Privacy Policy

Last updated: 2025-11-26 

At Vintecc, we are committed to protecting your privacy and managing your personal data in accordance with the General Data Protection Regulation (GDPR). This policy explains how we collect, use, share, and protect your personal data as data controller, and describes your rights with regards to your data. 

1. Who Are We 

Name: Vintecc BV 

Address: Hof Ter Weze 3, 8800 Roeselare Belgium  

Enterprise number: 0645.963.679 

RLE: Ghent, division Kortrijk 

Contact: privacy@vintecc.com 

2. Who you are and how we collect your personal data 

You are typically: 

  • a visitor of our website (accessible via www.vintecc.com);
  • a supplier or service provider of Vintecc;
  • a client to who we provide products or services (as such products or services are described in the contract we have with you);
  • a prospect with whom we are in contact for the potential provision of our products or services;
  • a job applicant;
  • anyone who reaches out to us through a contact form on or website, through e-mail, telephone, chat, social media or otherwise. 

We collect your personal data in several ways, depending on how you use our website or how you interact with us: 

  • Directly from you: when you provide information through forms (e.g., job application forms and contact or download forms), submit your CV, or communicate with us.
  • Automatically: when you interact with our website, via cookies and similar technologies. This includes analytics, behavioral tracking, and business visitor analytics (e.g., via HubSpot and Leadinfo).
  • From third parties: for example, where professional information is sourced through business databases or business contacts (for B2B purposes) or public profiles directly relevant to recruitment. 

3. Categories of Personal Data 

We process different types of personal data. This depends on how you use our website, how you interact with us, and which data you decide to share with us.  

  • Identification and contact details: first and last name, telephone number, address, email address etc.
  • Recruitment information: name, contact details, submitted forms, CVs and associated information, professional history, any other details you provide.
  • Marketing, Analytics and Business Administration: name, business email, phone number, company, function, title, company registration or enterprise number, website interaction data,  IP address (for company identification, B2B only).
  • Technical Data: IP address, browser type, device information, operating system, and usage statistics (collected via cookies and similar tools).
  • Other: any information you choose to provide during your interactions with us. 

4. Purposes and Legal Bases for Processing 

We will process personal data for the purposes and on the legal basis specified in this section (if and to the extent applicable to your situation). 

Activity 

Purpose 

Categories of Personal Data 

Legal Basis 

Retention Period 

Recruitment Process 

 To carry out recruitment and selection activities for (open) positions at Vintecc. 

 Identification and contact details. Recruitment information. 

 

Any personal information you choose to share with us during your application (such as CV, cover letter, education, previous professional experiences, etc.).  

 

Legitimate interest  or performance of a contract (as applicable) 

Until the recruitment process has been completed, unless a longer retention term applies in accordance with this statement or if another legal basis applies (e.g. in the context of an employment agreement). 

Talent Pool 

To create a talent pool for future vacancies and recruitment purposes. 

Identification and contact details. Recruitment information. 

 

Any personal information you choose to share with us during your application (such as CV, cover letter, education, previous professional experiences, etc.). 

Consent. 

 

The consent you give is always free. You have the right, at any time and free of charge, to withdraw your consent by sending an email to: privacy@vintecc.com.   

 

Up to 5 years after obtaining your consent. 

Your personal data will in any event be deleted for this purpose in the event you withdraw your consent. 

 

Marketing 

Running campaigns, newsletters, lead generation. 

Name, business email, phone (where provided), company, website interactions 

Consent (where applicable); legitimate interest for B2B analytics. 

 

 

Until consent is withdrawn, or the user opts out. Campaign tracking and analytics retention follows retention periods specified in cookie settings. 

Analytics 

Website improvement, user experience. 

 

 

IP address, cookies, device/browser info, usage statistics 

Legitimate interest 

As specified in the cookie policy and cookie banner; anonymized or aggregated where possible. 

Business Administration 

Customer, prospect and supplier management, contract execution, billing, business communication and negotiation.  

