Privacy Policy

1. Who we are

This policy applies to the Bioketel.be website. The data controller is:

2. What data we collect

We only process data you provide to us or that is technically required to run the site:

• Contact form: name, e-mail address, message, and optionally phone number and company name.
• Technical data: IP address, browser type and language — processed by our hosting and security partner Cloudflare to deliver and secure the site.

We do not collect any special or sensitive categories of personal data.

3. Why we process this data

• Handling your enquiry (quote, advice, follow-up). Legal basis: performance of a contract or pre-contractual steps (Art. 6.1.b GDPR).
• Security, fraud and spam prevention. Legal basis: legitimate interest (Art. 6.1.f GDPR).
• Commercial follow-up and customer relationship management with existing customers. Legal basis: legitimate interest. You can object at any time, free of charge.
• Marketing (e.g. remarketing via Meta, LinkedIn or TikTok, newsletters). Legal basis: your explicit consent (Art. 6.1.a GDPR). Only carried out after you have opted in via our cookie banner or another explicit opt-in.

4. How long we keep your data

Your contact details and form submissions are kept until you ask us to delete them. Send your request to [email protected]. Technical and security log data at Cloudflare are retained for a maximum of 30 days.

5. Who we share your data with

We never sell your data. We do use the following processors, each under a data processing agreement:

• Cloudflare, Inc. — edge network, CDN and bot mitigation (Turnstile). Processing may take place outside the EEA; covered by Standard Contractual Clauses.
• Salvation — our internal self-hosted platform behind Cloudflare, where form submissions and contacts are stored and managed.
• Brevo SAS (France) — used through Salvation as our e-mail platform (transactional e-mails and newsletter management).
• Meta Platforms Ireland, LinkedIn Ireland, TikTok Technology Limited — only used if you have consented to marketing. Through Salvation, contact details may be shared for custom audiences and conversion measurement.
• YouTube / Google LLC — only when you play an embedded video. We use the privacy-enhanced mode, but once you click play Google's terms apply.

6. Transfers outside the EEA

Some of our processors (notably Cloudflare, Google/YouTube, TikTok) may process data outside the European Economic Area. These transfers rely on the European Commission's Standard Contractual Clauses (Art. 46 GDPR) and, where applicable, the EU-US Data Privacy Framework.

7. Your rights

Under the GDPR you have the right to:

• access your data (Art. 15);
• rectify inaccurate data (Art. 16);
• erasure (Art. 17);
• restrict processing (Art. 18);
• data portability (Art. 20);
• object to processing based on legitimate interest or direct marketing (Art. 21);
• withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise these rights, e-mail [email protected]. You can also lodge a complaint with the Belgian Data Protection Authority, Rue de la Presse 35, 1000 Brussels, or via dataprotectionauthority.be.

8. Security

All connections to the site are encrypted via TLS. Forms are protected by Cloudflare Turnstile against automated abuse. Access to personal data within our internal platform is limited to staff who need it for their duties.

9. Cookies

For a detailed overview of cookies and similar technologies, see our cookie policy.

10. Changes

We may update this policy. For significant changes we will notify you via the site. The date above reflects the most recent version.

11. Contact

Questions? Contact us at [email protected].