Skip to Content

Privacy Policy

VISI SUPPORT  ·  Belgium  ·  Last updated: June 2, 2026

Your privacy matters to us. This Privacy Policy explains what personal data VISI SUPPORT collects, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have under Belgian and EU law. We are committed to being transparent, collecting only what we need, and handling your data responsibly.

Contents

  1. Who We Are — Data Controller
  2. What Personal Data We Collect
  3. Why We Collect It — Legal Basis
  4. How We Use Your Data
  5. Who We Share Your Data With
  6. Data Retention — How Long We Keep It
  7. International Data Transfers
  8. Your Rights Under GDPR
  9. Cookies & Analytics
  10. Security
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact & Complaints

1. Who We Are — Data Controller

The data controller responsible for your personal data is:

VISI SUPPORT
[email protected]  ·  +32 465 27 54 25
visisupport.be

As the data controller, VisiSupport determines the purposes and means of processing your personal data. For data processed on behalf of our clients within their own SaaS environments (client business data, their customers' data), VisiSupport acts as a data processor and not as a data controller. In that context, our clients are the data controllers and a separate Data Processing Agreement (DPA) applies.

2. What Personal Data We Collect

We collect personal data in the following contexts:

2.1 Account & Contract Data

When you subscribe to a VisiSupport service, sign a contract or create an account, we collect:

  • Full name and/or company name
  • Professional or personal email address
  • Phone number
  • Billing address (street, city, postal code, country)
  • VAT number (for professional clients)
  • Payment information — we do not store full card numbers; payments are processed by our payment provider and we only retain transaction references and confirmation status
  • Account login credentials (password is stored in hashed, non-recoverable form — we cannot read your password)

2.2 Service Usage Data

When you use the VisiSupport platform, we collect:

  • Activity logs — records of actions taken within your environment (module installations/removals, configuration changes, logins), as described in the Terms & Conditions Section 2.10. These logs are stored for security, billing accuracy and contractual documentation.
  • Technical identifiers such as IP address (used for security monitoring and abuse prevention, not for profiling)
  • Browser type, device type and operating system (for technical compatibility and support purposes)
  • Timestamps of logins and significant platform events

2.3 Communication Data

When you contact us by email, phone or through our support system, we collect and retain:

  • The content of your messages, enquiries and support tickets
  • Your contact details as provided in the communication
  • Records of our responses and the resolution of your request

2.4 Project & Service Delivery Data

For project-based services (web development, design, printing, IT support), we may collect and process:

  • Content, assets and materials you provide for use in the project (text, images, logos, brand guidelines)
  • Technical access credentials you share for the purpose of delivering the service (server credentials, CMS logins, etc.) — these are stored securely and deleted after project completion
  • Feedback, revision notes and approval records

2.5 Website Visitor Data

When you visit visisupport.be, we collect no personal data for analytics purposes. We use Plausible Analytics, which is cookieless and does not collect or process any personal information. See Section 9 for details.

Our web server may generate technical access logs (IP address, requested URL, timestamp) for security and infrastructure monitoring. These are not used for profiling and are purged regularly.

2.6 Data We Do NOT Collect

  • We do not collect special category (sensitive) data such as health data, racial or ethnic origin, political opinions, religious beliefs, or biometric data
  • We do not collect data about children under 16
  • We do not collect data through social media tracking pixels or advertising networks

3. Why We Collect It — Legal Basis (GDPR Art. 6)

Under the GDPR, every processing activity must have a lawful basis. The table below explains the basis for each type of processing we carry out:

Processing Activity Legal Basis GDPR Article
Creating and managing your account; delivering subscribed services Performance of a contract Art. 6(1)(b)
Invoicing, billing and financial record-keeping Legal obligation (Belgian accounting law — 7-year retention) Art. 6(1)(c)
Delivering project-based services (design, print, IT, web) Performance of a contract Art. 6(1)(b)
Responding to support requests and complaints Performance of a contract / Legitimate interests Art. 6(1)(b) / 6(1)(f)
Activity logging for security, billing and documentation Legitimate interests (platform security, billing accuracy, dispute resolution) Art. 6(1)(f)
Security monitoring (IP logs, login tracking) Legitimate interests (protecting platform and other clients) Art. 6(1)(f)
Sending service notifications (invoices, renewal reminders, maintenance notices) Performance of a contract / Legal obligation Art. 6(1)(b) / 6(1)(c)
Sending marketing communications or newsletters Consent (you can withdraw at any time) Art. 6(1)(a)
Displaying work in portfolio (design clients) Legitimate interests (portfolio and business promotion) — you may opt out Art. 6(1)(f)
Compliance with a judicial order or regulatory request Legal obligation Art. 6(1)(c)
Where we rely on legitimate interests as a legal basis, we have assessed that our interests do not override your rights and freedoms. You may object to processing based on legitimate interests at any time (see Section 8).

