your consent, you can withdraw this consent at any time.

The above rights can only be exercised reasonably in accordance with applicable law. When you wish to exercise these rights, please contact us at privacy@signpost.eu.

In principle, you can exercise these rights free of charge, except in the case of excessive requests, clearly unfounded requests or frequent repeated requests where we may charge a reasonable administrative fee.

We will respond to your request within one (1) month after receipt. In the case of complex or frequent requests, this period may be extended by an additional two (2) months. In any case, we will inform you within one (1) month in the event of an extension.

9. Can this privacy policy be changed?

This privacy policy may be changed. These changes will be announced on our website, along with the last modification date. We advise you to regularly consult this privacy policy.

The last changes were made on 21/12/2020.

10. Questions and feedback

We strive to strictly adhere to this privacy policy. If you have any questions about this privacy policy or how we process your personal data, you can contact us via privacy@signpost.eu or send us a letter to Wolfsakker 5A, 9160 Lokeren, attention to the privacy officer.

11. Where can you file a complaint?

If you have a complaint about the use of your personal data, you can submit your complaint to privacy@signpost.eu. You also have the right to file a complaint with the Data Protection Authority (Drukpersstraat 35, 1000 Brussels, +32 (0)2 274 48 00 or contact@apd-gba.be).