Last updated: 25/06/2018

At GDPR Form we care about your privacy. That’s why we only collect personal data if we have a good reason to do so. That’s also why we want to communicate transparently about what we do with your personal data. Here it goes…

Who are we?

The legal entity behind GDPR Form is Next Ventures BVBA which has its registered office at the following address Oudesteenweg 33 Box 502 2060 Antwerpen VAT number BE 0560.762.245. For ease of reference, we will just refer to ourselves as GDPR Form in this privacy policy.

GDPR Form can be reached on the following e-mail address

Which personal data do we collect and why?

If you just visit our website we do not collect any personal data. Basically, we will only collect personal data in the following instances:

  1. If you ask us a question using the chatbot, a contact form or e-mail,
  2. If you subscribe to our free or paid plans,
  3. If you subscribe to our newsletter,
  4. If you apply for a job with us.

That’s it. Below you can also find what type of personal data we collect, what we use it for and how long we will keep it, so there will be no surprises:

Your first and last name, Your address & Your company details

Pretty logical. We cannot be sure to address you correctly if we don’t know who you are; and if you enter into a contract with us we will need to make sure we know who we are dealing with as is the case if you apply for a job with us. We will keep this information in our customer or candidate database for as long as you do not object to us keeping it. If you no longer want us to keep this information, you can always let us know.

Please do note that for as long as we have an ongoing contract we are not be able to remove this information from our databases as we will need it to execute the contract.

And even after our contract has ended, we may be under a legal information to hold on to some of this information for a bit longer. For example: under accounting legislation we must keep copies of our invoices which may mention your name or address.

Phone number & E-mail address

This is so we can easily contact you. In principle, we will never contact you unless it is to answer a question, if we are working on an assignment for you or if you have applied for a job with us. If we think we have a really good offer for you, we may exceptionally also contact you.

We may also use your e-mail address to send you our newsletter. We do not want to spam you and we understand if you would rather not receive any newsletters. If that is the case, you can always let us know or you can unsubscribe from our mailing list using the link you can find at the bottom of each newsletter.

In addition, we may use a custom audience tool from third party advertisers LinkedIn and Twitter that allows us to personalize our ads based on your shopping experience with us. These tools work by converting your e-mail address to a unique number that third party advertiser can match to unique numbers from e-mail addresses of its users. You can read more about this application on the privacy statement of Twitter and LinkedIn.

As is the case for your name and address, we will also keep your e-mail address and your phone number in our customer or candidate database for as long as you do not object to us keeping it. If you no longer want us to keep this information, you can also always let us know.

Please do note that for as long as we have an ongoing contract we are not able to remove this information from our databases as we will need it to execute the contract. And even after our contract has ended, we may be under a legal obligation to hold on to some of this information for a bit longer. For example: under accounting legislation we must keep copies of our invoices which may mention your e-mail address.

Payment information

If you enter into an agreement with us and you make payments to us, we may become aware of personal data such as your account number or credit card information. This information will be safely processed by the payment provider(s) we work with, and we in principle never use such information, unless if we would have to pay you back!

IP-address, Preferences & Data provided in the portal

If you enter into an agreement with us, you will get access to a portal. If you make use of the portal, we may collect other personal data such as your IP-address or your browsing preferences (for example: language preference), as well as other personal data that you might provide us with through the portal. This information will help us tailor our services to you.

If you stop using our services, we will only keep this data for a period of 30 days after the end date of our contract with you (during which you will still have access to the portal). After that period of time, we will delete these data.

Information provided during job applications

If you apply for a position with us, your will probably provide us with personal data in your cover letter and your CV (such as: your grades, which schools you went to, previous jobs, etc.).

We will save the contact details, cover letter and CV of every job applicant in our candidate database and may contact you in the future regarding job opening that may be of interest to you. Of course, we will delete all this information from our candidate database if you don’t like us holding on to it. You can always let us know. If you only want us to contact you about specific job openings and you do not want us to keep you in our database afterwards, you can also let us know when applying for the position. In that case, we will only hold on to your personal data for as long as the selection procedure for that specific position is ongoing.

How do we protect your personal data?

You can rest assured: we take measures to ensure that your personal data is kept personal!
We work hard to protect your personal data against unauthorized access or disclosure. In order to do so, we take organizational measures ensuring that access to your data is restricted to those employees or agent who need to have access to it in order to help us process it. We are a tech company, so it won’t surprise you we also take a whole range of technical measures to protect your data. Technical measures include, for example encrypting any personal information (in transit and at rest), user access management and penetration testing. If you want more information about the measures we take, you can always contact us.

Do we share your data with others?

