Privacy Policy.

Who we are

We act as data controller of your personal data.

What data do we collect

We collect personal data necessary to provide and improve our services, as well as to manage our business relationship. The types of data we may collect include:

• Identification and contact dataYour name, first name, email address, phone number, postal address, company number, and your position. Collected via the contact form, request for quotation, or exchanges in the context of a service.
• Data related to our servicesInformation related to website creation and graphic design projects: specifications, provided content (texts, images, logos), exchanges and validations.
• Billing and payment dataInformation necessary to issue invoices and process payments (bank account number). We do not store credit card information, which is processed by our approved payment providers.
• Technical and connection data (cookies)IP address, browser type, operating system, device identifiers, pages visited, duration of the visit, search queries.
• Communication dataCorrespondence, notes, and any record of communications with us (emails, calls if relevant).

How and on what legal basis

We use your personal data for the following purposes, always based on a legal basis defined by the GDPR:

3.1. Execution of our services and contractual management

3.2. Customer relationship management and support

3.3. Improvement of our services and our site

3.4. Marketing and communication

3.5. Legal compliance and defence

With whom do we share

We do not sell, rent or market your personal data. We may only share it with the following recipients:

• Our internal collaboratorsMembers of the WebNest team who need access to the data to perform their tasks (project management, design, development, billing).
• Third-party service providersHosting providers, payment processors, web analytics tools (Google Analytics), project management or billing. Third parties are subject to strict security and confidentiality standards.
• Legal and regulatory authoritiesWhen required by law or to protect our rights.

Transfers outside the EEA

Some of your data may be processed by providers located outside the European Economic Area, particularly if we use cloud tools or services whose servers are outside the EEA.

In this case, we ensure that the transfer is framed by appropriate safeguards in accordance with the GDPR: standard contractual clauses approved by the European Commission or verification that the recipient country offers an adequate level of protection.

Duration of retention

We retain your personal data only for as long as necessary to achieve the purposes, or to comply with our legal obligations.

• Contractual data (quotes, invoices)7 to 10 years in Belgium after the end of the business relationship.
• Prospecting data (with consent)As long as you do not withdraw your consent, or for a limited duration defined by law.
• Project-related dataAs long as the service is active and a reasonable duration after the end of the project for support or rework.
• Technical data (cookies, logs)A few months to 2 years depending on their purpose.

After the expiration of the durations, the data is securely deleted or anonymised.

Your GDPR rights

In accordance with the GDPR, you have the following rights:

• Right of accessTo obtain confirmation that your data is being processed and to access it.
• Right to rectificationTo request the correction of inaccurate or incomplete data.
• Right to erasureTo request deletion under certain conditions (data no longer necessary).
• Right to restrictionSuspend processing under certain conditions (dispute of accuracy).
• Right to portabilityReceive your data in a structured format and transfer it to another controller.
• Right to objectObject to processing for a particular situation, including direct marketing.
• Right to withdraw your consentAt any time when processing is based on it, without affecting the processing prior to withdrawal.

To exercise these rights, contact us at info@webnest.be or at the address of our registered office. We will process your request within one month in accordance with the legislation. Proof of identity may be requested for security reasons.

Use of cookies

Our site uses cookies and similar technologies to enhance your browsing experience, analyse traffic, and personalise content.

What is a cookie?

A cookie is a small text file stored on your device (computer, tablet, smartphone) by your web browser at the request of the visited site. It contains information about your browsing.

Types of cookies used

• Strictly necessary cookiesEssential for the proper functioning of the site and for providing basic services (session management).
• Performance / analytical cookiesSuch as Google Analytics, to understand how visitors interact with the site. Aggregated and anonymised information.
• Personalisation cookiesTo remember your preferences (language) and enhance your experience.

Consent and cookie management

On your first visit, a consent banner informs you and offers the option to accept or refuse the placement of non-essential cookies. You can change your choices at any time via our cookie management page.

You can also configure your browser to block or delete cookies. Please consult your browser's help section for details.

Security of your data

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, destruction, or loss.

These measures include encryption, strict access controls, firewalls, regular backups and internal procedures for managing security incidents. 

Changes to this policy

We may need to modify this Privacy Policy from time to time to reflect changes in our processing practices, legislative or regulatory developments.

Any changes will be published on this page. If the changes are significant, we will strive to inform you by appropriate means. The last update is at the bottom of this page.

Right to lodge a complaint

If you believe that your data protection rights have not been respected, you have the right to lodge a complaint with the Data Protection Authority (DPA) in Belgium :