Free quote 02 888 29 90 Emergencies 24/7
FR EN NL

Privacy Policy & GDPR

Last update: 29 May 2026

The protection of your personal data is a priority for Belgium Data Recovery. This policy describes, transparently, what information we collect, why, how long we keep it, with whom we share it and how you can exercise your rights. It complies with Regulation (EU) 2016/679 (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. In case of doubt or discrepancy, the French version available on this site prevails.

1. Data controller

Saidov Takhir, trading as Belgium Data Recovery.
Chaussée de Louvain 467, 1030 Schaerbeek (Brussels), Belgium.
Belgian enterprise number (CBE) / VAT: BE 0843.790.429.
Dedicated GDPR email: info@infobyte.be · Phone: +32 2 888 29 90.

Given the nature and scale of the activity (sole proprietorship), Belgium Data Recovery is not required to appoint a Data Protection Officer (DPO) within the meaning of article 37 GDPR. Any question regarding your data may be sent directly to info@infobyte.be.

2. What we collect

We process the following categories of data, and only these:

  • Identification and contact data: surname, first name, postal address, email address, phone number — provided via the contact form, by email or by phone.
  • Data related to your technical case: device brand/model, failure description, chosen service level, case number, quote, invoices.
  • Site technical data: IP address, browser type, pages visited, date and time of visit — collected via analytics cookies only if you have consented.
  • Cookie consent data: anonymised log of your choices (accepted categories, date), retained to evidence GDPR compliance.

Important — data contained in your media. The files present on the device you entrust to us may contain personal data about you or third parties. We do not open or exploit them: we only perform the technical operations necessary for the recovery. These data are never transferred to third parties and are securely erased within seven (7) days following restitution, unless an extension is expressly requested in writing (see GTC, articles 7 and 8).

3. Purposes and legal bases

PurposeLegal basis (GDPR art. 6)
Responding to a quote request or enquiryPre-contractual measures (art. 6.1.b)
Performing a data recovery casePerformance of the contract (art. 6.1.b)
Invoicing, accounting, tax obligationsLegal obligation (art. 6.1.c)
Quality follow-up, post-intervention communicationLegitimate interest (art. 6.1.f)
Analytics cookies (Google Analytics)Consent (art. 6.1.a)
Marketing cookies (Google Ads)Consent (art. 6.1.a)

4. Retention periods

  • Unsuccessful quote requests: 12 months from last contact, then deletion.
  • Client cases (contact details, quotes, technical reports): 10 years from the end of the service, in accordance with the common-law contractual limitation period under Belgian law (article 2262bis §1 of the Civil Code), to enable us to handle any disputes or claims.
  • Accounting data and invoices: 7 years, in accordance with Belgian tax obligations (art. 60 of the VAT Code).
  • Copies of recovered data: seven (7) days after restitution to the client (safety net allowing the client to make their own backup). The client may request, in writing (email) before the initial period expires, an extension of up to thirty (30) additional days. At the end of the agreed period: definitive secure erasure. See GTC, articles 7 and 8.
  • Cases pending client response: if the client does not respond to a quote for 30 days, the case is marked as abandoned; the physical device remains available for 60 additional days, after which it is securely destroyed. Recovered data not collected are retained up to 90 days after availability notification, then erased — see GTC, article 8.
  • Cookie consent logs: 6 months (lifetime of the preferences cookie); proof retained 12 months in accordance with APD recommendations.
  • Analytics data (Google Analytics): maximum 14 months.

5. Recipients and subprocessors

Your data are neither sold, rented nor shared for commercial purposes. They are accessible only to Belgium Data Recovery and to a strictly limited number of technical providers acting as subprocessors within the meaning of article 28 GDPR:

SubprocessorPurposeLocationSafeguards
Netlify, Inc. Site hosting, storage of consent logs and form submissions USA — EU servers (Frankfurt) EU‑US Data Privacy Framework + Standard Contractual Clauses (SCCs)
Google LLC (Analytics, Ads, Maps/Places) Anonymised audience measurement and advertising performance — only with your consent USA — EU servers EU‑US Data Privacy Framework + IP anonymisation (Analytics)

If you decline analytics and marketing cookies in the consent banner, no data is transmitted to Google (Analytics, Ads, Maps/Places). Netlify hosting remains necessary for the site to function.

Belgium Data Recovery may, in specific technical cases (see GTC article 11), entrust certain operations to technical subcontractors bound by an equivalent confidentiality obligation. None of these subcontractors process your data for purposes other than those strictly necessary for the assignment.

6. Transfers outside the European Union

The only transfers to the United States are those linked to the Netlify and Google services mentioned above. These transfers are framed by the EU‑US Data Privacy Framework (European Commission adequacy decision of 10 July 2023) and by the Standard Contractual Clauses adopted by the Commission. No other personal data leave the European Union.

7. Cookies

Our site uses a limited number of cookies, divided into three categories: strictly necessary (always active), analytics and marketing (subject to your consent). The full detail is set out in our Cookie Policy. You may modify your choices at any time via the "Manage cookies" button in the footer.

8. Data security

Belgium Data Recovery implements appropriate technical and organisational measures to ensure a level of security commensurate with the risk, including:

  • access-restricted premises for the laboratory and client devices;
  • encryption of working backups and secure erasure at the end of the retention period;
  • HTTPS across the whole site, security headers aligned with OWASP best practices;
  • strict separation between the analysis network and the office network;
  • confidentiality obligation for any technical partner.

9. Your rights

Under articles 15 to 22 GDPR, you have the following rights:

  • Right of access to the data we hold about you;
  • Right of rectification of inaccurate or incomplete data;
  • Right of erasure ("right to be forgotten") where conditions are met;
  • Right to restrict processing;
  • Right to data portability in a structured format;
  • Right to object to processing based on legitimate interest;
  • Right to withdraw consent at any time (without retroactive effect).

To exercise these rights, send your request to info@infobyte.be specifying the subject. In the event of reasonable doubt as to your identity, and only where the situation so requires to prevent an unlawful disclosure, you may be asked for proof of identity (limited to what is strictly necessary, in line with the data minimisation principle). We undertake to respond within one month, extendable by two additional months for complex requests.

10. Complaint to the supervisory authority

If you believe your rights are not respected, you may lodge a complaint with the Belgian Data Protection Authority (APD/GBA):

Rue de la Presse 35, 1000 Brussels · +32 2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be

11. Changes to this policy

Belgium Data Recovery reserves the right to amend this policy to reflect legal, technical or organisational changes. The last update date appears at the top of the page. For substantial changes affecting your rights, a dedicated banner on the site will inform you.

Site hosting: Netlify, Inc. — 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA (EU servers, Frankfurt).