Go to content

Application Privacy Policy

Why is this privacy statement important to you?

This privacy policy (hereinafter "Privacy Policy") is intended to inform you about the personal data processed by the East Belgium Tourist Agency (hereinafter "TAO"), located at 4780 St. Vith, Hauptstrasse 54, Belgium, as controller (hereinafter "we, us or our", as the case may be), through our app Go Ostbelgien for Android or iOS (hereinafter "App").

We attach great importance to the protection of the personal data entrusted to us, in particular of users of the App (hereinafter, "you"). We therefore secure and protect your data in accordance with applicable law, including the General Data Protection Regulation[1] (hereinafter, the "GDPR") and the Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of personal data.

With this privacy policy, we would like to inform you about what personal data we process about you, what we use it for and with whom we share it. We will tell you about the legal basis on which we process your data and explain your rights and choices.

 

[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

What data do we process about you and how?

In the table below we have set out the categories of personal data we process about you and how we collect it.

 

Data category Data description
Identification data  This is the data we collect from you when you create a user account (last name, first name, email address, country, password). If you wish, you can also use your Facebook, Apple or Google account instead of your email address.
Location data  We collect your location in our App if you give us permission to do so in the App. Our App needs access to your location to search for routes in your area or to show your position on the map when planning a route (GPS coordinates - longitude and latitude).
Furthermore, the App uses your position to display it on the map while using a route (GPS coordinates (longitude and latitude), timestamp (year, hour, minute, second), and your IP address). You have the option to allow the App to access your location even when the App is in „sleep“ mode. This way you can enjoy the tour without having to constantly look at the screen and save battery power. To switch off the location function, simply click on the "Stop GPS" button.
The routes you have planned and/or saved This is data that we collect when you choose to save the routes you plan and/or use in your user account.
Log files Your consent is collected when you decide to sign up for our newsletter as well as when you accept our terms of use and our privacy policy.
Your preference for hiking or cycling tours To help you plan your routes, the app asks whether you prefer walking or cycling in East Belgium.

In the table below we have set out the purposes for which we process your personal data, the related legal bases on which we lawfully process your personal data and the categories of personal data (as indicated above) used for those purposes.

 

Finalité Fondement juridique Catégories de données
Creation of a user account. The performance of the contract you entered into with us as part of your registration on our App.  Identification data.
Create route suggestions near you and show your position on the map while planning a route. The performance of the contract you entered into with us as part of your registration on our App. Location data (GPS coordinates: longitude, latitude). Preference for hiking routes or cycling routes.
This data is not stored.
Storage of planned routes. The performance of the contract you entered into with us as part of your registration on our App. Planned routes.
Display your position on the map while using a route (GPS coordinates (longitude and latitude), timestamp (year, hour, minute, second), and your IP address) to guide you. The performance of the contract you entered into with us as part of your registration on our App.
Location data (GPS coordinates (longitude and latitude), time stamp (year, hour, minute, second), and your IP address). This data is only stored in anonymized form.
Saving routes after your use. The performance of the contract you entered into with us as part of your registration on our App. Routes used.
You can share your saved routes on Facebook using the Facebook Share button.  Your consent. Planned and/or used routes and their respective distances.
Sending our newsletter (6-8 times a year). Your consent when you register to receive a newsletter from us. Each newsletter contains a link with which you can withdraw your consent. Identification data.
As proof that we have fulfilled our legal obligations. Our legal obligation under the GDPR. Log files.
Statistical analysis: If you have allowed the App to access your location data in order to display your position on the map while using a route, this location data (i.e. GPS coordinates (longitude and latitude), timestamp (year, hour, minute, second), as well as your encrypted IP address) will be stored in anonymous form in our database every 5 minutes for statistical purposes. This data is only used to analyse and improve the service: This gives us a picture of the most popular routes and tells us where to prioritise when publishing new routes. Our legitimate interest to analyse which routes/regions are most popular with our users. For your protection, the data used is completely anonymised. Location data (i.e. GPS coordinates (longitude and latitude), timestamp (year, hour, minute, second), and your encrypted IP address).
Since the encryption of your IP address cannot be reversed by anyone (not even by TAO), it is absolutely impossible to link this data to your person. This means that the location data is completely anonymised.

In order to pursue the purposes set out above, we may disclose your personal data to the following recipients.

