OkiOki is your financial assistant and she goes to great lengths to simplify your administration. That does not alter the fact that she also takes your privacy into account and that she takes good care of everything she learns about you during the collaboration.
Only data that you provide or give access to will be processed by her. The data that it receives from you is processed according to the legal rules and in a way that guarantees that the data is safe.
Your data will be passed on to third parties if this is necessary to enable the services offered (e.g. to do OCR), with those parties OkiOki also has a contract that protects your rights. Of course, she will provide data to your accountant if you ask OkiOki to automatically share your data. You can also choose to do that manually (via a download), but do expect OkiOki to feel a lot less useful in that case.
You can also ask OkiOki what data she has stored and how she handles your data, you can even ask her to delete all your data if needed, she will do that.
If you want more details about her privacy approach and want to know what data she stores about you, read all the details below.
Welcome! Thank you for your interest in our financial advisory services and in our company in general.
We continuously strive to offer you a service at the highest standards. The protection of your personal data is therefore of our utmost concern. We are taking all necessary precautions to protect your personal data and in order to ensure you that you can continue to entrust us with your personal data. Hence, we are always handling your personal data in a safe and confidential manner. All reasonable protection measures have been taken in order to avoid loss, alterations, access by persons who are not authorized to obtain access, accidental dissemination among third parties and/or any other unlawful or illegitimate processing of the collected personal data.
33REASONS NV, is a Belgian company having its registered office at 9451 Haaltert, Hofstraat 58, and registered with the Crossroadbank of Enterprises under the number 0718.718.233 (hereinafter, “33REASONS” or “we”). Our company is specialized in providing financial assistance services.
You can contact us via the following contact details:
Your personal data shall only be processed in accordance with the existing and applicable legal provisions concerning the protection of personal data, including the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as ‘GDPR’) and the national implementing legislation.
Via the OkiOki App, we want to make your life easier and keep your financial administration on track. We can do this by (a) connecting with your accountant, bank, cloud and email, (b) collecting invoices and other relevant documents and (c) preparing your financial administration and booking proposals.
We only access your bank account details with your explicit consent. You decide which services your want to use and whether or not you want to share your bank account details.
For the purposes of this privacy statement, the concept of ‘personal data’ refers to: any information relating to an identified or identifiable natural person (the ‘data subject’). A natural person shall be deemed ‘identifiable’ if he or she can be identified on a direct or indirect basis, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Hence, all information on the basis whereof a natural person can be identified must be taken into account. I.e.: amongst others the person’s name, date of birth, address, telephone number, e-mail address, bank account and IP-address are taken into account.
The term ‘processing’ has a broad scope and, amongst others, refers to the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
33REASONS is the legal person responsible for the processing of your personal data. This means that we determine the purposes and means of the processing of your personal data.
When we help you with your financial administration and provide (financial) advisory services to you, we collect personal data (either directly from you or indirectly, e.g. through your use of our services or via your accountant, bank, cloud storage, mailbox), amongst others, when you:
The OkiOki App is solely available to users aged 18 or over, registered at the Crossroadbank of Enterprises and acting in the context of their professional activities. We do not and will not knowingly collect personal data regarding persons younger than 18 years old.
OkiOki's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
33REASONS takes the data minimization principle very seriously. We therefore aim to only process that personal data which is strictly necessary to provide you our financial advisory services.
The schedule below provides which categories of personal data are processed by us (column 1), why such personal data is being processed (the ‘purposes’ – column 2) and on which legal basis such processing takes place (column 3).
The processing of personal data shall only take place for one or more specific purposes. Please note that the retention period for the different purposes can differ.
Furthermore, there is always a demonstrable legal basis for every processing of personal data. The numbering used in the column ‘legal basis’ has the following meaning:
First and last name, e-mail address, telephone number, work address, legal status, VAT or company registration number, activity type, contact details of your accountant
Registration to the OkiOki App
First and last name, e-mail address, legal status, VAT or company registration number, activity type, invoices/receipts/e-mail messages, transaction information, other financial documents
Providing financial assistance services
E-mail address and password
Authentication of the user via the OkiOki App
Your bank account number, name of the beneficiary, beneficiary’s account number, notification or payment references, amount and date of transactions, other payment details
Providing financial assistance services
Collection of product-feedback aiming at enhancing our products and services
Feedback from users
Development of the usability of our service
To inform you as a registered user about technical information concerning our services by means of a newsletter
To send you, as a registered user, marketing messages regarding other products or services of 33REASONS
To send you, as a prospective user, marketing messages regarding the products and services of 33REASONS
E-mail address, complaint
Addressing possible complaints regarding the services
Copy of the front side of your ID-card
Address a subject access request
First and last name, legal status, VAT or company registration number, professional bank details, transaction details
33REASONS is bound by a number of legal obligations that require the processing of your personal data.
In order to give you more control regarding the processing of personal data, you have various rights at your disposal. These rights are inter alia discussed and provided in articles 15-22 GDPR.
You have the following rights:
You have the right to obtain our confirmation as to whether or not your personal data is being processed, and, where that is the case, to obtain access to the personal data and the following information:
In the event that we cannot provide you access to the personal data (for example in the event of a legal obligation to restrict the data subject from access to such information), we shall inform you of the reasons of such an inability.
Furthermore, you can also request a copy of the personal data undergoing processing free of charge. Please note however, that we are entitled to charge reasonable fee based on administrative costs for each additional copy you request.
In certain instances, you may request us to erase your personal data. Be aware however that under such circumstance, we will not be able to provide you with our services any longer. Furthermore, we ask you to bear in mind that the ‘right to be forgotten’ is not an absolute right.
