1. Introduction & General Terms
– via following online services:
- The HEART website (https://heartproject.eu)
- The HEART social media pages and accounts (Twitter and Linkedin)
– via any Bluetooth, Wi-Fi or any similar technology that may communicate with your (mobile) device including identifying its location, in our shopping centers. This includes collecting unique online identifiers such as IP addresses, MAC addresses, which are numbers that can uniquely identify terminal equipment such as a specific computer, handset, tablet or other network device on the Internet.
To provide you with the full range of services, we sometimes need to collect information about you.
- what information HEART may collect about you
- how HEART will use information that we collect about you
- when HEART may use your details to contact you
- whether HEART will disclose your details to anyone else
- your choices regarding the personal information you provide to us
HEART is committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter the “GDPR”). Please note that, no website can be completely secure. If you have any concerns that one of your HEART accounts could have been compromised, e.g. someone could have discovered your password, please get in touch immediately.
2. What information does HEART collect?
When you access or sign-up to any of HEART’s services, for example Apps, newsletters, chats with our social media accounts, message boards, web and mobile notifications, telephone or text HEART, we may receive personal information about you.
This can consist of personal information you have provided to us such as, for example, your name, email address, postal address, telephone or mobile number, gender or date of birth, personal interests (e.g. what newsletters you have read), as well as general (aggregate, non-personal) information collected about the way in which visitors make use of HEART on-line services.
If you are the parent or guardian of a child under (16), we may process limited personal data about you so that you can give consent for the child to access some HEART services. We may use your contact details to communicate with you about the child’s account or use of services.
Please note that sometimes we will require you to provide additional personal information, for example when preparing lease or real estate purchase agreements. When we do this we will provide further information about why we are collecting your information and how we will use it.
Some of our services enable you to sign-in via a third-party service, such as Facebook. If you choose to sign-in via a third-party app, you will be presented with a dialog box which will ask your permission to allow HEART to access your personal information (e.g. your full name, date of birth, email address and any other information you have made publicly accessible to the third-party service, such as Facebook). Please note that any information that is not required by the particular service you have opted to use will not be retained by HEART.
3. For what purposes does HEART use the information it collects about you?
HEART will use your personal information for a number of purposes including the following:
- to provide you with our services, including the preparation of real estate lease or purchase agreements
- to provide you with information about our services
- to deal with your requests and enquiries
- to provide you with the most user-friendly online navigation experience
- for “service administration purposes”, which means that HEART may contact you for reasons related to the service or online content you have signed up for
- we may also show you relevant advertising, as set out in Article 7
- to use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits of our websites
- for analysis and research purposes so that we may improve the services offered by HEART
- we also use and disclose information in aggregate (so that no individuals are identified or identifiable) for marketing and strategic development purposes (for example the number of visitors in a shopping center and the heatmap of the direction taken by the crowd of visitors in a shopping center).
Where HEART proposes using your personal information for purposes not mentioned above we will notify you first. Please see Article 18 below for details.
4. Your HEART Account
If you have registered for an HEART account on one of our websites or through an App, this will not automatically allow you to login to other HEART website and apps, as these services might be run by HEART or separate subcontractor chosen by HEART.
Your HEART accounts will always be covered by the policies of this website. But, please be aware that additional policies may apply if your HEART account is linked to another account.
5. When will HEART contact you?
HEART may contact you:
- in relation to any contractual relation you have engaged with HEART
- in relation to any service, activity or online content you have signed up for, for yourself or for your under 16-year old child in order to ensure that HEART can deliver the services, e.g. to verify your email when you sign up for a HEART newsletter, or to help you reset your password for your accounts on our websites or Apps
- in relation to any correspondence we receive from you or any comment or complaint you make about HEART products or services
- in relation to any job application
- in relation to our legal rights and obligations
- in relation to any personalized services you are using
- in relation to any contribution you have submitted to HEART, e.g. on HEART message boards or via text or voicemail message
- to invite you to participate in surveys about HEART services (participation is always voluntary)
- to update you on any material changes to HEART’s policies and practices
- for marketing purposes, as set out in Article 7.
We will never contact you to ask for your HEART account password, or other login information. If you receive any emails or calls from people asking for this information and claiming to be from HEART please inform our DPO straightaway.
6. Will You be contacted for marketing purposes?
HEART will only send you marketing emails or contact you on HEART platforms when you have agreed to this. You will always be able to unsubscribe by following the procedure set out in Article 12. From time to time we may also contact you to ask your opinion on certain issues affecting HEART. HEART may personalize the message content based upon any information you have provided to us and your use of HEART platforms.
