Privacy Policy — Artefix Agency

01

Who We Are

Artefix Agency is a digital agency based in Belgium, providing services including mobile application development, web development, artificial intelligence systems, marketing automation, content creation, and brand strategy.

For the purposes of the GDPR, Artefix Agency acts as the data controller for personal data collected through this website and through direct client engagement.

Trading name Artefix Agency

Country of operation Belgium, European Union

Contact email artefixbelgium@gmail.com

Supervisory authority Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit)

02

Data We Collect

We collect only the minimum personal data necessary to provide our services and respond to your enquiries. Below is an overview of the categories of data we may process.

Contact data Your name, email address, and any information you include in the body of a message sent via email or a contact form. This data is collected when you initiate contact with us.

Project & brief data Descriptions of your project, business, goals, timelines, and budgets shared during discovery calls or written project briefs. This data is provided voluntarily.

Communication data Email correspondence and any attachments exchanged during or after engagement. Retained as part of our service delivery record.

Technical data Basic server logs including IP address, browser type, operating system, referral URL, and page visit timestamps. This data is collected automatically when you access this website.

Cookie data Session and preference cookies as described in Section 05. We do not use tracking cookies for advertising purposes.

We do not collect sensitive personal data (special categories under GDPR Art. 9), financial account details, government-issued identification numbers, or any data from minors under the age of 16.

03

How We Use Your Data

We use personal data strictly for the following purposes. We do not sell, rent, or monetise your personal data in any form.

Responding to enquiries and scheduling discovery calls or strategy sessions
Delivering and managing services commissioned by you, including project scoping, development, and delivery
Maintaining communication records for contract fulfilment and accountability
Invoicing and fulfilling legal or contractual obligations arising from engagement agreements
Improving the functionality, performance, and content of this website using aggregated, anonymised technical data
Complying with applicable legal obligations including tax, accounting, and data protection law

04

Legal Basis for Processing

Under the GDPR, every processing activity must rest on a lawful basis. The following bases apply to our processing activities:

Consent
Art. 6(1)(a) When you voluntarily contact us by email or submit a project brief, you consent to us processing the data contained in that communication for the purpose of responding to you.

Contract performance
Art. 6(1)(b) Processing is necessary to fulfil a contract to which you are a party, or to take steps at your request prior to entering into a contract — such as scoping a project or preparing a proposal.

Legal obligation
Art. 6(1)(c) Processing is necessary to comply with Belgian or EU legal obligations, including tax and accounting requirements under Belgian law.

Legitimate interests
Art. 6(1)(f) Processing of technical/server log data to maintain website security and performance. This interest does not override your fundamental rights and freedoms.

05

Cookies & Tracking

This website uses a minimal cookie footprint in line with the ePrivacy Directive and Belgian DPA guidance. We do not deploy advertising cookies, cross-site tracking pixels, or third-party behavioural analytics.

Essential cookies Strictly necessary for the website to function correctly (e.g. session state, security tokens). These do not require consent under GDPR/ePrivacy.

Preference cookies Used to remember user interface preferences (e.g. language, theme) within a single session or across sessions. Set only when the feature is used.

Analytics If analytics are introduced in future, they will be privacy-respecting, cookieless, and disclosed here prior to deployment.

Third-party cookies Google Fonts are loaded from Google's CDN when you first visit the site. Google may set performance cookies via this request. You can disable third-party cookies in your browser settings.

You can manage, restrict, or delete cookies at any time through your browser settings. Disabling essential cookies may affect website functionality. Instructions for major browsers: Chrome · Firefox · Safari.

06

Third-Party Services & Data Sharing

We do not sell or share your personal data with third parties for marketing purposes. We may share data with the following categories of trusted service providers solely to the extent necessary for service delivery:

Email service providers — used to send and receive business correspondence (e.g. Gmail / Google Workspace). Subject to Google's data processing terms and privacy policy.
Cloud infrastructure providers — used for hosting project deliverables, collaboration tools, and file storage. All providers used are GDPR-compliant or covered by EU Standard Contractual Clauses.
Accounting & invoicing tools — used for billing purposes. Only the minimum data required for invoice generation is shared (name, company, address, email).
Legal or regulatory authorities — data may be disclosed if required by applicable law, a court order, or a binding request from a competent Belgian or European authority.

