Privacy Policy

Last updated: 28 February 2026

1. Data Controller

Obsidian BV
Kerkstraat 1
2000 Antwerpen, Belgium
Email: info@obsidian.be
VAT: BE 0123.456.789

2. What Data We Collect

We may collect and process the following categories of personal data:

• Account data — name, email address, and login credentials when you create an account.
• Usage data — pages visited, features used, timestamps, and IP address.
• Technical data — browser type, operating system, and device information collected automatically through server logs.
• Communication data — messages or enquiries you send us via contact forms or email.

3. Legal Basis for Processing

We process your personal data on the following legal grounds under the GDPR:

• Contract performance (Art. 6(1)(b)) — to provide and maintain the service you signed up for.
• Legitimate interest (Art. 6(1)(f)) — to improve the platform, ensure security, and prevent fraud.
• Legal obligation (Art. 6(1)(c)) — to comply with applicable laws (e.g., tax or accounting requirements).
• Consent (Art. 6(1)(a)) — where you have given explicit consent, such as for non-essential cookies or marketing communications.

4. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Account data is kept for the duration of your account and deleted within 30 days of account closure, unless a longer retention period is required by Belgian or EU law.

5. Data Sharing

We do not sell your personal data. We may share data with third parties only in the following circumstances:

• Service providers — hosting, email delivery, and other processors acting on our behalf under a data processing agreement.
• Legal requirements — when required by law, regulation, or court order.

6. International Transfers

Your data is stored and processed within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR.

7. Your Rights

Under the GDPR, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Restriction — ask us to limit how we process your data.
• Data portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interest or direct marketing.
• Withdraw consent — at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@obsidian.be. We will respond within 30 days.

8. Cookies

We use only essential cookies required for the platform to function. For full details, see our Cookie Policy.

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35, 1000 Brussels, Belgium
www.gegevensbeschermingsautoriteit.be

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with a revised “Last updated” date. We encourage you to review this policy periodically.