1. Data controller

The data controller responsible for processing personal data collected via this website is:

Bureau Rouge SRL
Registered office: Rue Capitaine Crespel 18, 1050 Ixelles, Belgium
Company number (BCE/KBO): 0797.013.564
Contact: info@bureaurouge.com

Bureau Rouge has not appointed a Data Protection Officer (DPO) as it is not legally required for its current activities.

2. Personal data we collect

Depending on how you interact with the website, we may collect:

A. Contact data (contact form / enquiries)

• Name
• Email address
• Telephone number (if provided)
• Message content and any information you choose to include

B. Newsletter data

• Email address
• (Optional) name or preferences if you provide them via Mailchimp forms

C. Technical and security data

• IP address
• Browser type and device information
• Approximate location (inferred from IP)
• Server and security logs (access logs, error logs)

D. Usage and marketing data (cookies / tags)

• Aggregated website usage data (e.g., page views, interactions) via Google Analytics 4
• Advertising / conversion data via marketing tags (e.g., Google Ads, Meta, LinkedIn), where enabled and consented

We do not intentionally collect special category data (sensitive data) via this website.

3. Why we process your data (purposes)

We process personal data for the following purposes:

• Responding to enquiries submitted via the contact form or by email
• Managing pre-contractual and professional communications (e.g., preparing a call, briefing, proposal)
• Operating, securing, and maintaining the website and its infrastructure
• Analytics and performance: understanding how the website is used and improving content and performance
• Marketing measurement and campaign performance: measuring advertising performance and conversions (where applicable and consented)
• Newsletter communications (if you subscribe)

4. Legal bases (GDPR Article 6)

We rely on the following legal bases:

A. Enquiries / contact form

Pre-contractual measures (Art. 6(1)(b)) where your request relates to potential services and/or legitimate interests (Art. 6(1)(f)) to manage professional communications and requests.

B. Website security and technical logs

Legitimate interests (Art. 6(1)(f)) to ensure website security, prevent fraud/abuse, and maintain service continuity.

C. Analytics and marketing cookies/tags (GA4, ads pixels)

Consent (Art. 6(1)(a)) where required for non-essential cookies and similar technologies.

D. Newsletter

Consent (Art. 6(1)(a)) (unsubscribe at any time).

5. Is providing your data mandatory?

Contact form: providing at least your name and email is necessary for us to respond. If you do not provide this information, we may be unable to reply.

Telephone number: optional (you may include it if you want a call back).

Newsletter: only your email address is required to subscribe.

6. Data retention

We keep personal data no longer than necessary for the purposes described above, subject to legal obligations and legitimate archiving needs.

Typical retention periods:

A. Enquiries / prospects (contact form or email)

Up to 24 months after the last interaction, unless the discussion becomes a contractual relationship or unless longer retention is necessary for legal claims or dispute management.

B. Clients / contractual and project records

We may retain contractual, administrative, and project-related records for up to 20 years, notably to manage long-term project histories, rights and usage questions, and to defend legal claims, while taking into account applicable legal retention rules (e.g., accounting and tax obligations).

C. Newsletter subscribers

Until you unsubscribe, or until we remove inactive contacts in accordance with our mailing practices (you can unsubscribe at any time via the link included in our emails).

D. Technical and security logs

Typically up to 12 months, unless a security incident requires longer retention for investigation.

E. Analytics data

According to the retention settings of the tools used (e.g., GA4 settings), and only where consent is given when required.

7. Recipients of personal data

We may share personal data with trusted service providers who act as processors or as separate controllers depending on their role, including:

• Hosting and domain services: Infomaniak (Switzerland)
• Website platform and technical maintenance: WordPress environment and relevant service providers involved in maintenance (where applicable)
• Email and collaboration tools: Microsoft 365
• CRM / internal organisation: Notion (used to manage leads and requests)
• Newsletter platform: Mailchimp
• Analytics and marketing platforms (where enabled and, where required, consented): Google Analytics 4, Google Ads, Meta (Instagram), LinkedIn
• Embedded media platforms: YouTube and/or Vimeo (when you play embedded videos)

We only share data that is necessary for the relevant purpose, and service providers are contractually required to protect personal data and process it on our instructions where they act as processors.

8. International data transfers

Some service providers may process personal data outside the European Union / European Economic Area.

Switzerland (Infomaniak) is subject to an adequacy decision under EU data protection rules.

For other providers that may process data outside the EEA (often in the United States), Bureau Rouge relies on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, and where appropriate additional measures.

9. Your rights

Under the GDPR, you have the right to:

• access your personal data
• request rectification or erasure
• request restriction of processing
• object to processing based on legitimate interests
• withdraw consent at any time (where processing is based on consent)
• request data portability, where applicable

To exercise your rights, contact: info@bureaurouge.com

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).

10. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. Where required, non-essential cookies are only used after you have made a choice via our cookie banner/preferences.

11. Changes to this Privacy Policy

We may update this Privacy Policy at any time. The version published on the website is the applicable version.

© Bureau Rouge SRL – 2026