Privacy Policy
Key points:
- RAENBI S.R.L. processes only the personal data strictly required to operate this technical documentation and portfolio site.
- All primary data processing occurs within the European Economic Area (EEA); the sole exception is Cloudflare Turnstile (CAPTCHA), governed by Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.
- No personal data is sold, rented, or shared for third-party marketing purposes.
- No automated decision-making or profiling is performed on your data.
- You may exercise your GDPR rights (access, rectification, erasure, portability, restriction, objection) at any time by using the contact page or writing to privacy@raenbi.com.
1. Data Controller
The data controller responsible for processing activities on raenbi.com is:
RAENBI S.R.L. Registered office: Rhode-Saint-Genèse, Belgium Enterprise number (BCE/KBO): 0800.XXX.XXX VAT identification: BE 0800.XXX.XXX Contact: use the contact page or write to contact@raenbi.com
2. Privacy Contact Point
For inquiries regarding data protection or to exercise your rights under the GDPR:
Contact: Use the contact page or write to privacy@raenbi.com Subject line format: "Privacy — [nature of request]"
RAENBI S.R.L. is not required to designate a Data Protection Officer pursuant to Art. 37 GDPR, as the organisation does not carry out large-scale systematic monitoring nor process special categories of data as a core activity. The privacy contact point above handles all data protection matters with equivalent diligence.
3. Applicable Legal Framework
This policy is governed by:
- Regulation (EU) 2016/679 (GDPR) — General Data Protection Regulation.
- Belgian Law of 30 July 2018 — on the protection of natural persons with regard to the processing of personal data.
- Belgian Law of 13 June 2005 — on electronic communications (transposing the ePrivacy Directive).
4. Categories of Personal Data
The following categories of personal data are processed on raenbi.com:
| Category | Examples | Collection method |
|---|---|---|
| Identification data | Name, email address | Contact form submission |
| Communication data | Free-text message, preferred language | Contact form submission |
| Verification data | Cloudflare Turnstile token (ephemeral) | Automated on form submission |
| Technical metadata | IP address, browser user-agent, HTTP referrer | Server access logs |
| Local preferences | Theme (light/dark), locale, cookie consent state | localStorage (client-side only) |
Data minimisation: We do not collect telephone numbers, postal addresses, or any special categories of data (Art. 9 GDPR) through this site.
5. Purposes and Legal Bases
In accordance with Art. 6(1) GDPR, personal data is processed for the following purposes:
| Purpose | Data categories | Legal basis |
|---|---|---|
| Processing contact form submissions | Name, email, message, preferred language | Legitimate interest (Art. 6(1)(f)) — responding to technical and professional enquiries |
| Bot mitigation on form submission | Turnstile verification token, IP address | Legitimate interest (Art. 6(1)(f)) — protecting infrastructure integrity |
| Infrastructure security and abuse detection | IP address, user-agent, server logs | Legitimate interest (Art. 6(1)(f)) — maintaining system availability |
| Audience measurement (anonymised) | Anonymised page views, session data | Consent (Art. 6(1)(a)) — via cookie preferences |
| Compliance with legal obligations | Contact and contractual records | Legal obligation (Art. 6(1)(c)) — Belgian accounting and tax law |
Legitimate interest balancing (Art. 6(1)(f)): Where legitimate interest is invoked, a documented balancing assessment confirms that processing is proportionate, limited to necessary data, and does not override the fundamental rights of data subjects. You may object to such processing at any time (see Section 9).
6. Recipients and Sub-processors
Personal data is disclosed only to the following categories of recipients, each bound by a data processing agreement pursuant to Art. 28 GDPR:
| Sub-processor | Function | Data processed | Location |
|---|---|---|---|
| Hetzner Online GmbH | VPS hosting, static site delivery | Server logs (IP, user-agent) | Germany (EU) |
| Cloudflare, Inc. | Turnstile CAPTCHA verification | Ephemeral token, IP address | EU / United States (\*) |
| Transactional email provider | Contact form message routing | Name, email, message content | European Union |
| Runatics | Privacy-focused audience measurement | Anonymised session data | European Union |
(\*) See Section 7 regarding international transfer safeguards for Cloudflare.
7. International Transfers
All primary data processing infrastructure is located within the EEA (Hetzner, Germany).
The sole transfer to a third country concerns Cloudflare Turnstile (CAPTCHA service), whose verification requests may be routed through servers in the United States. This transfer is protected by:
- Standard Contractual Clauses (SCCs) adopted under Commission Implementing Decision (EU) 2021/914.
- Cloudflare's participation in the EU-U.S. Data Privacy Framework (adequacy decision of 10 July 2023).
