This privacy policy is issued by Kasjmir BV, a Belgian limited liability company having its registered office at Mezenstraat 80, 3061 Leefdaal, Belgium and registered with the Crossroad Bank for Enterprises under number 1015.951.373 (RLE Leuven) (hereinafter referred to as "Kasjmir", "we", or "us").

At Kasjmir, we value your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR). This privacy policy explains what data we collect, why we process it, how we protect it, and your rights as a data subject.

We may collect and process the following categories of personal data when you interact with our website or communicate with us:

1. Contact information: Including, but not limited to, your name, email address, phone number, company name, job title, and any additional details you provide through our contact form or other communications.

2. Professional details: If you submit an inquiry or application, this may include your CV, cover letter, LinkedIn profile, portfolio, references, and other information about your skills, expertise, and professional background.

3. Communication details: Any information you include in correspondence with us, such as inquiries, feedback, or responses via email, the contact form, or other digital channels.

4. Other information: Any additional personal data you voluntarily choose to share with us, such as your preferences, interests, or specific requests.

5. No cookies or tracking technologies: We do not use cookies, trackers, or similar technologies on our website. This means that we do not collect any technical data, such as IP addresses, browser types, or website interaction statistics, through automated means.

We do not intentionally collect sensitive or special categories of personal data (e.g., health, religious beliefs, or political opinions) via our website. If you choose to provide such information, you do so voluntarily, and we will treat it with the utmost confidentiality.

We process your personal data for the following purposes:

1. To respond to inquiries: If you are a potential customer, partner, or applicant, we use your personal data to communicate with you, address your questions, and provide the information or assistance you request.

2. To provide information about our services: We process your data to ensure you have accurate and relevant details about our business proposals and offerings.

3. For recruitment purposes: If you express interest in cooperating with us or joining our team, we process your personal data to evaluate your application, assess your suitability for the role, and communicate throughout the recruitment process.

4. Website Interaction Data and Automated Processing

We do not use your personal data for automated decision-making or profiling. However, to ensure the optimal performance, security, and functionality of our website, certain website interaction data may be processed on the server. This processing is limited to aggregated data and is not designed to identify individual users or collect personally identifiable information.  

If you choose to contact us via email or through our website, we may use AI tools to facilitate and streamline the handling of your inquiry. These tools support our team by improving response times and ensuring efficient communication, while at all times maintaining human control and with a strong commitment to transparency, confidentiality, and the protection of your personal data.

We process your personal data based on:

1. Your explicit consent: When you voluntarily submit your personal data via our contact form or other communication channels, we rely on your consent to process that data for the specific purpose you intended (e.g., inquiries, applications, or requests for information).

2. Our legitimate interests: In certain cases, we process your personal data to respond to your inquiries, provide you with relevant information about our services, or evaluate your suitability for potential partnerships or employment opportunities. This processing is necessary to fulfil our legitimate business purposes while ensuring that your rights and interests are adequately protected.

We collect personal data directly from you in the following ways:

1. When you fill out the contact form on our website: This includes any information you choose to provide, such as your name, email address, phone number, or details about your inquiry or request.

2. When you provide details as part of an application: If you express interest in collaborating with us or joining our team, we collect the information you submit, such as your CV, cover letter, portfolio, or other professional details relevant to your application.

3. When you communicate with us: This includes any personal data you voluntarily share during the course of your correspondence, such as inquiries, feedback, or other messages, and whether shared by letter, e-mail, or other digital and non-digital channels.  

We retain your data only for as long as necessary to fulfil the purposes outlined above:

1. Inquiry-related data: Deleted once resolved unless ongoing communication is required.

2. Recruitment data: Retained for up to 1 year unless earlier deletion is requested or longer retention is consented to.

3. Business-related data: Retained for up to 3 years after last contact unless further retention is required by applicable law.

4. Legal obligations: Data is retained as required by law or regulatory requirements.

Below is a summarized overview of our data processing activities and the respective retention periods, as outlined in the preceding sections of this privacy policy.

We will not share your data with third parties for marketing purposes or other unrelated activities.

We implement robust technical and organizational measures to ensure the security and confidentiality of your personal data, including:

1. Secure storage of data: All personal data is stored using secure systems that are protected against unauthorized access, loss, or misuse.

2. Access controls: Data access is restricted to authorized personnel only, based on their roles and responsibilities.

3. Regular monitoring and updates: Our IT systems are continuously monitored, and security measures are updated regularly to safeguard against emerging threats or vulnerabilities.

4. Encryption and backups: Where applicable, sensitive data is encrypted, and regular backups are performed to prevent data loss.

These measures are designed to protect your data and ensure compliance with GDPR and other relevant data protection regulations.

As a data subject under GDPR, you have the following rights:

1. Access your data: You have the right to request a copy of the personal data we hold about you, along with information on how we process it.

2. Rectification: If your personal data is inaccurate or incomplete, you have the right to request corrections or updates.

3. Erasure ("Right to be forgotten"): You can request the deletion of your personal data in specific circumstances, such as when the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent. However, this right is subject to certain legal obligations that may require us to retain your data.

4. Restrict processing: You can request a restriction on the processing of your personal data in certain cases, such as when you contest the accuracy of the data or object to its processing.

5. Withdraw consent: If we process your data based on your consent, you can withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before your withdrawal.

6. Lodge a complaint with a supervisory authority: If you believe that we have violated your data protection rights, you have the right to file a complaint with a supervisory authority. In Belgium, this is the Belgian Data Protection Authority (BDPA). The contact details of the Belgian Data Protection Authority are as follows:
   ‍
   Belgian Data Protection Authority
   Rue de la Presse 35, 1000 Brussels, Belgium
   Tel: +32 (0)2 274 48 00
   Email: contact@apd-gba.be
   Website: www.gegevensbeschermingsautoriteit.be

We reserve the right to update or modify this privacy policy at any time to reflect changes in our practices, legal requirements, or other operational reasons. Any changes will be communicated by updating the "Last Updated" date at the end of this policy. We encourage you to periodically review this policy to stay informed about how we protect your data.

For any questions or concerns about this privacy policy or how your data is processed, please contact us:

Kasjmir BV
Mezenstraat 80, 3061 Leefdaal, Belgium
E-mail: notice@kasjmir.co

If we need to transfer your personal data outside of the European Economic Area (EEA), such transfers will only take place where adequate safeguards are in place, such as standard contractual clauses approved by the European Commission or other mechanisms recognized under the GDPR.

Our website may contain links to external websites or third-party services. Please note that this privacy policy does not apply to such third-party websites or services. We are not responsible for the privacy practices of these external parties, and we encourage you to review their respective privacy policies.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, inform affected individuals without undue delay, in accordance with GDPR requirements.

This privacy policy is governed by and construed in accordance with the laws of Belgium. Any disputes arising out of or relating to this privacy policy, including matters concerning data protection and privacy rights, shall be subject to the exclusive jurisdiction of the courts of Brussels, Belgium (Dutch-speaking division).

This Privacy Policy was last updated on: 17 January 2025