Personal data protection policy

Updated on 14 August 2024


Date created	Last updated
November 2023	November 27, 2023

1 Applicable legislation

This Personal Data Protection Policy (hereinafter the “Policy”) is made conform to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “General Data Protection Regulation” or “GDPR”) “) and the law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.

2 Data controller

The data controller is Monizze NV/SA, BCE: 0834013324, hereinafter referred to as “Monizze”.

3 Data protection officer/contact

Monizze has appointed a Data Protection Officer (‘DPO’).

For any information concerning the processing of personal data implemented by Monizze, contact our DPO:

By post: Monizze – DPO – Gasthuisstraat/Rue de l’Hôpital 31, 1000 Brussels
Via email: privacy@monizze.be

4 Purpose of the personal data protection policy

The Policy governs the data processing carried out in the context of Monizze’s supply of regulated vouchers referred to in particular as “meal vouchers”, “Eco-vouchers”, “gift vouchers”, “Activ’ vouchers” and associated services, in particular online services and mobile applications (hereinafter the “Products” and the “Services”).

5 Data subjects

The persons concerned by the processing carried out by Monizze under the conditions defined below are:

The “Employer Prospect Représentatives”: Natural persons acting on behalf of prospects or exercising a corporate mandate within the prospected entities.

“Employer Client Représentatives”: Natural persons acting on behalf of clients or exercising a corporate mandate within client entities.

The “Users” and/or “Beneficiaries”: Natural persons who are beneficiaries of the Products and/or Services provided by Monizze;
Individuals who create a personal space and use an online service or mobile application made available to them by Monizze.

The “Visitors”: Individuals visiting a website or mobile application of which Monizze is a publisher.

“Supplier and Partner”: Natural persons who are suppliers of Monizze or have a business relationship with Monizze or partners of Monizze; Natural persons acting on behalf of legal entities that are suppliers to Monizze or in a business relationship with Monizze or partners of Monizze or exercising a corporate mandate within these entities.

6 Processing carried out

6.1 Processing carried out for the purpose of providing Products and Services


Purposes of the processing	Type of data processed	Legal Bases for Processing	Data retention periods
Manufacture and make available regulated cheques	User’s surname, first name, gender, date of birth, national registry number, postal address	Execution of the contract and legal obligation	10 years from the first of January after the end of the relationship
Authenticate and allow Users to access the Services provided (in particular myMonizze, Monizze mobile applications, Monizze Account) to create a personal space, place orders for Products or Services, and track the status and history of their orders	Email address, mobile phone number	Execution of the contract	10 years from the first of January after the end of the relationship
Ensuring the validity of transactions related to the use of regulated cheques	Payment card data, purchase and transaction details, account balance.	Execution of the contract and legal obligation	10 years from the first of January after the end of the relationship
Assist and manage User requests	Surname, First name, email address, mobile phone and/or landline, and information on Users’ requests	Execution of the contract	5 years from the first of January after the application is processed
Data analysis, auditing, control and fraud prevention	Surname, First name, email address, title, position/mandate Login data	Monizze’s legitimate interest in protecting its service and activities.	5 years from the first of January after the closing of the file
Combating money laundering and terrorist financing	Surname, First name, email address, nationality, date and place of birth, postal address, economic and financial data	Legal Obligation	Personal data relating to the fulfilment of a legal obligation is kept for as long as justified by this obligation, with a maximum of 5 years

6.2 Processing carried out for the prupose of commercial communication and prospecting


Purposes of the processing	Type of data processed	Legal Bases for Processing	Data retention periods
To ensure that people with whom Monizze has a relationship or intends to enter a relationship (Employer Customers, Employer Prospects, Suppliers, merchants, and Partners) are informed about its offers.	Surname, first name, mobile phone number, business landline number, business email.	Monizze’s legitimate interest in carrying out commercial prospecting actions.	5 years after the last interaction.

6.3 Processing carried out for the purpose of non-commercial communication with Users

As part of its contractual and regulatory obligations, Monizze may communicate by mailing, post or SMS with Users:

either when the Employer Client has provided the data allowing the implementation of this processing at the time of ordering the Products and/or Services;

or when the User opens a personal space on an online Service, or a mobile application associated with the Products and/or Services.

The sole purpose of these communications is to inform Users about:

The management of their account and in particular, but not limited to:

The management of their card (activation, monitoring of the balance and transactions, opposition, etc.);
Expirations and account balance;
The management and security of their personal space;
Incidents and unavailability of Products and/or Services;
The presentation of the operation of the Products and/or Services, the personal space or their evolutions;
Regulatory changes affecting the use of the Products and/or Services or their card.

This processing may take place:

For the duration of the contractual relationship;
And beyond the contractual relationship, as long as the following conditions are not met:
The end of validity of the User’s card;
Depletion of the account balance;

6.4 Processing of data collected from Visitors


Purposes of the processing	Type of data processed	Legal Bases for Processing	Data retention periods
Respond to requests for information and/or comments from Visitors. To improve the functionality and quality of Visitors’ browsing on our sites and applications by carrying out tests, research and analyses. Determine the impact of Monizze’s promotional operations and evaluate its commercial performance by identifying trends in the use of our sites and applications.	Surname, first name, e-mail, telephone number, postal address, company name, company ECB number, job title. IP address, browser type and version, operating system used, functions used, pages visited, timestamp of visits and search terms	Consent of the User and legitimate interests of Monizze to study the use of its online services and application with a view to improving them.	5 years 3 years 3 years

7 Data recipients

Personal data is processed by Monizze’s internal services, by persons authorised to have access to them. The processing conditions are regulated, and each employee is made aware of the handling of personal data.

