Last updated: 2026-01-07
1) Who we are
(*Replace with your legal entity name & address*)
2) What data we collect
a) Data you provide
- Contact details you submit (e.g., name, email address, company) via forms or email.
- Message content and attachments you send us.
- Event registration details (if applicable): attendee info, ticket type, and confirmation status.
b) Data collected automatically
- Server logs (e.g., IP address, date/time, requested page, user agent, referrer) for security and troubleshooting.
- Essential cookies (if used) to keep the site functioning properly.
We do not intentionally collect special categories of personal data (e.g., health, religion). Please don’t send such data.
3) Why we process data (purposes) and legal bases
- To respond to inquiries (Article 6(1)(b) GDPR — steps prior to contract; or 6(1)(f) legitimate interest).
- To deliver requested services such as quotes, onboarding, support, and project communications (Article 6(1)(b)).
- To send newsletters (where applicable) (Article 6(1)(a) consent).
- To secure and maintain our website (Article 6(1)(f) legitimate interest).
- To comply with legal obligations (Article 6(1)(c)).
4) Cookies and analytics
We may use cookies to ensure the site works and to understand how visitors use the site. If we deploy non-essential cookies (e.g., analytics/marketing), we will request your consent before placing them.
- Essential cookies: required for core functionality and security.
- Analytics cookies (optional): help us measure traffic and improve content.
If you add a cookie banner/consent manager, mention it here (and link to a Cookie Policy if you have one).
5) Sharing data with third parties
We may share personal data with trusted service providers (“processors”) only as needed to run the site and services, for example:
- Hosting and infrastructure providers
- Email delivery / newsletter platforms
- Customer support or CRM tools
- Payment providers (only if you purchase a service)
We do not sell personal data.
6) International transfers
If a provider processes data outside the European Economic Area, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) and assess the provider’s protections where required.
7) Data retention
We keep personal data only as long as necessary for the purposes described above, including:
- Inquiries: typically up to 24 months after last contact.
- Customer records: for the duration of the contract and as required by accounting/tax law.
- Security logs: typically 30–180 days, unless needed to investigate incidents.
- Newsletter: until you unsubscribe.
Adjust retention periods to match your actual practice and legal obligations in Belgium.
8) Your rights (GDPR)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure (where applicable)
- Restrict processing
- Data portability (where applicable)
- Object to processing based on legitimate interests
- Withdraw consent at any time (for consent-based processing, e.g., newsletter)
To exercise your rights, contact us at privacy@opensource-enterprise.com.
You also have the right to lodge a complaint with your local data protection authority. In Belgium, this is the Gegevensbeschermingsautoriteit / Autorité de protection des données.
9) Security
We take reasonable technical and organizational measures to protect personal data, including access control, least-privilege, encryption where appropriate, and monitoring for abuse. No method of transmission or storage is 100% secure.
10) Children
Our website and services are not directed to children. If you believe a child has provided us personal data, please contact us so we can delete it.
11) Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above.
12) Contact
Questions about privacy? Email us at privacy@opensource-enterprise.com.