We shall have the right to continue to store your personal data, inter alia, in the following cases: (i) where such storage is necessary for the performance of a contract to which you are a contracting party, (ii) where such storage is necessary for compliance with a legal obligation, or (iii) where such storage is necessary for the establishment, exercise or defence of legal claims. We shall inform you of the reasons for the storage of your personal data in our response to your request of erasure.
In the event that your personal data are inaccurate, dated or incomplete, you can request us to rectify or complete your personal data.
Under certain conditions, you shall also have the right to request us to transmit the personal data you provided us with and for which you have given us your consent, to another controller. We shall transmit such personal data directly to the new controller in so far as such transmission is technically feasible.
You shall have the right to obtain the restriction of processing where one of the following applies:
You have the right to object, on grounds relating to your particular situation, the processing of your personal data in case that such processing is done for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. In such an event, we shall no longer process the personal data unless (i) there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or (ii) the processing of the personal data is done for the establishment, exercise or defence of legal claims.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or which may significantly affect you in a similar manner.
Such right can however not be invoked in the following circumstances:
Where the processing of personal data is based on consent, you shall have the right to withdraw such consent at any time through a simple request. For example, the decision to share your payment details with us, is based on your explicit consent.
To exercise the rights listed above, you can contact us via e-mail on the following e-mail address: firstname.lastname@example.org.
In order to verify your identity, we ask you attach a copy of the front side of your ID-card to your e-mail.
All rights can be exercised free of charge, unless your request is manifestly unfounded or disproportionate (for example: due to the repetitive character of your request). In such cases, we have the right to charge you with a proportional fee or to refuse to adhere to your request.
Only with your explicit consent, we can access your bank account information such as receipts, payment details and account balances, to the extent that this information is necessary to perform our agreement. If you do not provide your consent, your account data will remain with your bank and will not be shared with us. This will limit the scope of our services.
To perform our agreement, we may send documents and transaction details to your accountant/bookkeeper.
We may send your personal data to third parties whose intervention as data processor, on behalf and under control of 33REASONS, is required for the purposes indicated above. These data processors are natural persons or legal entities that process the personal data on behalf of 33REASONS. These processors were carefully selected by us and offer all the adequate guarantees with regard to technical and organizational security measures regarding the processing of your personal data. The GDPR also applies to these third parties.
Your personal data shall only be transferred to third parties in conformity with the legal provisions in that regard, when you have provided us with your consent to do so, or when such transfer is necessary to ensure the provision of our services (on the basis of our legitimate interests). No personal data shall be transferred to third parties under any other circumstances, unless we are obligated to do so on the basis of compulsory legal or regulatory provisions (e.g.: the transfer of personal data to external bodies or authorities, such as law enforcement authorities).
We ensure that your personal data will not be rented nor sold in personally identifiable form to anyone but trusted and reputable third party processors described under this title. All third party processors are bound to keep your information confidential. All information provided to third party processors is used by them only to carry out the service they are providing for us.
Your personal data shall only be accessible within our company to those persons who require access to the personal data in order to comply with the contractual and legal obligations.
In some circumstances, our employees and staff are assisted by external service providers in the execution of their tasks. In order to protect your personal data, we have concluded an agreement with all such external service providers in order to guarantee the safe, respectful and cautious management and administration of your personal data.
Your personal data shall only be transferred or disclosed to processors or controllers in third countries in so far as we are legally authorised to do so.
In so far as such disclosure or transfer is necessary, we shall take appropriate measures to ensure that your personal data shall be significantly protected and that all disclosures or transfers of personal data outside of the EEA take place in a lawful and legitimate manner. In the event that a disclosure or transfer takes place to a country outside of the EEA, for which the European Commission has not determined that this country does not maintain an equivalent level of protection of the personal data, such disclosure or transfer shall always be subject to contractual or other legally binding instruments which under the terms and conditions for the transfer of personal data to third countries, such as the approved standard terms and provisions for the transfer of personal data to third countries as established by the European Commission.
We have taken all reasonable and suitable technical and organizational measures in order to protect your personal data as well as possible against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. As such, we store your personal data on one central and secured place on our server in order to ensure that third parties shall not have access to your personal data.
When you register as a user, we have implemented a two-step verification procedure to ensure a strong customer authentication. First, we verify that you are the account holder on the basis of a two-factor-authentication. Subsequently, we ask your explicit consent to use your account information.
We store your personal data for the period of time necessary for achieving the purpose for which such personal data is processed. Please note that we must take into account a number of (legal) storage periods (time limits) which oblige us to continue to store your personal data. In the event that no obligation or duty to store the personal data exists, the personal data shall be erased and destroyed on a routine basis once the purpose for which the personal data is collected has been achieved. Furthermore, we may store your personal data if you have given us your consent to do so or where such storage is necessary for the establishment, exercise or defence of legal claims. In this last instance, certain personal data shall be used for evidence purposes. Such personal data shall therefore be stored in line with the legal prescription period, which can amount up to a period of thirty years; the usual limitation period in relation to actions in personam amounts up to ten years.
The protection of your personal data is our primary concern. As such, we aim to take all necessary measures in order to guarantee the protection of your personal data. Should you have a complaint regarding the manner in which your personal data is processed, please feel free to contact us. We shall try to live up to your expectations and meet your concerns as soon as practically possible.
You may also file your complaint to the supervisory authority for personal data protection. The authority assigned to supervise our organization is the Belgian Data Protection Authority:
Data Protection Authority
Rue de la Presse 35, 1000 Brussels
+32 (0)2 274 48 00
When you want to inform us of a potential security incident, please contact us via e-mail: email@example.com
In case you send us a potential incident report, please make sure to add your contact details (e-mail address or mobile phone number) and a description of the potential security breach and the date and time that you first noticed it (if possible).
Please feel free to contact us (firstname.lastname@example.org). We are happy to be of any further assistance.