Privacy Notice
1 GENERAL
This notice explains how, as a data controller, Isabel NV/SA (“we”, “us”, “our”, “Isabel”) with offices at Keizerinlaan 13-15, 1000 Brussels, Belgium (phone: +32 2 545 17 11) processes personal data we collect from you through the www.isabel.eu website and/or Isabel 6 application.
2 UPDATES TO THIS PRIVACY NOTICE
We reserve the right to modify this notice at any time, but will in any case do so in accordance with applicable laws and regulations. We will inform you, when possible, of any substantial changes to this notice.
This notice was last modified and revised on the 17/12/2025
3 INFORMATION WE COLLECT
3.1 CUSTOMER RELATIONSHIP
When you or your company becomes a customer of Isabel Group or one of its member companies, we collect the following types of personal data about you:
a. Identification data: your name, email address, language preference and phone number, we will also assign you or your company a customer number;
b. The products you or your company uses and invoicing information.
3.2 Services registration
When you request information about our services, we collect the following types of personal
data about you:
a. Identification data: your name and title, address, phone number, email address and
information about your company, its number of banks used and potential users of the
services;
b. We also collect all emails we exchange with you.
When you register your company for the use of Isabel 6, we collect the following types of
personal data:
a. About you, as legal representative of the company:
i. Identification data: name, professional email, professional phone number,
signed copy of an official identity document (ID card, passport...);
ii. Work information: employer, work address;
b. About your company’s billing contact:
i. Identification data: name, professional email, professional phone number,
professional fax number;
ii. Work information: job title, employer;
c. About your company’s users:
i. Identification data: name, professional email, professional phone number,
professional fax number, signed copy of an official identity document (ID card,
passport...), PKI card user ID (if used);
ii. Identification data for itsme® registration: National Registration Number,
itsme® identifier, device information (OS version, Device ID, Manufacturer,
Model, IMEI…)
iii. Personal characteristics: gender, date of birth, language;
iv. Work information: job title, employer, work address.
We may collect some of the above information from data.be, when you provide us with your
company number; this avoids you from having to complete all the fields manually
3.3 Services Use
When you use Isabel 6, we collect the following types of personal data:
a. Identification data: PKI card user ID or itsme® identifier, identification information of
your company’s financial transactions counterparties; and
b. Data relating to security and fraud prevention: history of transactions encoded and/or
validated, device information (itsme device data and web browser fingerprinting)
3.4 Customer Support
When we initiate a screen sharing session with you, to support you in the use of our
products, we collect the following types of personal data about you:
a. Identification data: your name and email address;
b. Any information shared during the screen sharing session (audio and video).
When you contact us through our website or by phone, we collect the following types of
personal data about you:
a. Identification data: your name and title, email address and phone number (optional);
b. Information relating to your company: your company name and your function within
that company;
c. Data relating to security: your IP address, security logs, connection and activity logs,
and the user agent of your web browser;
d. Any additional information you would include in the messages you are sending us;
and/or
e. Any information shared during the call.
We may also collect, when you provide it, information relating to your personal assistant.
When we contact you regarding “parked payments” (payment transactions suspended
because of their unusual characteristics), we collect the following types of personal data
about you:
a. Identification data: your name and email address;
b. Your decision to release or cancel the payment;
c. Any information shared during the call.
3.5 MARKETING
When you register for and/or attend an event we organise, we collect the following types of
personal data about you:
a. Identification data: your name and title, email address and phone number;
b. Information relating to your company: your company name;
c. Any other information relating to the event.
We also collect personal data about you from other events organisers to which you have
provided consent to share those personal data with us.
When you register for and/or attend a webinar we organise, we collect the following types of
personal data about you:
a. Identification data: your name, email address, phone number and IP address;
b. Data relating to your company: its name and VAT number;
c. Data relating to security: security logs, connection and activity logs, and the user agent
of your web browser;
d. The questions you may send during the webinar.
When you participate in one of our surveys, we collect the following types of personal data
about you:
a. Identification data: your name and email address;
b. The responses you provided to the survey.
When you register to our newsletter, we collect the following types of personal data about
you:
a. Identification data: your name, professional email and language preference;
b. Work information: your company name and address;
Your device and usage information are also collected when you read the newsletters.
