Home » Privacy Policy

Privacy Policy

Click Here to Read EDPO UK's Privacy Policy

Click Here to Read EDPO CH's Privacy Policy

At EDPO, we are committed to protecting and respecting your personal data.

This privacy policy (the “Policy”) explains when and why we collect your personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure. The processing of your personal data will be carried out in accordance with the principles set under the GDPR.

We may change this Policy from time to time, so please check this page occasionally to ensure that you are aware of any changes.

This Policy is intended for the website www.edpo.com and does not apply to other websites that could potentially be accessed by clicking external links.

A. Data Controller

The data controller of the processing activities carried out through the website is European Data Protection Office (EDPO), a limited liability company incorporated under the laws of Belgium, with registered office at Avenue Huart Hamoir 71, 1030 Brussels, Belgium, registered with the Register of the Legal Entities of Brussels under number 0689.629.220.

EDPO is not required to have a data protection officer, so any enquiries about our use of your personal data should be sent to the contact details provided below:

By email to privacy@edpo.com
By postal mail to Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

B. Personal data subject to processing

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.

If you visit our website, we may collect the following personal data:

1. Data provided on a voluntary basis

You may voluntarily provide personal data to us when interacting with our website or services. This may include, in particular, your name and e-mail address, for example when subscribing to our newsletter or downloading information or documents that we make available.

You may also provide additional contact details, professional information and company-related details when you request a fee quote, complete our free assessment test, use our services, or otherwise communicate or interact with us through any of the available means on this website.

In addition, you may provide personal data when submitting a GDPR request through our website’s forms.

You may also provide personal data if you use Tidio, a chat platform on our website that enables website visitors to interact with a chatbot and/or EDPO’s team. Tidio is strictly reserved for sales-related inquiries. Your personal data (specifically IP Data), including information that you voluntarily share through the chat function, is processed with your consent. Messages and related data are stored within the Tidio application. For further information, please refer to Tidio’s Privacy Policy.

2. Browsing Data

Website usage: we log information, including the type of browser you use, access times, pages viewed, your IP address and your general location and the page you visited before navigating to our website.
Device information: we collect information about the computer or mobile device you use to access our website, including the hardware model, operating system and unique device identifiers.
Information collected by cookies and other tracking technologies: EDPO and our service providers use various technologies to collect information, including cookies. Cookies are small data files stored on your hard drive or in device memory that help us improve our services and your experience, see which areas and features of our services are popular, and count visits. See the list of cookies below:

C. Cookies

Please find below more information about the providers we use that process cookies on our website:

Sendinblue/Brevo – email marketing and newsletter subscription – France – Privacy Policy Personal Data Protection – Brevo
Cookiebot – cookie consent manager – Denmark – Privacy Policy – Your CMP Partner – Cookiebot™
Tally – form software – Belgium – Privacy policy (tally.so)
Dailymotion – video hosting platform – France – Privacy Policy – Dailymotion Legal
WP Rocket caching service – caching service – France – Privacy Policy – WP Rocket (wp-rocket.me)
Matomo – website analytics – Germany – Privacy Policy – Analytics Platform – Matomo

D. Purposes and legal basis of the processing

The personal data you provide when using the website will be processed for the purposes indicated below:

The handling of regulatory requests (from data subjects or from representatives of competent EU authorities): personal data is processed in order to receive and handle regulatory requests under EU Regulations such as, but not limited to, the GDPR, the AI Act, NIS2, and the Data Act. This includes situations where we transmit your personal data to our clients, as their representative under the relevant EU Regulations, for the purpose of enabling them to handle your request. The legal basis for this processing is your consent.
The handling of sales inquiries and requests for information related to our services or resources. The legal basis for this processing is your consent.
Compliance with EDPO’s legal obligations under relevant EU Regulations when acting as a representative under such Regulations. The legal basis for this processing is the compliance with a legal obligation.
Statistical analysis on aggregated or anonymous data, aimed at measuring the functioning of the website, traffic, usability, and interest, as well as to operate, optimize and maintain our website, system administration and security. The legal basis for this processing is, when applicable, your consent.
Newsletters and communication relating to our services. The legal basis for this processing is your consent or, when applicable, our legitimate interest.
The establishment, exercise or defence of legal claims. The processing of this data is based on our legitimate interest in ensuring judicial or extrajudicial protection whenever necessary.

