PolicySpeak

Privacy Policy

Last updated: April 2026

PolicySpeak ("we", "us", or "our"), located at Rue de la Science 23, 1000 Brussels, Belgium, is the data controller responsible for processing your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR).

1. Data We Collect

We collect the following categories of personal data:

  • Contact information: Name, email address, organisation, and job title — provided when you request access or contact us.
  • Technical data: IP address, browser type, operating system, referring URL, and pages visited — collected automatically via server logs.
  • Cookie data: See our Cookie Policy for details.

2. Legal Basis for Processing

  • Consent: When you submit a contact or access request form (Article 6(1)(a) GDPR).
  • Legitimate interest: For website analytics and service improvement (Article 6(1)(f) GDPR). Our legitimate interest is understanding how visitors use our site to improve our services.
  • Contractual necessity: To provide our services to subscribed users (Article 6(1)(b) GDPR).

3. How We Use Your Data

We use your data to:

  • Respond to your enquiries and access requests
  • Provide and improve our platform services
  • Send service-related communications
  • Analyse website usage to improve user experience

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

4. Third-Party Processors

We share personal data with the following categories of processors, all of which are bound by data processing agreements:

  • Hosting: Vercel Inc. (website hosting, US-based, EU Standard Contractual Clauses in place)
  • CRM: HubSpot Inc. (form submissions and contact management, US-based, EU SCCs)
  • Email: Google Workspace (business email, US-based, EU SCCs)

5. International Data Transfers

Some of our processors are based outside the EU/EEA (primarily in the United States). Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) as approved by the European Commission.

6. Data Retention

We retain your personal data only as long as necessary for the purposes described above:

  • Contact/access requests: 2 years from last interaction, or until you request deletion
  • Server logs: 90 days
  • Active customer data: Duration of the service relationship plus 1 year

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Article 15)
  • Rectify inaccurate data (Article 16)
  • Erase your data ("right to be forgotten", Article 17)
  • Restrict processing (Article 18)
  • Data portability (Article 20)
  • Object to processing based on legitimate interest (Article 21)
  • Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at info@policyspeak.com. We will respond within 30 days.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit), Rue de la Presse 35, 1000 Brussels, Belgium — www.dataprotectionauthority.be.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated revision date.

10. Contact

PolicySpeak · Rue de la Science 23 · 1000 Brussels, Belgium · info@policyspeak.com