 

 

Contact details, company information, communications, financial/contractual data. 

Performance of contract; legitimate interest 

Duration of relationship + 7 years (statutory Belgian accounting/tax retention). 

Legal Obligations 

Compliance with legal requirements (tax, accounting, auditing, regulatory). 

 

Data required under relevant laws (e.g. invoices, contracts) 

Legal obligation 

Retained as long as legally required (e.g. 7 years in Belgium). 

Corporate Restructuring 

Information sharing during mergers, acquisitions, or investments. 

 

Business contact data, contracts, relevant communications 

Legitimate interest  

Retained only until completion of the restructuring process, subject to confidentiality safeguards. 

 

For Cookie specific retention periods see our Cookie Policy

For certain processing purposes, we require your consent. The consent you give is always free and you have the right to withdraw it at any timemailto: For more information on how to exercise this right, reference is made to Chapter 11 of this Policy. Your withdrawal of consent does not affect the processing of personal data prior to such withdrawal or our processing activities which are based on any other legal basis. 

You shall have the right at any time to object to the processing of your personal data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing, free of charge.  For more information on how to exercise this right, reference is made to Chapter 11 of this Policy.  

5. Provision of Data and Consequences 

  • Recruitment: providing requested application information is required to process your application. Failure to provide requested data may result in our inability to process or consider your application.
  • Other forms: provision of personal data for contact and marketing purposes is voluntary. However, failure to provide data may limit our ability to respond to your inquiry or provide relevant information. 

6. Use and Sharing of Data 

If required for carrying out the purposes set out above, we may share your personal data with:  

  • Within Vintecc: only authorized personnel (e.g., HR, marketing, IT) may access your personal data, strictly as necessary.
  • Service Providers:
  • HubSpot: Marketing automation, CRM, email communications.
  • Leadinfo: Business visitor analytics, B2B identification.
  • Google Analytics: Site analytics.
  • Other third-party service providers (such as IT service providers, security providers or hosting providers).
  • Legal requirements: where legally obliged, we may share data with authorities or courts. 

Our (sub-)processors always act under our responsibility. If we engage (sub)processors, this will always be done in accordance with a data processing agreement that meets the requirements of the GDPR. We require all our (sub-)processors or to take appropriate technical and organizational (including security) measures to protect your personal data in line with our policies. We do not allow our (sub-)processors to use your personal data for their own purposes. 

7. International Data Transfers And Data Processors 

In principle, Vintecc does not transfer your personal data to third countries located outside the European Economic Area (“EEA”) unless you are located outside the EEA (and are visiting our Website or otherwise provide personal data from outside the EEA).  

Additionally, it is possible that in some cases Vintecc – through its (sub-)processors – does transfer your personal data to countries outside the EEA. In this event, Vintecc will only transfer your personal data outside the EEA in accordance with the applicable data protection legislation and subject to appropriate safeguards. 

Please contact us if you want further information on the specific mechanism(s) used when transferring personal data outside the EEA. 

8. Data Security 

Vintecc applies a range of technical and organizational measures to protect your data, including: 

  • Access controls: only relevant staff can access your information.
  • Pseudonymization: Where appropriate for analytics.
  • Regular security reviews: We review policies, train staff, and conduct audits to improve protection. 

9. Cookies and Tracking 

Our website uses cookies and comparable tracking technologies to: 

  • Store user preferences
  • Enable and enhance website functionality
  • Conduct analytics (e.g., via HubSpot)
  • Identify business visitors (B2B only, via Leadinfo) 

A detailed explanation of what cookies are used, their purposes and retention period is provided in our Cookie Policy, which is always accessible from our website footer. 

10. Automated Decision-Making and Profiling 

Vintecc does not use fully automated decision-making or profiling that produces legal or similarly significant effects concerning individuals. 

