Privacy Policy

Description of Service

Last update: 17 May 2021

Thank you for your interest in Umango and in our company in general.

You can count on quality service with us. The protection of your personal data is very important to us in this regard. We make every effort to protect your privacy and to ensure that you can safely entrust us with your personal data. As such, we always handle your personal data securely and discreetly, and appropriate security measures have been taken to prevent the loss, alteration, access by unauthorised persons and/or any other unlawful processing of your personal data.

We also aim to be transparent regarding how we process your personal data through website ( , services, application and platform ( what we do with your personal data. You can read this in this privacy statement.

If you would like to know more about the specific processing activities via the Umango platform itself, please read the following privacy policy which is applicable for the processing activities via the platform.

1. Who are we?

We are UMITAL BV and we have created the platform, Umango. Our registered offices are located at Kasteellaan 30, 3500 Hasselt. Our company is registered at the Crossroads Bank for Enterprises under company number 0698.927.461. In this privacy statement, we use "Umital", or "we" alternately.

You can always contact us via the following contact details:

Umital BV

Kasteellaan 30

B-3500 Hasselt

+32 494 71 85 10

We process your personal data in accordance with the applicable legal provisions regarding the protection of personal data, including Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the "GDPR") and the national implementing legislation.

Depending on the context of personal information you provide, we may act as the data controller ("controller") or data processor ("processor") of your personal data.

2. Some definitions

The term "personal data" refers to all information about an identified or identifiable natural person (the "Data Subject"). An identifiable natural person is a person who can be identified, directly or indirectly, on the basis of one or more elements. These elements include, for instance, your surname, first name, date of birth, telephone number and e-mail address, as well as your IP address or job title.

The term "processing" is very broad and covers, among other things, collecting, recording, organising, storing, updating, modifying, retrieving, consulting, using, disseminating, combining, archiving and deleting data.

3. Person responsible for the processing of your personal data ("Controller").

For the processing operations through the website, Umital is responsible for processing your personal data.

As such, it is the "controller" of your personal data within the meaning of the law. In concrete terms, this means that Umital determines the purpose and means of processing for your personal data. This privacy statement is valid for the personal data that Umital processes as controller.

Umital as a Processor of your personal data.

Our Umango Platform is intended for use by organizations. We provide the services under a contract with an organization (for example, your employer), who controls the information processed under the service, and is responsible for the accounts and/or service sites over which it has control. In that respect, we process your personal data on behalf of the organization, and act as a processor. In order to be able to process such personal data, we enter into an agreement with organizations.

This policy does not apply to the extent we process personal information in the role of a processor on behalf of such organizations. Please direct your data privacy questions to your organization, as your use of the services is subject to that organization's policies. We are not responsible for their privacy or security practices, which may be different than this policy.

5. When do we collect your personal data?

We collect personal data, inter alia, when you:

  • visit and use our website;
  • subscribe to our newsletter;
  • fill in a contact form on the website;
  • register as an organization admin or team member on the Umango platform
  • wish to conclude an agreement with us for the use of the Umango platform;
  • like or contact us via social media (e.g. Facebook);
  • leave your e-mail address for us to keep you updated about Umango;
  • give us permission to use certain cookies;
  • you contact us by any other means (e.g. by telephone, post or e-mail)
  • apply for a job via our website.

Under Title 6, you can read exactly which personal data we process, for which purposes and on what legal grounds.

We also use cookies, plugins and/or other similar technologies on the website. We do this primarily to provide essential features and functionalities on our website. With your consent, we also use cookies to personalize content and ads and to analyse our website traffic. For more specific information about the cookies (and similar technologies) we use, you can consult our cookie policy.

We do not envisage collecting any personal data from persons younger than 13 years old. Such young people are not allowed to provide us with any personal data or a statement of consent without permission from the person who has parental authority over them.

6. What personal data do we process, why, and on what legal grounds?

In the table below you can see: what categories of personal data we process (column 1), why we do this (the ‘purposes’) (column 2) and on what legal grounds (column 3).

All processing of your personal data takes place for one or more specific purposes.

In addition, there must always be demonstrable legal grounds for the processing. The applicable legal grounds, which you can find in the column ‘legal grounds’, mean the following:

  • 'Consent': you have given consent for the processing of personal data for one or more specific purposes;
  • 'Legitimate interests': the processing of personal data is necessary for the protection of our well-considered, legitimate interests or those of a third party;
  • 'Agreement': the processing is necessary for the performance of an agreement to which you are a party;
  • 'Legal obligation': the processing is necessary for compliance with a legal obligation to which we, as the controller, are subject.

Categories of personal data


Legal grounds

Identification and contact details (surname, first name, e-mail address, telephone number), payment details, IP address

Registering you as a client of Umango


Identification and contact details (surname, first name), e-mail address, IP address

To inform you about our services and products via a newsletter


Identification and contact details (surname, first name), e-mail address, IP address, content of your message

To respond to your questions issued via the contact form on our website

Legitimate interest

Identification and contact details (surname, first name, e-mail address), your feedback on the website

Improving the website

Legitimate Interest

Copy of the front side of your identity card

To be able to verify your identity in the event of a request to exercise your rights

Legal obligation

Identification and contact details (surname, first name, e-mail address, telephone number), content of your resume, and a cover letter

To be able to offer you open job positions within our company, and carry out a recruitment process

Consent, and legitimate interest

7. Your Privacy Rights

To give you more control over the processing of your personal data, you have various rights. These rights are laid down, inter alia, in Articles 15-22 of the GDPR.