7. Will HEART share my personal information?
HEART will not sell or rent your information to third parties and will not share your information with third parties for marketing purposes.
Generally, we will use your information within HEART and will only share it outside HEART where you have requested it or given your consent, except:
– where disclosure is required or permitted by law (for example to government bodies or law enforcement agencies, including for child protection reasons) by a court order or for the purposes of prevention of fraud or other crime, or
– if HEART or its affiliate ceases to be the data controller in respect of your personal information through the operation of a merger, acquisition or any change of control
– in the limited circumstances described below and in Article 8.
We may pass your information to our third-party service providers, agents subcontractors and other associated organizations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service. In addition, our contracts with such third-party service providers require them to keep your information secure and not to use it for their own direct marketing purposes. We will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so.
8. Offensive or inappropriate content on HEART websites
If you post or send content which may reasonably be deemed to be offensive, inappropriate or objectionable anywhere on or to HEART websites, social media pages, or otherwise engage in any disruptive behavior on any HEART service, HEART may remove such content.
Where HEART reasonably believes that you are or may be in breach of any applicable laws, for example on hate speech, HEART may disclose your personal information to relevant third parties, including to law enforcement agencies or your internet provider. HEART would only do so in circumstances where such disclosure is permitted under applicable laws, including data protection law.
9. What if I am a user aged under 16?
If you are aged 16 or under, please get your parent/guardian’s permission before you provide any personal information to HEART.
10. What can you do with the personal data you submitted to us?
You have the right to restrict and the right to object to the use of your personal data; the right to withdraw your consent to the use of your personal data and the right to request deletion of your personal data.
In the context of the shopping centers you can opt-out from the collection of the MAC address of your mobile device by turning off your device Bluetooth and Wi-Fi capabilities of your mobile device or by opting-out via the website of our third-party service providers:
https://pfm-footfall.com/opt-out/ – https://www.fidzup.com/opt-out/
In the context of some of our websites and apps of HEART, these rights are all exercised and obtained by deleting your HEART accounts. You can find out how to delete your accounts on the respective websites or Apps. As explained in Article 11 above, deleting your HEART account will erase any personal information in your account that we have about you.
In any case, you can exercise your rights by contacting our DPO. You may also adjust your communication preferences or opt out of communications at any time by clicking ‘unsubscribe’ at the bottom of any e-mail, following instructions provided in the communication or changing your preferences within your account or by sending us an e-mail.
You have the right to portability of your personal data. All personal data you directly submitted to HEART, can be sent to you or any third party, at your request made directly to our DPO.
11. Can I find out what personal information HEART holds about me?
Under the GDPR you have the right to access to and the right to correct the personal information HEART holds. These rights can be exercised by:
– logging into your HEART account regarding the information we hold about you in the context of that account;
– contacting our DPO directly, who will then use reasonable efforts consistent with our legal duty, to supply, correct or delete personal information about you that may be held on our files.
We will endeavour to provide you with access to your personal information wherever possible.
12. What if I am unhappy with the way HEART is managing my personal data?
You have the right to complain to the Belgian Data Protection Authority:
– By postal mail: Belgian Data Protection Authority Rue de la Presse, 35, 1000 Bruxelles.
– By telephone: +32 (0)2 274 48 00
– By fax: +32 (0)2 274 48 35
– By email: firstname.lastname@example.org
13. Web browser cookies
a. What is a cookie?
A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer, tablet or mobile phone (all referred to here as a “device”) web browser from a website’s computer and is stored on your device’s hard drive. Each website can send its own cookie to your web browser if your browser’s preferences allow it.
Many websites do this whenever a user visits their website in order to track online traffic flows. Similar technologies are also often used within emails to understand whether the email has been read or if any links have been clicked. To inform you fully, HEART will ask your consent for the receipt of cookies. However, you can change your cookie settings at any times in your web-browser (see our Cookies Policy below for more information).
On HEART websites, cookies record information about your online preferences and allow us to tailor our websites to your interests.
b. HEART cookies and how to reject cookies
It is important to note that if you change your settings and block certain cookies, you will not be able to take full advantage of some features of HEART services, and we might not be able to provide some features you have previously chosen to receive.
c. Other information collected from web browsers
Your web browser may also provide HEART with information about your device, such as an IP address and details about the browser that you are using.
14. Do Not Track (DNT) browser setting
DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. Our websites do not currently respond to DNT requests.
16. Transferring your information outside of Europe
As part of the services offered to you through the HEART websites and Apps, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to Belgium. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights as set out in this Policy continue to be protected.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.