Privacy Policy

This policy applies to:

• Users of our website;
• Contact persons at (potential) customers and partners;
• Users of our software and mobile applications;
• Individuals whose data is entered into our software by our customers (such as tenants, landlords, property owners, employees, or inspection contacts).

This policy does not apply to legal entities, but only to natural persons.

3.1 When Chapps acts as a data controller

We process personal data in our own name and for our own purposes, including:

• Website management;
• Marketing and communication with leads and customers;
• Customer Relationship Management (CRM);
• Technical support;
• Contract administration;
• Analysis and improvement of our services;
• Security of our systems.

3.2 When Chapps acts as a data processor

When our customers enter personal data into our SaaS applications (such as inspection platforms), we process this data solely on behalf of, and in accordance with the instructions of, the customer. In such cases:

• the customer is the data controller;
• Chapps is the data processor.

We never process this data for our own purposes.

Depending on the point of contact, the services involved, and our role, we may process the following categories of personal data:

4.1 Data from website visitors

• IP address
• Browser and device information
• Behavioural data (pages visited, timestamps, click behaviour)
• Cookie information (via Google Analytics 4)

4.2 Data from leads, customers, and partners

• Name
• Job title
• Business email address
• Telephone number
• Company name
• Correspondence
• Meeting and contact history (HubSpot)

4.3 Data from users of our SaaS applications

• Name and login details
• Email address
• Role and account settings
• Activity logs (security and troubleshooting)

4.4 Data entered by customers into our applications

This may include, among others:

• Names and contact details of tenants or occupants
• Address information
• Inspection details, photos, notes
• Any other information entered by the customer

In this context, we act solely as a data processor.

We process personal data on the following legal bases:

5.1 Performance of a contract

• Creating and managing user accounts
• Providing technical support
• Delivering our software services

5.2 Legitimate interest

• CRM management
• Analysis and optimisation of our software and website
• Security and fraud prevention
• B2B marketing towards existing customers and prospects

5.3 Consent

• Newsletters
• Cookie-based analytics
• Voluntary forms on the website

5.4 Legal obligation

• Accounting and invoicing
• Statutory retention requirements for certain administrative documents

We only share personal data with parties that need such data to deliver our services, including:

• Cloud hosting: Accenture (Belgium)
• CRM and marketing automation: HubSpot
• Invoicing: Teamleader
• Online payments: Stripe, Mollie
• Support platform: Freshdesk (Freshworks)
• Analytics: Google Analytics 4
• Production, logging, and issue tracking: Atlassian (Jira, Confluence)
• Email and office software: Microsoft 365

We enter into data processing agreements with all of these parties.

We transfer personal data outside the EEA only when strictly necessary and with the application of legally appropriate safeguards (such as Standard Contractual Clauses).

A complete list of sub-processors is available upon request.

We implement appropriate technical and organisational measures to protect personal data, including:

• Hosted infrastructure in Belgium with Accenture
• Encryption in transit (TLS) and at rest
• Strong access security with multi-factor authentication (MFA)
• Role-based access control (RBAC)
• Logging and monitoring
• Back-up and failover procedures
• Regular patches and updates
• Access limitations based on job roles
• Internal procedures for secure software development

We do not retain personal data longer than necessary.

Examples:

• CRM and marketing data: up to 3 years after the last contact
• Contract-related data: statutory retention period of 7 years
• Support tickets: 2 years
• Account data: up to 60 days after termination of a contract
• Data entered by customers: according to the customer’s instructions (Chapps acts as a data processor)

Data subjects have the following rights:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object
• Right to withdraw consent

When Chapps acts as a data processor, requests must be submitted directly to the data controller (the customer). Chapps will assist the customer in handling such requests.

Requests can be submitted via:
privacy@chapps.com

Our website uses cookies for:

• Functional purposes
• Statistical and analytical purposes (GA4)
• Optimisation of the user experience

A detailed description is provided in our cookie policy.

Chapps maintains an internal data breach protocol.
In the event of an incident:

1. we record the incident;
2. we assess the impact and associated risks;
3. we inform the customer if we are acting as a data processor;
4. we notify the Data Protection Authority when legally required.

Data Protection Authority (GBA Belgium)
Drukpersstraat 35
1000 Brussels
Belgium, EU

Telephone: +32 (0)2 274 48 00
Email: contact@apd-gba.be

We may amend this privacy policy from time to time.
The date noted under Section 1 – General (“Last updated”) indicates when the document was most recently revised.

Chapps NV

Registered office:
Hoogstraat 152B
1600 Sint-Pieters-Leeuw
Belgium, EU

Operational office:
Spaces Gare Maritime
Picardstraat 7 box 100
1000 Brussels
Belgium, EU

Email:
privacy@chapps.com