Privacy policy

Last updated: March 2021
The protection of Individuals with regards to the processing of Personal Data is a key element for Diabatix”

This Privacy Policy is applicable to all personal data (“Personal Data”) you, as a user of our ColdStream Platform, provide to us or that is generated from your use of our ColdStream Platform.This Privacy Policy is the implementation of the GDPR or AVG: General Data Protection Regulation (Europe)and Algemene Verordening Gegevensbescherming 24 mei 2016 (Belgium): 

Controller: Our Company determining the purpose and means of the processing of Personal Data.

Personal Data: any information relating to an identified or identifiable Individual meaning any data that makes it possible to identify anIndividual, directly or indirectly (e.g. by name, telephone number, address, license plate, email address, IP-address, identification numbers)

Which Personal Data do we speak about?

This Privacy Policy will be applicable to all customer, who use our ColdStream Platform. You will subscribe to the ColdStream Platform and communicate certain Personal Data that is needed for this subscription and some Personal Data will be generated from the use of the ColdStream Platform.

We will not process specific categories of Personal Data such as personal data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning an Individual’s sex life or sexual orientation. 

Processing of Personal Data of customers inscribing to use the ColdStream Platform


  • customer administration: subscription information, creation of user profile.
  • operating the ColdStream Platform: help with functionalities of ColdStream Platform
  • administer the ColdStream Platform: monitoring the usage and performance of the ColdStreamPlatform
  • help incase of problems with the use of the ColdStream Platform
  • additional expert services to increase the customer experience
  • compliance with applicable laws and regulations

Legal Basis: License Agreement to use the ColdStream Platform

Information: name of customer (name of employees using the ColdStreamPlatform), contact information of customer (address, email, phone number, job titles), information received from feedback and communication through the ColdStreamPlatform, usage information of the ColdStream Platform.

Retention: 5 years after the termination of the LicenseAgreement to use the ColdStream Platform

Rules with regards to the way we process Personal Data? 

Diabatix will always take care that there is a balance between our legitimate interest and the rights and interest of the Individual.

Diabatix will respect the principles of data protection by design and data protection by default. And we will ask the same from our (ICT-)suppliers. The ColdStream Platform is assessed thoroughly on data protection from the start throughout the this project. And we will install as a standard option, the most privacy-friendly option.  


Rights of Individuals

As an individual you have the following rights with regards to your Personal Data.

  • Right to withdraw consent at anytime: however withdrawal of consent shall not affect the lawfulness of the processing based on the consent before its withdrawal
  • Right of access to the PersonalData: to obtain information as to the purpose of processing, the categories ofPersonal Data, third parties to whom the Personal Data is disclosed, retention period
  • Right to rectification of incomplete, inadequate or excessive Personal Data
  • Right to erasure of inaccurate, erroneous or incomplete Personal Data, of Personal Data that is no longer necessary in relation to the purpose, when the consent has been withdrawn or any Personal Data which does not comply with the provisions of the current legislation
  • Right to restriction of processing in case of inaccuracy, processing is unlawful, there is no longer need of the processed Personal Data, of a pending procedure of verification of legitimate grounds. The restriction means that it can only be processed with the consent of the Individual, can be stored, can be used for legal claims, can be used for protection of the rights of another individual or for reasons of important public interests.
  • Right to data portability: to receive your Personal Data or have it transmitted in a structured, commonly used and machine-readable format when the processing is based on the consent of the Individual or based on a contract and is carried out by automated means
  • Right to object (e.g. for direct marketing purposes, part of automated decision such as profiling related to such direct marketing) 

The application to exercise any of the rights mentioned above should be done to

Each application must contain all information we need to define the identity of the Individual requesting any of the rights such as:

  • name and surname of the Individual, and a photocopy of both side of the identity card
  • nature of the request
  • data of the application and signature of Individual.

Diabatix will reply at the latest within 30 days as of the date of receipt of the application.

Security, technical and organizational measures

Diabatix has taken and will take all the necessary measure for the security of the processing of Personal Data, the necessary technical and organizational measure are in place. All Personal Data are stored in a secured place behind the necessary domain security and the necessary policies are in place.

The processing of Personal Data will only be executed by the members of the relevant department and each employee has a secrecy clause in his/her employment agreement. 

