Code of conduct

1. Objective
CodaBox S.A., a subsidiary of Isabel NV, has created this Code of Conduct with the objective, on the one hand, to ensure that all parties concerned are able to use Zoomit in a correct, transparent, secure and confident manner, and, on the other hand, to counter any possible misuse.

CodaBox would furthermore like to offer the parties the possibility of reporting any infringements to this code so that the necessary steps could be taken to preclude them.

2. Field of Application
The use of Zoomit is governed by the rules laid down in this Code Of Conduct. It forms part of contractual commitments entered between all the parties concerned.

Its content applies for:

Banks: they incorporate Zoomit within their Internet banking solutions.
Document senders: they forward electronic documents in Zoomit.
Document Recipients: they use Zoomit via their Internet banking solutions.

3. What Is Zoomit And Who/Which Are The Parties Concerned?
Zoomit is a product that has been incorporated by certain banks into their respective Internet banking application and is therefore offered to their users (companies, self-employed, professions and consumers).

Via Zoomit, certain documents (invoices, credit notes, pay slips and so on) that relate to financial transactions can be viewed and paid in a total security. These documents are made available via Zoomit by senders that have user agreements. Companies, institutions and authorities can give access to electronic documents in their Internet banking solutions via Zoomit. In this way, senders and users alike can save a considerable amount of time and money. Moreover, the documents are easily available for the users and the amount of paper exchanged is reduced.

For direct debit payments, access is granted via Zoomit to the invoice that relates to the automated payment.

For all other invoices, Internet banking users can, if they so wish, pay directly via their Internet banking programs.

To be able to offer the Zoomit service, several parties are working together:

· CodaBox: makes the Zoomit service available to all the parties concerned.
Banks: they incorporate Zoomit within their Internet banking solutions.
Document senders: they forward electronic documents in Zoomit.
Document Recipients: they use Zoomit via their Internet banking solutions.
4. Organisation, Control And Additional Information
CodaBox also sees to it that the Zoomit Code of Conduct is duly observed.

For further information on the Zoomit Code of Conduct, please refer to:

CodaBox S.A. – Zoomit – Code of Conduct

13-15, Boulevard de l’Impératrice
1000 Brussels
Privacy-Zoomit@codabox.com

www.zoomit.be

If you have any questions relating to the way in which your bank or a sender protects matters that involve your privacy, you can of course always directly refer to them.

5. Security
Zoomit users must be able to display and process their electronic documents in a safe and risk-free manner. The totally secure and controlled environment of their Internet banking applications guarantees this.

They receive access to their Internet banking applications only by adhering to their banks’ strict identification procedures.

Via Zoomit, users can, directly but only by adhering to their banks’ strict identification procedures, view and claim documents from the sender.

6. Advertising
The electronic provision of documents via Zoomit at no time gives the sender the right to issue documents via this channel other than those that are covered by an agreement.

If a document sender would like to do that, permission must always be requested from the user, from Zoomit and from the bank that has incorporated Zoomit into its Internet banking application. In any event, the user has the right to refuse unsolicited information via Zoomit at all times.

7. Respect For Privacy
The User’s Free Choice
It is the user who chooses whether or not he or she would like use Zoomit, and if so, how and when. This is an absolute guarantee that his or her privacy will be respected in accordance with the applicable law.

The protection of Zoomit users’ right to privacy is a matter of priority. This is why CodaBox pays the greatest attention to the application of the legal provisions in this regard. Zoomit furthermore incorporates specific security mechanisms and certain organisational procedures have been put in place. The parties concerned (inter alia, banks and document senders) also share these concerns and are contractually bound to observe these rules.

The documents will be stored by the sender and by a third party that has been hired for that purpose. The documents are neither preserved nor reworked by Isabel in Zoomit, nor by the bank. The user can display and save the documents in his or her computer.

CodaBox undertakes, completely and at all times, to comply with the rules in force with regard to the respect and protection of the Zoomit user’s privacy. And for whatever purpose it may serve, CodaBox will ask for advice on the subject, if necessary, from the competent authorities in charge of controlling the legislation in this field.

How Does The Zoomit Application Manage To Connect A Given Document To A Bank Account Transaction?
Zoomit records the data relating to the electronic documents, but does not save the documents themselves, which are however kept by the sender. For each electronic document, Zoomit files only the site of origin (as specified by the sender), the sender’s and the recipient’s identity and a reference number relating to the electronic document. In addition, Zoomit retains the times when and by whom the electronic documents have been consulted.

The data kept by the bank is limited to a list that indicates the financial transactions to which the documents relate. Finally, it is important to point out that the bank is entirely unaware of the electronic documents’ actual location.

The Bank Is Not Entitled To See User-Oriented Documents
The documents can be consulted via Zoomit, but cannot be viewed by the bank or by CodaBox. Only the user for whom or which the document is available will be able to see it.

Can Users Give Others Access To Their Documents?
In theory, only the recipients specified by the sender have access to the documents that are sent to them. Extensive security measures have been taken to ensure that documents can be issued exclusively to the person indicated by the sender and therefore that third parties are unable to access documents that are not intended for them.

Users can however explicitly allow other people who also have access to their bank accounts to consult an electronic document. They can withdraw this right at any time.