You have the following rights:

  • The right to access the personal data we process about you (art. 15 GDPR):

You have the right to be informed by us at any time whether or not we are processing your personal data. If we are processing them, you have the right to access these personal data and we will provide you with certain additional information in this regard.

If we cannot give you access to your personal data (e.g. due to legal obligations), we will inform you as to why this is not possible.

You can also obtain a free copy, in an easy-to-understand format, of the personal data we process about you. Please note that we may charge a reasonable fee to cover our administrative costs for any additional copy you request.

  • The right to be forgotten, or to request us to delete your personal data (art. 17 GDPR):

In certain cases, you can request that we delete your personal data. However, in such cases you should bear in mind that we may no longer be able to offer you the desired services. Also bear in mind that there may be circumstances in which you cannot exercise this right. We will inform you of this in our response to your request.

  • The right to rectification and supplementary statement (art. 16 GDPR):

If your personal data is incorrect, out of date or incomplete, you can ask us to correct these inaccuracies or incomplete information.

  • The right to transferability of personal data (art. 20 GDPR):

Subject to certain conditions, you also have the right to have the personal data that you have provided to us for the performance of the agreement or for which you have given your consent transferred by us to another controller. To the extent technically possible, we will provide your personal data directly to the new controller.

  • The right to restriction of processing (art. 18 GDPR):

In certain cases, you also have the right to request us to restrict the processing of your personal data.

  • The right to object (art. 21 GDPR):

You may object to the processing of your personal data on the basis of your specific situation and in certain circumstances. In such cases, we will not process your personal data any further.

  • The right to withdraw your consent (art. 7 GDPR):

If your personal data are processed on the basis of your consent, you may withdraw this consent at any time upon simple request.

8. Exercising your rights

To exercise these rights, you can always contact us by e-mail at the following e-mail address:

In order to verify your identity, we ask you to send us a copy of the front side of your identity card. We do this to ensure that third parties do not gain access to your data and consequently to keep them confidential, in accordance with the provisions of the GDPR. As soon as we have received this information, we will make every effort to respond to your request within the legal period of 1 month. We do not keep a copy of your identity card, but only check your identity, after which this data is immediately deleted.

You can exercise all these rights free of charge, unless your request is unfounded or excessive (for instance due to its repetitive nature). In such cases, we shall be entitled to charge you a reasonable fee or to refuse to respond to your request.

9. Forwarding to third parties

We will only forward your personal data to third parties, such as our payment service provider Stripe, in accordance with the legal provisions, if you have given your consent or if this is necessary for our services.

Furthermore, we do not transfer any personal data to third parties, unless we are obliged to do so based on mandatory legal provisions (e.g. disclosure to external bodies, such as supervisory or law enforcement bodies).

10. Categories of recipients

Within our company, we see to it that your personal data are only accessible to persons who need them to comply with our contractual and legal obligations.

In certain cases, we may be assisted in performing our tasks by external service providers (for example self-employed IT service providers, service providers who assist us with sending you newsletters, etc.). With regard to data protection, an agreement has been concluded with all these service providers to ensure that they manage your personal data securely, with respect and with due care and diligence.

11. Transfer to third countries

We will only transfer your personal data to processors or controllers in third countries to the extent we are legally entitled to do so or if this is necessary for the performance of our services.

Insofar as such transfers are necessary, we take the necessary measures to ensure that your personal data are highly protected and that all transfers of personal data outside the EEA take place lawfully. If a transfer takes place to a country outside the EEA for which the European Commission has not determined that it offers an adequate level of protection, this transfer shall always be subject to an agreement that complies with all requirements for transfers to third countries, such as the standard provisions on data protection approved by the European Commission.

12. Protection of your personal data

We have taken all reasonable and adequate technical and organisational security measures to protect your personal data as effectively as possible against accidental or intentional manipulation, loss, destruction or access by unauthorised persons (e.g. securing with password, firewalls, anti-virus, etc.).

For instance, we always store your personal data at a secured location to prevent third parties from accessing your personal data.

13. Retention of your personal data

We will retain your personal data for as long as necessary to achieve the intended purpose. Take into account that numerous (legal) retention periods result in the fact that personal data (must) remain stored for a given period. Insofar as there is no obligation to retain your data, or after the obligation to retain has expired, your data will be deleted.

In addition, we may store personal data for longer if you have given us your consent to do so, or if we reasonably believe that we may still need these data in the context of a legal claim. In the latter case, we may use certain personal data as evidence. To this end, we retain certain personal data in accordance with the legal limitation period, which in most cases is ten years.


We make every effort to protect your personal data. If you have a complaint about the way in which we process your personal data, you can notify this to us via our contact details, so that we can deal with it as quickly as possible.

You can also lodge a complaint with the supervisory authority for data protection. The supervisory authority for our organisation is the Data Protection Authority:


Contact details:

Data Protection Authority
Rue de la Presse 35, 1000 Brussels, Belgium

+32 (0)2 274 48 00

+32 (0)2 274 48 35

Do you have any questions?

If so, you can always contact us by telephone, e-mail or letter. We will be happy to answer your questions.


In response to feedback or to reflect changes in our processing activities, we may amend this privacy statement from time to time. We therefore invite you to always consult the latest version of this privacy statement on the platform.

Scroll Top