Privacy Policy

BeLogic AI SRL ("BeLogic AI," "we," "us") is the data controller for personal data collected through our website, services, and communications. Registered address: Brussels, Belgium Email: privacy@belogic.ai VAT: BE 0XXX.XXX.XXX For any data protection enquiries, contact our Data Protection Officer at dpo@belogic.ai.

We collect personal data only when necessary and with a clear legal basis. The categories include: Contact information — Name, email, phone number, company name, and job title when you fill out forms, book a call, or subscribe to our newsletter. Usage data — Pages visited, time on site, referral source, browser type, and device information. Collected via privacy-respecting analytics (no third-party tracking pixels). Communication data — Contents of emails, form submissions, and support requests you send us. Client project data — Data shared during engagements is governed by a separate Data Processing Agreement (DPA) and is not covered by this policy. We do not purchase data from third parties or engage in data brokering.

Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal grounds: Consent — For newsletter subscriptions and marketing communications. You can withdraw consent at any time. Contractual necessity — To deliver services you've engaged us for, respond to enquiries, and manage client relationships. Legitimate interest — For website analytics, security monitoring, and improving our services. We balance our interests against your rights through regular assessments. Legal obligation — To comply with tax, accounting, and regulatory requirements under Belgian and EU law.

We use personal data to: • Respond to contact form submissions and service enquiries • Deliver and improve our AI agent services • Send newsletters and product updates (with your consent) • Analyse website usage to improve user experience • Process payments and manage invoicing • Comply with legal and regulatory obligations • Protect against fraud and ensure platform security We never use your data for automated decision-making or profiling that produces legal effects. AI agents we build for clients operate under separate, dedicated data governance frameworks.

We do not sell, rent, or trade personal data. We share data only with: Service providers — Carefully vetted processors who help us operate (hosting, email, analytics). All processors operate under approved transfer mechanisms and data processing agreements. Legal requirements — When required by applicable law, regulation, or valid legal process. Business transfers — In the event of a merger or acquisition, personal data may be transferred. We will notify you in advance. For EU-based clients, data remains within the European Economic Area (EEA) by default. For all clients, data is hosted in the region of your choice — your infrastructure, your rules.

We implement robust technical and organisational measures to protect your data: • Encryption in transit (TLS 1.3) and at rest (AES-256) • Access controls with role-based permissions and MFA • Regular security audits and annual penetration testing • ISO 27001-aligned security management practices • Automated vulnerability scanning and patch management • Employee security awareness training • Incident response procedures with 72-hour breach notification No system is perfectly secure. If a breach affects your data, we will notify you and the Belgian Data Protection Authority within 72 hours as required by GDPR Article 33.

We retain personal data only as long as necessary for the purpose it was collected: Contact enquiries — 12 months after last interaction, then anonymised or deleted. Newsletter subscribers — Until you unsubscribe. We remove your data within 30 days of unsubscription. Client data — For the duration of the engagement plus 5 years (Belgian commercial record-keeping requirements). Invoicing data — 7 years (Belgian tax law). Website analytics — Aggregated and anonymised. No individual-level data retained beyond 26 months. When retention periods expire, data is securely deleted or irreversibly anonymised.

Under GDPR, you have the right to: Access — Request a copy of the personal data we hold about you. Rectification — Correct inaccurate or incomplete data. Erasure — Request deletion of your data ("right to be forgotten") where there is no compelling reason for continued processing. Restriction — Request that we limit how we use your data. Portability — Receive your data in a structured, commonly used, machine-readable format. Objection — Object to processing based on legitimate interest, including direct marketing. Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior processing. To exercise any of these rights, email privacy@belogic.ai. We respond within 30 days. If unsatisfied with our response, you may lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).

Our website uses minimal, privacy-respecting cookies: Essential cookies — Required for the website to function (session management, security). No consent required. Analytics cookies — Privacy-focused analytics to understand site usage. We use cookieless or first-party-only solutions — no Google Analytics, no Facebook pixels, no third-party trackers. We do not use advertising cookies, retargeting pixels, or cross-site tracking of any kind. You can manage cookie preferences through your browser settings. Blocking essential cookies may affect site functionality.

Our services are designed for businesses and professionals. We do not knowingly collect personal data from anyone under the age of 16. If we become aware that we have collected data from a child, we will delete it immediately. If you believe a child has provided us with personal data, please contact privacy@belogic.ai.

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will: • Update the "Last updated" date at the top of this page • Notify newsletter subscribers by email • Post a prominent notice on our website for 30 days We encourage you to review this policy periodically. The latest version is always available at belogic.ai/privacy.

For any questions about this Privacy Policy or how we handle your data: Email: privacy@belogic.ai DPO: dpo@belogic.ai Postal: BeLogic AI SRL, Brussels, Belgium We aim to respond to all privacy enquiries within 5 business days. For complaints, you may also contact: Belgian Data Protection Authority Rue de la Presse 35, 1000 Brussels https://www.autoriteprotectiondonnees.be