 

Recipient categories Reason for data access
External service providers External service providers
Web Hosting, Mail Hosting
Support for sending newsletters

 

We only share personal data with processors with whom we have concluded a data processing agreement.

Some of our service providers are located abroad. When we transfer personal data to countries outside the European Economic Area that do not provide an adequate level of protection for personal data according to the European Commission, we use standard contractual clauses n approved by the European Commission to ensure adequate protection, unless you have expressly consented to this transfer. For more information, including a copy of the documents used to protect your personal data, please contact us as described in section 12 below.

The App does not use cookies.

Some areas of this App contain links to third-party websites. Please note that these links are provided for your convenience, that we have no control over these third-parties or their websites and that they have a different privacy policy to ours which applies to personal data you submit when visiting these third-party websites. We recommend that you read the privacy policy of these websites carefully before submitting any personal data to them.

How do we protect your data?

As a general rule, we will retain your personal data in accordance with our retention policy only for as long as is necessary to fulfil the purposes described in section 3.

Location data collected to plan your routes is not stored.

Stored anonymised location data is kept for 3 years as we compile our statistics over three years.

All other data will be retained for the duration of the contract with you, unless there is a legal justification for a longer retention period, or you have chosen to delete certain routes during the term of the contract.

If your account remains inactive for a period of one year (i.e. you have not saved a route in it for a year), it will be deleted.

We implement technical and organisational measures in accordance with industry standard practices to ensure an adequate level of security for the personal data processed.

To protect personal data against unlawful processing, we have taken appropriate technical and organisational measures to the best of our knowledge and belief:

  • All persons who can access your data on behalf of TAO are obliged to maintain confidentiality.
     
  • We have a username and password policy that applies to all our systems.
     
  • All connections between the app and our web services are established via SSL (HTTPS). This means that whenever you send data to our servers (via a form), it is sent over a secure connection.
     
  • We pseudonymise and encrypt personal data where appropriate.
     
  • We review and evaluate our measures at regular intervals and adjust them as necessary.

Nevertheless, security requires efforts from all parties involved. We therefore encourage you to contribute to these efforts by taking appropriate security measures yourself, including, where applicable, using strong passwords and keeping all usernames and passwords confidential.

No automated decisions or profiles about you will be made in connection with the processing of personal data described in this Privacy Policy.

The content of this App is not intended for children under 13. We do not knowingly or directly collect information from children under 13. If you are under 13, please do not use this App or provide any personal information. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us using the contact details in section 12 below.

You can contact us

The GDPR grants individuals certain rights in relation to their personal data. Accordingly, we are available to assist you in exercising these rights. Unless restricted by applicable law and subject to applicability, individuals are granted the following rights:

  • Right of access: The right to be informed and to have access to the personal data we process about you;
  • Right to rectification: the right to have us correct or update your personal data if it is inaccurate or incomplete;
  • Right to erasure: the right to have us erase your personal data;
  • Right to restrict processing: the right to have us temporarily or permanently stop processing all or part of your personal data;
  • Right to object:
    • the right to object to the processing of your personal data at any time on grounds relating to your particular situation;
    • the right to object to the processing of your personal data for direct marketing purposes;
  • Right to data portability: the right to receive a copy of your personal data in an electronic format and the right to transfer that personal data for use by a third-party service; and
  • Right to object to automated decision-making: the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

These rights may be limited, for example, if the execution of your request discloses personal data of another person, or if you request us to delete information that we are required to retain by law or compelling legitimate interests.

Insofar as we have asked you for your consent, you can revoke this at any time without giving reasons. If you wish to revoke your consent to our newsletter, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

To exercise your rights, please contact us using the contact information in section 12 below.

Finally, as a data subject, you have the right to lodge a complaint with a supervisory authority (in particular in the EU Member State of your habitual residence or place of work or the place of the breach) if you consider that the processing of your personal data infringes the applicable legislation on the protection of personal data. For your information, you can find the contact details of the Belgian data protection authority on their website: https://www.dataprotectionauth....

If you have any questions about this privacy policy or wish to exercise your rights, please contact our data protection officer by sending an email to dpo@ostbelgien.eu or by writing to us at the following address: East Belgium Tourist Agency, Data Protection Officer, 4780 St. Vith, Hauptstrasse 54, Belgium.

This privacy policy was last updated on 07/06/2021.  We may make changes from time to time. On this page, you will find the current version.