Logo van RAPP, de rijbewijs app
Logo van RAPP, de rijbewijs app
Logo van RAPP, de rijbewijs app
English

Privacy Policy

Last updated: April 2025

Privacy Statement RAPP

Article 1: General

This privacy statement describes how the web application RAPP handles your personal data. RAPP is aimed at consumers in Belgium and requires user registration with an email address and password. We respect your privacy and process your personal data in accordance with the General Data Protection Regulation (GDPR) and the applicable Belgian legislation, in particular the Act of 30 July 2018 regarding the protection of natural persons with respect to the processing of personal data. We only collect personal data that is necessary for the functioning of the app, in line with the principle of data minimization. This privacy statement is written in professional and legally correct language to meet all requirements of the GDPR and Belgian privacy legislation.

Article 2: Data Controller

The data controller for the processing of your personal data is Viinovate, Martkweg 30 bus 31, Aalst, Belgium. Viinovate is registered in the Crossroads Bank for Enterprises under enterprise number (VAT) BE1003.537.650. You can reach us for all privacy-related questions via email at support@viinnovate.com.

Article 3: Personal Data We Process

We only process the personal data that you provide yourself or that is generated by your use of RAPP, to the extent that this data is necessary for the app to function correctly. This includes the following categories of data:

  • Identification data: your email address and, if you choose to provide it, your name (providing your name is optional).

  • Account and profile data: your login information (email address and password). Passwords are stored securely (hashed) and are not readable by us.

  • App usage data: information about your use of the app, such as your progress in the application, scores achieved, and your login status (e.g., whether you are logged in and for how long). This data is needed to provide the functionality of the app, such as tracking your progress and user profile.

  • Payment data: if you use paid features or make purchases in the app, payment is processed through the external payment provider Stripe. RAPP itself does not store detailed payment information (such as credit card numbers). We only receive from Stripe the information necessary to confirm your payment (e.g., a payment confirmation or transaction reference).

We do not process sensitive personal data (such as race, health data, etc.) and do not collect data that is not relevant for the purposes mentioned above. In accordance with the GDPR principle of data minimization, we limit processing to what is adequate and necessary for the purposes of the app. No data is collected for marketing purposes and we do not use your personal data to send you unsolicited promotions or newsletters.

Article 4: Purposes of Processing and Legal Basis

We process your personal data solely for specific, explicitly defined, and legitimate purposes, and not in a manner incompatible with those purposes. The main purposes of processing within RAPP, along with the corresponding legal basis, are:

  1. Delivery of the service (performance of the contract): We use your email address and password to create and manage your user account, allowing you to log in and use the app. Your app usage data (progress, scores, etc.) is processed to deliver the core service of RAPP: we track your progress, show your results, and ensure that the app functions properly in accordance with the agreements we have made with you (the terms of use). The legal basis for these processing activities is the necessity for the performance of the contract with you (art. 6(1)(b) GDPR), as this data processing is necessary to provide you with access to and use of the app.

  2. Payment processing: If you make a payment (for example, for premium features or content in the app), we process the necessary data to complete the transaction. Your payment data is processed directly by Stripe (our external payment service provider) for payment processing. The legal basis for this is also the performance of the contract (art. 6(1)(b) GDPR) – processing your payment is necessary to provide the service (a purchase in the app) you requested.

  3. Communication and support: If you contact us for support or we need to inform you about service-related matters (e.g., important changes to the app or this privacy statement), we use your contact information (such as your email address) to communicate. This is done to fulfill our agreement with you (customer support falls under services) or based on our legitimate interest in providing good customer service. However, we will not send you marketing messages without your explicit consent.

  4. Security and authentication: We process your login credentials and any technical log files to ensure the security of the app and your account. This includes verifying your identity when logging in and monitoring for suspicious login attempts to prevent fraud or abuse. The legal basis for this is our legitimate interest (art. 6(1)(f) GDPR) in maintaining the integrity and security of our service, as well as the performance of the contract, as secure access is part of the service.

In all cases, we do not request your consent for the above processing, as they are either necessary for the performance of a contract with you or based on another legally permissible basis (such as legitimate interest). Since we do not process personal data for direct marketing, profiling, or non-essential purposes, consent in the context of RAPP is generally not required. If we were to need your consent for a specific purpose in the future, we will ask for it separately and clearly in accordance with the GDPR requirements for valid consent.

Article 5: Sharing of Data with Third Parties

Your personal data will not be sold or shared with third parties for commercial or marketing purposes. We only share your data with third parties to the extent necessary for the operation of the app and the execution of the aforementioned purposes. The parties we collaborate with are:

  • Stripe (payment provider): For payment processing, we use Stripe Payments Europe, Ltd. (based in Dublin, Ireland) as an external payment processor. When you make a payment in RAPP, the necessary transaction data (such as amount and payment method) is securely passed on to Stripe. Stripe processes this data in accordance with its own privacy policy and may act as a (co-)data controller in that context. RAPP itself does not store sensitive payment information (such as card numbers); these are processed solely by Stripe. We ensure that appropriate agreements (processor agreement) are in place with Stripe to safeguard your data protection.

