Privacy Policy

addressed to visitors of the Cake Website

This Privacy Policy explains how Cake handles personal data obtained when you use the Cake Website. It is important that you read this privacy policy carefully, because it informs you about the way in which we process your personal data. We explain which of your personal details we collect, how we process them and why we do this. We also inform you about the rights that you have in relation to the processing of your personal data by Cake.

When this policy refers to the Cake Website, we mean the Website located at https://cake.app including all the pages of that website (‘Website’). By using our Website you agree to the Terms of Use, which you can find on the Website. You can’t use our Website without agreeing to these Terms of Use.

We process your personal data in accordance with the rules of the General Data Protection Regulation (‘GDPR’) and the national implementing legislation. In this Privacy Policy we use specific terms that are defined in the GDPR (for instance, ‘personal data’, ‘processing’, ‘controller’, ‘processor’).

Who are we? 

When we use “we”, “us”, or “our” in this Privacy Policy, we mean Cake NV. We are a Belgian company with registered office at Hendrik Van Veldekesingel 150/23, 3500 Hasselt, Belgium. Our VAT number is BE 0723.581.891. We are the controller of the personal data that we obtain when you use our Website. This means we determine the purposes and means of the processing activities applied to your personal data as a consequence of your use of our Website. 

Scope of this Privacy Policy

This Privacy Policy only informs you of the processing activities that we undertake as a consequence of your use of the Website. The use of services offered by Cake through other channels (for instance, software, portals, or other applications) is subject to dedicated privacy policies, which we make available to you when you access those services.

When do we collect your personal data?

We only collect personal data when you use our “Contact Us” and “Spontaneous Application” pages on our Website.

When entering our contact page, we collect personal data by placing cookies on the web browser you are using. In our Cookie Policy, you can find more information on the cookies we use and how you can control or disable them. 

When you submit the contact form, we also collect the information you filled out in the form.

When you submit the Spontaneous Application form, we only collect the information you filled out in the form. We do not place any cookies through this page.

From time to time we may also offer certain products on our Website, such as statistical reports on market trends. In this case, we may also collect your contact information and invoicing details. 

What personal data do we collect and for what purpose?

When you use our Website, we collect different types of personal data for different purposes.

Firstly, when you use our contact page, we collect small amounts of data through cookies. Depending on the type of cookies we want to use, we will ask for your consent by means of a cookie banner. You can find more information about this in our Cookie Policy

We collect your contact details when you fill out and submit a form to us. These details include your first name and surname, your email address, your phone number, and the company you represent. We use these data for the purpose of contacting you upon your request. The legal basis for the processing of your contact details is our legitimate interest to respond to questions from prospects or customers.

We also collect your contact details and your professional resume when you submit them to us when filing a job application via our Website. We use this data for the purpose of screening, contacting and interviewing job applicants. The legal basis for the processing of your contact details is our legitimate interest to select and contact the most appropriate candidates.

When you order something on our Website, we collect your contact details and billing information. We use this information for the purpose of delivering your order and sending you the corresponding invoice. The legal basis for these processing operations is that the processing is necessary for the performance of a contract (namely, the execution of your order). 

Lastly, we may process your personal data for direct marketing purposes, for instance by sending you emails with promotional content. We only do this if you have given consent, which you can withdraw at any time.

Who receives my personal data?

When using our contact page, the recipients of personal data collected via cookies are Hubspot and Cloudflare. Hubspot is our CRM platform and Cloudflare is a service provider used by Hubspot. Depending on your cookie settings, there may be additional recipients of your personal data, such as Google and Facebook. You can find more information about this in our Cookie Policy.

When you submit a contact form or an order form on our Website, your personal data will also be shared with Hubspot. 

Considering that we use Hubspot as our CRM platform, we transfer personal data to the United States. We have a Data Processing Agreement in place with Hubspot, which includes the EU’s standard contractual clauses for data transfers between EU and non-EU  countries. You can find a copy of the Data Processing Agreement on this website: https://legal.hubspot.com/dpa

For how long do you retain my personal data?

We retain your personal data for the period of time necessary to achieve the purpose for which such personal data is processed, as set out above. Please note that we must take into account a number of (legal) storage periods (time limits) which oblige us to continue to store your personal data. For instance, personal data used for invoicing and accounting purposes are kept for seven years in accordance with the legal retention period. In the event that no obligation or duty to store the personal data exists, your personal data shall be erased and destroyed on a routine basis once the purpose for which the personal data is collected has been achieved. 

What are my rights?

You are able to exercise his/her rights as described in the General Data Protection Regulation at any time. You may exercise the following rights:

  • Right of access: you have the possibility to make a request to review all personal data collected (including processing purposes, categories of personal data, estimated retention period). 
  • Right of rectification or right to restriction of processing: you have the right to demand that we rectify any of your personal data which are inaccurate or incomplete. You may also request that your personal data be temporarily withheld until they are accurate or complete.
  • Right to erasure (“right to be forgotten”): if you wish to have your personal data deleted, please send a request via email to dpo@cake.app. 
  • Right to object: if you no longer wish to receive information and/or direct marketing emails, you have the right to object to the use of your personal data for these purposes. This can be done by sending a request via email to dpo@cake.app. Please note that you do not have the right to object to the processing of your personal data if such personal data is necessary for the performance of a contract between us or between Cake and your company (for example to send you or your company an invoice for an order).
  • Right to data portability: you have the right to receive your personal data in a universally readable format such as a text file or other digital file.
  • Complaints: if you are not satisfied with the way your personal data are handled, you can file a complaint with a competent authority. In Belgium, this is the Data Protection Authority.

Questions or complaints?

If you have questions about your privacy, if you have a complaint, or if you want to exercise your rights, you can contact our Data Protection Officer (DPO) by sending an email to dpo@cake.app.

1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.