What Other Data Security Steps Have Been Taken?
The senders, the banks and CodaBox pay particular attention to the security and protection of personal data. They undertake to comply with the legally imposed privacy protection rules in every detail. The way in which these parties respect your rights is always described in the privacy protection policies peculiar to the parties concerned.

All sender, bank and CodaBox computers are also meticulously secured against third-party access, and only carefully selected members of staff can access the recorded data.

It is in addition important to underline the fact that regular, rigorous safeguards (back-ups) are made of the electronic documents and of the data kept by the banks in the Zoomit application. This enables the data to be protected against natural disasters, power cuts, computer breakdowns and other catastrophes.

To guarantee the security of the processing, CodaBox currently applies what are known as “Reference Measures For Personal Data Processing Security” for Zoomit which have been formulated by the Belgian Protection of Privacy Commission.

8. Transparency
Zoomit users have, at all times, access to all documents that are electronically presented to them.

Electronic document senders guarantee that all the obligatory legal information specific to the document is reinforced and provides users with uninterrupted access to that information.

Internet banking applications users are completely free to use Zoomit or not for accessing their electronic documents.

The use of Zoomit in no way means that users lose their right to receive electronic documents in another form.

Electronic document senders always give users a free choice between all the possibilities that currently exist for receiving the concerned document.

9. Control, Complaints And Sanctions
All the parties concerned, and the users of Zoomit in the first place, can check, directly or indirectly, whether or not this Code Of Conduct is being correctly observed. Any noted infringement does not therefore have to be directly linked to the proper use of Zoomit. Any exemption can be notified and any complaint for can be lodged via e-mail or in writing at the following address:

CodaBox – Zoomit – Code of Conduct
13-15, Boulevard de l’Impératrice
1000 Brussels
Privacy-Zoomit@codabox.com

www.zoomit.be

CodaBox undertakes to confirm the due reception of a complaint and/or a report of an infringement to this Code Of Conduct, to formulate, within reasonable time, a reasoned reply; and to keep the sender informed of the actions taken or to be taken.

If CodaBox . cannot give any satisfactory answer or solution, the infringement report or the complaint will be passed to Febelfin, the Belgian Financial Sector Federation

For any noted infringement of this Code Of Conduct, CodaBox. will take the necessary steps for putting an end thereto and for avoiding such deviations in the future. If necessary, CodaBox can even prohibit the contravening party from accessing Zoomit.

Use of cookies
Each time you visit our website, you additionally provide us with indirect personal data through cookies and through the automatic registration of certain information on your website visit:

the browser software you use
the domain name that referred you to our website
the time and the duration of your visit
and the webpages that you visited
What are cookies?
Cookies are small text files that are placed on the hard drive of the computer of website visitors. They contain information such as the language preference of the website user, as a result of which he does not need to re-enter this information at a next visit to the website. Some cookies ensure the proper graphic display of a website, other the proper functioning of some website applications. If you do not want a website to install cookies on your computer, you can set your browser to block them. If you do not accept the usage of cookies, your user experience when visiting the website may be impacted. CodaBox only uses cookies that enable you to use the website. These cookies are automatically removed from your computer following your visit. [TB1]

How to disable cookies on your machine?
If you would like to block cookies, you can do so for the browser you use:

Internet Explorer
Chrome
Firefox
Safari
Why do we use cookies on zoomit.be ?
This indirectly-collected information is solely used to create anonymous statistics on the usage of the website, especially with a view to improve the website and to ensure its proper and secure functioning, including its alignment with your preferences.

The legal basis for the processing of your personal data is your approval (when you directly provide us with information) and our legitimate need and interest to offer a properly functioning website (for indirectly collected personal data).

Without your permission, your data will not be made available to third parties, unless to third parties that are used by CodaBox for the management and the support of this website. These third parties are legally bound by appropriate contracts that ensure compliance with this privacy statement and are located either in Belgium, the European Economic Area (EEA) or in countries outside of the EEA considered as offering adequate legal protection for the processing of personal data. Your personal data is not transferred to a third country or to an international organization, unless the third party used by CodaBox is located in a third country.

We store your personal data as long as you continue using our website, or as long as required for the management of our legal obligations. Personal data that are automatically collected via our website are in any event not stored for more than 1 year.

Security and your rights
CodaBox implements all reasonable measures to adequately protect personal data against loss, abuse, or unauthorized access. In relation to the CodaBox-services, CodaBox has implemented a strict security policy that guarantees a high level of security, confidentiality and integrity.

You can always contact us at the above-mentioned address for questions about your personal data. Where applicable, you can i) request access to your personal data, ii) the correction or deletion of your personal data, iii) request a possible restriction of the processing of your personal data, iv) request to exercise your right on the portability of such data and/or v) to obtain an overview and/or copy of the adequate protection that is offered in case of a transfer to a destination in a 3rd country. To the extent our processing of your personal data is based on your approval, you are entitled withdraw such approval. Please note that your exercise of these rights may be subject to specific conditions, restrictions or formalities (such as the submission of sufficient proof of your identity), this in order to prevent fraud or the infringement of another person’s privacy. Also note that, depending on your request, we may not be able to provide certain services. You also have the right to lodge a complaint with the competent supervisory authority.

Links to other websites
This website may contain links to other websites which are controlled or made available by third parties. CodaBox shall not be liable in any case for the processing of personal data and the privacy practices of these other websites. CodaBox encourages you to read the policy on privacy and personal data protection applicable to these other websites before providing any personal data.