We will never sell your personal data to another party! We do use the services of the following external data processors :

  • Mailchimp (newsletters)
  • Stripe (payment)
  • AWS (infrastructure and web hosting)
  • Mailgun (transactional email)
  • Bugsnag (error monitoring)
  • Hotjar (heatmaps pages)
  • AdRoll (re-targeting)

We have entered into a data processing agreement with each of these external data processors which obliges them to only process your personal data based on our instructions and in compliance with this privacy policy. These data processors will also have to take sufficient precautions to prevent the loss of your data. All of these external data processors are based in the United States and have certified their compliance with the EU-US Privacy Shield Framework, which means they will respect comparable data protection standards as those that apply in Europe.

You should know that in the following exceptional circumstances your data could also be shared with others:

  • If we are under a legal obligation to share data with the authorities or if we have to share data to comply with an enforceable government request, we don’t have much of a choice and we will share the data the authorities ask for, which may include yours.
  • If another company decides to buy the shares of our company or decides to buy the website GDPR Form from us, we will of course have to transfer your data to that company. That company will then take over all obligations under this privacy policy.

Does GDPR Form use cookies or similar technologies?

a. What are cookies Cookies are small files existing of numbers and letters which are placed on your computer when you visit a website. Cookies are saved in your browser’s history and you can always delete them. You can also adjust your browser settings to prevent cookies from being saved on your computer. Learn how to do so here: · Chrome · Firefox · Internet Explorer · Edge · Safari (iOS) · Safari (macOS)

b. First party cookies when visiting the GDPR Form website or Portal If you just browse to the GDPR Form website, we will place a few first party cookies on your computer including Google Analytics. We have adapted the Google Analytics settings to ensure no personal data is collected when you just visit the website. When you visit the website, these cookies will be installed, unless your browser settings prevent this from happening:

Provider Purpose Name Expiry
Google Analytics Generating anonymous statistics on how visitors uses the website. Both cookies are used to distinguish users. We only used these cookies to enhance the user experience on our website and to know which parts of the website are most frequently visited or clicked on. We will never _ gid 24h
Google Analytics Get to see which user clicked where exactly, because all data will be anonymized. _ ga 2 years
Intercom Enables the intercom chatbot functionality intercom-state 20 years
Iubenda Functional cookie that stores that consent is provided with a timestamp _ iub_cs-41663263 1 year
Hotjar Functional cookie that stores whether visitor included in sample to generate Heatmaps _ hjIncludedInSample 1 year
AdRoll Remarketing cookie _ AdRoll 1 year
AdRoll Functional cookie that stores consent _ consent 1 year

b. Third Party cookies when visiting the GDPR Form website or Portal

We use third-party advertising companies Twitter and LinkedIn to serve you relevant ads on their websites. These advertising service providers may collect non-identifiable information about your visits to our site. Such non-identifiable information does not include your name, address, e-mail address or other personal information. The information is collected through the use of cookies and pixel tags.

You can learn more about this type of advertising and your choices by going to Your Online Choices. When you opt-out using these methods, a cookie will be placed on your device indicating that you have opted-out of interest-based advertising. If you delete your cookies, you will need to opt-out again. These websites also provide detailed information about interest-based advertising and tips for managing your online privacy.

Your customers’ privacy

If you (want to) make use of our services, it is because you care about the privacy of your own customers. While this privacy policy is meant to address the privacy concerns of our customers, you probably also want to know what we do with the data of your customers that you process using GDPR Form.

When your customer files a privacy request using GDPR Form, your customer’s first name, last name, and e-mail address as well as the type of privacy request made (i.e. the information the customer has to provide in the form) will be saved in your privacy portal. We will keep this information available for you in your portal, but we will never use such information ourselves for any other purpose than to help you process it in accordance with our data processing agreement.

If you terminate your contract with us, we will keep your portal open for 30 more days after our contract has ended, so that you can make sure to download the information you wish to keep. After that, we will delete all information that you saved in your portal. We repeat: we will never, ever use this information for other purposes than helping you process the data.

Can we change this privacy policy?

We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes).

Your rights

You may request us to send you a summary of the personal data processed about you. If you feel that your personal data have been processed incorrectly or incompletely, or if you feel that such processing was unnecessary, then you also can also ask us to edit, supplement or erase your personal data from our databases. Under the applicable privacy legislation, you also have the right to restrict processing, the right to data portability and the right to object to processing. If you want to know what all of this means precisely, you can find more information on the website of the Belgian privacy commission.

If you have any further privacy concerns or if you want to exercise your rights, you can contact us by letter (at Oudesteenweg 33 box 502, 2060 Antwerp, Belgium) by e-mail (on or through the following form.

We will do our best to answer all your queries as soon as possible and we’re always open to feedback. We hope that won’t be the case, but if you do feel unhappy about how we handle your privacy requests, you may of course always contact the Belgian privacy commission.