We, as a company, expect our customers and suppliers to follow the GDPR as well. We strive to work only with those customers and suppliers who demonstrate compliance with GDPR. Any arrangement Diabatix makes with customers and suppliers will be subject to clear contractual terms with regards to data privacy, confidentiality and code of conduct and specific provisions that require customers and suppliers to comply with the GDPR. 

In case of a Personal Data breach which will result in a risk for the rights and freedoms of the Individual (e.g.personal financial loss, identity theft) involved, Diabatix shall, where feasible, at the latest within 72 hours after becoming aware of it, notify thePersonal Data breach to the supervisory authority and shall inform theIndividual as soon as reasonably possible. This notification does not need to be executed in case the breach is unlikely to result in a risk to the rights and freedoms of the Individual. This procedure will be followed up by our legal advisor/Managing Director. 

Transfer of Personal Data

European Union:

Our Company will not transfer any PersonalData outside the European Union (to a third country or an international organization). In case a transfer of Personal Data needs to be done outside theEuropean Union, we will follow the procedure as defined in the GDPR. This will be followed up by our legal advisor/Managing Director.

Service Providers:

For operating the ColdStreamPlatform we use service providers who help to make this ColdStream Platform unique in its way of working (this includes cloud services, hosting services, database system and data base management services, email delivery). We have the necessary agreements in place with these service providers to respect all elements of this Privacy Policy. We have evidence of their certifications and accreditations with the necessary compliance standards, rules and regulations.

Cookie Policy 

What is a cookie?

A cookie is a text file containing small amounts of information, which is downloaded to your device when you (first) visit our website (including the ColdStream Platform). That cookie is then sent back to the website of origin on each subsequent visit, or to another website which recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device, and they provide you with a more efficient and personalised experience of our website (including ColdStream Platform).

What types of cookie are used?

Cookies can be distinguished on the basis of their origin, their function and their lifespan.

First-party cookies are cookies that are placed by Diabatix during your visit to one of our websites(included ColdStream Platform). Third-party cookies are cookies that are placed by a third party that is not part of one of our websites. Facebook, LinkedIn,Twitter and YouTube are examples of such third parties. Technical cookies are essential for the website to function properly. These cookies enable you to navigate between the various sections of our website and to use specific functionalities. Session cookies are temporary cookies that enable you to navigate quickly and easily through the website during your browsing session.Persistent cookies or ‘tracking cookies’ outlast an individual session and remain in your browser for a specific period after the session (unless you delete the cookie). Functional cookies monitor the correct operation of the website and allow the website to remember the choices you make (e.g. your language preference, your user name, or your region). They provide enhanced and more personal features, sparing you from having to specify your choices every time you visit the website. Performance cookies collect anonymous and aggregated information about your online behavior (such as your browser type, your Internet Protocol (IP) address, the operating system used, the domain name of the website that you have visited even when you abandon such site, the date and time of your website visit, etc.) for statistical purposes and for generating visitor’ profiles.

Diabatix uses all the cookies mentioned above. The cookies we use do not collect data that reveal your personal identity and therefore, do not make it possible for us to identify you. Our website(s) may contain links to other websites not owned/managed by Diabatix (third-party’ content, links and plugs-in). Diabatix is not responsible for the privacy practices of these websites.  

How to give your consent?

When visiting our website(s) (including the Coldstream Platform) for the first time, a cookie banner will appear at the bottom. By closing that banner, or continuing your visit to our website(s), you implicitly consent to our use of cookies as specified in this cookies policy, unless you have adapted your browser setting to reject cookies (see below). 

How to reject our cookies?

You may withdraw your consent at any time by deleting cookies in the settings of your Internetbrowser. These settings are usually found in the 'options' or 'preferences' menu of your Internet browser.

Please note that changing your browser settings to reject cookies may impact your visit to our website/Coldstream Platform and deny you access to all or parts of our website and/or ColdStream Platform. You can change your Internet browser settings at any time.

Changing this Privacy Policy

We reserve the right to modify, change, adapt this Privacy Policy at any time. Any changes to our policy will be effective upon the upload of the new Privacy Policy to the ColdStream Platform.


ColdStream Platform is owned by Diabatix NV
Diabatix NV
Technologielaan 11
3001 Leuven
VAT number BE 0648.660.180
Company number: 0648.660.180, RPR Leuven

Update: Version March 2021