Skip to main content

Privacy Statement

The high standards you expect from us with respect to our products and services are the guideline for us on how to handle your data, including your personal data. We aim to lay a solid foundation for confidential business relationships with our customers and potential customers, partners and mobility users, and to maintain this as well. We set great store by the confidentiality and integrity of your personal data. It is for this reason that we will carefully process and use your data for specific purposes that are consistent with your consent and in accordance with the legal provisions related to the protection of data.

Alphabet Belgium Long Term Rental NV Privacy Statement
Alphabet Belgium Long Term Rental NV is a service provider active in the business mobility sector, and it is in this capacity that we process personal data. Most of the data we process is related to offering our mobility solutions to customers, to include, for example, the possibility of leasing a car, LCV or even a bicycle along with related services. However, this also consists of mobility card provision and car rentals. For all of these services we receive and process personal data. For example, these include customer data, and data from their employees and drivers or representatives of business partners or potential business partners. In the case of B2E (business to employee), we also process data of private lease customers. This statement applies to personal data that we receive from and about these individuals.
Processing your data starts with the mobility solution application process, namely with drawing up a quotation and any resulting subsequent order. To this end we receive data from your employer or from you. After the initial processing, there will still be other times at which your data is processed, for example if your vehicle is involved in an accident, if there is damage that requires repair, or if we receive traffic fines for your vehicle.  
We also process your data for our additional services, such as providing a fuel card, mobility card, roadside assistance and rental car.

We understand that use of your data requires your confidence. We will therefore apply the highest possible data protection standards and use your data solely for clearly defined purposes and in accordance with your data protection rights.
In the following sections, this privacy statement describes how Alphabet Belgium Long Term Rental NV collects, processes and uses the personal data of its customers or potential customers, business partners and mobility users.

Who is responsible for processing personal data?
As defined in the generally applicable law on privacy, Alphabet Belgium Long Term Rental NV, with its registered office at Ingberthoeveweg 6, 2630 Aartselaar (hereinafter Alphabet and/or we and/or us), is responsible for processing your personal data.
In addition to the address above, Alphabet has branches in Aartselaar and Zaventem.
Alphabet International is the parent company of Alphabet and comprises part of the BMW Group, just as Alphabet does. Due to this relationship there is a possibility that we may share data with both parties.
Alphabet is liable for all your data that are processed via the websites www.alphabet.be, www.alphabet-used-cars.be, our customer portal www.fleetagent.be, and our AlphaGuide app. If your data have been provided by Sales or Service Partners, Alphabet also processes these to the extent that the applicable requirements regarding compliance with the GDPR (General Data Protection Regulations) are satisfied.
Service partners such as garages, roadside assistance, dealer sites, etc. are responsible for processing personal data that you make available to them for the purpose of service provision. This also applies to data processed via the www.alphabet.carsquare.be website. Service partners also process your data if they have been transferred by Alphabet, and insofar as the requirements regarding compliance with the legislation on the protection of personal data applicable thereto are satisfied.
These data protection policy guidelines also describe how your data are processed by Service Partners. However, these Service Partners may collect other personal data and have their own data protection policy guidelines. In this instance, you can deduce how your data is used based on the respective service partner’s data protection policy guidelines.

When does Alphabet collect and process your personal data?
Alphabet collects and processes your personal data under the following circumstances:
•    If your employer uses Alphabet as a business mobility service provider and has transmitted your data to us in order to purchase mobility solutions;
•    If you directly purchase mobility solutions from us;
•    If you contact us directly, for example via our website, Fleet Agent or one of our employees because you are interested in our mobility solutions or if you have any questions;
•    If you use the AlphaGuide app;
•    If you request information about our products and services (e.g. for a price enquiry);
•    If you respond to our marketing campaigns, for example in the event of online data provision on one of our websites;
•    If your personal data are forwarded to us by Sales Partners or third parties, and if and to the extent that the requirements for compliance with the GDPR have been met; for example, if you have consented to the processing, and if you have raised no objection to the transmission of your data;
•    If we receive personal data relating to maintenance and repair work, roadside assistance, claims management, insurance information, mobility or fuel consumption from our service partners within the context of service provision;
•    If we receive traffic and parking fines related to your person.
We kindly request that you help us keep your data up to date by keeping us informed of changes to your data (including contact data) or preferences. As a customer or mobility user, you can do this via your personal page on our Fleet Agent customer portal.
If you provide data on behalf of another person, you must ensure that the data subject has received this privacy statement in advance.

