We attach great importance to the security and confidentiality of your personal data that we collect and use. This privacy policy informs you

about the processing of your personal data and was last updated on June 22, 2023.

We also use cookies on our website. For more information about this we kindly refer you to our cookie

policy. https://surplusmarketing.be/challengr/cookies

1. When does this privacy policy apply?

1.1. We collect and use your personal data when you:

 use our website (www.challengr.be);

 use our social media (Facebook, LinkedIn and Instagram)

 use our mobile application;

 you register for or participate in our events; and

 communicate with us via email, telephone or another digital communication channel.

1.2. This Privacy Policy is subject to change as proviced in article 8.

2. Who are we?

2.1. In this privacy policy, “we” refers to Surplus Marketing as part of Sodifin bv:

Name:

Sodifin bv

Address:

Mechelbaan 141, 2500 Lier

Company number:

0447.784.860

Email:

info@surplusmarketing.be

2.2. We are responsible for the collecting and using your personal data in the manner explained in this privacy policy. If you have any questions

about this, please contact us by e-mail (legal@surplusmarketing.be).

2.3. In certain circumstances, third parties may (also) be responsible for the processing of your personal data, for example, if you click on a link

and thereby leave our website or mobile application. We have no influence on the data that social media providers collect about you. If you use

our services through your employer, your employer also acts as the data controller for the processing of your personal data. In these cases, we

recommend that you consult the privacy policies of these third parties.

3. Which personal data do we process and why?

We only process your personal data for a specific purpose and to the extent permitted by law. We further explain below in which cases we collect

and use your personal data. If we do not receive your personal data directly from you, we will also inform you about this below.

3.1. When you use our website

3.1.1. When you use our website, we collect and use the following personal data.

Which personal data?

Why?

Legal basis?

Technical information (e.g. server log files)

about your visit and the device you use. We

cannot identify you based on this information,

but third parties may (e.g. your internet service

provider).

To ensure the most trouble-free operation of

our website and to detect and prevent malware,

illegal content and behavior, and other forms of

possible misuse.

Our legitimate interest in keeping our online

presence secure.

Your email address.

To send you our newsletter or other electronic

communication.

Your consent, unless you are an existing

customer of ours who we want to keep

informed about our products or services. You

can always withdraw your consent as stipulated

in article 7.

3.2. When you use our social media.

3.2.1. When you use our social media (Facebook, Instagram, YouTube), we collect and use the following personal data.

Which personal data?

Why?

Legal basis?

When you send messages to us via social

media, we collect your identity and contact

details, the content of your message, and the

technical details of your message (e.g. date

and time).

To enable messages between you and us via

social media. These messages are not public.

However, if you post a comment or like or

post other data (e.g. photos) on our public

social media, then this data is public.

Our legitimate interest in being able to

respond to requests, questions, or comments

or to proactively contact you with questions

of any kind.

3.3. When you use our services or app

3.3.1. When you use our services or our mobile app, we collect and use the following personal data.

Which personal data?

Why?

Legal basis?

Identity and contact details, and personal

characteristics (e.g. gender and date of birth),

which you provide to us when you register and

afterward.

To create and manage your account so that you

can use our services or app.

Our agreement with you by your acceptance of

the Terms of

Use. https://movetohappiness.com/en/terms-of-

use/

Information about your device with which you

use our app and data such as your IP address,

your browser type, your operating system, and

your Internet Service Provider (ISP).

To improve the content of and the general user

experience of our app.

Our legitimate interest in improving our

services, making sure our app works properly,

and providing our users with the most

disruption-free experience possible.

Information about your use of our app such as

viewing activity, referring/exit pages, date and

timestamps, and related metadata. In addition,

we also receive aggregated demographic data

of our total user base from Apple and Google.

To improve the content of and the general user

experience of our app.

Our legitimate interest in providing our users

with an interesting experience.

3.4. When you register for or participate in our events

3.4.1. When you register for or participate in our events, we collect and use the following personal data.

Which personal data?

Why?

Legal basis?

Identity and contact details that you provide to

us in the context of, if applicable, your

registration and participation in our events (e.g.

name, email address, or company you work

for).

To process your registration and prepare,

organize and secure our events.

Our agreement with you through your

acceptance of the applicable terms.

Photo(s) taken during an event in which you

are recognizable.

To capture and share atmospheric images of the

event (e.g. on our website and our social

media).

Your consent. You can always withdraw your

consent as stipulated in article 7.

3.5. When you communicate with us

3.5.1. When you communicate with us via social media, telephone, email or any other digital communication channel, we collect and use the

following personal data.

Which personal data?

Why?

Legal basis?

Identity and contact details you provide to us,

the content of your communication, the

technical details of the communication itself

(e.g. date and time) and, if applicable, the

device you are using.

