Our
pRIVACY
Policy
dream shaping & divine comfort.
In the first place, we are pleased that you are interested in the products and services of Nights by Morpheus.
In this privacy statement, we inform you about how Personal Data is processed by us.
We may ask you to share certain Personal Data with us, including but not limited to your first name, last name, and email address (identification data). For certain specific obligations, you may need to provide us with additional data, such as payment and billing information. We collect only the Personal Data necessary to inform you about our products and services, execute an agreement with you, and contact you.
We base this on the processing grounds of the agreement, legal obligation, our legitimate interest, and, in some cases, your consent (see also Article 2). The processing of your Personal Data is subject to this privacy statement. For questions and/or comments, please contact myprivacy@nightsbymorpheus.be.
Article 1 – Definitions
VOF Heart Holding, operating under the name ‘Nights by Morpheus’, under Belgian law, with its registered office at 2018 Antwerp (Belgium), Millisstraat, and VAT identification number 0730808292.
“Personal Data” has the meaning defined in the General Data Protection Regulation 2016/679, including any information by which a natural person (also known as “data subject”) is identified or can be identified.
“Controller” has the meaning defined in the General Data Protection Regulation 2016/679. Nights by Morpheus will be qualified as the controller determining the purposes and means for processing your Personal Data.
“Affiliated Company” means a company affiliated with Nights by Morpheus insofar as it meets the conditions of an “affiliated company” within the meaning of Article 1:20 of the Belgian Companies and Associations Code.
“Processor” has the meaning defined in the General Data Protection Regulation 2016/679, processing Personal Data on behalf of the Controller.
“Website” means the website of Nights by Morpheus: www.nightsbymorpheus.com.
Article 2 – Processing Purposes and Legal Grounds
Customer Data
In the context of our services and activities, we collect and process the identity and contact details of our customers and clients, their staff, and employees. The purposes for these processing activities are the execution of agreements with our customers, customer management, accounting, and direct marketing activities such as sending promotional or commercial information. The legal grounds are the execution of the agreement, compliance with legal and regulatory obligations (especially accounting laws), our legitimate interest, and, in some cases, your consent.
Data of Suppliers and Subcontractors
We collect and process the identity and contact details of our suppliers and subcontractors, as well as their (sub)contractors, staff, and employees. The purposes of these processing activities are the execution of the agreement, supplier/subcontractor management, and accounting. The legal grounds are the execution of the agreement, compliance with legal and regulatory obligations (especially accounting laws), and/or our legitimate interest.
Employee Data
We process the Personal Data of our employees in the context of our personnel management and payroll administration.
Applicant Data
We process the identity and contact details as well as the work history and other data typically provided on a resume of applicants when they provide this information to us. The Personal Data is processed to assess their eligibility for a job with us based on our legitimate interest.
If we wish to retain their Personal Data longer after the vacancy has been filled, we will notify them and request their consent to do so.
Other Data
In addition to data from customers, suppliers/subcontractors, employees, and applicants, we also process Personal Data from others, such as potential new customers/prospects, useful contacts within our sector, network contacts, etc. This occurs through our Website or other channels. The purposes of these processing activities are in the interest of our activities, direct marketing, and public relations. The legal grounds are our legitimate interest, the execution of an agreement, and, in some cases, your consent.
Very concretely, we may use the Personal Data we collect for the following purposes:
To provide you with information about our products and services;
To deliver our products and services to you and to execute any agreements;
To process and handle any complaints or requests;
To process your application;
To help us evaluate, correct, or improve the Website and all related products and services of Nights by Morpheus;
For direct marketing purposes;
For internal reasons, including business administration and archiving purposes.
Article 3 – Confidentiality of Your Personal Data
Whenever you provide Personal Data to us, we will handle this information in accordance with the provisions of this privacy statement and the legal obligations concerning the processing of Personal Data, including the General Data Protection Regulation (GDPR) 2016/679.
We implement appropriate measures and procedures to secure and protect the Personal Data we collect. We commit, to the extent reasonably expected, to prevent illegal processing of Personal Data and accidental loss or destruction of your Personal Data.
We strive to optimize the security of your Personal Data by limiting access to your Personal Data to persons on a “need-to-know” basis (e.g., only Nights by Morpheus and its employees, staff, Affiliated Companies, or subcontractors who need your Personal Data for the purposes described in Article 2 will have access to the data).
Article 4 – How Do We Collect Your Personal Data and How Long Is It Retained?
Collecting Your Personal Data
We collect your Personal Data – without being exhaustive – in the following cases:
When you enter into a (employment) agreement with us;
When you fill out the contact form provided on the Website;
When you communicate with us via the Facebook Messenger link provided on the Website (with your Facebook profile);
When you sign up on the Website to receive our newsletter;
When you call, email, or correspond with us in any other way than through the Website.
We avoid collecting Personal Data that is not relevant to the purposes outlined in Article 2.
We may combine the Personal Data we collect with information provided by third parties.
Retention of Your Data
The Personal Data is retained and processed by us for a period necessary for the purposes of the processing.
Customer data and data of suppliers or subcontractors will, in any case, be deleted from our systems after a period of 7 (seven) years following the termination of the agreement, except in the case of an ongoing dispute for which the Personal Data is still necessary.