What data relating to your person can be collected?
The following categories of personal data may be collected by your employer, you or our Sales/Service Partners. Under “For what purposes do we process your data?” you can find a detailed overview of the data processed per mobility solution.
-    Contact data        Surname, first name, address, telephone number, email address, employer.
-    Contract data        Contract number, quotation number, lease amount, VIN number, number plate, lease elements.
-    Financial data        IBAN data, mandate ID in case of direct debit.
-    Biological data        Date of birth, sex.
-    Biographical data    Size of the household, employment status.
-    Transaction data    Data on maintenance, fuel consumption, damages, interaction with the Drivers Desk and or Sales Support (for requests and complaints), participation in market research).
-    Data relating to your online account    Fleet Agent login data.
-    Website use and communications    Data on how you use the website and whether you open or forward messages from us, including data collected through cookies. You can find more information about Cookies here (link to Cookies, add paragraph or statement).
-    Data related to testing your credit rating and identity Data to identify you (e.g., driving licence) with respect to your credit rating in the case of B2E data such as a payslip, information concerning fraud, criminal offences, suspicious transactions, PEPs and penalty lists on which your data is listed.
-    Data relating to the use of Alphabet Apps and services    Data concerning your Alphabet apps use (on your mobile phone), such as AlphaGuide and AlphaCity.
-    Data intended to locate the vehicle    Data on the location of your vehicle or mobile device. Where applicable, Alphabet can receive and use these data in accordance with the detailed descriptions of the respective services and the security measures for location data.
Alphabet does not have access to the vehicle’s operational data, data relating to comfort and infotainment. If you wish to access these details, you can contact your car’s make; the contact details can be found in the respective privacy statements of the relevant makes.

For what purposes do we process your data?
Alphabet will only process your data if this is required for concluding an agreement with its corresponding provision of service. Based on the legal grounds that follow, we process your data under the following circumstances:

 

Legal ground

Processing purposes

By virtue of our legal obligations.

In response to mandatory requests from authorities or regulatory parties.

By virtue of it being necessary for entering into an agreement or executing this agreement.

To assess your credit rating.

For mobility solution delivery, correct handling of maintenance and repairs; all in accordance with the agreement.

By virtue of us (or a third party) having a legitimate interest therein (this applies only if your interests do not outweigh ours in individual cases).

For the detection of fraud and criminal activities to protect our Company and society against crime and the consequences thereof.

 

By virtue of us having obtained your consent.

For marketing - to send you news and offers.

For the research and development of our products and services to provide even better services through surveys (satisfaction surveys).

All uses for which we require your consent are described in your dashboard preferences on Fleet Agent, where you can modify your preferences at any time.

For each mobility solution, we indicate which data are processed and which third parties may be involved in this processing below:

Operational Lease, Short Lease, Sale & Leaseback, Motivational Lease, Fleet Management, Light Commercial Vehicles.

This can involve the lease of a car, but also the lease of an LCV, a bicycle or a Speed Pedelec. To this end, the customer pays an agreed monthly amount (in which the lease period and the number of kilometres driven are established). Full operational leasing includes operational services such as maintenance, repair, insurance, tyre replacement/change, etc.

If you purchase any of these mobility solutions, we will process the data listed below:

Customer (employer) data: contact details, company telephone number, company email address, VAT number and bank account number, first name and surname, email address and telephone number of contact persons. Director and/or authorised signatory data: name, email address, telephone number and identity card, all of which are used to contact you about our cooperation and to verify signatory authority.

Vehicle driver data: driver’s first name and surname, sex, date of birth, address and place of residence, mobile phone number, email address (business and/or private), cost centre, employee number, as well as vehicle data such as the vehicle registration number and VIN number.

In addition, we also process the following contract data to process your lease contract: Employee number, lease category, data on which the lease scheme enters into force, and annual breakdown of kilometres driven.

Certain data such as name, employer, number plate and lease contract are shared with dealers/sellers for the delivery of your vehicle/LCV/bicycle.

-> To this end, contract execution forms the grounds for data processing.

The following services may comprise part of an Operational Lease, Short Lease, Sale & Leaseback, Motivational Lease, Fleet Management, Light Commercial Vehicles:

  • Repairs and Maintenance
  • Roadside assistance
  • Claims management/insurance policies
  • Tyre management
  • Fuel management
  • Fines management
  • Management information
  • Drivers Desk / Customer Care
  • CO2 Compensation
AlphaRent

Alphabet also offers the possibility of renting a short-term vehicle, whether or not in connection with other products.