  • Microsoft Azure (hosting and authentication): RAPP is hosted on Microsoft Azure cloud servers and uses Azure services for user authentication and security. Microsoft acts as a processor on our behalf. This means that Microsoft provides the technical infrastructure in which your personal data (such as your account data and usage data) is stored and processed, but they are not allowed to use that data for their own purposes. We have entered into a processor agreement with Microsoft that meets the requirements of art. 28 GDPR, and Azure provides strong security measures for data processing.

In addition to the above service providers, we may need to share data with other parties if this is legally required or at the request of competent authorities (e.g., a court or police). In such cases, we will comply with the law and only provide the requested data if there is a valid legal basis for doing so.

 

International Data Transfer: We strive to process and store your data within the European Economic Area (EEA) as much as possible. Microsoft Azure has data centers in the EEA, and we choose European data locations for the hosting of RAPP. Stripe processes payments through its European entity (Stripe Payments Europe in Ireland); however, certain data may be transmitted in the context of payment processing to parent companies or subprocessors outside the EEA (e.g., the US). In such cases, we – and Stripe – ensure appropriate safeguards in accordance with Chapter V of the GDPR, such as standard contractual clauses or other mechanisms approved by the European Commission, to guarantee an adequate level of protection for the transmitted personal data.

Article 6: Cookies and Tracking

The RAPP web application does not use cookies or tracking technologies to collect data about your behavior. Therefore, we do not place analytical cookies, tracking cookies, or similar techniques on your device. This means that we do not monitor your use of the app for marketing or advertising purposes, and do not build profiles beyond what is strictly necessary for the functioning of the service. Only if a technically necessary cookie or similar technology were required (e.g., to maintain your login session) will we implement that, but RAPP currently does not use such technology. You can therefore use the app without any personal tracking taking place.

Article 7: Retention Period

We do not retain your personal data longer than necessary for the purposes for which it was collected. In practice, this means that your data will remain stored as long as your user account is active. As long as you use RAPP and have not deleted your account, we need your data to ensure the service works (for example, to track your progress). If you choose to terminate or have your account deleted, we will remove or anonymize your personal data.

 

In the case of inactivity over a long period, we may ask you to confirm whether you wish to keep your account active; in the event of continued inactivity, we reserve the right to delete your account (and therefore your personal data), provided we notify you in advance.

 

Certain data may be retained longer if this is legally required or to defend our legitimate interests. For example, we may retain proof of your consent or transaction records (invoice data) for administrative and legal purposes for the duration of the statutory limitation period. However, this will generally not apply to most of your RAPP usage data, as RAPP itself does not store payment data and does not process other legally archivable data.

 

We therefore always adhere to the principle that personal data is not retained in identifiable form longer than necessary for the purposes of processing. Once there is no longer a need to retain your data, it will be deleted or anonymized.

Article 8: Security of Your Data

We take appropriate technical and organizational security measures to protect your personal data against loss, misuse, unauthorized access, unwanted disclosure, and unlawful alteration. Some of the measures we have implemented include:

  • Secure infrastructure: Your data is stored on Microsoft Azure servers, which are known for their high-security standards. Azure offers encryption of data in transit and at rest, firewall protection, and continuous monitoring. We use European Azure data centers to ensure a high level of protection and compliance with EU privacy regulations.

  • Authentication security: Passwords are hashed and encrypted and stored through Azure Identity services. This means that even in the unlikely event of a data breach, your password will not be visible in readable form. Additionally, access to your account is protected with your personal password; we recommend that you choose a strong password and keep it secret.

  • Access control: Only authorized individuals within our organization (and our authorized processors as mentioned in Article 5) have access to personal data, and only to the extent necessary. They are bound by strict confidentiality obligations.

  • Monitoring and updates: We keep our systems up to date and apply security patches as soon as they become available. Suspicious activities (such as unusual login attempts) are monitored so that we can intervene in a timely manner in case of potential security incidents.

Although we take every effort to ensure security, no digital service can be 100% secure. If, despite our measures, a data breach occurs that is likely to pose a high risk to your rights and freedoms, we will notify the Data Protection Authority and, if legally required, also inform you as the affected user, in accordance with the reporting obligation under the GDPR.

Article 9: Minors

RAPP does not implement a specific age limit for users; the application is accessible to all ages. However, we emphasize that the privacy of children is particularly protected by law. According to Belgian legislation (Article 7 of the Act of 30 July 2018 implementing the GDPR), parental consent is required for children under the age of 13 when their personal data is processed in the context of a direct offer of information society services.

 

Specifically, this means: if you are under 13 years old, a parent or legal guardian must give permission for your registration and use of RAPP, where such permission is legally required. Although RAPP does not typically carry out processing based on consent (see Article 4) and the service generally relies on contractual necessity, we assume that users under 18 have the permission and guidance of a parent/guardian when creating an account and using the app. We do not specifically target children under 13 in our offering, and we do not knowingly collect data from children under 13 without parental consent. Should it come to our attention that we have unintentionally collected personal data from a minor under 13 without verifiable parental consent, we will make reasonable efforts to delete that data as soon as possible.