We do not use sub-processors beyond those described above without updating this policy. All third-party providers are selected for GDPR compliance and contractually bound to appropriate data protection terms.

07

Data Retention

We retain personal data only for as long as necessary for the purpose it was collected, or as required by applicable law. The following retention periods apply as a general guideline:

Pre-contract enquiries Data from initial contact or project briefs that did not lead to a formal engagement is deleted or anonymised within 12 months of the last communication.

Active client data Retained for the duration of the engagement and for 5 years after project completion for contractual and accountability purposes.

Financial & invoice records Retained for 7 years in compliance with Belgian accounting law (Code des sociétés et des associations / Art. III.86).

Server & access logs Technical logs are retained for a maximum of 90 days for security and diagnostic purposes, then automatically purged or anonymised.

Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. You may request early deletion of your data — see Section 09 for your rights.

08

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure, in accordance with Article 32 of the GDPR.

All email communications are transmitted over TLS-encrypted connections
Access to client data and project files is restricted on a need-to-know basis
Cloud storage and collaboration tools used are secured with two-factor authentication
No sensitive personal data (financial credentials, passwords) is ever requested or stored
We review our security practices periodically and update them in response to new threats

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Belgian Data Protection Authority within 72 hours as required by GDPR Art. 33, and affected individuals without undue delay where required by Art. 34.

09

Your Rights Under GDPR

As a data subject under the GDPR, you hold the following rights with respect to your personal data. These rights may be subject to specific conditions and limitations set out in the regulation.

📋

Right of Access

Request a copy of all personal data we hold about you and information on how it is used (Art. 15).

✏️

Right to Rectification

Request correction of inaccurate or incomplete personal data without undue delay (Art. 16).

🗑️

Right to Erasure

Request deletion of your personal data where there is no compelling legal reason to retain it ("right to be forgotten", Art. 17).

⏸️

Right to Restriction

Request that we restrict processing of your data in certain circumstances, such as while accuracy is disputed (Art. 18).

📦

Right to Portability

Receive your data in a structured, machine-readable format and transmit it to another controller (Art. 20).

🚫

Right to Object

Object at any time to processing based on legitimate interests or for direct marketing purposes (Art. 21).

↩️

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing (Art. 7).

⚖️

Right to Lodge a Complaint

Lodge a complaint with the Belgian DPA (autoriteitspersoonsgegevens.be) if you believe your rights have been violated (Art. 77).

To exercise any of these rights, contact us at artefixbelgium@gmail.com. We will respond within one calendar month of receiving your request, as required by GDPR Art. 12. In complex or high-volume cases, this may be extended by a further two months, of which we will inform you.

10

International Data Transfers

As a Belgian entity, we process data primarily within the European Economic Area (EEA). Where we use third-party service providers — such as Google Workspace or cloud platforms — that may process data outside the EEA, we ensure that appropriate safeguards are in place in accordance with GDPR Chapter V.

These safeguards include, where applicable:

EU Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission for the destination country
Binding Corporate Rules adopted by the receiving entity

You may request further information about the specific safeguards applicable to any international transfer of your personal data by contacting us directly.

11

Children's Privacy

This website and our services are directed exclusively at business clients and adult individuals. We do not knowingly collect or process personal data from individuals under the age of 16 years.

If you believe that we have inadvertently received data from a minor, please contact us immediately at artefixbelgium@gmail.com and we will delete that data without delay.

12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or service offering. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of this website after a policy update constitutes acknowledgement of the revised terms. For significant changes affecting your rights, we will make reasonable efforts to notify you directly if we hold your contact information.

13

Contact & Data Controller

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have a concern about how your personal data is being handled, please contact us using the details below. We are committed to resolving all requests fairly and within the timeframes required by law.

Artefix Agency — Data Controller

Email artefixbelgium@gmail.com

Country Belgium, European Union

Response time Within 1 calendar month

Supervisory authority autoriteprotectiondonnees.be

You also have the right to lodge a complaint directly with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) at any time, without prejudice to any other administrative or judicial remedy.