Privacy Statement
1. Introduction and scope
Hashting Solutions NV (“Hashting”, “we”, “us”) is a company that provides its clients with tech-based solutions to acquire customers, generate sales uplift or increase loyalty and engagement (the “Business”).
This privacy statement aims to inform you about how we (and our affiliates Hashting UK, Hashting Iberia, Hashting Netherlands and Stichting Beheer Derdengelden Hashting) collect and process your personal data via one of our landing pages on our “hashting.promo” or “hashting.cash” domain, or one of its subdomains and/or white label domains (each such landing page hereafter
referred to as the “Website”) and in the course of our Business.
Hashting respects your privacy and is committed to protecting your personal data and your privacy in accordance with Belgian and
European data protection laws, including the EU General Data Protection Regulation 2016/679 (“GDPR”) as well as any applicable national implementing and supplementing laws. Please read this privacy statement carefully. It describes not only your rights, but also the way in which you can exercise these rights.
By using our Website or by disclosing your personal data to us, you acknowledge the manner in which Hashting collects and processes your
personal data as described in this privacy statement.
2. Who we are and how to contact us?
Hashting is a company incorporated under Belgian law and acts as data controller or processor in respect of the personal data provided
by you to us via our Website:
|
Company name |
Hashting Solutions NV |
|
Registered office |
Veldstraat 49, 2547 Lint, |
|
Company number |
0672.979.070 (RLE Antwerp, |
We have appointed a Data Protection Officer, whom you can contact for questions about this privacy statement and the processing of your personal data.
|
E-mail address DPO |
3. What personal data do we process?
We processes different types of personal data depending the services you wish to use and on which personal data you decide to share with
us.
If we processes your personal data, it will be personal data of one of the categories listed below:
§ Identification
y contact details (such as name and first name, address, phone number and email address).
§ Financial
information (such as your bank account number, PayPal account, or other payment service details).
§ Information about your purchase as shown on the receipt uploaded by you (such as the item(s) you purchased, the date of your
purchase, the price of your purchase and such other details as shown on the receipt).
§ Consumer insights as given by you via the Website (such as product ratings, reviews or other types of feedback).
§ Technical information (such as information about your computer, mobile and other devices (such as, your IP- address, user-ID, operating system, browser type).
§ Usage information (such as information regarding your usage of our Website (such as, history, logs, date, time, location, frequency, duration of the pages you have viewed, consent preferences, information regarding consent(s) given by you (such as, the date
and time of your consent)).
§ Such other types of personal data you decide to share with us in free field text forms.
Your personal data originates from you directly, or is automatically collected by us (in case of technical information and usage information).
4. For which purposes do we process personal data, on which legal basis and for how long?
4.1. General
You are typically a customer or potential customer of our clients that is seeking to claim a consumer cashback or receive some other form
of benefit (such as, but not limited to, a coupon, discount, prize, or free trail). In order to verify whether you are eligible to claim a consumer
cashback or receive a benefit, you must share certain information with us, which we will process for the purposes specified in this section 4 (as applicable to your situation).
Depending on the purposes of data processing, we may act as data controller, or as data processor for and on behalf of our clients.
Please note that our Business and services may evolve from time to time. In such event, we will update the below tables as necessary and
your additional consent (if and to the extent required) shall be requested.
For certain processing purposes, Hashting requires your consent. The consent you give is always free and you have the right to withdraw
it at any time. You can withdraw your consent by sending an email to: dpo@hashting.support, but please note that your withdrawal of consent does not affect the processing of personal data prior to such withdrawal or our processing activities which are based on any
other legal basis.
4.2. Processing activities carried out by Hashting in capacity of data controller
Where we act as data controller, we process your personal data for the following purposes:
|
Type of personal data |
Legal basis |
Retention period |
|
|
To verify whether you are eligible |
§ Identification details § Information about your purchase § Your entries in free field text forms |
Performance of the agreement we |
Your personal data will no |
|
To |
§ Identification details § Financial information § Information about your purchase |
Rendimiento |
Your |
|
To |
§ Identification details § Information about your purchase § |
Rendimiento |
Your |
|
To |
§ Identification details § Information about your purchase § Financial information |
Compliance |
Your
|
|
To |
§ Identification details § Information about your purchase § Your entries in free field text forms
|
Your The
|
We Please Please |
|
Detection |
§ Identification details § Information about your purchase § Your entries in free field text forms § Financial information § Technical information § Usage information
|
Our |
Your
|
4.3. Processing activities carried out by Hashting in capacity of data processor
In some cases, clients may request us to perform certain processing activities on their behalf. In such case we shall act as the client’s data processor.