11. Your Rights Under GDPR 

You have the following rights under the GDPR: 

  • Right of Access: you have the right to be informed of whether we process your personal data, and if that is the case, to have access to such personal data.
  • Right to Rectification: you have the right to have your inaccurate and/or incomplete personal data, corrected.
  • Right to Erasure (“right to be forgotten”): you have the right to have your personal data erased, under certain circumstances, namely when one of the following applies:
  • if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • if you withdraw your consent on which the processing is based, and there is no other legal ground for the processing;
  • if you object to the processing in case the processing is for direct marketing purposes;
  • if the personal data have been unlawfully processed; or
  • if the personal data have to be erased for compliance with a legal obligation in EU or national law.
  • In case you submit a request in this regard, we shall consider our interests and those of third parties, which may count more than yours, and
  • all legal and regulatory obligations, or court or administrative decisions which may be in contradiction with the erasure of your personal data.
  • Right to Restriction: you have the right to restrict the processing of your personal data, if one of the following applies:
  • if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
  • if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
  • if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
  • if you objected to the processing pending the verification whether our legitimate interests override yours.
  • Right to Object: you have the right to object to the processing of your personal data where the processing of your personal data is based on points (e) and (f) of Article 6(1) of the GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
  • Right to Data Portability: you have the right to data portability, i.e. you can obtain from us all the personal data you supplied us in a structured format, currently used and readable by machine if your personal data is processed by automated means and based on your consent or on a contract concluded with you.
  • Right to lodge a complaint: With the competent supervisory authority (in particular in the member state of your habitual residence, the place of work or the place of alleged infringement). In Belgium the competent supervisory authority is the Belgian Data Protection Authority (GBA/APD). Any complaints can also be handled by Vintecc by sending an e-mail to: privacy@vintecc.com 

12. How to Exercise Your Rights 

To submit a request or query regarding your personal data, you can use our trust center to issue and follow-up on a request: 

https://app.formalize.com/trust-center/9f12e87c-1b1f-4e97-97cb-7fdc46d71b46/data-subject-requests 

Or you can send us an e-mail with your specific request: 

privacy@vintecc.com 

To be able to process your request adequate identification will be necessary, if we doubt your identity we remain the right to ask for additional identification to verify your identity proportional to your request.  

We shall acknowledge receipt of your request and provide you with more information on action taken on such request without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests and informing you of the reasons for the delay.  

The exercise of your rights is free of charge. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: 

  • charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
  • refuse to act on your request. 

13. Policy Updates 

We may update this policy in response to changes in law, technology, or our practices. The latest version will always be available on our website. Changes will be indicated on our website or the platform, and where required in line with the significance of the changes, may be notified to you by email or will be brought to your attention on your next website or platform visit (e.g. through a “pop-up”).  Where such changes involve new or significantly modified processing activities, we will inform the data subjects concerned before those changes take effect, and if legally required, they will be submitted for approval.  

14. Third-party links 

We are not responsible for the privacy, information or other practices of third parties, including third parties who operate a website to which our website contains a link. Including a link on the Website does not mean that we endorse the linked website. 

15. To what extent are we liable? 

To the maximum extent permitted by applicable law, we shall not accept any liability in the following events: 

  • If we have lawfully shared your personal data with a third party (not being our (sub-)processor), we shall not be liable for any subsequent unlawful processing or misuse of that personal data by such third party and any direct or indirect damages resulting therefrom.
  • If third parties unlawfully process or use your personal data and we have implemented appropriate technical and organizational measures to prevent, to the best of its abilities, such unlawful processing or use (e.g. in the event of hacking or any other cyberattack). 

In any case, we shall only be liable for damages caused by non-compliance of our specific obligations under the GDPR. We shall in no event be liable for any special, incidental, indirect or consequential losses or damages in this regard. 

16. Governing law and jurisdiction 

This privacy policy shall be governed, interpreted, and implemented in accordance with Belgian laws. The Ghent courts (division Kortrijk) are exclusively competent to decide on any dispute that may arise from the interpretation or implementation of this privacy policy.