Personal Data of employees will be deleted immediately after the termination of the employment relationship, except for Personal Data that we must retain longer based on specific legislation or in the case of an ongoing dispute for which the Personal Data is still necessary.
Personal Data of applicants will be deleted after the relevant vacancy has been filled or after a period of 2 (two) years following the consent obtained to inform applicants about future job opportunities.
Other data will not be retained for longer than a period of 2 (two) years after the last meaningful contact with you, except with your explicit consent to retain the data for longer.
Article 5 – Transfer of Personal Data
We will not transfer Personal Data to third parties outside the European Economic Area, except to subcontractors or staff who are bound by the European Commission’s Standard Contractual Clauses and provide an adequate level of security for the processing of Personal Data.
We will not transfer Personal Data to other parties within the European Economic Area without your consent, unless:
The transfer is necessary to allow staff, agents, or subcontractors to provide a service or perform a task on our behalf, which is necessary for the execution of the agreement we have with you or in the context of our legitimate interest (including but not limited to providing marketing support, conducting market research, or providing customer service);
It is legally required.
Any transfer of Personal Data to a recipient as described above will be in accordance with the provisions of the General Data Protection Regulation 2016/679.
We ensure that measures are taken so that the recipients cannot use the Personal Data for purposes other than those listed in Article 2 and that the recipients have taken sufficient technical and organizational measures to protect these data.
To ensure the security of the Personal Data, we will always enter into a data processing agreement with the aforementioned recipients of the Personal Data.
We will take all necessary precautions to ensure that employees and staff who have access to the Personal Data only process it in accordance with this privacy statement and the legal obligations under the General Data Protection Regulation 2016/679.
Article 6 – Rights of the Data Subject
Under both Belgian and European legislation on the protection of Personal Data, you have the rights described below. If you wish to exercise these rights, you must send us a written request accompanied by a copy of the front of your identity card to myprivacy@nightsbymorpheus.be.
We will inform you within 1 (one) month of receiving the request about the action to be taken. This period can be extended to a maximum of 3 (three) months, in which case you will be informed within 1 (one) month of the original request about the reasons for the delay.
The Right to Access Personal Data
You have the right to instruct us to provide all Personal Data we hold about you, provided that the rights of other data subjects are not affected.
The Right to Rectify Personal Data
We kindly ask you to ensure that the Personal Data in our database is as accurate and complete as possible. If you believe that the data provided to us is incorrect or incomplete, please notify us as described above. We will then correct or supplement your Personal Data as quickly as possible.
The Right to Erase Personal Data
You have the right to have your Personal Data erased without undue delay in the following cases:
If it is no longer necessary to retain the Personal Data in relation to the purposes for which they were collected or otherwise processed;
In the event of withdrawal of consent for consent-based processing;
The processing is intended for direct marketing;
If the Personal Data was unlawfully processed.
However, there are certain general exclusions to the right to erasure. These general exclusions include cases where processing is necessary:
For exercising the right of freedom of expression and information;
For compliance with a legal obligation; or
For the establishment, exercise, or defense of legal claims.
The Right to Restrict the Processing of Personal Data
In the following cases, you have the right to restrict the processing of your Personal Data:
For disputing the accuracy of your Personal Data;
When the processing is unlawful, but you do not want the Personal Data to be erased;
If you object to the processing of your Personal Data, pending the verification of that objection.
If processing is restricted on this basis, we may continue to store your Personal Data. However, we will only process the data with your explicit consent for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of substantial public interest.
The Right to Object
You have the right to object to our processing of your Personal Data in the following cases:
If we process your Personal Data for direct marketing purposes (including profiling for these purposes) based on our legitimate interest;
Due to your specific situation (your particular personal circumstances).
The Right to Data Portability
If you wish to exercise your right to data portability, we will transfer the Personal Data in a structured, commonly used, and machine-readable form to a data controller of your choice.
The Right to Withdraw Consent
To the extent that the legal basis for our processing of your Personal Data is your consent, you have the right to withdraw this consent at any time. This withdrawal does not affect the lawfulness of the processing that occurred before the withdrawal.
The Right to Lodge a Complaint with a Supervisory Authority
You can contact the Data Protection Authority at any time by sending an email to contact@apd-gba.be or by submitting a written request to the Data Protection Authority, located at 1000 Brussels (Belgium), Drukpersstraat 35.
Article 7 – Referral to Third Parties
The Website may contain links to other websites not operated by us, such as Facebook, Instagram, and Soundcloud. While we do our utmost to ensure that these links lead only to websites that have matching security and confidentiality standards, we are in no way responsible for the protection and confidentiality of Personal Data, including the data you provide on other websites, after you have left the Website.
We emphasize proceeding with care and always consulting the privacy statement applicable to the relevant website before providing personal data on other websites.
Article 8 – Changes
We have the right to change this privacy statement at any time by publishing a new version on our Website.
We recommend regularly consulting the Website to verify if you agree with any changes to this privacy statement.
In any case, you will be informed by email of any changes to this privacy statement insofar as we have your email address.
Article 9 – Cookies
Nights by Morpheus uses “cookies” whenever you use the Website. A “cookie” is information sent from the server to your device and stored on the hard drive of the device. Cookies help Nights by Morpheus recognize your device when you use the Website. This way, Nights by Morpheus is enabled to make processing more user-friendly and provide you with a personalized service.
For more information, please refer to our cookie statement, which you can find here.