 

For minor users aged 13 to 16, they are deemed to be able to give consent for data processing in online services under the Belgian implementation of the GDPR. Once again, we emphasize that RAPP does not process based on explicit consent, but we advise minors to involve their parents in their use of the app.

Article 10: Rights of Data Subjects

You have various legal rights under the GDPR as a data subject (user of RAPP whose personal data are processed by us). We respect these rights and have procedures to accommodate you. Your rights include:

  • Right of access: You have the right to obtain confirmation of whether we process personal data about you, and if so, to access that data. This means you can request which personal data we hold about you and receive a copy of it.

  • Right to rectification: You have the right to have inaccurate or incomplete personal data corrected or supplemented. If you notice that certain information we have about you is incorrect (for example, an error in your name or an outdated email address), you can request that we improve this.

  • Right to erasure (right to be forgotten): You may ask us to delete (certain or all of your) personal data. We will comply with such a deletion request in the cases provided by law – for example, if the data is no longer necessary for the purposes, or if you withdraw your previous consent and we have no other legal basis, or when the processing would be unlawful. Please note that this right is not absolute; sometimes we may be required to retain data despite your request (for example, to comply with a legal obligation). However, in the context of RAPP, exercising this right generally means that we will delete your account and erase all your usage data, unless there is a compelling reason to retain (part of) the data.

  • Right to restriction of processing: You have the right to ask us to temporarily restrict the processing of your data. This may be the case when you dispute the accuracy of your data (for the period during which we verify this), or when the processing is unlawful but you do not want the data to be deleted, or when we no longer need the data but you need it for legal claims. In the event of restriction, we will retain the data but may not further process it except with your consent or for legal claims, etc.

  • Right to object: You have the right to object to certain processing of your personal data. In particular, you may object at any time to processing based on our legitimate interest (art. 6(1)(f) GDPR), provided you give reasons relating to your particular situation. Given the nature of RAPP, we base our processing mainly on contractual necessity; however, if we rely on legitimate interest (e.g., for security or support purposes), you have the right to object. If you object, we will stop the relevant processing unless we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms (or if the processing relates to a legal claim). Please note: you also have the absolute right to object to any processing for direct marketing. As mentioned, we currently do not use your data for direct marketing, so this right is particularly for your information.

  • Right to data portability: If applicable, you have the right to obtain the personal data you have provided to us in a structured, commonly used, and machine-readable format, so that you can transfer it to another provider. This right only applies to data we process based on your consent or on the basis of a contract with you and to the extent the processing is automated. In the case of RAPP, this concerns, for example, your profile and usage data. Upon your request, we can – if technically possible – also transfer the data directly to a new provider.

  • Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that has legal effects on you or significantly affects you otherwise. RAPP does not make such automated decisions about users that meet this criterion; there is currently no profiling or automated decision-making with legal impact in our service.

To exercise any of your rights, you can submit a request to us via the email address support@viinnovate.com. Please clearly indicate which right you wish to exercise and, if applicable, which data it concerns. We may ask you for additional information to verify your identity so that we do not provide your data to the wrong person (for example, we may ask you to make the request from the email address linked to your account or to show an identification document in case of doubt). We will respond to your request free of charge and within one month. In exceptional cases (for very complex or multiple simultaneous requests), we may extend this period by a maximum of two additional months, but in that case, we will notify you within the first month of the delay and the reasons for it.

Article 11: Complaints and Supervision

If you have any questions or complaints about our processing of your personal data, we kindly ask you to contact us first (using the contact details in Article 2). We will do our best to respond to and resolve your complaint.


Article 12: Changes to this Privacy Statement

Privacy legislation and our service may change over time. Therefore, we reserve the right to change or update this privacy statement from time to time. For significant changes, we will notify you through the app (for example, via a notification or email) and, if legally required, request your consent again when the change concerns processing for which consent is required. At the top of the privacy statement, we will indicate the date of the most recent change. We advise you to periodically review this statement so that you remain aware of how we process your personal data.


Article 13: Deleting Account and Data

You can delete your entire account – including all associated personal data and app progress – at any time. Go to Settings → Profile in the web app and select at the bottom ‘Delete Account & Data’. After your confirmation:

  • your account will be immediately deactivated so that you have no further access to RAPP;

  • we will delete all your identifiable data from our active systems and backups within a maximum of 30 days, unless we need to retain certain data longer to comply with legal obligations (e.g., fiscal retention periods for payment records);

  • you will receive, as confirmation, a final email at the address registered with us once the deletion is complete;

  • there will be no refund of any subscription fees or purchases, regardless of remaining usage period or unused content.

Please note: this action is irreversible – your progress, scores, and any purchased content will be permanently lost. If you wish to use RAPP again later, you will need to create a new account.

 

If after reading this privacy statement you have any questions regarding how RAPP handles your privacy, please feel free to contact us at support@viinnovate.com. We are happy to assist you and provide any further information you may need. Your trust and privacy are very important to us, and we are committed to safe and compliant processing of your personal data.

Privacy EN

 

Use for free