To enable communication between you and

us (e.g. when you contact us via social media,

telephone, or email).

Our legitimate interest in being able to

respond to requests, questions, or comments

or to proactively contact you with questions

of any kind.

3.6. In all of the above cases

3.6.1. However, for all personal data that we collect in the above circumstances, we would like to make it clear that we will also process your

personal data in the following cases.

Which personal data?

Why?

Legal basis?

The personal data above.

To comply with our legal obligations or to

comply with any reasonable request from

competent police forces, judicial authorities,

government agencies, or bodies, including

competent data protection authorities.

Our legal obligation.

The personal data above.

To prevent, detect and combat fraud or other

illegal or unauthorized activities.

Our legal obligation.

The personal data above.

To defend ourselves in legal proceedings.

Our legitimate interest in using your personal

data in these procedures.

The personal data above.

To inform a third party in the context of a

possible merger with, acquisition from/by or

demerger by that third party, even if that third

party is located outside the EU.

Our legitimate interest in being able to engage

in business transactions.

4. With whom do we share your personal data?

4.1. We do not share your personal data with anyone other than the people who work for us, as well as with the suppliers who help us with the

processing of your personal data or your employer if applicable. Anyone who has access to your personal data will always be bound by strict

legal or contractual obligations to keep your personal data safe and confidential.

4.2. Your personal data may be sent by us outside the European Economic Area (EEA) for the purposes stated above. If a transfer takes place, we

will take adequate safeguards to protect your personal data upon transfer (e.g., by entering into a contract based on standard data protection

clauses approved by the European Commission).

5. How long do we keep your personal data?

5.1. Your personal data will only be processed for as long as necessary to achieve the purposes described above or, if we have asked you for your

consent, until you withdraw your consent. In this article, we provide you with the information you need to assess how long we keep your

personal data identifiable.

5.2. As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention

period, as explained in this Article 5, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a

court or administrative order that prevents us from deleting it.

5.3. We keep all personal data that we collect through our website for as long as necessary to represent the legitimate interests referred to in

article 3.1 or until you withdraw your consent. We store technical information such as our server log files for 1 year after you visit our website,

after which they are deleted or de-identified.

5.4. We keep all personal data that we collect in the context of our services, whether or not via our mobile app, for as long as necessary to

perform the agreement with you or to represent the legitimate interests referred to in article 3.3. We keep your data in connection with the

management of your account and in connection with our services as long as you use our services. We will not retain technical information

relating to your use of our mobile app for more than 5 years after your last use of our app, after which it will be deleted or de-identified.

5.5. We keep all personal data that we collect in connection with our events for as long as necessary to perform the agreement with you, to

represent the legitimate interests mentioned in article 3.4 or until you withdraw your consent. If your photo has not been published, we will keep

your photo for no longer than 2 years after the relevant event. If you wish to object to a published photograph of you at an event, please notify us

(see Article 9).

5.6. We keep all personal data collected through our interactions with you via social media, phone, email or other digital communication

channels for as long as necessary to communicate with you, but also to keep a historical archive of our communications. This allows us to revert

to previous communications if you come back to us with new questions, requests, comments or other input.

6. How do we protect your personal data?

6.1. The security and confidentiality of the personal data we process are very important to us. That is why we have taken measures to ensure that

all personal data processed is kept secure. These measures include technical and organizational measures to secure our infrastructure, systems,

applications and processes. We have also taken other measures, such as taking internal policies, limiting processing to the personal data

necessary to achieve the purposes, minimizing the processing of personal data, pseudonymizing personal data when possible, taking backups of

personal data, and periodically reviewing our security measures.

7. Your rights in relation to your personal data

7.1. You have certain rights in connection with th eprocessing of your personal data: the right of access, rectification, deletion and portability of

personal data, as well as the right to object to or limit the processing of your personal data and to withdraw your consent. To exercise any of your

rights, please submit a written request to legal@surplusmarketing.be indicating the right to which your request relates. If you are still not

satisfied, you have the right to contact the competent data protection authority, i.e. the Belgian Data Protection Authority

(www.gegevensbeschermingsautoriteit.be).

8. Changes to this privacy policy

8.1. We may change this privacy policy on our own initiative and at any time. If material changes to this privacy policy may affect the processing

of your personal data, we will communicate these changes to you in a manner in which we normally communicate with you (e.g., by email or by

notice on our website or through our mobile app).

8.2. We invite you to review te latest version of this Privacy Policy on our website. Our privacy policy will indicate the date our privacy policy

was last modified.

9. Do you have any questions?

9.1. If you have any questions about the processing of your personal data, please do not hesitate to contact our privacy manager. You can contact

our privacy manager via email: legal@surplusmarketing.be