Privacy Policy

 

1. Identity and Contact Details of the Data Controller

Pursuant to Article 13(1)(a) GDPR, the data controller responsible for your personal data is:

 

Nick Van de Velde

Trading as: Ausérieux

Seraphin de Grootestraat 60, 2100 Deurne, Belgium

Email: hallo@auserieux.com

Website: www.auserieux.com

 

Nick Van de Velde operates as a sole trader (eenmanszaak) under Belgian law and is the natural person exercising all rights and obligations of the data controller under the GDPR. No Data Protection Officer (DPO) has been appointed, as none is required under Article 37 GDPR for an organisation of this size and nature.

 

2. Personal Data Collected and Sources

Ausérieux does not collect sensitive personal data (Article 9 GDPR categories). The following data may be processed:

 

2.1 Data provided by you (direct collection — Article 13 GDPR applies)

•       Name: provided voluntarily via the contact form. This field is optional.

•       Email address: provided voluntarily via the contact form. This field is required to respond to your inquiry.

•       Message content: the text of your inquiry submitted via the contact form.

 

You are not required to provide your name or any identifying information beyond your email address. Providing your name is optional and does not affect the processing of your request.

 

2.2 Data collected automatically

•       IP address and approximate geolocation (country/city level)

•       Browser type, version, and operating system

•       Device type (desktop, tablet, mobile)

•       Pages visited, session duration, and navigation path on auserieux.com

•       Referring URL (the page you visited before arriving at auserieux.com)

 

2.3 Data processed by third-party tools (subject to consent)

•       Meta Pixel: browser identifiers, IP address, cookie IDs, and page interaction data transmitted to Meta Platforms Ireland Ltd.

•       Google Search Console: aggregated, anonymised search performance data. No individual user is identified.

•       Squarespace Analytics: session-level behavioural data processed by Squarespace Ireland Ltd.

 

3. Legal Basis and Purposes of Processing (Article 13(1)(c) GDPR)

Each processing activity has a specific legal basis under Article 6 GDPR. Processing without a valid legal basis is unlawful. The bases are:

 

3.1 Contact form submissions

Purpose: to respond to your inquiry.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest is to communicate with individuals who actively contact us. This interest is not overridden by your privacy interests, as you initiate the contact, the data is used only to respond, and it is not added to any marketing list.

You may obtain information about the balancing test performed by contacting hallo@auserieux.com.

 

3.2 Website analytics (Squarespace Analytics)

Purpose: to understand how visitors use auserieux.com and to improve its performance and content.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR). Our interest is to maintain a functional and relevant website. Data is processed in aggregate and is not used to identify individual users.

 

3.3 Meta Pixel (advertising and audience building)

Purpose: to measure the reach and effectiveness of advertising campaigns on Meta platforms (Facebook and Instagram) and to build custom audiences for ad targeting.

Legal basis: Consent (Article 6(1)(a) GDPR).

Meta Pixel does not activate on auserieux.com until you explicitly accept marketing/advertising cookies via the cookie consent banner. If you decline, the Pixel does not fire and no data is transmitted to Meta.

Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland) acts as an independent data controller for data it receives via the Pixel. Ausérieux and Meta are joint controllers for the purpose of operating the Meta Business Tools. Meta's privacy policy is available at: facebook.com/policy

 

3.4 Google Search Console

Purpose: to monitor the search visibility and technical health of auserieux.com in Google Search.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR). All data is aggregated and anonymised. No individual user is identified through Google Search Console.

 

3.5 Embedded third-party content (YouTube, Vimeo, Instagram)

Purpose: to display video and social media content as part of the portfolio and storytelling on auserieux.com.

Legal basis: Consent (Article 6(1)(a) GDPR). Embedded content from these platforms may set cookies and transmit data to their servers when you interact with it. This only occurs after you have accepted the relevant cookie categories via the consent banner.

 

3.6 No automated decision-making

Ausérieux does not use automated decision-making or profiling as described in Article 22 GDPR. No decisions are made about you solely on the basis of automated processing.

 

4. Retention Periods (Article 13(2)(a) GDPR)

Personal data is retained only as long as necessary for the stated purpose:

 

•       Contact form submissions: retained for a maximum of 24 months from the date of last communication. After this period, data is permanently deleted.

•       Squarespace Analytics: retained for up to 26 months in accordance with Squarespace's data retention policy.

•       Meta Pixel data: retained by Meta in accordance with Meta's own data policy. Custom audiences built from Pixel data are reviewed every 180 days and deleted if not actively used in a campaign.

•       Google Search Console: data is available within the interface for up to 16 months as per Google's standard retention policy. Ausérieux does not export or store this data independently.