The data transmitted to Cloudflare is limited to an ephemeral verification token and the requester's IP address. No directly identifying personal data (name, email) is transferred to Cloudflare.
No other transfers to third countries outside the EEA are performed.
8. Retention Periods
Data is retained only for the duration necessary to fulfil the stated purpose, in accordance with Art. 5(1)(e) GDPR:
| Data category | Retention period | Justification |
|---|---|---|
| Contact form submissions | 24 months after last interaction | Reasonable follow-up period for technical enquiries |
| Server access logs | 12 months | Security incident detection and forensic analysis |
| Cloudflare Turnstile tokens | Not retained (ephemeral) | Processed in-memory during verification only |
| Anonymised analytics | 26 months maximum | Longitudinal trend analysis |
| Cookie consent preferences | Until withdrawal or browser storage cleared | Respecting user choice per EDPB guidelines |
| Contractual records | 10 years after contract termination | Belgian accounting obligations (Code of Economic Law) |
Upon expiry of the applicable retention period, data is permanently deleted or irreversibly anonymised.
9. Data Subject Rights
Under Art. 15–22 GDPR and the Belgian Law of 30 July 2018, you have the following rights:
- Right of access (Art. 15): Obtain confirmation of whether your personal data is processed and receive a machine-readable copy.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
- Right to erasure (Art. 17): Request deletion of your data where processing is no longer necessary, consent is withdrawn, or processing is unlawful.
- Right to restriction of processing (Art. 18): Request suspension of processing where accuracy is contested, processing is unlawful, or an objection is pending review.
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (e.g., JSON, CSV) and transmit it to another controller.
- Right to object (Art. 21): Object at any time to processing based on legitimate interest, on grounds relating to your particular situation. Processing ceases unless compelling legitimate grounds override your interests.
- Right not to be subject to automated decisions (Art. 22): Not applicable — see Section 12.
- Right to withdraw consent (Art. 7(3)): Withdraw consent at any time for processing dependent on it, without affecting the lawfulness of processing performed prior to withdrawal.
Exercise procedure: Use the contact page or write to privacy@raenbi.com with sufficient identification details. We will acknowledge receipt within 5 business days and provide a substantive response within one month, in accordance with Art. 12(3) GDPR. This period may be extended by two months for complex requests, with prior notification.
10. Right to Lodge a Complaint
If you consider that the processing of your personal data infringes the GDPR or Belgian data protection law, you have the right to lodge a complaint with the competent supervisory authority:
Belgian Data Protection Authority (APD/GBA) Rue de la Presse / Drukpersstraat 35 1000 Brussels, Belgium Tel.: +32 (0)2 274 48 00 Email: contact@apd-gba.be Website: https://www.dataprotectionauthority.be/
This right is exercised without prejudice to any other administrative or judicial remedy available under Art. 77–79 GDPR.
11. Data Security
In accordance with Art. 32 GDPR, RAENBI S.R.L. implements technical and organisational measures proportionate to the risk, including:
Technical measures:
- TLS 1.3 encryption for all data in transit (HTTPS enforced via HSTS).
- Encrypted storage volumes on hosting infrastructure.
- Automated security patching and dependency vulnerability scanning.
- Network-level firewall rules and rate limiting.
- Cloudflare Turnstile for bot mitigation (no traditional CAPTCHA solving required).
Organisational measures:
- Principle of least privilege for system access.
- Documented incident response procedures.
- Sub-processor due diligence and contractual data protection obligations.
- Regular review of access permissions and security configurations.
12. Automated Decision-Making and Profiling
RAENBI S.R.L. does not engage in automated decision-making, including profiling, that produces legal effects or similarly significantly affects data subjects within the meaning of Art. 22 GDPR.
The Cloudflare Turnstile verification constitutes a binary bot-detection mechanism and does not involve profiling or individual assessment.
13. Cookies and Similar Technologies
This site uses localStorage for functional preferences (theme, locale, consent state). Analytical cookies are set only upon explicit consent.
For comprehensive information on cookie categories, purposes, and management options, refer to our Cookie Policy and configure your preferences via the Cookie Preferences panel accessible from the footer of every page.
The legal framework for cookies and similar technologies is the Belgian Law of 13 June 2005, transposing Directive 2002/58/EC (ePrivacy).
14. Policy Modifications
RAENBI S.R.L. may update this policy to reflect changes in processing activities, legal requirements, or regulatory guidance. Substantive modifications will be indicated by an updated revision date at the top of this document and, where appropriate, a notice on the site.
We recommend periodic review of this policy. The current version supersedes all prior versions.
15. Last Updated
This policy was last revised on 24 May 2025.