Data security

Balencio attaches the utmost importance to the security of personal data. Find out more about our policy and practices in this area.

Applicable regulations

Balencio is committed to protecting the privacy of its customers, agents of Customers, users, suppliers and employees, and undertakes to protect it in accordance with applicable regulations:

  • Regulation (EU) No. 2016/679 of 27 April 2016, known as the “General Data Protection Regulation” or “GDPR”
  • • The Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of their personal data (“Privacy Law”).

How Balencio processes and collects data

Balencio’s data processing involves the use of automated and manual operations on pseudonymised personal or organisational data. This makes it possible to manage human capital effectively and generate valuable information from this data.

The personal data processed mainly includes information on personal characteristics, lifestyle and health.

As a SaaS (Software as a Service) provider, Balencio acts both as a “data processor” and as a “data controller” depending on the processing activities involved.

Balencio as

In its capacity as “data controller”, Balencio collects personal data from Platform Users, whether as a result of a trial or a subscription taken out by the User or by the company employing him/her. Balencio manages the opening and use of the User’s account, ensures the operational functioning of the Platform, monitors and analyses traffic on the Platform and the Site, as well as any processing related to the protection and security of the Platform itself.

Balencio as a “data processor”

As “data processor”, Balencio acts on behalf of Balencio’s direct Customer, which is the “data controller”, for all processing operations carried out by the Platform Users themselves.

Our data protection axioms

Our concrete data protection practices are based on four axioms.

Privacy and Security by Design

Data security and the protection of privacy are built into the design of our solutions and permeate them throughout their lifecycle.

  • Balencio pseudonymises all individual user sessions. The principle of systematic pseudonymisation, whenever and wherever possible, is a central axiom of Balencio’s approach to data protection issues.
  • Balencio follows the “rule of 10” for reporting consolidated results. Individual results are protected and not disclosed.

A secure ecosystem

Balencio has implemented various technical and organisational protection measures based on the latest best practice and recognised international standards, such as ENISA guidelines, ISO27001, ISO27002, ISO27018 and ISO27701.

Most of our suppliers are ISO27001 certified. All of them, like Balencio, are committed to complying with the GDPR and confirming to data protection regulations.

No transfer of personal data outside the EU

  • Balencio’s offices are in Mont-Saint-Guibert, Belgium.
  • All data hosting facilities are located in Europe (Germany)

Continuous monitoring and improvement

  • Balencio has appointed an external and independent Data Protection Officer (DPO).
  • The DPO is involved in the product development lifecycle, ensuring technical, organisational and process compliance.
  • The DPO reports directly to Balencio’s Management.

Questions about our data security policy?

Feel free to contact our Data Protection Officer by sending an email to dataprotection@balencio.com.