E. Recipients

Your personal data may be disclosed, in close relation to the purposes specified above, only to:

a) Persons authorised to process your personal data, who are committed to/or under an appropriate legal obligation of confidentiality (e.g., EDPO’s team members);

b) Consultants, subcontractors and other service providers who need access to such information to carry out work on our behalf or to assist us in the provision of our website and other business-related functions such as website analytics;

c) Our clients, in the context of requests we receive as their representative under relevant EU Regulations;

d) Competent authorities, where necessary in the context of regulatory or supervisory inquiries related to our clients, in the context of which you may be a data subject;

e) Law enforcement agencies and public authorities when so required by applicable laws.

F. Your Rights as a Data Subject

You have the following rights:

Right to withdraw your consent

If we have asked for your consent to process your personal data, you may withdraw that consent at any time.

Right of access

You can ask us what information we hold about you, and you can ask for copies of your personal data.

Right to rectification

You can ask us to correct your personal data if it is inaccurate or to complete if it is incomplete.

Right of erasure

You have the right to ask us to delete your personal data in certain circumstances (for example, if we no longer need your personal data, if you initially consented to the use of your personal data but have now withdrawn your consent, if you have objected to the use of your personal data and your interests outweigh our interests).

Right to restrict the processing

In certain circumstances, you have the right to ask us to stop using your personal data for a period of time (for example, if you believe we are not doing so lawfully).

Right to object to the processing

You have a right to object to the processing of your personal data where we rely on our legitimate interests to process your Personal Data.

Right to data portability

You have the right to ask that we transfer the personal data that you shared with us to another provider or that we give you a copy in a machine-readable format so that you can transfer it to another provider.

How you can access and update your information

The accuracy of your information is important to us. If you change your e-mail address, or if any of the other information we hold is inaccurate or out of date, please send us an e-mail at privacy@edpo.com or write to us at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

Security precautions in place to protect the loss, misuse or alteration of your information

As part of our commitment to information security, we are ISO 27001:2022 certified. This means that we follow best market practices and the highest standards when it comes to keeping your data safe.

If you have any questions or complaints

If you have any questions or if you are not satisfied with the way we handle your personal data, please feel free to fill our data subject request form here, to send us an e-mail at privacy@edpo.com or to write to us at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

If you have any complaints about the way EDPO processes your personal data, you can file a complaint with the Belgian Data Protection Authority: www.dataprotectionauthority.be

G. Transferring your information outside of the European Economic Area

As part of our services, the information that you provide us with may be transferred to countries outside of the European Economic Area (EEA). By way of example, this may happen for purposes related to your requests to exercise your rights under the GDPR with respect to one of our clients, within the context of our role as representative under Article 27 of the GDPR. By submitting your personal data for that purpose, you’re agreeing to this transfer and processing. If we transfer your information outside of the EEA in this way, we will take necessary steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

H. Data Retention

We will process your personal data only for the duration strictly necessary to achieve the purposes listed in the “Purposes and legal basis of the processing” section. After fulfilling such purposes, your data will be deleted, except for specific cases where we may be legally required to store it for longer periods. Further information regarding the period of retention of personal data and the criteria used to determine this period may be required by writing to us using the contact details provided in this Policy.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated on 23 December 2025. We reserve ourselves the right to amend or update the content of the Policy, whether in part or in its entirety, also considering any changes in applicable law. We therefore invite you to visit this section of the website regularly to stay informed of the most recent and updated version of the Policy.