Skip to Content

PRIVACY STATEMENT - XSPECT BV

Last updated: 16/12/2025 Version: 1.0

1. Inleiding2. Definities3. Verwerkingsverantwoordelijke4.Welke gegevens verzamelen wij?5. Doeleinden en rechtsgronden6. Bewaartermijnen7. Ontvangers en verwerkers8. Internationale doorgifte9. Cookies10. Beveiliging11. Uw rechten12. Cookies13. Geautomatiseerde besluitvorming14. Wijzigingen15. Contact


1. Introduction

At Xspect BV, we place great importance on the protection of your personal data. In this privacy statement, you will read how we collect, use, and secure your data in accordance with the GDPR and applicable Belgian and European legislation. We are transparent about our methods and only process what is necessary for our services.

2. Definitions

  • Personal data: any information relating to an identified or identifiable natural person.
  • Processing: any operation performed on personal data (such as collection, storage, use, transmission, deletion).
  • Data controller: Xspect BV, which determines the purposes and means of the processing.
  • Processor: external party that processes personal data on behalf of Xspect BV.

3. Data controller

​Xspect BV

​Address: Tuinwijk 43, 8600 Diksmuide, Belgium

​VAT number: BE 0784.235.496

​Email: privacy@xspect.be

4. What data do we collect?

We only process data that is necessary for our B2B services (consultancy, engineering, design), such as:
  • Identification: name, position, company name
  • Contact: email, phone, address
  • Business: project information, correspondence
  • Financial: invoicing and payment information
  • Sources: directly from you (via email, contract, quote, project follow-up) or from your organisation/colleagues.
  • No special categories (such as health data) and no data of minors; our services are aimed at B2B.

5. Purposes and legal grounds

We process your data for:

  • Execution of contracts and assignments (quotes, project execution, planning, delivery) — art. 6(1)(b) GDPR
  • Customer management and communication (support, follow-up, service) — art. 6(1)(b) / (f) GDPR
  • Invoicing and legal obligations (accounting, tax obligations) — art. 6(1)(c) GDPR
  • Legitimate interest (efficient business management, IT security, evidence for disputes) — art. 6(1)(f) GDPR

If we wish to send marketing communication, we will ask for your consent in advance — art. 6(1)(a) GDPR (currently not applicable).

6. Retention periods

  • Accounting data: 10 years (legal obligation)
  • Project data: max. 7 years after completion, unless a legal obligation or contractual necessity requires a longer period
  • Communication (email/messages): max. 2 years
After the retention period, we will delete or anonymise data, unless a longer retention is legally required or necessary for the establishment, exercise or defence of legal claims.

7. Recipients and processors

We do not share your data with third parties, unless:

  • this is necessary for our services (e.g. IT hosting/cloud, accounting, partners),
  • this is legally required (e.g. tax authorities), or
  • you instruct us to do so.

We enter into processor agreements with processors that ensure security and confidentiality.

8. International data transfer

Your data will not be shared with third parties unless this is legally required or necessary for the
execution of our services. We make clear agreements with external parties regarding data protection.


International data transfer: If data is processed outside the EU (e.g. cloud providers), we ensure
appropriate safeguards such as standard contractual clauses.

9. Cookies

If processing takes place outside the EU/EEA (for example, via certain cloud providers), we ensure appropriate safeguards, such as
standard contractual clauses (SCCs) or an adequacy decision. You can request more information from us viaprivacy@xspect.be.

10. Security

We take appropriate technical and organisational measures, including:
    • Encryption, access control (least privilege, password policy, MFA where possible),
    • Back-ups and recovery procedures,
    • Logging and monitoring,
    • Contractual and internal confidentiality obligations.

11. Your rights

You have the right to:

    • Access, rectification, erasure (art. 15–17 GDPR)
    • Restriction of processing (art. 18 GDPR)
    • Data portability (art. 20 GDPR)
    • Object to processing based on legitimate interests (art. 21 GDPR)
      You can exercise your rights via privacy@xspect.be. We may ask for reasonable identification.

File a complaint: Belgian Data Protection Authority (GBA) —

Website: www.gegevensbeschermingsautoriteit.be — you have the right to complain (art. 77 GDPR).


12. Cookies

Our website only uses functional cookies (session management, language preference, time zone) to ensure the site works correctly.

No analytical, tracking, or marketing cookies are placed without your consent (ePrivacy/GDPR).


13. Automated decision-making

We do not carry out automated decision-making or profiling that has legal or similarly significant effects on you (art. 22 GDPR).


14. Changes

This statement may change with adjustments in legislation or our processes. The most recent version and date are listed at the top.

15. Contact

Questions or requests?privacy@xspect.be