If you purchase any of these mobility solutions, we will process the following data of yours:

Customer (employer) data: company contact details, company telephone number, company email address, VAT number and bank account number, first name and surname, email address and telephone number of contact persons, directors and/or authorised signatory: name, email address, telephone number and identity card, all of which are used to contact you regarding our agreement with you and to verify signatory authority.

Vehicle driver data: driver’s first name and surname, sex, date of birth, mobile phone number, email address (business and/or private), cost centre, employee number, as well as vehicle data such as the vehicle registration number and VIN number.

We may share certain data with external leasing companies that we work with such as company contact data and first name and surname.

-> To this end, contract execution forms the grounds for data processing.

 

The following services may form part of AlphaRent:

  • Repairs and Maintenance
  • Roadside assistance
  • Claims management/insurance policies
  • Fuel management
  • Fines management
AlphaFlex

This solution allows your employer to offer you the option of a monthly budget, which allows you to choose your mode of transportation. This may concern a leased vehicle, bicycle and/or mobility card. The mobility budget corresponds with the transport needs, which ensures flexibility and efficient use of transport resources. Moreover, payments are only made for actual use.

If you purchase any of these mobility solutions, we will process the following data of yours:

Customer (employer) data: contact details, company telephone number, company email address, VAT number and bank account number, first name and surname, email address and telephone number of contact persons. Director and/or authorised signatory data: name, email address, telephone number and identity card, all of which are used to contact you about our cooperation and to verify signatory authority.

Mobility user data: first name and surname, sex, date of birth, address and place of residence, mobile phone number, email address (business and/or private), cost centre, and employee number. If a lease vehicle is being used, vehicle data such as the vehicle registration number and VIN number are also included here.

We may share certain data with external suppliers of mobility cards that we work with such as company contact data and first name and surname. For more information, please visit the Mobility card page.

-> To this end, contract execution forms the grounds for data processing.

The following services may form part of the contract:

  • Repairs and Maintenance
  • Roadside assistance
  • Claims management/insurance policies
  • Tyre management
  • Fuel management
  • Fines management
  • Management information
  • Drivers Desk / Customer Care
  • CO2 Compensation
AlphaElectric

AlphaElectric is a full option eMobility solution. Alphabet analyses the profile of the customer’s fleet and provides recommendations on which electric vehicles and charging stations/infrastructure are the best match for the fleet in question. Alphabet also specifies the various options for implementing eMobility. Customers can opt for a flexible combination of additional mobility solutions, e.g., a charging card (for public charging stations), service workshop, tyre service, etc., a practical app for locating charging stations and a 24-hour eMobility hotline.

If you purchase any of these mobility solutions, we will process the following data of yours:

Customer (employer) data: contact details, company telephone number, company email address, VAT number and bank account number, first name and surname, email address and telephone number of contact persons. Director and/or authorised signatory data: name, email address, telephone number and identity card, all of which are used to contact you about our cooperation and to verify signatory authority.

Vehicle driver data: first name and surname, sex, date of birth, address and place of residence, mobile phone number, email address (business and/or private), cost centre, employee number, as well as vehicle data such as the vehicle registration number and VIN number.

During the fleet analysis, part of the fleet is provided with a tracer for one month that keeps track of the routes travelled. These tracers are then read out and analysed. The analysis is made anonymously.

We may share certain details such as first name and surname and email address with the external supplier which, where necessary, installs a charging station at your location. We have concluded an agreement with them to this end.

-> To this end, contract execution forms the grounds for data processing.

The following services may form part of the contract:

  • Repairs and Maintenance
  • Roadside assistance
  • Claims management/insurance policies
  • Management information
  • Tyre management
  • Fuel management
  • Fines management
  • Management information
  • Drivers Desk / Customer Care

 

AlphaCity

AlphaCity is Alphabet’s Corporate Car Sharing Mobility Solution. AlphaCity makes business car sharing simple and efficient. Employees can reserve an AlphaCity car at any time via an online reservation system, and are provided card-based access to the car. Key registration and other administrative tasks associated with this process are automated.

If you purchase any of these mobility solutions, we will process the following data of yours:

Customer (employer) data: contact details, company telephone number, company email address, VAT number and bank account number, first name and surname, email address and telephone number of contact persons. Director and/or authorised signatory data: name, email address, telephone number and identity card, all of which are used to contact you about our cooperation and to verify signatory authority.

Vehicle driver data: first name and surname, date of birth, address and place of residence, mobile phone number, email address (business and/or private), cost centre, employee number, driving licence, credit card number, security question, as well as vehicle data such as the vehicle registration number and VIN number.

