Xameco logo

Privacy

How we protect and process your personal data

Our policy explains what personal data we collect, why we use it, how we keep it secure, and the rights you have under GDPR and Belgian law.

Xameco SRL ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This policy describes how we handle personal data when you visit our website, contact us, or use our products and services.

Introduction & scope

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, and the rules on cookies and electronic communications applicable in Belgium.

"Personal data" means any information relating to an identified or identifiable natural person. By using our website and services, you acknowledge that you have read and understood this policy.

Who we are

The controller responsible for processing your personal data is:

Xameco SRL
Rue des Lovières, 36
1450 Blanmont, Belgium
Company number (BCE/KBO): 0538.922.595
Email: privacy@xameco.be · Phone: +32 475 420620

Data Protection Officer

For questions about this policy or how we handle your data, you can contact our Data Protection Officer at dpo@xameco.be.

Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity & contact data — name, email address, phone number, postal address, company name and role.
  • Account data — username, password (stored in hashed form), preferences and settings.
  • Transaction data — orders, invoices, and billing details (we do not store full card numbers; payments are handled by our payment provider).
  • Communications — the content of messages you send us through forms, email, or chat.
  • Technical & usage data — IP address, browser and device type, pages visited, and timestamps, collected through cookies and similar technologies.

We collect this data directly from you, automatically as you use our website, and — where applicable — from third parties such as [partners / public registers]. We do not knowingly collect more data than necessary for the purposes described below.

Purposes & legal bases

We only process personal data where the GDPR gives us a valid legal basis (Article 6 GDPR). Below is a summary of why we process your data and the basis we rely on.

Purpose examples

  • Providing our services — identity, account, transaction data (Contract — Art. 6(1)(b)).
  • Responding to enquiries — identity, contact, communications (Legitimate interest — Art. 6(1)(f)).
  • Sending marketing — identity and contact data (Consent — Art. 6(1)(a)).
  • Meeting legal obligations — transaction and identity data (Legal obligation — Art. 6(1)(c)).
  • Improving our website — technical and usage data (Legitimate interest — Art. 6(1)(f)).

Where we rely on consent, you may withdraw it at any time without affecting processing carried out before withdrawal. Where we rely on legitimate interest, you may object to the processing.

Cookies & similar technologies

A cookie is a small text file placed on your device when you visit our website. We also use comparable technologies such as pixels and local storage. In line with the ePrivacy rules and the GDPR, we only place non-essential cookies after you have given your consent.

You can withdraw or change your consent at any time via our [cookie settings link], and you can block or delete cookies through your browser settings. Refusing non-essential cookies will not prevent you from using the core parts of the site.

How long we keep your data

We keep personal data only for as long as necessary for the purposes for which it was collected, or for as long as required by law.

  • Account data — for the duration of your account and up to [X months] afterwards.
  • Invoicing and accounting records7 years, in line with Belgian accounting and tax law.
  • Contact-form messages — up to [X months] after your request is resolved.
  • Marketing consent — until you unsubscribe or withdraw consent.
  • Analytics data[X months].

Who we share your data with

We never sell your personal data. We share it only where necessary, and always with appropriate safeguards:

  • Service providers — hosting, email, payment, and analytics providers who process data on our behalf.
  • Professional advisers — accountants, auditors, and lawyers, where required.
  • Public authorities — where we are legally obliged to disclose data.

International data transfers

We aim to keep your personal data within the European Economic Area (EEA). Where a provider processes data outside the EEA, we ensure an adequate level of protection in accordance with Chapter V of the GDPR.

Your rights

Under the GDPR you have the following rights. You can exercise them free of charge by contacting us at privacy@xameco.be; we will respond within one month.

  • Access — obtain confirmation of whether we process your data and receive a copy of it.
  • Rectification — have inaccurate or incomplete data corrected.
  • Erasure — ask us to delete your data in the cases the law allows.
  • Restriction — ask us to limit processing in certain situations.
  • Portability — receive data you gave us in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest and to direct marketing.
  • Withdraw consent — withdraw any consent you have given at any time.

How we protect your data

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, and alteration. These measures include:

  • Encryption of data in transit (HTTPS/TLS) and, where appropriate, at rest.
  • Access controls so staff only access the data they need.
  • Regular backups and tested recovery procedures.
  • Secure development practices and periodic security reviews.
  • Staff confidentiality obligations and data-protection awareness.

Children's privacy

Our services are not directed at children. If you believe we hold data about a child without proper consent, please contact us so we can delete it.

Lodging a complaint

If you believe we have not handled your personal data correctly, contact us first so we can put things right. You also have the right to lodge a complaint with the Belgian supervisory authority.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the last updated date and, where appropriate, notify you.

Contact us

For any question about this policy or your personal data, please contact:

Xameco SRL — Privacy
Email: privacy@xameco.be
Post: Rue des Lovières, 36, 1450 Blanmont, Belgium