Privacy policy.
Processing of personal data collected via dfacto.eu — in accordance with the General Data Protection Regulation (GDPR) and the Belgian law of July 30, 2018.
Data Controller
Dfacto-Decorex SPRL
55 Rue des Anciens Étangs, 1190 Bruxelles, Belgique
TVA : BE 0416.145.935
Email : info@dfacto.be
Data Collected
When using our website and its forms, we collect the following data:
- First and last name
- Professional email address
- Phone number (optional)
- Company name
- Message and project details
- Uploaded files (logo or design, via the quote form)
This data is collected solely through the quote request, project brief and contact forms on the website.
Purposes and Legal Basis
Processing of commercial requests
Your data is used to process your quote, brief or contact requests, and to manage the commercial relationship. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in the context of a B2B relationship.
Newsletter
If you subscribe to our newsletter, your email address is used for that purpose only. Legal basis: consent (Art. 6(1)(a) GDPR). You may unsubscribe at any time via the link in each email.
Retention Period
- Prospects (enquiry without a commercial follow-up): 3 years from the last contact.
- Clients (established commercial relationship): 7 years from the end of the relationship, in accordance with Belgian legal accounting obligations.
Processors
Your data may be shared with the following processors, strictly within the scope of the purposes described above:
- Brevo (Sendinblue SA) — transactional email delivery and contact management. Data hosted within the European Union.
- Vercel Inc. — website hosting (frontend). Servers located in the United States. Transfer governed by Standard Contractual Clauses (SCC) adopted by the European Commission.
- Render Inc. — application backend and database hosting (product catalogue, content data). Servers located in the United States. Transfer governed by Standard Contractual Clauses (SCC) adopted by the European Commission.
- Meta Platforms Ireland Ltd. — advertising measurement via the Meta Pixel (advanced matching). Upon cookie acceptance, certain data (email, first name, last name) is transmitted in SHA-256 hashed form for conversion measurement and remarketing purposes. This data does not allow DFACTO to identify an individual but is decryptable by Meta. Meta Data Policy →
Cookies and advertising
Our website uses analytics and advertising cookies. They are only placed after your explicit consent, collected via the banner displayed on your first visit.
- Plausible Analytics — anonymous collection, no third-party cookies, no transfers outside the EU. Enabled only after consent (category: "Audience measurement").
- Meta Pixel — enabled only after consent. Measures conversions from Meta Ads campaigns and advanced matching (SHA-256 hashed data).
- Google Analytics 4 — enabled only after consent. Audience measurement and browsing behaviour.
You may withdraw your consent at any time by clearing your browser data for this website (localStorage → key cookie-consent-v2).
Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access: obtain a copy of the data concerning you.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request the deletion of your data (within the limits of legal obligations).
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to the processing of your data based on legitimate interest.
To exercise these rights, contact us at info@dfacto.be. We will respond within one month.
Transfers outside the European Union
Your data may be transferred to the United States in the following cases: Vercel hosting and, upon acceptance of advertising cookies, transmission of hashed data to Meta Platforms Inc. These transfers are governed by appropriate contractual safeguards (Standard Contractual Clauses adopted by the European Commission).
Supervisory Authority
If you believe that the processing of your personal data does not comply with the GDPR, you have the right to lodge a complaint with the Belgian supervisory authority:
Data Protection Authority (DPA)
Rue de la Presse 35, 1000 Bruxelles
www.autoriteprotectiondonnees.be
Last updated: June 2026