3.4 Website Browsing
While you browse our website, we collect the following types of personal data about you:
a. Identification data: your IP address;
b. Data relating to security: security logs, connection and activity logs, and the user agent
of your web browser;
c. When you allow us, we also collect data relating to your use of the website such as
the pages you consulted or if you already visited our website in the past.
4 PROCESSING PURPOSES
Your personal data is processed for the following purposes:
a. Where it is necessary for the performance of a contract between you and us or in order
to take steps, at your request, to enter into a contract:
i. To allow you and/or your company users to register and use our services.
ii. To send you important communications relating to your use of the services.
iii. To provide you with the information you have requested and answer your
questions when you contact us.
iv. To provide you with support when you face issues in your use our services.
v. To manage the relationship between you, our customer, and us and other
members of the Isabel Group.
vi. To invoice your company or relying parties for the use of our services.
vii. To ensure the security of our services, including your data.
viii. To allow you to register to and attend our webinars or our events.
ix. To provide you with a payment initiation interface.
x. To provide you with an account information interface.
b. Where you have given your consent:
i. To contact you, as per your request, and provide you with more information
about our services.
ii. To contact you, as per your request, and book an appointment with you.
iii. To allow us to send you promotional offers and information on our and other
members of the Isabel Group products, in line with your choices.
iv. To send you surveys, allowing us to receive feedback allowing us to improve
our products.
v. To collect your feedback on our products and services.
vi. To initiate screen sharing session when you request it to obtain support.
vii. To place cookies on your browser and perform advanced statistics based on the
information Those cookies provide us.
c. Where necessary for our legitimate interests, as listed below, and where not overridden
by your interests or fundamental rights and freedoms:
i. To ensure the security of our and other Isabel Group applications, services,
processes, websites and databases.
ii. To perform company verifications (KYC: Know Your Customer) on the legal
entity of new clients and to register this information into our group customer
relationship management system
iii. To train and apply the anti-fraud algorithms used within Isabel and Isabel
Group.
iv. To retain a trace that a parked payment was asked for release or cancellation
by the payment initiator.
v. To retain a trace of our business relationships with you, as an Isabel Group
existing or prospect customer.
vi. To support you in completing your registration with our services when your
registration was not fully completed.
vii. To allow for business correspondence and business meetings to take place.
viii. To allow review of past calls for training of agents and for quality control.
ix. To retain traces of actions taken during screen sharing sessions.
x. To send existing customers information on the evolution of Isabel Group and its
member companies’ products; you may request these communications to stop
at any time via an unsubscribe link present at the bottom of every
communication.
xi. To improve our services and develop new group-wide commercial offers by
identifying e.g. trends, recurrent issues, customer behaviours, through your use
of our services;
xii. To advertise our services towards existing customers.
xiii. To get non-nominative information on the visitors that consult Isabel Group
websites.
xiv. To create a database of trusted combinations of IBAN numbers and account
owners that will be used for fraud prevention purposes.
For these purposes, we have conducted a balancing test, as the law requires, and
have determined that, taking into account the limited personal data collected, the
processing performed and your reasonable expectations, our legitimate interest in
conducting these processing activities is not overridden by your interests or
fundamental rights and freedoms.
d. Where it is necessary for us to comply with our legal obligations, such as reporting
crime or crime intent, or tax reporting.
5 DISCLOSURE AND TRANSFER OF PERSONAL DATA
In order to deliver our services to you and for the above purposes, we need to share your
personal data with:
a. Isabel and Isabel Group personnel with access on a “need to know” basis and to
contractors who have signed a confidentiality agreement with us.
b. Your bank and your financial transactions’ counterparties’ bank.
c. Third party processors, located in Belgium, who support us in the processing of your
personal data only on our instructions and who are subject to appropriate
confidentiality obligations:
i. Zetes and OneSpan, who manufactures our PKI cards and IsaKey tokens
ii. SurveyAnyplace, who provides us with a survey solution.
iii. Groep Arthur, who helps us with the organisation of events.
iv. Hubspot, who allows us to send bulk mailings for newsletters and marketing
campaigns.
v. equensWorldline, who provides the Card Stop services for our customers.
d. Third party processors, located in the European Economic Area, who support us in the
processing of your personal data only on our instructions and who are subject to
appropriate confidentiality obligations:
i. Microsoft, who provides and maintains our customer relationship and screen
sharing solutions.
ii. Google Analytics, who provides us with simple statistics on the number of
unique visitors on our website.
iii. Amazon Web Services (AWS), who is responsible for hosting our website and
applications.
e. Government institutions or regulatory bodies in compliance with our reporting
obligations.