Where we act as a data processor for our clients, we process your personal data for the following purposes:
|
Purpose
|
Type of personal data |
Legal basis |
Retention period |
|
To |
§ Information about your purchase § Consumer insights § Your entries in free field text forms |
As |
We Please Please |
|
To |
§ Information about your purchase § Consumer insights § Your entries in free field text forms
|
We The |
We Please Please
|
5. Personal data of third parties
If you disclose any personal data of third parties to us, you guarantee that you have informed those third parties (if necessary under applicable laws) and you have the right/a legal basis to communicate the third parties’ personal data to Hashting in accordance with applicable laws.
6. Do we use cookies?
In principle we do not use cookies. However, if we use cookies, you can find more information on our cookie policy (available via
the cookie banner).
7. With whom do we share your personal data?
Other than sharing your personal data with our client (in accordance with and as specified in section 4 above) Hashting may share your personal data, as required for the purposes set forth in section 4, with:
§ hosting providers (including without limitation cloud and storage providers);
§ third-party service providers (such as IT service providers, security providers, suppliers, and other software providers);
§ email and other communication service providers;
§ professional advisers (such as lawyers, bankers, auditors, and insurers);
§ affiliated entities;
§ consultants, freelancers, independent service providers and other subcontractors engaged by Hashting to provide services to Hashting;
§ supervisory authorities; and
§ third parties to whom we intend or choose to sell, transfer or merge (parts of) our shares, business or assets.
Upon request, Hashting shall, as soon as possible after the request, inform you of the third parties with whom your personal data have been shared by providing you a more detailed list.
In addition, we may disclose your personal information if required by law, or if we believe in good faith that such disclosure is necessary to comply with a judicial investigation, court order or to defend or safeguard our rights.
Processors and sub-processors of Hashting always act under the responsibility of Hashting. We always ensure that appropriate protective
measures are taken when we transfer your personal data to third parties. If Hashting engages (sub-)processors, this will always be done in accordance with a data processing agreement that meets the requirements of the GDPR. We require all our (sub-)processors to take appropriate technical and organizational (including security) measures to protect your personal data. In the event we disclose your personal data as described above, we will implement appropriate safeguards to ensure its integrity and confidentiality.
Your personal data will only be made available to (sub-)processors, employees and other third parties on a “need-to-know” basis,
limited to the extent necessary to perform their services.
8. Will your personal data be transferred to countries
outside the EEA?
In principle, Hashting does not transfer your personal data to third countries located outside the European Economic Area (“EEA“)
unless you are located outside the EEA (and use our services or otherwise provide personal data from outside the EEA).
Additionally, it is possible that Hashting – through its (sub-)processors – does transfer your personal data to countries outside the
EEA. In this event, Hashting will only transfer your personal data outside the EEA in accordance with the applicable data protection legislation and subject to appropriate safeguards.
Please contact us if you want further information on the specific mechanism(s) used when transferring personal data outside the EEA.
9. How do we protect your personal data?
Hashting is committed to trying to ensure that your personal data is secure and makes reasonable and appropriate efforts to protect your
personal data. Hashting takes appropriate technical and organizational security measures to ensure a level of security in accordance with the GDPR. Hashting has implemented measures to protect your personal data against destruction, loss, misuse, unauthorized alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
Please contact us if you would like more information on the specific measures taken by sending an email to: dpo@hashting.support
Despite the above measures taken by us, you should be aware that there are always risks associated with sending personal data over the
internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorized third parties will never be able to defeat those measures or use your personal data for improper purposes.
10. How long do we keep your personal data?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes determined in section 4 of this privacy policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Afterwards it is still possible that your personal data can be found in our back-ups or archives, but they will no longer be actively
processed in a file. Such back-ups or archives will be deleted automatically in accordance with our back-up and archiving policies.
