THE LOUISE APP  
Privacy Policy  
VS01 16th February 2026  
1
THE LOUISE APP PRIVACY POLICY  
0) General Terms  
This App Privacy Policy Charter establishes the fundamental rules ensuring optimal use of the app, available to  
tenants, staff, and external service providers within the building.  
These rules complement applicable legislation, particularly those relating to computer fraud, copyright protection,  
and data protection.  
1) Data Controller  
The Data Controller is Ility. If appointed, the Data Protection Officer (DPO) can be reached at the below contact.  
2) Scope of This Policy  
This privacy policy applies to users of The Louise App (tenants, occupants, registered visitors, service providers)  
and administrative users (facility & property managers).  
3) Data We Collect  
Depending on activated modules (Booking, Access Control, Services, Comfort Control), we may collect:  
-
-
-
-
-
-
Identification data: name, email, company.  
Access control data: mobile key identifiers, access logs, location.  
Booking data: room reservations, schedules, resources used.  
Services data: requests, tickets, photos, communication.  
Comfort control data: environmental preferences, interaction with HVAC/lighting systems.  
Technical logs and analytics: app performance, crash reports (aggregated).  
Data categories classified as sensitive (e.g. biometrics) are NOT collected.  
4) Purpose of Processing  
We use your data to provide and manage the app, secure building access, operate services, enable room bookings,  
manage comfort controls, improve user experience, ensure safety, and comply with legal obligations.  
5) Legal Basis  
-
-
-
Contract performance: user account, access control, bookings, services.  
Legitimate interest: building security, app improvement, aggregated occupancy.  
Legal obligation: workplace regulations, safety.  
6) Data Retention  
We keep data only as long as necessary:  
-
-
-
-
-
-
-
User profile: as long as the account is active.  
Access logs: 90 days, then anonymised.  
Booking data: 12 months.  
Service requests: 2 years.  
IoT comfort data: 36 months.  
Technical logs & analytics: 13 months.  
Backups: 30 days retention cycle.  
7) Data Sharing  
We may share data with authorised building operators (facility management), subcontractors (hosting, access  
control, IoT, support), and authorities when legally required. We do not sell data to third parties.  
8) International Transfers  
If data is transferred outside the EEA, appropriate safeguards (Standard Contractual Clauses, additional measures)  
will be applied.  
9) Security Measures  
We apply industry‑standard measures: encryption in transit and at rest, access control (RBAC), monitoring, audits,  
privacy by design and by default.  
10) Your Rights  
You may request: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.  
Contact us at benoit.christiaens@realestate.bnpparibas. You can lodge a complaint with your local Supervisory  
Authority.  
11) Cookies & Tracking  
We use strictly necessary cookies/SDKs, and with consent, analytics for performance and crash diagnostics.  
Preferences can be managed within the app.  
12) Automated Decision-Making  
The Louise App does not rely on automated decision-making that produces legal effects. Analytics and occupancy  
insights remain aggregated and pseudonymised.  
13) Changes to This Policy  
We may update this policy occasionally. In case of substantial changes, you will be notified within the app or by  
email.  
14) Contact  
Requests may be addressed to the Data Protection Officer (DPO) at:  
-
-
BNP PARIBAS Real Estate Belgium SA - Avenue Louise 235 1050 Bruxelles Belgium  
benoit.christiaens@realestate.bnpparibas - +32 471 82 62 14