Last updated: 31/10/2025
Codioso bv built POSitive app as part of the POSitive Point-of-Sale system. This policy informs you of our policies regarding the collection, use, and disclosure of Personal Information when you use our Service.
Which information do we collect?
We collect the following personally identifiable information (PII) from users:
- Name and First Name
- Email Address
- National Register Number (Rijksregisternummer / INSZ / BIS-nummer)
How and why do we collect this information?
We collect this data exclusively through direct user input within the app. The purposes for which we collect this information are:
Name and First Name: For identification, personalization of the user experience, and account management.
Email Address: For account registration, communication with the user (e.g., password recovery, updates), and providing support.
National Register Number (INSZ/BIS-nummer): It is a requirement for a regulated point-of-sale system to know who is logged into the system and who has performed a specific action (mandated in the specifications of the Belgian Federal Public Service Finance - FOD Financiën). The National Register Number is only kept for this purpose.
The legal basis for this processing is Circular AAFisc No. 33/2016 (No. E.T.124.747) dated November 8, 2016 (Belgian Official Gazette of 16.01.2017, pg. 2460), chapter 3.3 mandatory functions.
Data Processing and Storage
We take the security of your data extremely seriously. All personal information collected is stored on secure servers. We employ strict physical, electronic, and managerial procedures to safeguard and protect the information we collect.
Your data will be retained for as long as necessary for the purposes for which it was collected, or as required by applicable law.
Disclosure to Third Parties
We do not sell, trade, or rent personally identifiable user information to others. We may share generic aggregated demographic information, not linked to any personal identification information, with our partners and advertisers for the purposes outlined above.
We may use third-party service providers to help us operate our business and the app or administer services on our behalf, such as server hosting or payment processing. These third parties only have access to your data to perform these tasks on our behalf and are obligated to keep this information confidential.
In specific cases, we may disclose data if legally required (e.g., by court order).
Your Rights under the GDPR
As a resident of the European Economic Area (EEA), you have specific rights regarding your personal data:
- Right of access: You have the right to request a copy of the information we hold about you.
- Right to rectification: You have the right to correct inaccurate or incomplete information.
- Right to erasure (Right to be forgotten): You have the right to request the deletion of your personal data under certain conditions.
- Right to restriction of processing: You have the right to request that we restrict the processing of your personal data.
- Right to data portability: You have the right to obtain and transfer your data in a structured, machine-readable format.
- Right to object: You have the right to object to the processing of your personal data.
To exercise these rights, please contact us using the contact details below.
Children’s Privacy
Our Service is not intended for anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If we discover that a child under 13 has provided us with personal information, we will immediately delete this from our servers.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Changes are effective when they are posted on this page. Changes will also be updated in the Google Play Console under the ‘App content’ and ‘Data safety’ sections.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: Codioso bv, Gravenstraat 76, 3220 Holsbeek Email: info@codioso.be
You also have the right to lodge a complaint with the competent data protection supervisory authority in your country.