Privacy Policy

Welcome to Crewloods.

Crewloods operates the website https://crewloods.be and the web application available at https://app.crewloods.be (collectively, the "Platform").

This Privacy Policy explains in detail how personal data is collected, used, stored, protected, and shared when you use the Platform.

Crewloods is committed to processing personal data in accordance with:

• The General Data Protection Regulation (EU) 2016/679 ("GDPR")
• Applicable Belgian data protection laws
• Other relevant European Union regulations

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

The data controller responsible for the processing of personal data is:

Wout Devlieger
Enterprise number: BE0794.436.235
Registered address: 8880 Ledegem, Belgium
Business activity: Activities in the field of computer consultancy and management of computer facilities

Contact email for privacy matters:
📧 info@wdevlieger.be

If you have any questions regarding this Privacy Policy or the processing of your personal data, you may contact us at the above email address.

This Privacy Policy applies to:

• Visitors of crewloods.be
• Users of app.crewloods.be
• Organization administrators
• Volunteers registered within organizations
• Individuals interacting with the Platform

It does not apply to third-party websites linked from the Platform.

Crewloods collects only the personal data necessary to operate the Platform.

4.1 Account Data

When creating an account:

• First and last name
• Email address
• Encrypted password (or, if you sign in with Google, Facebook or LinkedIn, we do not store a password; we receive an identifier and profile data from the provider)
• Organization name
• Role within organization
• Account creation date
• Login activity

4.1.1 Sign-in with Google, Facebook or LinkedIn

You may create an account or sign in using Google, Facebook or LinkedIn. When you do:

• We do not receive or store your password for that provider.
• We receive from the provider an identifier linked to your account, your name, and your email address (and optionally a profile picture, if the provider shares it).
• The provider’s own privacy policy and terms apply to your use of their sign-in service. Crewloods uses this data only to create or match your account and to provide the Platform.

4.2 Organization Data

• Organization name
• Organization settings
• Subscription status
• Credit balance
• Internal administrative notes

4.3 Volunteer Data

Organizations may process the following volunteer data within the Platform:

• Name
• Email address
• Assigned shifts
• Check-in and check-out timestamps
• Reward selections
• Reward calculations
• Participation history

Crewloods acts as a technical provider for this data.

4.4 Usage and Technical Data

When using the Platform:

• IP address
• Device type
• Browser type
• Operating system
• Referrer URLs
• Log files
• Timestamps
• Feature usage patterns

4.5 Payment and Subscription Data

Payments are processed by third-party providers such as Stripe.

Crewloods does not store:

• Full credit card numbers
• CVC codes

Crewloods may store:

• Transaction ID
• Payment status
• Subscription status
• Billing email
• Invoice references

4.6 Communication Data

If you contact Crewloods:

• Email content
• Support requests
• Feedback submissions

Personal data is processed for the following purposes:

5.1 Service Provision

• Creating and managing user accounts
• Managing organizations
• Scheduling volunteers
• Managing credits and subscriptions
• Operating reward mechanisms
• Providing check-in and check-out functionality

5.2 Billing and Payments

• Processing subscription payments
• Managing credit purchases
• Preventing payment fraud
• Complying with accounting obligations

5.3 Platform Improvement

• Improving user experience
• Monitoring performance
• Identifying bugs
• Analyzing usage trends

5.4 Security and Abuse Prevention

• Preventing unauthorized access
• Detecting fraudulent activity
• Logging suspicious behavior

5.5 Legal Compliance

• Fulfilling accounting requirements
• Responding to lawful requests
• Complying with regulatory obligations

Personal data is processed based on:

6.1 Contractual Necessity

To provide access to the Platform and its services.

6.2 Legitimate Interest

Including:

• Improving services
• Ensuring security
• Preventing fraud
• Protecting system integrity

6.3 Legal Obligation

Where required under Belgian or EU law.

6.4 Consent

Where specific consent is required.

Crewloods does not sell personal data.

Data may be shared with:

7.1 Service Providers

• Payment providers (e.g., Stripe)
• Authentication providers (e.g., Google, Facebook, LinkedIn), when you choose to sign in with them; only the data needed for sign-in and account creation is exchanged
• Hosting providers
• Cloud infrastructure providers
• Email service providers
• Analytics providers

7.2 Legal Authorities

If required by law or court order.

All third-party processors are contractually obligated to comply with GDPR.

Personal data is retained only as long as necessary.

8.1 Account Data

Retained while the account remains active.

8.2 Billing Data

Retained in accordance with Belgian accounting laws.

8.3 Log Data

Retained for security monitoring and system integrity.

8.4 Deleted Accounts

Upon account deletion:

• Personal data will be deleted or anonymized
• Certain data may be retained for legal compliance

Crewloods implements appropriate security measures including:

• HTTPS encryption
• Encrypted password hashing (for email/password accounts); sign-in via Google, Facebook or LinkedIn uses the provider’s secure flow
• Role-based access control
• Database access restrictions
• Secure hosting environments
• Limited internal access

No system can guarantee absolute security.

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent

To exercise these rights, contact:

📧 info@wdevlieger.be

You may also file a complaint with:

Belgian Data Protection Authority
https://www.gegevensbeschermingsautoriteit.be

Crewloods may use:

• Essential cookies for session management
• Performance cookies
• Analytics cookies

Cookies are used to:

• Maintain login sessions
• Improve user experience
• Analyze performance

You can manage cookies through your browser settings.

If personal data is transferred outside the European Economic Area:

• Appropriate safeguards will be implemented
• Standard contractual clauses may be used
• Transfers will comply with GDPR requirements

Crewloods is not intended for children under 16 without organizational supervision.

We do not knowingly collect personal data from minors without appropriate authorization.

Organizations using Crewloods may act as data controllers for their volunteers.

In such cases:

• Crewloods acts as a data processor
• Processing occurs on behalf of the organization
• A Data Processing Agreement may apply

Organizations are responsible for ensuring lawful collection of volunteer data.

Crewloods does not use fully automated decision-making that produces legal or similarly significant effects on users.

Reward calculations are system-based but remain transparent and configurable by organizations.

This Privacy Policy may be updated periodically.

The latest version will always be available at:

https://crewloods.be/privacy

The "Last updated" date will reflect revisions.

For any privacy-related inquiries:

Wout Devlieger
Enterprise number: BE0794.436.235
8880 Ledegem
Belgium

📧 info@wdevlieger.be