PRIVACY AND COOKIES POLICY for BELCHICKEN Websites, Web Applications and Mobile Applications – BC FOODS
For the purposes of the current Privacy and Cookies Policy (hereinafter the „Policy“), „Personal Data“ shall mean any information of a personal nature as defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC („General Data Protection Regulation“ or „GDPR“), as well as any applicable national implementing or supplementary legislation (collectively, the „Privacy Act“), i.e. any information concerning identified or identifiable natural persons.
1 – Controller
BC FOODS BV, operator of the BELCHICKEN® brand in Belgium, with a registered office at 1930 Zaventem, Leuvensesteenweg 510/11, registered with the number 0724808645 (hereinafter „BC FOODS“, „BELCHICKEN“ or „BC“) owns and operates the „Permanent Website“ www.belchicken.com, as well as the „Ad Hoc Sites“ temporarily available online for BC competitions and other promotional actions (collectively, the „Websites“). BC also owns and manages the BELCHICKEN® Loyalty Application (hereinafter referred to as the „BELCHICKEN® App“ or the „Application“).
BC also owns and operates the BelPeople web application (https://belpeople.com), a business management platform for BELCHICKEN® restaurant managers, franchise owners, and headquarters staff.
This Policy describes the conditions under which BC FOODS may, if necessary with your consent, process your Personal Data in relation to your use of the Websites, web, or mobile applications developed by or on behalf of BC (the „Applications“) and as well as associated services. BC FOODS acts as a data controller in accordance with the Privacy Act.
Without prejudice to the generality of the foregoing, special or additional provisions on Ad Hoc Sites and/or Applications may also apply (taking into account the particularities of certain Ad Hoc Sites/Applications), with respect to privacy protection and processing of Personal Data. In case of conflict between this Policy and any special provisions, the latter shall prevail.
Any reference in this Privacy and Cookies Policy to „we/we“, „us“ or „our“, shall be deemed to refer to BC.
2 – Importance of this Policy
BC attaches great importance to your privacy and to the protection of your Personal Data. This Policy applies to the Websites and Applications and explains exactly how BC collects and processes your Personal Data, how it may be used, with whom it may be exchanged, where appropriate, and how it is protected.
BC respects your privacy and the manner in which you choose to provide data. BC recognizes the need for adequate protection and management of Personal Data collected. BC processes your Personal Data in accordance with General Terms and Conditions of Use, the Special Terms and Conditions of Use for the mobile application „BELCHICKEN® App“, the Special Terms and Conditions of Use for the BelPeople Web Application, this Policy, and the Privacy Act.
Please note: By joining the Websites and Applications or when you visit or use the Websites and Applications, you accept the General Terms and Conditions of Use and agree to the application of this Policy. You authorize BC to process your Personal Data in accordance with and for the purposes defined herein. The General Terms of Use and current Policy are available on the Websites and Applications.
If you are under 13 years of age, only a parent or the person who has parental responsibility for you can legally consent to the processing of your Personal Data, as described in this Policy. If we know that you are under the age of 13, we will ask you for confirmation.
3 – What Personal Data Does BC FOODS Collect?
BC collects your Personal Data in the course of making the Websites, Applications and related services available. Your Personal Data is collected, processed and used by BC in accordance with current Policy. The Personal Data collected and processed by BC includes the following information:
a. General
The Personal Data related to your general use of the Websites/Applications and related services: identification of the device you use to use the Websites/Applications (MAC address), IP address, selected language, data related to when and how long you use the Websites/Applications, information related to your operating system and type of device, search criteria (such as type of product), pages visited (the „Surfing Data“).
Personal Data related to your use of the BELCHICKEN® App: user account ID (Facebook username and password or email address and password); first and last name, date of birth; country and zip code; email address; the log of acceptance of legal documents; advanced profile data (optional): [gender, if the parent with children over or under 12 and number of children; student/professional; preference for BELCHICKEN® restaurants]; Belchicken QR ID, coupons, stamps, discounts.
Personal Data relating to your use of food ordering services available only on the Application BELCHICKEN® App: Personal Data; order information (products ordered, the BELCHICKEN® restaurant selected for pickup or delivery of the order, date and time of order placement and pickup or delivery; payment information including selected debit/credit card information (cardholder and card number) and the amount to be paid („Payment Information“).