When using an AlphaCity car, the departure time, arrival time and kilometres driven are recorded for each car.

Location-related data is accessible in case of an emergency; this data is naturally handled with all due care (see also LINK).

-> To this end, contract execution and legitimate interest form the grounds for data processing.

The following services may form part of the contract:

  • Repairs and Maintenance
  • Roadside assistance
  • Claims management/insurance policies
  • Management information
  • Tyre management
  • Fuel management
  • Fines management
  • Management information
  • Drivers Desk / Customer Care
Driver training/Fleet management training

Alphabet is capable of providing driver training upon customer request; this is combined with the existing product purchase.

If you purchase any of these mobility solutions, we will process the following data of yours:

Customer (employer) data: company contact details, first name and surname, email address and the telephone number of contact persons.

We share this information with the relevant training agency.

-> To this end, contract execution forms the grounds for data processing.

B2E (Business to Employee)

B2E is a mobility solution whereby the customer provides its employees with the option of directly concluding a lease agreement with Alphabet, so that you are then able to use a new car for a fixed sum each month. This monthly amount includes most of the costs associated with a car such as depreciation, repairs, maintenance, tyres, insurance, motor vehicle tax, roadside assistance and any replacement transport.

If you purchase any of these mobility solutions, we will process the following data of yours:

Customer (you as a private person) data: first name and surname, sex, date of birth, address and place of residence, email address and telephone number, type of contract, date of employment, net professional income, and living expenses. We also process the following documents: identity card, last two payslips, bank statement, most recent personal income tax assessment.

Your partner’s (as co-contracting party) data: first name and surname, sex, date of birth, type of contract, date of employment, and net professional income. We also process the following documents: identity card, last two payslips, bank statement, most recent personal income tax assessment.

Vehicle driver data: first name and surname, date of birth, sex, address and place of residence, mobile phone number, and email address. We also process the following documents: identity card, driving licence, and claims record for the last 3 years. However, data processed also include vehicle data such as the vehicle registration and VIN numbers.

We process these data prior to entering into the lease contract with you (e.g. your payslip for carrying out a financial test and your identification data for carrying out an identification check) and for the continued execution of our contractual agreement with you.

Certain data, such as name, number plate and lease contract are shared with dealers/sellers for the delivery of your vehicle.

-> To this end, contract execution and legitimate interest form the grounds for data processing.

The following services may form part of the contract:

  • Repairs and Maintenance
  • Roadside assistance
  • Claims management/insurance policies
  • Fines management
  • Drivers Desk / Customer Care

 

Fleet Agent

Fleet Agent is the Customer Relation Management (CRM) system in which the customer, fleet managers and drivers can find their data. It also contains declaration forms and claims forms for reporting damages. System access can be obtained by means of an authorisation login code assigned to you.

If you purchase any of these mobility solutions, we will process the following data of yours:

Customer (employer) data: contact details, company telephone number, company email address, first name and surname, email address and telephone number of contact persons.

Vehicle driver data: first name and surname, date of birth, address and place of residence, mobile phone number, email address (business and/or private), cost centre, and employee number.

You can also find all vehicle-related data such as vehicle registration number and VIN number, make and model on Fleet Agent. Furthermore, data arising during the course of a lease contract, such as maintenance, damages, refuelling data are also located here.

Fleet Agent is managed by Alphabet, this website complies with the requirements of the privacy legislation.

-> To this end, contract execution forms the grounds for data processing.

AlphaGuide

AlphaGuide is a mobile phone app that provides users with a number of convenient services related to their mobility. The app also allows you to view contract data, search for service partners and electrical charging stations, submit declarations and file a claim. Via the app, it is also possible to contact Alphabet Assistance and get reminders for scheduled appointments based on travel time.

If you purchase any of these mobility solutions, we will process the following data of yours:

Vehicle driver data: first name and surname, mobile phone number, app identification number, vehicle registration number, and in case of SOS alerts, data related to these.

AlphaGuide is a personal application. Neither Alphabet nor your employer has access to the data you use in this app. Data, such as fuel card statements and damage claims sent to Alphabet via the app are however indeed processed by Alphabet.

Fleet Agent is managed by Alphabet, this website complies with the requirements of the privacy legislation.

-> To this end, contract execution forms the grounds for data processing.

The following services comprise part of the above-mentioned mobility solutions.