4. How We Use Your Data

4.1 Service Delivery

We use your personal data primarily to deliver the services you have contracted with us: managing your account, provisioning your SaaS environment, delivering projects, providing technical support, and communicating with you about your services.

4.2 Billing & Invoicing

Your billing data (name, address, VAT number) is used to generate legally compliant invoices, process payments, and maintain financial records as required by Belgian accounting law.

4.3 Security & Platform Integrity

Activity logs, IP addresses and login records are used to detect and prevent unauthorised access, abuse, and technical incidents. This protects your data as well as the data of other clients on the platform.

4.4 Communication

We use your email address to send: invoices and payment confirmations; service notifications (maintenance, outages, renewals); support responses; and, with your consent, marketing communications. We do not send unsolicited commercial emails.

4.5 Legal & Contractual Compliance

We retain certain data to comply with Belgian legal obligations — particularly in the areas of accounting, taxation and consumer protection — and to enforce our Terms and Conditions in the event of a dispute.

4.6 What We Do NOT Do With Your Data

  • We do not sell your personal data to any third party under any circumstances
  • We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects
  • We do not share your data with advertising networks or data brokers
  • We do not use your data for any purpose incompatible with the purposes listed above

5. Who We Share Your Data With

VisiSupport does not sell or rent your personal data. We share data only where necessary, with the following categories of recipients:

Recipient Purpose Location
Cloudflare, Inc. DNS management, DDoS protection, CDN. Cloudflare processes request metadata (IP addresses) as part of routing traffic to our servers. Cloudflare is certified under the EU-US Data Privacy Framework. USA (EU-US DPF certified) / EU PoPs
Plausible Analytics Website analytics. Plausible does not receive any personal data — it processes only aggregated, anonymised statistics. No DPA is required. EU (Germany)
Email / SMTP provider Sending transactional emails (invoices, notifications, support responses). The provider processes recipient email addresses and message content. EU
Payment processors Processing subscription and one-time payments. Payment data is handled directly by the payment provider under PCI-DSS standards. VisiSupport does not receive or store full payment card details. EU / EEA
Subcontractors & freelancers Specialist partners engaged to deliver specific services (design, development, print production). They receive only the minimum data necessary for the specific task and are contractually bound to confidentiality. Primarily Belgium / EU
Belgian authorities Tax authorities (SPF Finances), courts, law enforcement — only when legally required by a binding legal obligation or judicial order. Belgium

All third-party processors engaged by VisiSupport are bound by Data Processing Agreements (DPAs) or equivalent contractual clauses ensuring GDPR-compliant processing.

6. Data Retention — How Long We Keep It

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. The following retention periods apply:

Data Category Retention Period Reason
Account and contact data (active clients) Duration of the subscription + 30 days grace period Service delivery; data export window after termination
Invoices, billing records, financial data 7 years from invoice date Belgian accounting law (W.Venn./CDE) — mandatory legal retention
Contracts and signed agreements 10 years from contract end Belgian civil limitation period for contractual claims
Support tickets and correspondence 3 years after resolution Dispute resolution; legitimate interests
Activity logs (module actions, platform events) 12 months after subscription termination Security, billing accuracy, dispute evidence
Project files and deliverables 6 months after project delivery, unless longer retention agreed Post-delivery support; client may request deletion earlier
Technical access logs (web server) 90 days Security monitoring; automatic rolling deletion
Marketing consent records Until consent is withdrawn + 3 years (proof of consent) GDPR accountability obligation
Website analytics (Plausible) Not applicable — no personal data collected Plausible is cookieless and collects no personal data

When a retention period expires, data is securely and permanently deleted or anonymised. We do not retain data "just in case."

7. International Data Transfers

VisiSupport stores and processes the vast majority of client data within the European Economic Area (EEA). Where data is transferred to countries outside the EEA — specifically in the context of Cloudflare (USA) — such transfers are protected by one of the following safeguards:

  • EU-US Data Privacy Framework (DPF): Cloudflare is certified under the EU-US DPF, which provides a valid adequacy basis for data transfers to the USA as recognised by the European Commission.
  • Standard Contractual Clauses (SCCs): Where DPF certification is not available, we use the EU Standard Contractual Clauses approved by the European Commission (Commission Decision 2021/914).

You may request information about the specific safeguards applicable to a transfer by contacting us at [email protected].

