addressed to business partners of Cake
When this policy refers to the Partner Portal, we mean the Cake for Business software solution in SaaS mode made available to our business partners. By using our Partner Portal you agree to the Cake for Business Terms and Conditions. You can’t use our Partner Portal without agreeing to these Terms and Conditions.
Who are we?
When do we collect your personal data?
We collect personal data on any of the following occasions:
- when you contact us through any means of communication (including but not limited to the contact form on our website) and when you communicate with us;
- when we carry out prospecting on the basis of external prospect databases, in order to find business partners potentially interested in our Products and Services;
- when you set up an account on our Partner Portal and when you use your account.
What personal data do we collect and for what purpose?
We collect different types of personal data for different reasons.
We collect your contact details (including your first name and surname, your email address, your phone number, and the company you represent) for different purposes. If you contact us, for instance via the contact form on our Website, we use your contact details for the purpose of responding to you. In this case, the legal basis for the processing of your contact details is our legitimate interest to respond to questions from prospects or customers.
We furthermore use your contact details and your billing information for the purpose of sending you our invoices. The legal basis for this processing operation is that the processing is necessary for the performance of a contract.
When you use our Partner Portal, we keep track of the time you spend on the Partner Portal. We do this to measure the level of engagement of our business customers with our Partner Portal. To carry out this processing operation, we rely on our legitimate interest to improve our services.
We also keep a log of all conversations you have with us, so that we can keep track of our correspondence and inform our sales team in an appropriate manner about your queries or needs. We process this information on the basis of our legitimate interest of giving you customer support.
Lastly, we may process your personal data for direct marketing purposes, for instance by sending you emails with promotional content. We only do this if you have given consent, which you can withdraw at any time.
When you use our Partner Portal, we collect small amounts of data by placing cookies on your web browser. These cookies are strictly necessary to provide the functionalities of the Partner Portal. One session cookie is needed to enable you to log in to the Partner Portal. We need to place another cookie to be able to display content such as images to you when you use the Partner Portal.
Who receives my personal data?
When using our contact page, the recipients of personal data collected via cookies are Hubspot and Cloudflare. Hubspot is our CRM platform and Cloudflare is a service provider used by Hubspot.
When you submit a contact form or an order form on our Website, your personal data will also be shared with Hubspot.
Considering that we use Hubspot as our CRM platform, we transfer personal data to the United States. We have a Data Processing Agreement in place with Hubspot, which includes the EU’s standard contractual clauses for data transfers between EU and non-EU countries. You can find a copy of the Data Processing Agreement on this website: https://legal.hubspot.com/dpa.
For how long do you retain my personal data?
We retain your personal data for the period of time necessary to achieve the purpose for which such personal data is processed, as set out above. Please note that we must take into account a number of (legal) storage periods (time limits) which oblige us to continue to store your personal data. For instance, personal data used for invoicing and accounting purposes are kept for seven years in accordance with the legal retention period. In the event that no obligation or duty to store the personal data exists, your personal data shall be erased and destroyed on a routine basis once the purpose for which the personal data is collected has been achieved.
What are my rights?
You are able to exercise his/her rights as described in the General Data Protection Regulation at any time. You may exercise the following rights:
- Right of access: you have the possibility to make a request to review all personal data collected (including processing purposes, categories of personal data, estimated retention period).
- Right of rectification or right to restriction of processing: you have the right to demand that we rectify any of your personal data which are inaccurate or incomplete. You may also request that your personal data be temporarily withheld until they are accurate or complete.
- Right to erasure (“right to be forgotten”): if you wish to have your personal data deleted, please send a request via email to email@example.com.
- Right to object: if you no longer wish to receive information and/or direct marketing emails, you have the right to object to the use of your personal data for these purposes. This can be done by sending a request via email to firstname.lastname@example.org. Please note that you do not have the right to object to the processing of your personal data if such personal data is necessary for the performance of a contract between us or between Cake and your company (for example to send you or your company an invoice for an order).
- Right to data portability: you have the right to receive your personal data in a universally readable format such as a text file or other digital file.
- Complaints: if you are not satisfied with the way your personal data are handled, you can file a complaint with a competent authority. In Belgium, this is the Data Protection Authority.
Questions or complaints?
If you have questions about your privacy, if you have a complaint, or if you want to exercise your rights, you can contact our Data Protection Officer (DPO) by sending an email to email@example.com.
1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.