Repairs and Maintenance

We use your data to maintain our cars within the framework of this agreement’s implementation. After repair and/or maintenance, we provide the customer with information on the repairs carried out.

If you purchase any of these mobility solutions, we will process the following data of yours:

Vehicle driver data: first name and surname, mobile phone number, address, email, customer number, and vehicle registration number.

We share the registration number of your lease vehicle with the service partner handling your vehicle. During your visit, you may provide the service partner (garage/repairer) with additional information. Alphabet has no access or control of these data.

Technical data on the vehicle are processed in the context of maintenance and/or repairs. These data are processed by the service partner and are used by technicians trained in the diagnosis and repair of any malfunctions. These technical data relating to the vehicle consist mainly of:

  • Basic vehicle data (such as the vehicle identification number, type of vehicle, year of construction, and vehicle options);
  • Information on the condition of the vehicle (measured values such as kilometre reading); and
  • Maintenance and workplace data (such as maintenance requirements, work carried out, installed parts, guarantee issues, and workplace reports).

-> To this end, contract execution and legitimate interest form the grounds for data processing.

Roadside Assistance

In the event of a breakdown while travelling with your leased vehicle, including a flat tyre or other (possibly technical) problem, you can contact us via Alphabet Assistance for assistance.

If you purchase any of these mobility solutions, we will process the following data of yours:

Vehicle driver data: first name and surname, mobile phone number, registration number of your leased vehicle, location where this breakdown took place and where assistance was provided, which repairs were carried out or where the car was towed to. Depending on the circumstances, your account number or other data may also be requested, for example in the context of a reimbursement of costs advanced to you.

To perform this service, we use third parties (such as towing services or roadside assistance services); these third parties will process and forward the necessary data with regard to your situation to Alphabet for settlement at a later time.

-> To this end, contract execution and legitimate interest form the grounds for data processing.

Claims management/insurance policies

In order to ensure that the lease vehicle is properly insured and that you can be provided with the necessary insurance certificates, we process the following in regard of your data:

Customer (employer) data: contact details, company telephone number, company email address, first name and surname, email address and telephone number of contact persons.

Vehicle driver data: first name and surname, date of birth, address and place of residence, employee number, period during which you were driving the lease vehicle, as well as vehicle-related data such as vehicle registration and VIN numbers, and the make and model.

Depending on the customer, Alphabet shares these data with the relevant insurance broker or agent or companies for the specific agreements made.

In case of damage to your vehicle as a result of an accident or when reporting an accident in which your lease vehicle is involved, you can approach us (or we will approach you) to repair this damage or arrange any replacement transport and the insurance or repair-related settlements thereto. In addition to the above-mentioned data, we also process information about the accident, any photos of the damage/accident, the number of passengers (where relevant), any evidence supplied by witnesses (where applicable), and any other information we receive from you regarding the damage and/or accident (e.g., information about injured parties).

Depending on the circumstances of the accident, you may also be asked for any medical and/or financial details.

We can also process data from third parties who were involved in the damage or accident, such as the identity of these third parties. We can also process information on witnesses, passengers involved, police data (such as police reports and witness statements) and insurance data related to the damage and/or accident, including information from and claims by third parties.

We share these data with our customer (your employer) in reports. We also share these data with damage repair companies, insurance companies (both our own insurance company and those of third parties) and, where necessary, with damage and other assessors, police or judicial authorities involved in the settlement of the damage and/or accident.

-> To this end, the grounds for processing are a legal obligation deriving from the execution of the contract and legitimate interest.

Tyre management

If tyre management comprises a part your contract, we will assist you in the changing of your summer and winter tyres.

If you purchase any of these mobility solutions, we will process the following data of yours:

Vehicle driver data: first name and surname, mobile phone number, email address (business and/or private).

We share this information with the tyre service centres responsible. We have entered into contractual agreements with these tyre service centres to provide the proper level of protection for your data.

-> To this end, contract execution forms the grounds for data processing. 

Fuel management

If you conclude a lease contract with Alphabet including fuel management, you will receive a fuel card. We use brand-linked cards and non-brand-linked cards in this regard.
If you purchase any of these mobility solutions, we will process the following data of yours:
Customer (employer) data: company contact details.
Vehicle driver data: first name and surname, email address (business), contract number, employee number, and fuel type.
While using the card the following data are also processed: fuel type, refuelling date, kilometre reading, and associated costs.
We share this information with the fuel card suppliers. We may also share this information with our customer (your employer) via our customer portal / Fleet Agent CRM system. Reports will be made available to your employer including information on the use of these services (except for location data) on Fleet Agent; you can also personally view your refuelling data on Fleet Agent.
-> To this end, contract execution forms the grounds for data processing.

