Privacy Policy
Last updated: 10 April 2026
Belcrew ("we", "us", "our") is a field service automation platform operated from Belgium. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Belgian Data Protection Act of 30 July 2018.
1. Data Controller
The data controller is Belcrew, contactable at dpo@belcrew.com. Our Data Protection Officer can be reached at the same address.
2. Personal Data We Collect
| Data Type | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Name, email address | Account creation and authentication | Contract performance (Art. 6(1)(b)) | Account lifetime + 30 days |
| Phone number | Contact and two-factor authentication | Contract performance (Art. 6(1)(b)) | Account lifetime + 30 days |
| Company name, BTW/VAT number | Invoicing and tax compliance | Legal obligation (Art. 6(1)(c)) | 7 years (Belgian tax law) |
| IBAN (encrypted) | SEPA payment processing | Contract performance (Art. 6(1)(b)) | Until mandate revoked |
| IP address | Security and audit logging | Legitimate interest (Art. 6(1)(f)) | 90 days |
| GPS location (workers) | Job tracking and time verification | Contract performance (Art. 6(1)(b)) | Job lifetime + 90 days |
3. How We Protect Your Data
- All data is encrypted in transit using TLS 1.2+
- Sensitive fields (IBAN, national numbers) are encrypted at rest using AES-256-GCM
- Database connections require SSL with certificate verification
- Access is controlled through role-based permissions with mandatory authentication
- Credentials are stored encrypted with audit logging for all access
4. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15) -- request a copy of your personal data
- Right to rectification (Art. 16) -- correct inaccurate personal data
- Right to erasure (Art. 17) -- request deletion of your personal data
- Right to restrict processing (Art. 18) -- limit how we use your data
- Right to data portability (Art. 20) -- receive your data in a structured format
- Right to object (Art. 21) -- object to processing based on legitimate interest
To exercise any of these rights, contact us at dpo@belcrew.com. We will respond within 30 days.
5. Data Processors and Transfers
We use the following third-party processors:
| Processor | Purpose | Location |
|---|---|---|
| DigitalOcean | Cloud infrastructure and database hosting | EU (AMS3) |
| Stripe | Payment processing | EU/US (Standard Contractual Clauses) |
| Resend | Transactional email delivery | US (Standard Contractual Clauses) |
All processors are bound by data processing agreements in compliance with GDPR Article 28. For processors outside the EU, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions as the legal transfer mechanism.
6. Cookies
We use only essential cookies required for the platform to function (session management, authentication). We do not use analytics, advertising, or tracking cookies. No consent is required for strictly necessary cookies under the ePrivacy Directive.
7. Data Breach Notification
In the event of a personal data breach, we will notify the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) within 72 hours as required by GDPR Article 33. If the breach poses a high risk to your rights and freedoms, we will also notify you directly.
8. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority:
Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35, 1000 Brussels
contact@apd-gba.be
+32 (0)2 274 48 00
9. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email to registered users. The "last updated" date at the top of this page reflects the most recent revision.
10. Contact
For any questions about this privacy policy or our data practices, contact:
dpo@belcrew.com