The applicable retention periods are set out in the table under section 4.
11. What are your rights and how can you exercise them?
Within the limits defined in Articles 15-22 of the GDPR, you have the following legal rights in relation to your personal data:
§ Right of access: you have the right to obtain confirmation from us as to whether or not we are processing your personal data, to access that personal data and how and why it is being processed, as well as to receive a copy of that data.
§ Right to rectification: you have the right to obtain a rectification of your personal data or to request that we complete your personal data when you become aware that we are processing incorrect or incomplete data about you.
§ Right to erasure (‘right to be forgotten’):
you have the right to obtain erasure of your personal data in certain specific cases.
§ Right to restriction: you have the right to have the processing of your personal data restricted in certain specific cases.
§ Right to portability: you have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable form, and to transfer (have transferred) that personal data to another controller.
§ Right to object: you have the right to object to the processing of your personal data on the basis of our legitimate interest for reasons relating to your specific situation.
|
You
|
The exercise of these rights is in principle free of charge. Only in the event of unreasonable or repeated requests, we may charge a reasonable administrative fee. Hashting will inform you of the applicable fee before charging it.
In your request, make sure to clearly specify which right you wish to exercise so we can help you as efficient as possible. Please note that in some cases we may require you to give more information about yourself to ensure that we are dealing with the correct person.
If you contact us to exercise your rights we will respond within one month. Exceptionally this may take longer (up to three months), but
then we will inform you within one month of the reasons.
If and to the extent provided for in the applicable data protection legislation, you have the right to file a complaint with the competent supervisory authority if you consider that our processing of your personal data violates the applicable regulations. In Belgium the competent authority is the Data Protection Authority (“Gegevensbeschermingsautoriteit”):
http://www.gegevensbeschermingsautoriteit.be
Drukpersstraat 35, 1000 Brussels, Belgium
+32 (0)2 274 48 00
We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in first instance.
12. Are there any third party links on our Website?
Our Website may contain links to third party websites and/or applications. Hashting is not responsible for the content of these websites and applications and is not responsible for the privacy standards and practices of such third parties. We recommend you to read the relevant privacy policies of these third parties and their websites before you accept their cookies and visit their website to ensure yourself that your personal data is sufficiently protected. Nonetheless, we seek to protect the integrity of our Website and welcome any feedback about these websites and/or applications.
13. Changes to the privacy policy
Hashting may modify this privacy policy at any time. Any changes we may make to our privacy policy will be indicated on the Website .
The date of the last amended version is listed at the bottom of the privacy policy. Please review this privacy policy periodically to stay informed of changes that may affect you.
Amended versions of this privacy policy take effect ten (10) days after their publication on the Website, and/or other form of announcement
and, if necessary, will always be submitted for approval if required under the GDPR, unless such modifications are necessary to comply with a legal requirement. In the latter case, such changes will take effect immediately.
14. Liability
If Hashting has lawfully provided your personal data to a third party (other than a sub processor), it will not be liable for the unlawful processing or use by that third party.
Hashting is in any case only liable for the damage caused by the processing of personal data if it did not comply with its specific obligations under the GDPR and Hashting’s liability shall not exceed an amount equal to the amounts actually paid out by our insurer for the damage causing event. Hashting shall in no event be liable for any special, incidental, indirect or consequential losses or damages.
You agree, to the maximum extent permitted under applicable law, not to hold Hashting’s directors, contractors, subcontractors, representatives, appointees, lawyers, employees, and other auxiliary persons personally or directly liable for or in connection with the (performance of the) services provided by Hashting, its lawyers or personnel. In this respect, you waive any tort claim against the
aforementioned persons. Any (liability) claim for or in connection with the processing of your personal data (including any extra-contractual claim) will (may) be brought exclusively against Hashting.
The foregoing exclusions and limitations shall only apply to the maximum extent permitted by applicable law.
15. Applicable law and competence
This privacy policy shall be governed, interpreted, and implemented in accordance with Belgian laws.
The Antwerp courts (division Antwerp) are exclusively competent to decide on any dispute that may arise from the interpretation or
implementation of this privacy policy, without prejudice to the consumer’s right to present a dispute before a competent court on the basis of a mandatory statutory provision.
Latest update: February 3, 2025