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights. These rights apply to personal data processed by VisiSupport as data controller. They do not automatically extend to data within your SaaS environment (where you are the data controller).

Right What It Means GDPR Basis
Right of Access You can request a copy of all personal data we hold about you, along with information about how it is processed. Art. 15
Right to Rectification You can ask us to correct inaccurate personal data or complete incomplete data without undue delay. Art. 16
Right to Erasure ("Right to be Forgotten") You can ask us to delete your personal data when it is no longer necessary, when you withdraw consent, or when it was processed unlawfully — subject to legal retention obligations. Art. 17
Right to Restriction of Processing You can ask us to temporarily halt processing of your data while a dispute is being investigated, or where you contest the accuracy of the data. Art. 18
Right to Data Portability You can receive your personal data in a structured, commonly used, machine-readable format (CSV/JSON/XLSX) and transfer it to another service. Applies to data processed by automated means on the basis of consent or contract. Art. 20
Right to Object You can object to processing based on legitimate interests (Art. 6(1)(f)) at any time. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests. You may always object to direct marketing. Art. 21
Right to Withdraw Consent Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. Art. 7(3)
Right Not to Be Subject to Automated Decisions You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. VisiSupport does not carry out such processing. Art. 22

8.1 How to Exercise Your Rights

To exercise any of the above rights, submit a written request to:

Email: [email protected]
Subject line: GDPR Rights Request — [Your Name]
Post: VISI SUPPORT, Bd Roi Albert II 43 Box 3, 1030 Schaerbeek, Belgium

We will respond within 30 calendar days of receiving a valid request. If the request is complex or we receive multiple requests simultaneously, this may be extended by a further 2 months, in which case we will notify you. We may ask you to verify your identity before processing the request. Exercising your rights is free of charge. If requests are manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse to act, with written justification.

8.2 Limits on the Right to Erasure

The right to erasure does not apply where we are required to retain data by law (e.g. invoices for 7 years under Belgian accounting law), or where retention is necessary for the establishment, exercise or defence of legal claims.

9. Cookies & Analytics

VisiSupport uses Plausible Analytics — a privacy-first, open-source analytics tool that operates entirely without cookies and collects no personal data. No cookie consent banner is required for our analytics because there is nothing to consent to.

The only cookies we use are strictly necessary cookies for platform operation (session management, language preference) and a Cloudflare security cookie. None of these are used for advertising or profiling.

Full details of every cookie used by VisiSupport, including cookie names, purposes, providers and durations, are available in our Cookie Policy.

10. Security

VisiSupport implements appropriate technical and organisational security measures to protect your personal data against accidental or unlawful loss, destruction, alteration, unauthorised disclosure or access. These measures include:

  • Encrypted data transmission using TLS/SSL on all web and platform communications
  • Hashed password storage — passwords are never stored in readable form
  • Isolated client environments — each client's data is held in a separate database instance, preventing cross-client data access
  • Access control — internal access to client data is restricted to staff who need it to deliver the service
  • Regular security patches and software updates
  • Activity logging for anomaly detection
  • Cloudflare DDoS protection and WAF (Web Application Firewall)

No system is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, VisiSupport will notify the Belgian Data Protection Authority (APD/GBA) within 72 hours of becoming aware, and will notify affected individuals without undue delay where required by the GDPR.

11. Children's Privacy

VisiSupport's services are directed at businesses and adult individuals. We do not knowingly collect personal data from children under the age of 16. If you believe that a child under 16 has provided us with personal data, please contact us immediately at [email protected] and we will delete it promptly.

12. Changes to This Policy

VisiSupport may update this Privacy Policy from time to time to reflect changes in our services, legal obligations or data practices. The "Last updated" date at the top of this page will be revised accordingly. For material changes that affect how we process your personal data, we will notify active clients by email at least 14 days before the change takes effect. We encourage you to review this policy periodically.

13. Contact & Complaints

For any questions, concerns or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

VISI SUPPORT 
[email protected]  ·  +32 465 27 54 25
visisupport.be

13.1 Right to Lodge a Complaint

If you believe that VisiSupport has processed your personal data in violation of the GDPR or Belgian data protection law, you have the right to lodge a complaint with the competent supervisory authority:

Autorité de protection des données (APD) / Gegevensbeschermingsautoriteit (GBA)
Rue de la Presse 35 / Drukpersstraat 35 — 1000 Brussels, Belgium
www.dataprotectionauthority.be
[email protected]
Tel: +32 2 274 48 00

We would, however, always appreciate the opportunity to address your concerns directly before you contact the supervisory authority. Please reach out to us first — we take privacy concerns seriously and will respond promptly.