Privacy Policy

addressed to business partners of Cake

This Privacy Policy explains how Cake handles personal data obtained when you or the business you represent or work for enters into a business relationship with Cake, or when you are in contact with Cake in the context of exploring the establishment of a business relationship. 

It is important that you read this privacy policy carefully, because it informs you about the way in which we process your personal data. We explain which of your personal details we collect, how we process them and why we do this. We also inform you about the rights that you have in relation to the processing of your personal data by Cake.

We process your personal data in accordance with the rules of the General Data Protection Regulation (‘GDPR’) and the national implementing legislation. In this Privacy Policy we use specific terms that are defined in the GDPR (for instance, ‘personal data’, ‘processing’, ‘controller’, ‘processor’). Capitalised terms used in this Privacy Policy shall have the meaning assigned to them in the Cake for Business Terms and Conditions.

When this policy refers to the Partner Portal, we mean the Cake for Business software solution in SaaS mode made available to our business partners. By using our Partner Portal you agree to the Cake for Business Terms and Conditions. You can’t use our Partner Portal without agreeing to these Terms and Conditions.

Who are we? 

When we use “we”, “us”, or “our” in this Privacy Policy, we mean Cake NV. We are a Belgian company with registered office at Hendrik Van Veldekesingel 150/23, 3500 Hasselt, Belgium. Our VAT number is BE 0723.581.891. We are the controller of the personal data that we obtain when you enter in a business relationship with us or when we communicate with each other to explore your interest in the establishment of a business relationship with us. As controller we determine the purposes and means of the processing activities applied to your personal data. 

Scope of this Privacy Policy

This Privacy Policy only informs you of the processing activities that we undertake as a consequence of your use of our Products and Services, including the use of the Partner Portal, or in the context of correspondence to explore your interest in the use thereof. The use of services offered by Cake through other channels (for instance, software, portals, or other applications, including websites or consumer products offered by Cake) is subject to dedicated privacy policies, which we make available to you when you access those services. For instance, the use of our website located at cake.app (‘Website’) is subject to a dedicated privacy policy, which is made available on this website.

When do we collect your personal data?

We collect personal data on any of the following occasions:

  • when you contact us through any means of communication (including but not limited to the contact form on our website) and when you communicate with us;
  • when we carry out prospecting on the basis of external prospect databases, in order to find business partners potentially interested in our Products and Services;
  • when you set up an account on our Partner Portal and when you use your account.

When you use our Partner Portal, we also collect small amounts of data by placing cookies on the web browser you are using. To inform you about the cookies we use, this Privacy Policy contains a separate section dedicated to cookies (see below). 

What personal data do we collect and for what purpose?

We collect different types of personal data for different reasons.

We collect your contact details (including your first name and surname, your email address, your phone number, and the company you represent) for different purposes. If you contact us, for instance via the contact form on our Website, we use your contact details for the purpose of responding to you. In this case, the legal basis for the processing of your contact details is our legitimate interest to respond to questions from prospects or customers. 

We furthermore use your contact details and your billing information for the purpose of sending you our invoices. The legal basis for this processing operation is that the processing is necessary for the performance of a contract.

When you use our Partner Portal, we keep track of the time you spend on the Partner Portal. We do this to measure the level of engagement of our business customers with our Partner Portal. To carry out this processing operation, we rely on our legitimate interest to improve our services.

We also keep a log of all conversations you have with us, so that we can keep track of our correspondence and inform our sales team in an appropriate manner about your queries or needs. We process this information on the basis of our legitimate interest of giving you customer support. 

Lastly, we may process your personal data for direct marketing purposes, for instance by sending you emails with promotional content. We only do this if you have given consent, which you can withdraw at any time.

Cookies

When you use our Partner Portal, we collect small amounts of data by placing cookies on your web browser. These cookies are strictly necessary to provide the functionalities of the Partner Portal. One session cookie is needed to enable you to log in to the Partner Portal. We need to place another cookie to be able to display content such as images to you when you use the Partner Portal.

Who receives my personal data?

When using our contact page, the recipients of personal data collected via cookies are Hubspot and Cloudflare. Hubspot is our CRM platform and Cloudflare is a service provider used by Hubspot. 

When you submit a contact form or an order form on our Website, your personal data will also be shared with Hubspot. 

Considering that we use Hubspot as our CRM platform, we transfer personal data to the United States. We have a Data Processing Agreement in place with Hubspot, which includes the EU’s standard contractual clauses for data transfers between EU and non-EU  countries. You can find a copy of the Data Processing Agreement on this website: https://legal.hubspot.com/dpa

For how long do you retain my personal data?

We retain your personal data for the period of time necessary to achieve the purpose for which such personal data is processed, as set out above. Please note that we must take into account a number of (legal) storage periods (time limits) which oblige us to continue to store your personal data. For instance, personal data used for invoicing and accounting purposes are kept for seven years in accordance with the legal retention period. In the event that no obligation or duty to store the personal data exists, your personal data shall be erased and destroyed on a routine basis once the purpose for which the personal data is collected has been achieved. 

What are my rights?

You are able to exercise his/her rights as described in the General Data Protection Regulation at any time. You may exercise the following rights:

  • Right of access: you have the possibility to make a request to review all personal data collected (including processing purposes, categories of personal data, estimated retention period). 
  • Right of rectification or right to restriction of processing: you have the right to demand that we rectify any of your personal data which are inaccurate or incomplete. You may also request that your personal data be temporarily withheld until they are accurate or complete.
  • Right to erasure (“right to be forgotten”): if you wish to have your personal data deleted, please send a request via email to dpo@cake.app. 
  • Right to object: if you no longer wish to receive information and/or direct marketing emails, you have the right to object to the use of your personal data for these purposes. This can be done by sending a request via email to dpo@cake.app. Please note that you do not have the right to object to the processing of your personal data if such personal data is necessary for the performance of a contract between us or between Cake and your company (for example to send you or your company an invoice for an order).
  • Right to data portability: you have the right to receive your personal data in a universally readable format such as a text file or other digital file.
  • Complaints: if you are not satisfied with the way your personal data are handled, you can file a complaint with a competent authority. In Belgium, this is the Data Protection Authority.

Questions or complaints?

If you have questions about your privacy, if you have a complaint, or if you want to exercise your rights, you can contact our Data Protection Officer (DPO) by sending an email to dpo@cake.app.

1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.