The Personal Data pertaining to you, as provided by you or generated by BC during the registration or enrollment process for one of our contests or promotions, such as first and last name, phone number, date of birth, email and postal addresses, password and/or promotion code if applicable, as well as whether you wish to subscribe to the newsletter and log of acceptance of legal documents (the „Subscription Data“).
The Personal Data related to your subscription to the BC newsletter: email address, first and last name, log of acceptance of legal documents (the „Newsletter Data“).
The „Profile Data“: based on the Personal Data above in current article 3, BC will create and store marketing profiles of the User.
The „Consumer Service Data“: the Personal Data that you choose to provide when you want to make comments or ask a question to BC – through the online form available for this purpose on the Permanent Website – after visiting or relating to one of our BELCHICKEN® restaurants: salutation, first and last name, email and postal addresses, telephone number (optional), BELCHICKEN® restaurant visited, date and time of your visit, subject, and content of your message.
The information you provide when you want to apply for a job with BC: first and last name, email and mailing addresses, curriculum vitae information, message/motivation letter, desired job (position and location), log of acceptance of legal documents (the „Recruitment Data“).
b. BelPeople Web Application Data
Personal Data related to your use of the BelPeople web application: user account information (name, email address, role, permissions), restaurant assignments, login and usage information, training completion records, assessment results, work schedules and time records.
c. Google Business Profile Integration (BelPeople Application)
When authorized users connect their Google Business Profile account to the BelPeople application, we access the following data through the Google Business Profile API:
• Business location information (business name, address, phone number, business hours)
• Customer reviews and star ratings from Google Maps
• Your responses to customer reviews
• Business photos and media uploaded to your Google Business Profile
• Business performance insights and analytics
• Authentication credentials (OAuth tokens stored securely)
Google API Scopes Used:
• https://www.googleapis.com/auth/business.manage – To read and manage your business locations, reviews, photos, and respond to customer reviews
Purpose and Limited Use Disclosure:
BelPeople’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This integration enables restaurant managers and franchise owners to manage their Google Business Profile directly from the BelPeople application, including:
– Viewing and responding to customer reviews
– Updating business hours and contact information
– Managing business photos
– Monitoring business performance insights
Google user data obtained through this integration is used ONLY for the purposes described above. We do NOT use Google user data for:
– Serving advertisements
– Selling data to third parties
– Determining creditworthiness or for lending purposes
– Any purpose other than providing the BelPeople business management features
Data Storage and Security:
– OAuth access tokens and refresh tokens are stored securely in our database with encryption at rest
– Tokens are automatically refreshed when expired
– Access to Google user data is restricted to authorized BelPeople users only
– All data transmissions use HTTPS/TLS encryption
Data Sharing:
Google user data accessed through the Google Business Profile API is NOT shared with any third parties except:
– Google LLC (as necessary for API functionality)
– As required by law or valid legal process
Data Retention and Deletion:
– Synced business information (reviews, hours, photos): Retained until user deletes their account or revokes Google access
– OAuth tokens: Deleted immediately upon access revocation or account deletion
– Cached review data: Deleted within 30 days of access revocation
– When you revoke access or delete your BelPeople account, all Google user data is permanently deleted from our systems
d. Location Data
The collected data may also include location data, to the extent that you have enabled the geolocation feature on your smartphone and have given us your consent to such processing. The latter is defined as any data processed in an electronic communication network or by an electronic communication service that indicates the geographical position of the device of an end-user of a public electronic communication service. The processed location data is the geographical data provided by the GPS system in order to identify the exact location of the end user’s device. The location data will not be processed (i) for a duration exceeding the period necessary for the purpose described hereinafter, nor (ii) for purposes other than those described hereinafter. You have the right to withdraw your consent to the processing of your location data at any time by turning off the geolocation function on your device. However, BC informs you that this may affect the correct provision of the service(s) and/or the effectiveness with respect to certain functions based on location: i.e., determining the nearest restaurant for your location (the „Location Data“).
BC may also access identification and contact information from external databases that we purchase and combine it with the information that BC itself collects from you in order to have more complete information.
If you click through to our Websites, Applications, or platforms from a social media platform, such as Facebook or Instagram, we may gain access to certain profile information on that media platform.
e. Sensitive Data
In connection with your use of the Websites/Applications and connected services, BC does not collect or process any special category of Personal Data from you unless you voluntarily communicate it, for example in the curriculum vitae or cover letter that you freely decide to upload during the online recruitment process or in your messages through the „Contact“ section of the Permanent Website. The special categories of Personal Data are often referred to as „sensitive“ Personal Data and include information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life.