Fines management

In the case of operational leasing, Alphabet is registered as the vehicle’s owner.

Fines in Belgium:

Management of fines incurred in Belgium is carried out by Fines Management Services (FMS), a cooperation platform partnering with the Federal Police.

For these purposes we will process the following data of yours:

Vehicle driver data: first name and surname, date of birth, vehicle registration number.

Fines handled by FMS are addressed directly to the driver and are therefore not dealt with by Alphabet.

In the case of domestic fines that are not dealt with via FMS, Alphabet is legally obliged to notify the Court of the correct driver or customer within 15 days of receipt. (summary of law and article).

Parking fees and fines abroad

Alphabet processes parking fees and fines from abroad. For this purpose, we process the following data to process and manage the payment of these fines and, where necessary, to additionally have our customer (your employer) provide reimbursement: the data we receive from the municipality or its representative or a foreign institution, such as the vehicle registration, the nature of the violation, the place in and time at which the violation occurred and the amount of the fine imposed.

In the invoice and statements to the customer (your employer), we will not report privacy-sensitive data (such as the nature, place and time of the violation).

However, we will be obliged to share this information with our customer (your employer) in certain situations, namely in the case of car sharing/carpooling (multiple drivers per lease car), or should we not know the identity of the driver at the time of the violation.

--> To this end, the grounds for processing are a legal obligation based on legitimate interest.

 

Management Information

To produce management reports we can also process your personal data for the purposes of statistical and scientific objectives or to improve the quality of our products and services. This processing is done anonymously and cannot be traced back to any individual person.

In addition, we provide our customer with basic reports to provide them with insight into the fleet and possibly to generate management information therefrom; in these reports we shall treat privacy-sensitive data such as location data and the nature of violations in accordance with that which is laid down in the “How do we protect your personal data?” section.

-> To this end, contract execution forms the grounds for data processing.

DriversDesk / Customer Care

We use your personal data for contract management or to handle a request you have submitted (such as a request for quotations and for questions or complaints).

With respect to all aspects of contract management or problem-solving, we may contact you without permission, for example in writing, by telephone, or by email.

We also contact you if your vehicle is affected by a so-called technical campaign or recall (usually crucial measures to prevent, for example, danger to passengers or to the vehicle) so that we can comply with our legal obligation regarding the provision of information.

Alphabet also processes your personal data on this basis to optimise our customer service, for example to correctly identify you when you contact us.

-> To this end, contract execution forms the grounds for data processing.

Car Square

You can view used cars offered by Alphabet on the Alphabet Car Square website. If you are interested in purchasing a used car, we will request the following details: first name, surname, telephone number, email and security question.

The Alphabet Car Square website is managed by a third party. We have entered into contractual agreements with this third party to provide the proper level of protection for your data.

-> To this end, consent forms the grounds for processing.

Other times at which Alphabet is permitted to process personal data:

Alphabet locations visit - Access control and security

If you visit any of our facilities, we may use your personal data to provide you with an access badge, to ensure controls related to this access and to ensure the security of our locations.
We are able to process the following of your personal data: your name, your contact details and the name of the person at Alphabet you are visiting.
Alphabet also uses camera surveillance. These cameras are only installed for the security of the locations concerned; data shall also be used only for this purpose and shall not be stored longer than is strictly necessary.
-> To this end, legitimate interest forms the grounds for processing.

Communication via email or contact forms

Data submitted by persons on the alphabet.be website are passed on to the competent services within Alphabet.

-> To this end, consent forms the grounds for processing.

Marketing communication and customer satisfaction surveys based on consent

We are happy to personally provide you with information at such time that it becomes relevant to you. This information may include newsletters, offers or any other materials. These may entail advantages for you, which is why we would like to draw your attention to these advantages. We also process your data for this, however, not without having requested your permission to this end.

We request your permission for the provision of information concerning the following activities:

  • Alphabet events;
  • updates on advice, news and promotional campaigns;
  • Alphabet customer satisfaction surveys

You can use Fleet Agent to provide this permission by selecting the information you wish to receive from us. In addition to this, you can just as simply revoke this authorisation.

-> To this end, consent forms the grounds for processing.