The data may be transmitted to other companies of the UpCoop Group, to which Monizze belongs, involved in the provision of the Products or Services.

Monizze uses external service providers to provide Products and Services offered to its Employer Customers, Users and Partners, in particular the manufacture and delivery of the card, the authorization of transactions, the hosting of data, security and call centres. These companies may be processors within the meaning of the GDPR. Personal data may be transmitted to these service providers.

Monizze ensures that its subcontractors have put in place technical and organisational measures to ensure the protection of the data processed.

In accordance with the regulations in force, personal data may also be transmitted to the competent authorities upon request and in particular to public bodies, court officers, ministerial officers, bodies responsible for carrying out debt collection, exclusively to meet legal obligations, as well as in the case of the search for the perpetrators of offences.

8 Data transfers outside the European Union

Personal data is hosted in the European Union.

9 Retention periods

The data is kept for the periods mentioned in the article 6 depending on the processing carried out.

Some data may be kept for an additional period of time necessary to comply with Monizze’s legal or regulatory obligations or for the purpose of exercising Monizze’s rights in court.

Beyond these periods, some anonymised data may be retained for archiving or statistical purposes.

10 Rights of data subjects

Each data subject has the right to access, rectify, delete, limit, oppose, portability of his or her data, or withdraw his or her consent under the conditions and within the limits provided for by the General Data Protection Regulation.

The data subject may exercise his/her rights at any time by contacting Monizze’s DPO using the contact details set out in the article 3.

For the sake of confidentiality and the protection of personal data, Monizze may ask the data subject to attach a copy of a valid official identity document, such as an identity card or passport, in support of his or her request.

All requests will be processed promptly and in accordance with applicable law. In some cases, personal data can only be erased after a certain period of time imposed by the applicable regulations and statute of limitations. In this case, Monizze will keep this data until the date of deletion permitted.

The data subject is informed that in the event of refusal to provide his/her personal data or exercise his/her right to erasure, limitation or opposition, Monizze may have to suspend or stop in whole or in part the provision of the Products and Services to the data subject or to the person on whose behalf the data subject is acting.

In the event of a dispute regarding the use of his/her data, the data subject has the right to lodge a complaint with the Data Protection Authority.

11 Unsubscribing from commercial communications

Any recipient of commercial communications from Monizze may decide to unsubscribe at any time, even if they have previously expressed a different choice, either by clicking on the unsubscribe link contained in said communications, or by setting their choices differently in their personal online space.

12 Cookies

A cookie is a computer file that does not directly identify the data subject but stores information on their computer and/or equipment relating in particular to the pages consulted, the dates and times of the consultation, the information entered and stored to prevent subsequent entry.

When connecting for the first time to a website published by Monizze, the Visitor is informed that Monizze’s partners and/or its partners may deposit cookies via the website. Only the issuer of a cookie is likely to read the information contained therein and Monizze has no access to the cookies that its partners may use.

The Visitor can manage the deposit of cookies in the following way:

The deposit of strictly necessary technical cookies is activated by default and cannot be deactivated by the Visitor, as these cookies are essential for the operation of the site;
The Visitor deactivates or activates the installation of cookies subject to the collection of his/her consent (audience measurement cookies, behavioral analysis cookies, advertising cookies, etc.) via the following manager: CookiePro.

Strictly necessary cookies 5


Cookie key	Domain	Type of cookie	Expiration	Description
li_gc	.linkedin.com	Third	6 months	Used to store customers’ consent to the use of cookies for non-essential purposes
AnalyticsSyncHistory	.linkedin.com	Third	1 month	Used to store information about the time a lms_analytics cookie sync took place for users in designated countries
_hjFirstSeen	.monizze.be	Part One	Duration: 30 minutes	The cookie is therefore Hotjar can track the beginning of the user’s journey for a total number of sessions. It does not contain any identifiable information
OptanonConsent	.monizze.be	Part One	1 year	This cookie is set by OneTrust’s cookie compliance solution. It stores information about the categories of cookies used by the site and whether visitors have given or withdrawn their consent to the use of each category. This allows site owners to prevent the installation of cookies in each category in the user’s browser, when consent is not given. The cookie has a normal lifespan of one year, so visitors who return to the site will have their
_hjAbsoluteSessionInProgress	.monizze.be	Part One	Duration: 30 minutes	The cookie is therefore Hotjar can track the beginning of the user’s journey for a total number of sessions. It does not contain any identifiable information.

Targeting cookies 7


Cookie key	Domain	Type of cookie	Expiration	Description
visitor_id824633	.pardot.com	Part One	1 year 1 month	This is a cookie pattern that adds a unique identifier for a website visitor, used for tracking purposes. Cookies from this domain have a lifespan of 10 years.
visitor_id824633	www.monizze.be	Part One	1 year 1 month	This is a cookie pattern that adds a unique identifier for a website visitor, used for tracking purposes. Cookies from this domain have a lifespan of 10 years.
bcookie	.linkedin.com	Part One	1 year	This is MicrosoftMSN1stpartycookiefor sharing website content via social media.
Lidc	.linkedin.com	Part One	1 day	This is MicrosoftMSN1stpartycookie, which ensures the proper functioning of this website.

13 Updated

Monizze may change this policy from time to time.

The person concerned will be informed of the modification by any means, such as: e-mail or notification on the Monizze website.
The current version of the Policy is always available upon request at Monizze referred to in Article 3.