Privacy Policy

How we collect, use, and protect your personal data

Last updated: February 9, 2026

OOND Dev Consultant ("OOND", "we", "us", or "our"), established at Schoolstraat 48, 1880 Kapelle-Op-Den-Bos, Belgium, is committed to protecting the privacy and personal data of our website visitors, clients, and business contacts. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with:

  • The General Data Protection Regulation (EU) 2016/679 ("GDPR")
  • The Belgian Data Protection Act of 30 July 2018
  • The NIS2 Directive (EU) 2022/2555 on cybersecurity
  • The EU AI Act (EU) 2024/1689, where applicable

1. Data Controller

The data controller responsible for processing your personal data is:

OOND Dev Consultant
Besloten Vennootschap (BV)
Schoolstraat 48
1880 Kapelle-Op-Den-Bos
Belgium
VAT: BE 0791.395.482
Email: service@oond.be

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Data you provide directly

  • Contact information: name, email address, phone number (when you use our contact form or reach out to us)
  • Professional information: company name, job title, project details (when you request our services)
  • Communication data: the content of messages you send us

2.2 Data collected automatically

  • Technical data: IP address (anonymised), browser type, operating system, device information
  • Usage data: pages visited, time spent on pages, referral source

2.3 Data from third parties

We may receive personal data from Formspree (our form processing provider) when you submit our contact form. We do not purchase personal data from data brokers or third-party sources.

3. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data based on one or more of the following legal grounds:

  • Consent (Art. 6(1)(a)): When you voluntarily submit a contact form or subscribe to communications. You may withdraw consent at any time.
  • Contract performance (Art. 6(1)(b)): When processing is necessary to perform a contract with you or to take pre-contractual steps at your request.
  • Legitimate interest (Art. 6(1)(f)): For website security, analytics (anonymised), and improving our services, provided this does not override your fundamental rights.
  • Legal obligation (Art. 6(1)(c)): When we are required by Belgian or EU law to process or retain certain data (e.g., accounting obligations).

4. How We Use Your Data

We use your personal data for the following purposes:

  • Responding to your enquiries and contact form submissions
  • Providing and delivering our consulting and training services
  • Sending project-related communications
  • Issuing invoices and managing our accounting obligations
  • Improving our website and user experience
  • Ensuring the security and integrity of our website
  • Complying with legal and regulatory obligations

We do not use your personal data for automated decision-making or profiling as defined under Article 22 of the GDPR.

5. AI and Automated Tools

In accordance with the EU AI Act (Regulation (EU) 2024/1689), we are transparent about our use of artificial intelligence:

  • We may use AI-assisted tools in the course of delivering our development consulting and training services.
  • We do not deploy high-risk AI systems as defined under Annex III of the EU AI Act on this website or in the processing of your personal data.
  • We do not use AI systems for biometric identification, emotional recognition, social scoring, or any prohibited practices listed under Article 5 of the EU AI Act.
  • Any AI tools used in our service delivery are disclosed to the client as part of our project agreements.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients, only to the extent necessary:

  • Formspree Inc. (form processing) — processes contact form submissions on our behalf. Data may be transferred to the United States under appropriate safeguards (Standard Contractual Clauses).
  • Hosting provider — our website hosting provider processes technical data necessary for website operation.
  • Accountant / legal advisors — for compliance with Belgian tax and accounting obligations.
  • Competent authorities — when required by Belgian or EU law, or in response to a valid legal request.

All third-party processors are bound by data processing agreements in accordance with Article 28 of the GDPR.

7. International Data Transfers

When personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place as required by Chapter V of the GDPR, including:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Where applicable, the EU-US Data Privacy Framework

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Contact form submissions: up to 12 months after last communication, unless a business relationship is established
  • Client project data: for the duration of the project plus 7 years (Belgian accounting obligations under the Code of Economic Law)
  • Invoicing and financial data: 7 years (Belgian tax law)
  • Website analytics data: anonymised and aggregated; no personal data retained

After the retention period expires, your data is securely deleted or anonymised.

9. Data Security (NIS2 Compliance)

In line with the NIS2 Directive (EU) 2022/2555 and Belgian cybersecurity standards, we implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS/TLS encryption for all data in transit
  • Secure hosting infrastructure with regular updates and patches
  • Access control: personal data is accessible only to authorised personnel
  • Regular review of security measures and risk assessments
  • Incident response procedures for personal data breaches, including notification to the Belgian Data Protection Authority within 72 hours where required by Article 33 of the GDPR

10. Cookies and Tracking

Our website uses only strictly necessary cookies that are essential for the functioning of the website (e.g., session management, language preferences). These cookies do not require your consent under Article 5(3) of the ePrivacy Directive (2002/58/EC).

We do not use:

  • Third-party tracking cookies
  • Advertising or marketing cookies
  • Social media tracking pixels
  • Google Analytics or similar analytics tracking services

If we introduce analytics or non-essential cookies in the future, we will implement a cookie consent mechanism before activation, in accordance with Belgian and EU law.

11. Your Rights

Under the GDPR (Articles 15–22) and the Belgian Data Protection Act, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to restrict processing (Art. 18): Request limitation of processing in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Withdraw any previously given consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Right not to be subject to automated decisions (Art. 22): Not to be subject to decisions based solely on automated processing, including profiling.

To exercise any of these rights, please contact us at service@oond.be. We will respond to your request within 30 days, as required by the GDPR.

12. Right to Lodge a Complaint

If you believe that we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Belgian supervisory authority:

Gegevensbeschermingsautoriteit (GBA)
Data Protection Authority
Drukpersstraat 35
1000 Brussels, Belgium
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be

13. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legislation. Any material changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

15. Contact Us

If you have questions or concerns about this Privacy Policy or about how we handle your personal data, please contact us:

OOND Dev Consultant
Schoolstraat 48
1880 Kapelle-Op-Den-Bos, Belgium
Email: service@oond.be