How do we protect your personal data?
To protect your personal data, we take various security measures such as the use of encryption and authentication tools in conformity with state-of-the-art technology for the protection and maintenance of your data’s security, integrity and accessibility.
We cannot guarantee 100% protection against unauthorised access in the event of data transmission across the internet or a website; however, we and our service providers and business partners do our utmost to protect your personal data in accordance with the applicable data protection regulations (GDPR) by means of physical, electronic and process-oriented security measures based on current, state-of-the-art technology. Among other things, we use the following principles and means:

  • Strict consent criteria for accessing your data in accordance with the “need to know” principle (limitation to as few people as possible) and solely for the purposes specified
  • Collected data is only transmitted in encrypted form
  • Firewall protection of IT systems to protect against unauthorised access, for example by hackers
  • Permanent monitoring of IT system access to detect and prevent misuse of personal data

If you have received a password from us or have created a password yourself to access certain sections of our website or other portals, apps or services we operate, you are responsible for maintaining the confidentiality of this password and complying with all other security procedures indicated to you by us. In particular, please do not share your password with or tell it to anyone else.

Security measures for location data

Certain services can only be offered if you provide your location or announce the location of your vehicle. We take the confidentiality of these location data very seriously.

Your location data (including data viewed as part of vehicle maintenance) are therefore protected by the following security measures:

  • They are only stored in a form capable of being traced back to you or your vehicle to the extent that this is required to meet the intended purpose for which you provided your consent.
  • Data will only be collected and opened in this form if they are required to provide the requested services.
  • Data for the location of the vehicle and data for the location of a mobile device/your mobile device are only linked if this is necessary for providing the services requested.
  • Any other use of location data with regard to analysis takes place by using pre-anonymised data files.

If it does not have any significant bearing in relation to the execution of our agreement with your employer, we will not share your location data with your employer.

How long do we store your data?
In accordance with Article 17 of the GDPR, we store your data for the time needed to reach the objectives for which we process your data. Alphabet has developed internal procedures for the deletion of data to ensure that all your data is deleted in accordance with the principle of data minimisation and Article 17 of the GDPR. The fundamental principles by which your personal data are deleted are described below.

Use for Contract Compliance

To meet contractual obligations, data collected from you may be retained for as long as the contract is in force and - depending on the nature and scope of the contract - for 7 to 10 years thereafter in order to comply with legal retention requirements and to be able to answer any questions or resolve any complaints following the contract’s expiry.

Moreover, there are contracts for the delivery of products and services requiring longer storage periods; see also “Use for claims assessment” below.

Use for claims assessment

Data that we find essential to the assessment and prevention of claims against us or employed to institute criminal proceedings or to prevent claims against you, us or third parties may be retained by us as long as the relevant proceedings could be invoked.

Use for customer service and marketing purposes

The data collected from you for customer service and marketing purposes may be retained for 3 to 10 years, unless you wish such data to be deleted and there is no contractual or legal obligation hindering such request for deletion.

To whom do we give international access to your data and how do we ensure that these data are protected?

Alphabet is part of the BMW Group. The personal data of Alphabet customers and mobility users can also be processed for and by other companies affiliated with BMW AG. The preferred option is for personal data processed by us and/or the BMW group to be processed within the EU.

If data are processed in countries outside the EU, Alphabet uses standard EU contracts, which include the appropriate technological and organisational measures to ensure that your personal data are processed at the same level of security applicable under the European GDPR.

In some countries outside the EU, such as Canada and Switzerland, the EU has already established a level of data protection analogous to that of Europe. An analogous level of data protection means data transmission to these countries does not require any special permissions or agreements.

How can you see which personal data we have about you and how can you change your privacy preferences?
Via Fleet Agent, our online CRM portal, you have access to the personal data relating to you that we store. If permitted, it is also possible to modify your data here.
You can also view and possibly modify the Marketing Communication and Customer Satisfaction Survey permissions you have activated here.
However, settings related to data usage by service partners cannot be modified on your online account. To enact these changes, or if you have any questions about the use of your data, you must therefore contact the respective service partners directly.