 

5. Recipients of Data and International Transfers (Article 13(1)(e)(f) GDPR)

Ausérieux does not sell, rent, or share your personal data for commercial purposes. The following third-party processors and controllers may receive data:

 

Squarespace Ireland Ltd.

Role: Website hosting, form processing, and analytics. Established in Ireland (EU). Data may be transferred to Squarespace Inc. (USA). Squarespace Inc. is certified under the EU-US Data Privacy Framework (Commission Adequacy Decision C(2023) 4745, adopted 10 July 2023), which constitutes an adequate level of protection under Article 45 GDPR.

Privacy policy: squarespace.com/privacy

 

Meta Platforms Ireland Ltd.

Role: Advertising analytics and audience targeting via Meta Pixel. Established in Ireland (EU). Data may be transferred to Meta Platforms Inc. (USA). Meta Platforms Inc. is certified under the EU-US Data Privacy Framework (Commission Adequacy Decision C(2023) 4745). Additionally, Standard Contractual Clauses (SCCs) approved by the European Commission apply as a supplementary transfer mechanism.

Note: The EU-US Data Privacy Framework is currently valid but subject to ongoing legal review. Should the framework be invalidated, SCCs provide a fallback transfer mechanism.

Privacy policy: facebook.com/policy

 

Google Ireland Ltd.

Role: Search Console performance monitoring. Data is aggregated and does not identify individual users. Google Ireland Ltd. is established in Ireland (EU). Any transfer to Google LLC (USA) occurs under the EU-US Data Privacy Framework.

Privacy policy: policies.google.com/privacy

 

YouTube (Google Ireland Ltd.) and Vimeo Inc.

Role: Video embedding. When you interact with embedded videos, data (including IP address and browser information) may be transmitted to YouTube or Vimeo. Vimeo Inc. (USA) transfers data under Standard Contractual Clauses. YouTube transfers data under the EU-US Data Privacy Framework.

 

Meta Platforms Ireland Ltd. (Instagram embeds)

Role: Embedded social media content. Interacting with embedded Instagram posts may transmit data to Meta's servers. Transfer mechanism: EU-US Data Privacy Framework.

 

6. Your Rights as a Data Subject (Articles 15–22 GDPR)

As a data subject under EU law, you have the following rights, which you may exercise at any time:

 

•       Right of access (Article 15): Request a copy of the personal data we hold about you and information about how it is processed.

•       Right to rectification (Article 16): Request correction of inaccurate or incomplete data.

•       Right to erasure (Article 17): Request deletion of your personal data. This right may be limited where legal retention obligations apply.

•       Right to restriction of processing (Article 18): Request that processing be limited in certain circumstances (e.g., while accuracy is contested).

•       Right to data portability (Article 20): Receive your data in a structured, machine-readable format where processing is based on consent or contract.

•       Right to object (Article 21): Object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

•       Right to withdraw consent (Article 7(3)): Withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

•       Right not to be subject to automated decision-making (Article 22): Not applicable to auserieux.com as no automated decision-making or profiling takes place.

 

To exercise any of these rights, send a written request to: hallo@auserieux.com. We will respond within 30 days of receipt. If a request is complex, we may extend this by a further 60 days and will inform you of the extension.

 

If you believe your rights have been violated, you have the right to lodge a complaint with the Belgian supervisory authority:

 

Gegevensbeschermingsautoriteit (GBA) / Autorité de Protection des Données (APD)

Drukpersstraat 35 / Rue de la Presse 35, 1000 Brussels

Tel: +32 (0)2 274 48 00 | contact@apd-gba.be | www.gegevensbeschermingsautoriteit.be

 

7. Technical and Organisational Security Measures (Article 32 GDPR)

Ausérieux applies appropriate technical and organisational measures to protect your personal data, including:

•       SSL/TLS encryption on auserieux.com (enforced via Squarespace)

•       Access to contact form submissions is restricted to Nick Van de Velde as data controller

•       Third-party tools are reviewed periodically for compliance and data minimisation

•       Marketing cookies and the Meta Pixel are blocked by default until consent is given

 

No method of electronic transmission or storage is 100% secure. While we apply all reasonable precautions, absolute security cannot be guaranteed.

 

8. Personal Data Breaches (Articles 33–34 GDPR)

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Gegevensbeschermingsautoriteit within 72 hours of becoming aware of the breach (Article 33 GDPR). Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay (Article 34 GDPR).

 

9. Changes to This Privacy Policy

This policy may be updated to reflect changes in our data practices, new tools, or applicable law. The version number and date at the top indicate the most recent revision. Material changes will be communicated via a notice on auserieux.com prior to taking effect. Continued use of the website after a material change constitutes acceptance of the updated policy.