Privacy Policy

2. Who is responsible for your data?

The data controller is:

EKSPOSE BV
Company number: BE 0541.832.102
Registered in Belgium
Registered office: Wapenhaghestraat 32, 2600 Antwerpen, Belgium

Privacy-related requests may be submitted exclusively through the privacy form made available within the Services or on the Company's website.

When determining the purposes and means of processing personal data, the Company acts as data controller.

In certain technical or operational contexts, the Company may act as data processor on behalf of its customers.

3. What data we collect

Only data necessary to operate, improve, and secure the Services is collected.

a) Data you provide directly

This may include:

• First and last name
• Professional email address
• Company name and role
• Contact information
• Account credentials
• Billing and subscription information
• Messages or requests submitted through forms

b) Data collected automatically

When using the Services, certain technical data may be collected, including:

• IP address
• Browser type and device information
• Usage logs and interaction data
• Timestamps and access activity
• Technical identifiers

c) Business contact data

The Services may process professional contact information such as:

• Name
• Job title
• Company affiliation
• Public professional contact details

This data is limited strictly to business contexts and does not include sensitive personal data.

d) Information voluntarily shared

Any information you choose to provide through forms, support requests, or product feedback.

4. Why we process your data

Personal data is processed for the following purposes:

• Providing and operating the Services
• Creating and managing user accounts
• Delivering browser extension and platform functionality
• Managing subscriptions and billing
• Responding to support or privacy requests
• Improving product performance and usability
• Ensuring platform security and fraud prevention
• Meeting legal and regulatory obligations
• Analyzing usage trends and product adoption

Personal data is not used for purposes incompatible with those listed above.

5. Legal grounds for processing

Depending on the context, processing is based on:

• Performance of a contract (Article 6(1)(b) GDPR)
• Legitimate interests (Article 6(1)(f) GDPR), such as product improvement and business operations
• Legal obligations (Article 6(1)(c) GDPR)
• Consent, where required (Article 6(1)(a) GDPR)

When relying on legitimate interest, a balancing test is conducted to ensure your rights and freedoms are not overridden.

6. Data retention

Personal data is retained only as long as necessary:

• Account data: for the duration of the active account
• Customer data: for the duration of the contractual relationship
• Prospect data: up to 3 years after last interaction
• Billing and accounting records: up to 10 years (legal obligation)
• Support and privacy requests: until resolution, then archived
• Security logs: limited retention for protection purposes

After expiration of retention periods, data is securely deleted or anonymized.

7. Who may access your data

Access to personal data is strictly limited.

Data may be accessed by:

• Authorized internal team members
• Trusted service providers (hosting, infrastructure, analytics, billing)
• Public authorities where legally required

All third parties are contractually bound by confidentiality and data protection obligations.

The Company does not sell personal data.

8. International data transfers

The Services are primarily hosted within the European Economic Area (EEA).

If personal data is transferred outside the EEA, appropriate safeguards are applied, including:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Additional technical and organizational safeguards

9. Data security

Appropriate technical and organizational measures are implemented, including:

• Access control and authentication mechanisms
• Encrypted connections (HTTPS)
• Secure infrastructure providers
• Monitoring and logging
• Restricted internal access policies

While no system can guarantee absolute security, continuous efforts are made to minimize risk.

10. Cookies and tracking technologies

Cookies and similar technologies may be used to:

• Enable essential functionality
• Improve user experience
• Analyze website and product usage

Where required by law, cookies are used only after consent is obtained.

Cookie preferences can be managed or withdrawn at any time via browser settings or the cookie banner.

11. Your rights under GDPR

You have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Request deletion ("right to be forgotten")
• Restrict processing
• Object to processing
• Withdraw consent at any time
• Request data portability
• Lodge a complaint with a supervisory authority

Requests may be submitted through the privacy form available within the Services or on the Company's website.

Identity verification may be required before fulfilling certain requests.

12. Third-party websites and integrations

The Services may include integrations or links to third-party tools.

The Company is not responsible for the privacy practices of such third parties.

Users are encouraged to review third-party privacy policies independently.

13. Children

The Services are intended exclusively for professional users.

The Company does not knowingly collect personal data from individuals under the age of 16.

14. Updates to this Privacy Policy

This Privacy Policy may be updated to reflect legal, technical, or operational changes.

The most recent version will always be available through the Services or the Company's website, including the latest revision date.

Continued use of the Services after changes constitutes acceptance of the updated policy.

15. Contact

For privacy-related questions or requests, a dedicated privacy form is available within the Services or on the Company's website.