4 – For What Purposes is Your Personal Data Processed and on What Legal Bases?
General
BC collects and processes your Personal Data solely for the purposes stated in this Policy. The purposes for which BC processes your Personal Data are: making the Websites/Applications and related services available (including, but not limited to, the fulfillment and delivery of orders placed under the BELCHICKEN® App and Kiosks); managing the contractual relationship between you and BC, including your participation in certain competitions, promotional actions or, where applicable, your membership to a loyalty program (such as the BELCHICKEN Loyalty Program); verifying that your use of the Websites/Applications complies with all applicable BC terms of use and applicable law; responding to your requests, questions and/or complaints; and, if applicable, processing and responding to your applications for employment at a BELCHICKEN restaurant.
In addition, BC may process your Personal Data in order to monitor the use and visitation of the Websites/Applications and related services, analyze users‘ habits, develop enhancements or new features that improve the Websites/Applications, and conduct market studies. To the extent possible, BC will process aggregate data (being data that cannot identify you nor be linked to you, such as statistical data), pseudonymized or anonymized data, instead of Personal Data, when the purposes of such processing can be achieved in this way.
Google Business Profile Management (BelPeople):
• Display customer reviews from Google Maps within the BelPeople dashboard
• Enable authorized users to respond to customer reviews
• Allow updates to business information (hours, phone number, description)
• Upload and manage business photos on Google Business Profile
• Sync business performance insights and analytics
Direct Marketing and Profiling
If you consent to the use of your Personal Data for commercial and advertising communication purposes (direct marketing), BC will use your Personal Data for the purposes for which you have given your consent until your consent is withdrawn. With your express consent, when you communicate your e-mail address and/or your cell phone number, BC may send you commercial and advertising messages about BELCHICKEN® products/services by e-mail and/or SMS, or through personalized „push“/display on certain social networks or other platforms with which you have an account. If you wish your Personal Data to no longer be processed for commercial and advertising communication purposes, you have the right to withdraw your consent in this regard, at any time, free of charge and without giving any reason. The procedure to be followed in such a case is described in article 8 of this Policy.
Your Personal Data may also be used to establish user patterns and statistics and to categorize you into a particular consumer group on the basis of your personal characteristics (e.g. gender and age range) („profiling“).
By using such profiling techniques, BC is able to send you personalized news messages, promotions or offers tailored to your specific needs and can thus provide you with added value. The use of these techniques will in no case have any legal consequences for you, nor any other far-reaching consequences.
If you would like more information about the profiling techniques used by BC and the way in which BC classifies you into a particular group, or if you have any objections to this, you can contact us at any time.
5 – Who Has Access to Your Personal Data?
BC may share your Personal Data with:
• BC headquarters staff (for operational data)
• Franchise partners (for their assigned locations)
• Restaurant managers (for their assigned teams)
• Trusted service providers who process data on our behalf, including providers for:
– Database and application hosting (Supabase, Netlify)
– Authentication and security services
– Analytics and reporting tools
– Email and communications
Google LLC:
• Google Business Profile API – For managing business listings, reviews, and photos on Google Maps
• Google OAuth 2.0 – For secure authentication when connecting Google accounts
• Privacy Policy: https://policies.google.com/privacy
All service providers are contractually bound to protect your data and comply with GDPR. For data transfers outside the European Economic Area, we use Standard Contractual Clauses approved by the European Commission.
We do NOT:
• Sell your personal data (including Google user data)
• Share data for third-party marketing or advertising
• Provide data to data brokers or information resellers
• Transfer Google user data to third parties except as described in this policy
6 – International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area, including the United States.
Safeguards:
• Standard Contractual Clauses with all non-EEA processors
• Encryption of data in transit and at rest
• Strict access controls and security measures
7 – How Long Do We Keep Your Data?
We retain personal data only as long as necessary for the purposes described in this policy and to comply with legal obligations:
• Employee records: Duration of employment + 7 years
• Financial records: 7 years
• Customer feedback: 2 years
• Training records: Duration of employment + 3 years
• Job applications (unsuccessful): 6 months
• System logs: 90 days (IP addresses anonymized)
• Session data: 24 hours
• Google Business Profile synced data (reviews, business info): Retained until account deletion or access revocation, then deleted within 30 days
• OAuth tokens: Deleted immediately upon access revocation or account deletion
• Google user data: Not retained beyond what is necessary for providing the service; deleted promptly upon user request or access revocation
After these periods, data is securely deleted or anonymized.
