Privacy Statement

Statement regarding our handling of personal data and your rights as a data subject under the General Data Protection Regulation EU 2016/679 ("GDPR").

behave! is a Luxembourg company founded in 2012. Responsible and point of contact for the processing of your data is:

behave
243, Route d'Arlon
L-1150 Luxembourg
Tel: +352 27 00 32 97
Contact: https://www.behavesfi.com

1. Data categories and sources of data

behave (hereafter "the company", "we", "us") processes data that is acquired directly from yourself, for example via the exchange of business cards at events, or within the professional relationship you have with us, i.e. as a client, a business partner, a member, or an employee. It is possible that public bodies or other sources may be used to obtain data. The respective source is responsible to ensure compliance with GDPR.

Examples for the categories of personal data, which can be processed by us, are:

Furthermore, for employees, banking and financial data, i.e. bank account information may be processed.

behave does not collect any personal information from users accessing its website. The public areas of the website can be accessed anonymously. Only aggregate data, such as the number of hits per page, are collected and used for internal statistical purposes only. They do not allow personal identification.

If you use the contact form on our website, your type of request may be extracted for us to monitor the type and frequency of requests we receive. You have the right to opt out again at all times by sending us an email.

2. Lawful basis and purpose of the processing

We process your personal data purpose-related and based on the legal grounds listed in Art. 6, Par. 1 GDPR.

- Legitimate interest (Art. 6, Par. 1f GDPR)

Most of our processing activities are based on a legitimate interest of our company or a third party. We follow a process to carefully measure our interest against yours in a detailed legitimate interest assessment. As far as the purpose of the processing allows, your data is processed pseudonymised or anonymised.

- to fulfil contractual or pre-contractual obligations (Art. 6, Par. 1b GDPR)

Your data will be processed to provide services to you within the framework of our business contract.

We may also process your data:

- based on your consent (Art. 6, Par. 1a GDPR)

To the extent you have explicitly consented to the processing of your data such consent constitutes a lawful basis for the data processing in accordance with Art. 6, Par. 1a until you withdraw your consent. You have the right to withdraw your consent at all times.

- based on legal and/or regulatory requirements (Art. 6, Par. 1c GDPR)

- based on public interest (Art. 6, Par. 1e GDPR)

- based on protecting a vital interest of the data subject or another natural person (Art. 6, Par. 1d GDPR)

3. Profiling and automated decision-making

behave does not use profiling or automated decision-making as per Art. 22 and recital 71.

4. Third-party data processing

The company appoints service providers as data processors in order to perform certain tasks on its behalf. Examples for types of providers are in the IT or the HR sector.

It is possible that personal data has to be transmitted to third parties in the course of the outsourcing process, respecting legal requirements.

The transfer is always based on a legitimate legal ground (see paragraph 2) and respecting the requirements of the GDPR. We perform checks on the third parties we choose for the processing and assess the providers’ compliance with GDPR.

Data is also being transferred to public authorities and audit firms when required.

5. Transfer to third countries

Your data can be transferred to countries outside the European Union if the type of instruction (or a legal obligation) requires the company to do so.

6. Provision of data

Most data obtained from data subjects, such as members, employees, event participants, business partners and their employees is acquired directly from the respective people on a voluntary basis.

Certain data, such as identification data and contact details must be provided to enable behave to enter into, carry out or end the business relationship with you.

7. Storage of personal data

All data related to the fulfilment of legal obligations will be stored as long as the law requires. The "Code civil" and the "Code de commerce" lay out legal limitation periods with a duration between three and thirty years. Those indications will also be taken into consideration when determining the data retention period.

For those processes where behave has a legitimate interest to process and store your data in its central database, you have the right to object to such processing at all times (please refer to section 8).

8. Your rights as a data subject

In the context of your rights under GDPR with regards to the processing of your data you are welcome to contact us using the contact details stated at the beginning of this policy.

The most important rights you have in your relationship with behave are outlined in the following. You can find an exhaustive list of your rights and further explanations in Art.15-22 and Art. 77 of GDPR.

Right to access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17+19 GDPR)

Right to restriction of processing (Art. 18+19 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21+22 GDPR)

You also have the right to object to the processing of your data if it is based on a legitimate interest assessment of the company (Art. 6 Par. 1f GDPR), if the processing is based on profiling (Art. 4 Par. 4) or public interest (Art. 6 Par. 1e GDPR).

If you object, the processing of your data must be stopped unless behave has compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject (you) or for the establishment, exercise or defence of legal claims.

Right to object to data processing for direct marketing purposes (Art. 21 GDPR)

You have the right at all times to object to the processing of your data for direct marketing purposes.

Right to complain (Art. 77 GDPR)

You have the right at all times to lodge a complaint with a data protection authority, such as the CNPD in Luxembourg, with regards to the processing of your data.