Privacy Policy

1. Who we are

ianka fleerackers Comm. V. (hereafter “we”, “us”, or “our”) is the data controller responsible for processing your personal data under this privacy policy. We are a Belgian limited partnership (commanditaire vennootschap) with registered offices at Nieuwstraat 84, 2880 Bornem, Belgium, and enterprise / VAT number BE 0824.677.865.

We operate several websites under this legal entity. This policy covers iankafleerackers.com only. Our other websites — ownyourstory.be, bookto.eu (and its subdomains), istoires.eu, and bravenewhuman.com — each have their own privacy policy tailored to the tools and data used on that site.

For any question about your personal data, or to exercise the rights described in section 8, contact us at legal@iankafleerackers.com. You may write in English or Dutch; we will respond in the language you used.

2. Scope

This policy applies to all personal data we process through iankafleerackers.com.

It does not cover third-party websites you may reach by following an external link from our site — once you leave, the privacy practices of the destination apply. It also does not cover personal data you share with us outside our website, for example at events or in person.

3. What personal data we collect

What you actively provide

If you sign up for our newsletter, we collect your email address, and your name if you choose to provide it. The sign-up form is embedded from Kit, which stores and processes this data on our behalf (see section 5).

If you use our contact form, we collect your name, email address, and the content of your message. Form submissions are stored in Airtable for handling (see section 5).

If you email us directly (for example at legal@iankafleerackers.com), we receive your email address, your name if included in your signature, and the content of your correspondence. Emails are processed through Microsoft 365 (see section 5).

What we collect automatically when you use the site

We use analytics to understand how visitors navigate the site. Through Google Analytics 4 we receive your IP address in pseudonymised form, browser type and version, operating system, the pages you visit, and the approximate region inferred from your IP address. We do not receive precise location data. The specific cookies used are listed in our cookie policy.

If you play an embedded YouTube or Vimeo video, your interaction with the video is observed by the respective platform. We use privacy-enhanced embeds where available (youtube-nocookie.com for YouTube and Vimeo's “do not track” mode), so these platforms only set cookies once you actively press play.

What we do not collect on this site

• No payment or financial data — iankafleerackers.com does not accept payments.
• No account or authentication data — this site has no member area.
• No precise geolocation data — only approximate region-level information via analytics.
• No special categories of personal data under article 9 GDPR, such as health, religion, political opinion, or biometric data.

4. Why we process your data and on which legal basis

Under the GDPR (article 6), we may only process personal data if we have a valid legal basis. For this site we rely on three: your consent, the performance of a contract with you, and our legitimate interest in running and improving our activities.

Sending you our newsletter. When you sign up, we process your email address (and name, if provided) to send you the newsletter you subscribed to. Legal basis: your consent under article 6(1)(a) GDPR, given by actively subscribing. You can withdraw this consent at any time by clicking the unsubscribe link at the bottom of every newsletter.

Responding to your messages. When you contact us, we process your name, email address, and message to reply to you. Legal basis: performance of a contract under article 6(1)(b) GDPR for service-related inquiries, or your consent under article 6(1)(a) GDPR for general correspondence.

Analytics and site improvement. We use Google Analytics 4 to understand how visitors use the site so we can improve it. Legal basis: your consent under article 6(1)(a) GDPR, which you give (or decline) through the cookie banner. If you decline, no analytics cookies are set.

Marketing and advertising (currently not active). We do not currently operate marketing or advertising pixels from Meta (Facebook/Instagram), LinkedIn, TikTok, or any similar platform. If we activate such tools in the future, the legal basis will be your consent under article 6(1)(a) GDPR, requested separately from analytics consent through our cookie banner. This policy will be updated before any such tool is activated.

Keeping the site secure and functioning. Our hosting provider (Vercel) processes technical data — IP addresses, request logs — to keep the site available and prevent abuse. Legal basis: our legitimate interest in operating secure infrastructure under article 6(1)(f) GDPR.

5. Who we share your data with

We do not sell, rent, or trade your personal data. We share it only with service providers who process it on our behalf, bound by a data processing agreement.

Microsoft 365 (email). Microsoft Ireland Operations Ltd. Data: email content, name, email address. Storage in the European Union (EU Data Boundary). Limited technical support may occur from outside the EU under Standard Contractual Clauses.

Vercel (hosting). Vercel Inc. (United States). Data: technical request data (IP address, browser type, requested page, timestamp). Storage in EU regions (Frankfurt). Transfer safeguards: Standard Contractual Clauses; EU-US Data Privacy Framework certification.

Kit (newsletter platform). SendTree Inc. d/b/a Kit (United States). Data: email address, name if provided, subscription preferences, and email engagement data (opens, clicks). Storage in the United States. Transfer safeguards: Standard Contractual Clauses; EU-US Data Privacy Framework certification.

