Privacy Policy

Responsible Publisher

The responsible publisher of this website is Brutusss BV. Our company is located at Steenbergstraat 12; 1982 Elewijt, Belgium.

You can contact us by phone at +32499828423 or by email via sofie@brutusss.com

Our VAT number is BE 1017.820.010.

 

Privacy Policy

Brutusss BV is the data controller for the data collected on this website. The data controller is Sofie Roelandts. You can contact her by email via sofie@brutusss.com for any questions regarding this privacy policy.

Brutusss BV. specializes in sales and marketing.

The company operates in Belgium.

In this privacy policy, we will use the name Brutusss to refer to the company.

This privacy policy documents the privacy policy of Brutusss as the data controller, meaning for the processing for which Brutusss defines the purposes and means of processing.

What personal data is collected from users of this website?

Users may provide their personal data to Brutusss via this website by navigating the site or making a request via the contact form.

For each contact request, Brutusss collects the information.

  • Name
  • Email Address
  • Message

During browsing, our server hosted by Namecheap Inc. stores logs (events executed by a server or a computer application). This mainly consists of retrieving your IP address and the history of your requests (such as a page visit, for example).

Why does Brutusss collect and use this personal data?

Browsing

The Brutusss, via Namecheap, stores server logs with the purpose of detecting intrusion attempts and anomalies, in order to ensure the security and efficiency of the computer system.

Contact Forms

The information that the user inputs via the contact form is only used to respond to the user’s request.

How does Brutusss collect this personal data?

Brutusss collects data on users through various sources of information:

  • The user sends an email to sofie@brutusss.com
  • The user submits a request via the contact form
  • Cookies
  • Server logs

Who processes the personal data of users?

Navigation

The IT department of Namecheap is the recipient of the server logs for the purpose described above. Access to the system is secure and regulated. Namecheap guarantees that it has implemented all technical and organizational measures to protect the data as required by the General Data Protection Regulation (GDPR), which replaces Directive 95/46/EC.

Contact Forms

The sales department of Brutusss is the main recipient of the information collected via the contact forms for the purposes described above. Depending on the nature of the request, it may be transferred to another department.

How does Brutusss collect and keep proof of user consent?

Each user is clearly informed of the uses that may be made of their personal data at the time they provide it, as described in this privacy policy.

Brutusss does not obtain the consent of the visitor; therefore, their information will not be retained or processed.

How long does Brutusss retain users’ personal data and what is the legal basis?

Navigation

Server logs are stored for a period of 6 months. The storage of these logs is legal if the user is well informed about the implementation of the logging system and that the retained data is only used to ensure the security of the system and detect anomalies.

Contact Forms

Personal data collected through contact forms is only processed for the time necessary to respond to the user’s inquiry. As a result, the retention period of the information is variable and depends on the complexity of the request. When a user submits the contact form, they can reasonably expect to receive a response from us.

If the request is commercial, Brutusss retains the data for 3 years after the last contact based on the recommendations of the competent authorities and the consent of the visitor who implicitly accepts this privacy policy by contacting Brutusss through the channels described above.

Rights of Persons Concerned

In accordance with the General Data Protection Regulation (GDPR), users have the following rights regarding the data that Brutusss collects about them:

  • Right of access
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction
  • Right to data portability

For any request regarding these rights, users can send an email to sofie@brutusss.com with the subject of their request. Brutusss will respond to the request related to the rights listed above within one calendar month after receiving the request. If Brutusss receives numerous requests or complex requests, the response time may increase by a maximum of an additional 2 months.

For security reasons, for each request related to these rights, Brutusss will conduct a verification of the identity of the person submitting the request. To do this, the concerned person will be invited to take one of the following two actions:

  • Send a copy of an official document (identity card, passport) and a copy of a utility bill (phone, electricity…) that clearly mentions the name and address of the concerned person.
  • Call Brutusss, which will carry out a strict telephone verification that will consist of comparing the answers provided by the user with the information they have.

Brutusss will respond to the request only after positive identification.

Subcontractors

Brutusss does not share personal data with other companies except for the subcontractors identified below:

The hosting of the website is entrusted to the company Namecheap Inc..

The storage of users’ personal data is exclusively carried out in data centers (“clusters”) located in member states of the European Union (Netherlands) by Namecheap Inc.

As subcontractors, they guarantee that they have implemented all necessary technical and organizational measures to protect the data as required by the General Data Protection Regulation (GDPR) which replaces Directive 95/46/EC.