8 – Your Rights
Under GDPR, you have the following rights:
• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal obligations)
• Restriction: Limit how we use your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent where processing is based on consent
• Human Review: Request human review of automated decisions
How to Exercise Your Rights:
Email us at privacy@belchicken.com with your request. We will respond within 30 days.
No Fees: Exercising your rights is free, except for manifestly unfounded or excessive requests.
Complaints:
If you are unhappy with how we handle your data, you can lodge a complaint with:
Belgian Data Protection Authority
Website: https://www.dataprotectionauthority.be
Email: contact@apd-gba.be
Phone: +32 2 274 48 00
Or your local data protection authority in your country of residence.
9 – Data Security
We implement appropriate technical and organizational measures to protect your data:
Technical Measures:
• Encryption of data in transit and at rest
• Secure password storage (hashed and salted)
• Regular security updates and patches
• Firewalls and intrusion detection
• Access controls and authentication
Organizational Measures:
• Staff training on data protection
• Confidentiality agreements
• Regular security audits
• Incident response procedures
Data Breaches:
In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority without undue delay.
10 – Automated Decision-Making
We use automated processes for:
• Categorizing financial transactions
• Analyzing customer feedback sentiment
• Generating quality improvement recommendations
You have the right to request human review of any automated decision that significantly affects you.
11 – Cookies and Third-Party Services
Essential Cookies
We use strictly necessary cookies for:
• User authentication
• Security features
• Session management
These cookies cannot be disabled as they are essential for the application to function.
Optional Cookies
• Preference cookies (language, settings)
• Analytics cookies (usage patterns, performance)
You can manage cookie preferences through your browser settings.
Third-Party Services:
• Google reCAPTCHA: Bot protection (privacy policy: https://policies.google.com/privacy)
• Google OAuth: Authentication for Google Business Profile integration
• Google Business Profile API: Access to manage business locations, reviews, photos, and insights (https://developers.google.com/my-business)
Google Business Profile API Integration:
When you authorize BelPeople to access your Google Business Profile:
1. Authentication: We use Google OAuth 2.0 for secure authentication. You will be redirected to Google’s login page to grant permission.
2. Permissions Requested: We request the „business.manage“ scope which allows us to read and manage your business locations, reviews, and photos.
3. Data Access: Once authorized, we can:
– Read your business location information
– Read and respond to customer reviews on your behalf
– Upload and manage business photos
– Update business hours and contact information
4. Token Storage: Your OAuth tokens are stored securely with encryption and are only used to make authorized API requests on your behalf.
5. Revoking Access: You can revoke BelPeople’s access to your Google Business Profile at any time by visiting:
https://myaccount.google.com/permissions
Navigate to „Third-party apps with account access“ and remove „BelPeople“ or „BELCHICKEN“ from the list.
6. Data Retention and Deletion: When you revoke access:
– We immediately stop accessing your Google Business Profile
– OAuth tokens are deleted immediately
– Previously synced data (cached reviews, business info) is deleted within 30 days
– You may request immediate deletion by contacting privacy@belchicken.com
7. Limited Use Disclosure: BelPeople’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. See: https://developers.google.com/terms/api-services-user-data-policy
12 – Children’s Privacy
Our services are not directed at individuals under 16 years of age. We do not knowingly collect data from children. If you believe we have collected data from a minor, please contact us immediately.
13 – Changes to This Policy
We review and may update this policy periodically. Significant changes will be communicated via:
• Email notification to registered users
• In-app notification
• Notice on our website
You will have at least 30 days‘ notice before significant changes take effect.
Previous Versions: Available upon request at privacy@belchicken.com
14 – Contact Us
For Privacy Inquiries:
Email: privacy@belchicken.com
General Contact:
Email: us@belchicken.com
What to Include:
• Your full name
• Email address associated with your account
• Description of your request or concern
Response Time: We aim to respond to all inquiries within 5 business days.
15 – Legal Information
Jurisdiction: This Privacy Policy is governed by Belgian law and GDPR.
Language: This policy is available in multiple languages. In case of discrepancies, the English version prevails.
Acceptance: By using BELCHICKEN services, you acknowledge that you have read and understood this Privacy Policy.
—
Last update: December 2025
Version: 3.0