Contacting us, your privacy rights and your right to submit a complaint at the national data protection authority
If you have any questions about the use of your data and our processing methods or about this privacy statement, you can contact the Data Privacy Protection Officer (DPPO) directly via the following mailbox: contact.privacy@alphabet.be

Your privacy rights

In accordance with the GDPR, you as an individual have the following rights which you are entitled to invoke in regard to your relation to us. The following section explains your rights as defined in the GDPR. Depending on the type and size of your request, we may request that you submit this in writing.
In accordance with the GDPR, you as the data subject have the following rights vis-a-vis Alphabet:

 

Right to inspection and correction (Articles 15 and 16 of the GDPR)

You are at all times at liberty to request which of your data are processed by us. This information includes the categories of data we process, the processing purposes, the data’s origin (should we have not have received it directly from you) and, where applicable, the recipients to whom or which we have transmitted your data.
Should you wish to inspect the data belonging to you that are processed by Alphabet, we refer you in the first instance to the Fleet Agent portal. Here you can view the personal data that we have received from you along with the data received by you with regard to your vehicle (such as refuelling, damage, etc.).
Inspection of decisions made (consent):
We provide you with the opportunity to personally indicate whether we may or may not use or process your personal data for commercial offers or analysis purposes. An overview of decisions registered by us that you have made may also be found on the Fleet Agent portal, where we also offer the option of easily modifying previous decisions at any time.

 

Right to correction

You can request that we correct your data. We will take the proper steps to ensure that your data stored in our care are properly processed and kept as up-to-date as possible, based on the latest information available to us.

Request for inspection

If you are unable to find the information you are looking for, you can submit a request for inspection. This information is provided free of charge. If you are interested in additional summary reports, we reserve the right to request compensation for these additional copies.

To receive a summary report, please send a letter to:

Alphabet Belgium Long Term Rental NV

Attn. Department of Compliance

Ingberthoeveweg 6

2630 Aartselaar

Belgium

 

Or send an email to: contact.privacy@alphabet.be

 

We request that you clearly formulate your request, send a copy of a valid legal proof of identity and state a contract number or number plate.

Right to delete your data (Article 17 of the GDPR)

You may submit a request for your data to be deleted. We can only meet this request if certain legal requirements are met. In accordance with Article 17 of the GDPR, this may be the case if:

  • Your data are no longer necessary for the purpose for which they were obtained or processed;
  • You revoke your consent, which formed the grounds for processing the personal data and there is no other legal basis for the processing thereof
  • You object to the processing of your data and there is no other legitimate reason to process these, or if you object to the processing of your data for direct marketing purposes;
  • The data have been processed unlawfully,

Or if the processing is unnecessary

  • To ensure compliance with a legal obligation that requires us to process your data;
  • In particular in connection with legal retention periods
  • To facilitate assertion/exercise of legal claims or defence against legal claims.
Right to block your data and/or to restrict their processing (Article 18 of the GDPR)

You may request that we restrict and/or block processing of your data if:

  • You dispute the accuracy of your data this may only occur for the period we need to check the accuracy of your data
  • Processing the data is unlawful, but you do not want to have the data deleted and instead request a restriction of use.
  • We no longer need your data, where, however, you do require these data to assert or exercise legal claims or to defend against legal claims;
  • You have raised an objection to processing, but it has not yet been decided whether our legitimate grounds outweigh your arguments.
Right to transferability of data (Data portability - Article 20 of the GDPR).

Upon your request, where technically possible, we shall forward the data we collect to another responsible entity, or you may acquire certain data from us on a portable data carrier. This right only applies if the data processing is based on your consent or is required to execute a contract.

Right of objection (Article 21 of the GDPR)

You may object to the processing of your personal data at any time, for reasons arising from a situation particular to you, provided that the data processing is based on your consent or our legitimate interest or that of a third party. Under these circumstances, we will no longer process your data. The latter does not apply if we are able to demonstrate that there are compelling, defensible reasons for processing which outweigh your interests. Or if we require your data to assert or exercise legal claims or to defend against legal claims.

Deadlines for compliance with your individual rights

In general, we will do our best to meet your request within 30 days. However, this period may be extended by a maximum of two months for reasons related to the specific rights of the data subject / depending on the reason underlying a specific individual right or due to the complexity of your request.

Restriction on providing information with regard to your rights

If you make a request of us regarding the exercise of your rights, we will quickly notify you as to whether and to what extent we are able to comply with your request. In some cases we may namely refuse this request, for example if you request that we delete data that we still need for fiscal reasons or other legal requirements. If this is the case, we will explain why we cannot fully comply with your request.

Complaints to the Data Protection Authority (DPA)

Alphabet takes your qualified comments and reserved rights regarding personal data processing seriously. However, if you are of the opinion that we have not properly addressed your comment or objection, you have the right to lodge a complaint with the Data Protection Authority.

Amendments to the Privacy Statement
Alphabet may amend this Privacy Statement (last amended on 25 May 2018). We recommend that you regularly consult this Privacy Statement, at the very least for cases in which you provide (or once again provide) Alphabet with personal data.

 

Hi, I am Alphie. How can I help you?