6 DATA SECURITY AND RETENTION
Your personal data is and will be kept strictly confidential.
We take all reasonable steps to protect your personal data. This includes setting up processes and procedures to minimise the unauthorised access to, or disclosure of your personal data. We ensure that the third parties we share your personal data with also have adequate security measures in place.
We will store your personal data for as long as it is necessary to achieve the purposes defined in section 4 (Processing Purposes), with maximum retention periods as defined below:
a. Data collected to create a personal account on our platform will be kept for as long as your account is not deleted (upon your or your company’s request);
b. Basic customer data and billing information will be kept for 10 years after the end of our contractual relationship.
c. Data used to perform company verifications on legal entity of new clients will be kept
for 10 years after the end of our contractual relationship, as required by Belgian law;
d. Data used to perform payment execution verifications will be kept for 10 years, as
required by Belgian law;
e. Data collected to release or cancel parked payments will be kept for 10 years.
f. Device data collected to detect fraud will be kept for 5 years.
g. Activity logs will be kept for 10 years after the end of our contractual relationship, as
required by Belgian law;
h. Data collected when you purchase services from us will be kept for 10 years after the
end of our contractual relationship, as required by Belgian law.
i. Data collected when you use our services will be kept for 10 years after the end of our
contractual relationship, as required by Belgian law;
j. Data collected when you contact us for questions or support will be kept for 10 years.
k. Data collected when you request information about our services will be kept for 3 years
or until you request us to delete your data.
l. Calls and screen sharing recording will be kept for 1 month.
m. Data collected for statistics purposes will be kept for 14 months.
n. Data collected to allow you to register and attend our webinars will be kept for 12
months.
o. Data collected to allow you to register and attend our events will be kept for 1 month
after the events take place.
p. Data collected through surveys will be kept for 12 months.
q. Technical and security logs will be kept for a maximum of 6 months.
r. Data backups, created for security reasons, are kept for 4 weeks;
s. Data collected for marketing purposes will be kept for as long as we have your consent.
t. Information related to reliable IBAN numbers will be retained until we are notified that
the account linked to that IBAN has been closed.
7 CHILDREN
Users of Isabel 6 services must be at least 18 years old.
8 AUTOMATED DECISION-MAKING AND PROFILING
No automated decisions will be taken about you as part of the processing described in this
notice.
A profile of your behaviour when you use our website will be created by Isabel Group if you
accept our advertising and tracking cookies to be placed on your computer.
A contextual profiling is done based on device information collected during the use of the
service to detect fraud attempts by unauthorised third-party actors, without any automated decision making.
9 YOUR RIGHTS
You have the right to ask us for a copy of your personal data, to ask us to correct, delete or
restrict (stop any active) processing of your personal data and to obtain the personal data you
provided us in a structured, machine-readable format. In addition, you can object to the
processing of your personal data in some circumstances (in particular when we do not have
to process your personal data to meet a contractual or other legal requirement).
Where we have asked for your consent, you may withdraw this consent at any time;
however, this will not affect processing that has already taken place before the withdrawal.
You may withdraw your consent, linked to our use of cookies, by deleting the cookies linked
to our domain.
You may exercise the above-mentioned rights by contacting us as described in the “Contact
us” section below.
These rights may be limited, for example if fulfilling your request would reveal personal data
about another person, or if you ask us to delete information that we are required to keep by
law or that we have a compelling legitimate interest to keep.
If you have unresolved concerns, you have the right to complain to the Data Protection Authority: https://www.dataprotectionauthority.be/.
10 CONTACT US
If you have any questions about this Privacy Notice or wish to contact us for any reasons in relation to the processing of your personal data, please contact our Data Protection Officer at Isabel NV/SA, by sending an email to privacy@isabelgroup.eu, or by sending a dated and signed request to Isabel NV/SA, Keizerinlaan, 13-15, 1000 Brussels, Belgium.