Technical Information on Security Measures

List of Security Measures

Namecheap uses a networked IT infrastructure, allowing its staff to interact internally and with third parties, and to use applications and services. Namecheap has implemented various security measures covering the following areas:

  • Raising user awareness
  • Authenticating users
  • Managing authorizations
  • Tracking access and managing incidents
  • Securing workstations
  • Securing mobile IT
  • Protecting the IT network
  • Securing servers
  • Securing websites
  • Recording and planning business continuity
  • Archiving securely
  • Maintenance and destruction of data
  • Managing subcontracting
  • Ensuring the security of exchanges with other organizations
  • Protecting premises
  • Encrypt, guarantee integrity or sign

Namecheap continuously tests and improves these measures.

Security breach

Detection of a security breach

Any event presenting a potential threat to personal data must be considered a security breach. A threat can take various forms: loss, alteration, corruption, or exposure to third parties.

Here are some examples of events that should be considered a threat:

  • Intrusion of a third party into the company’s network
  • Infection of one or more devices by malicious software, including a virus, rootkit, etc.
  • Loss of a USB key containing files with personal data.
  • Loss of a PC, tablet, or smartphone containing or able to access files with personal data.
  • Security breach in one of the data centers

Namecheap has taken a number of measures to detect these events without delay.

Risk assessment

During the risk analysis, Brutusss first identifies potential damages (physical, material, or moral) associated with a processing activity. Then, we assess the severity of the damages that could result. Finally, Brutusss evaluates the likelihood of the event by analyzing the vulnerabilities of their systems and operations as well as the nature of the threats. Risks are categorized as “high risk,” “risk,” and “low risk.”

Notification of security breaches to the competent authorities

If the security breach poses a threat to the individuals concerned, such as, for example, identity theft, fraud, financial loss, or impact on influence, Brutusss will inform the authorities.

This notification must take place within 72 hours of the positive identification of the security threat. If this deadline is exceeded, the additional time must be justified.

Notification of security breaches to the individuals concerned

If the risk to the individuals concerned is deemed high, they must also be informed. In case of doubt about the degree of risk, authorities may be contacted for verification. If the situation requires notification to the individuals concerned, they must also be provided with guidance on how to mitigate the risk.

 

Definitions

Data Controller

“Data Controller” refers to the natural or legal person, public authority, agency, or any other body that, alone or jointly with others, determines the purposes and means of processing personal data. The data controller (or the criteria for appointing the data controller) may be designated by these laws.”

GDPR, Art.4 (7)

Subcontractor

“The subcontractor is a natural or legal person, a public authority, an agency, or any other body that processes personal data on behalf of the data controller.”

An employee of the data controller is not considered a subcontractor.

GDPR, Art.4 (8)

Processing

“Processing means any operation or set of operations performed on personal data or sets of personal data, whether by collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.”

GDPR, Art.4 (2)

Personal data

“Personal data: any information relating to an identified or identifiable natural person (‘data subject’), an identifiable person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifiers, or one or more specific factors related to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”

GDPR, Rec.26; Art.4 (1)

Sensitive personal data

“Sensitive personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in a trade union, data concerning health or sexual life and sexual orientation, genetic data or biometric data are processed separately (criminal law not falling under the legislative competence of the EU).”

GDPR, Rec.10, 34, 35, 51; Art.9 (1)

 

Reference Document

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) http://eur-lex.europa.eu/eli/reg/2016/679/oj

 

Competent Authorities for Privacy Protection

Belgium

Commission de la vie privée

Rue de la Presse, 35

B-1000 Bruxelles

Belgium

Phone : +32 2 274 48 00

https://www.privacycommission.be

commission@privacycommission.be

Luxemburg

National Commission for Data Protection (CNDP)

1, avenue du Rock’n’Roll

L-4631 Esch-su-Alzette

Luxemburg

Phone +352 26 10 60 1

https://cnpd.public.lu

France

Commission Nationale de l’Informatique et des Libertés (CNIL)

3 Place de Fontenoy

TSA 80715

F-75334 Paris Cedex 07

France

Phone +33 1 53 73 22 22

Europe

European Data Protection Supervisor

https://edps.europa.eu

Use of Cookies

Brutusss website uses several cookies. A “cookie” is a small file, usually made up of letters and numbers, sent by the internet server to the cookie file of the browser located on the hard drive of a computer.

Visitors’ consent is explicitly requested before placing non-essential cookies (and similar technologies) on their device.

Cookies that are initially placed on Brutusss website can be classified as essential cookies: They serve security and fraud prevention purposes or other purposes, depending on the specific functions of your website.