Google Analytics 4 (analytics). Google Ireland Ltd. for EU users, with technical processing by Google LLC in the United States. Data: pseudonymised IP address, browser and operating system, pages visited, approximate region, session duration. IP addresses are truncated. Active only when you consent via the cookie banner. Transfer safeguards: Standard Contractual Clauses; EU-US Data Privacy Framework certification; Google Consent Mode v2.

YouTube and Vimeo (video embeds). Google Ireland Ltd. / Google LLC for YouTube; Vimeo Inc. (United States) for Vimeo. Data: playback events and device information once you press play. Privacy-enhanced embeds minimise tracking. Transfer safeguards: Standard Contractual Clauses; EU-US Data Privacy Framework certification (for Google).

Airtable (contact form storage). Formagrid Inc. d/b/a Airtable (United States). Data: name, email address, and content of messages submitted through the contact form. Storage in the United States. Transfer safeguards: Standard Contractual Clauses; EU-US Data Privacy Framework certification.

Public authorities. In exceptional cases we may be required to disclose personal data to public authorities (court order, law enforcement, tax audit). We only do so when legally obliged and limit disclosure to what is strictly required.

6. International transfers of personal data

Where possible, we keep your personal data within the European Economic Area. Microsoft 365 and Vercel EU regions store your data in the EU by default.

For services based in the United States — Kit, Google Analytics, YouTube, Vimeo, Airtable — data is transferred outside the EEA. We rely on two mechanisms: Standard Contractual Clauses (article 46 GDPR) signed with each provider, and the EU-US Data Privacy Framework certification where the provider is certified. We monitor the status of the framework. If it is invalidated or replaced, we continue to rely on Standard Contractual Clauses.

You have the right to request a copy of the specific safeguards we rely on for a transfer that affects you. Contact us at legal@iankafleerackers.com.

7. How long we keep your data

Newsletter subscriptions. As long as you remain subscribed, plus up to 30 days after unsubscribe to process removal across our systems.

Contact form and email correspondence. Up to 2 years after our last exchange, so we can follow up on pending conversations and reconstruct context if you contact us again. After that, correspondence is deleted unless it relates to an active or anticipated legal matter.

Analytics data. Google Analytics 4 data is retained for 14 months, after which Google deletes the event-level data. Aggregated reports beyond that window contain no individual-level information.

Technical logs. Hosting logs (Vercel) are retained for up to 90 days for security, debugging, and abuse prevention.

Legal holds. If we become aware of an actual or anticipated legal dispute, a regulatory investigation, or a law enforcement request, we may retain otherwise-deletable data for as long as strictly necessary. You will be informed if the law permits.

8. Your rights

The GDPR gives you strong rights over your personal data. You can exercise any of them free of charge, and we will respond within 30 days. For complex requests we may extend this period by up to two additional months under article 12(3) GDPR; if we do, we will tell you within the first month and explain why.

Right of access (article 15). Ask whether we process data about you, and receive a copy with information about purposes, categories, recipients, and retention.

Right to rectification (article 16). Ask us to correct or complete inaccurate or incomplete data.

Right to erasure (article 17). Ask us to delete your personal data. We will do so unless we are required or entitled to keep it.

Right to restriction of processing (article 18). In certain situations, ask us to pause processing instead of deleting.

Right to data portability (article 20). Receive data you provided, in a structured, commonly used, machine-readable format, or ask us to transmit it to another controller.

Right to object (article 21). Object to processing based on our legitimate interest. For direct marketing, we stop immediately, no justification required.

Right to withdraw consent (article 7(3)). Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

Right to lodge a complaint (article 77). File a complaint with the Belgian Gegevensbeschermingsautoriteit (see section 9).

How to exercise your rights. Contact us at legal@iankafleerackers.com. We do not ask for a copy of your ID. We confirm your identity proportionately — usually by replying from the email address we have on file for you, or by asking a limited verification question if we have reasonable doubt. We follow the guidance of the European Data Protection Board: identity verification must be proportionate and must not create unnecessary barriers.

If we cannot act on your request — for example because we must keep the data under a legal obligation — we will explain why in our response.

9. Supervisory authority, changes, and contact

Supervisory authority. If you believe we have not handled your personal data correctly, you have the right to file a complaint with the Belgian data protection authority:

You also retain the right to seek a judicial remedy before the competent civil court.

Changes to this policy. We may update this policy from time to time. When we do, we update the version number and date at the top. For changes that affect how we process your data materially, we notify you in advance and ask for fresh consent where required.

Contact. For any question about this policy, contact us at legal@iankafleerackers.com in English or Dutch.

ianka fleerackers Comm. V. · Nieuwstraat 84, 2880 Bornem, Belgium · VAT BE 0824.677.865