Belgium ⇆ Ukraine Tech Gateway Launching 2026 Cyber · AI · Dual-Use · Space Kyiv · Brussels · Luxembourg Reconstruction-ready partners Belgium ⇆ Ukraine Tech Gateway Launching 2026 Cyber · AI · Dual-Use · Space Kyiv · Brussels · Luxembourg Reconstruction-ready partners
◆ Legal Effective date: 28 April 2026 Version 1.0

Privacy
Policy

How Belgian TechHub Ukraine collects, uses, and protects your personal data. This policy applies to all visitors and contacts of belgiantechhub.com.

01

Data Controller

The data controller responsible for your personal data is:

EntityBelgian TechHub Ukraine (BTU)
DomicileBelgium / Ukraine (bilateral platform)
Emailprivacy@belgiantechhub.com
Websitebelgiantechhub.com

BTU is a bilateral platform operating across the Belgian and Ukrainian tech ecosystems. As a data controller, BTU determines the purposes and means of processing personal data you provide to us.

BTU does not appoint a formal Data Protection Officer (DPO) at this stage, as processing is not carried out at a scale requiring mandatory appointment under Article 37 GDPR. For all data protection enquiries, contact us at the address above.

02

Data We Collect

We collect only the personal data that is necessary for the purposes described in Article 03. We do not collect sensitive categories of data (Article 9 GDPR).

2.1 — Contact & Membership Enquiries

When you submit our contact form, we collect:

  • Full name
  • Professional email address
  • Organisation name and country (optional)
  • LinkedIn profile URL
  • Your message content
  • Submission timestamp and origin country (logged automatically)

2.2 — Technical Data

When you browse this website, our infrastructure (Cloudflare) may process:

  • IP address (anonymised or truncated for analytics)
  • Browser type and version
  • Referring URL and pages visited
  • Date and time of access

This data is processed by Cloudflare Inc. under its own privacy terms.

2.3 — Analytics Data (Google Analytics)

If you consent to analytics cookies, Google Analytics (operated by Google Ireland Ltd.) collects:

  • Pages visited and navigation path
  • Session duration and bounce rate
  • Approximate geographic location (country / region, derived from IP)
  • Device type, operating system, and browser
  • Traffic source and referral URL

This data is associated with a randomly assigned client identifier stored in a cookie, not with your name or email. IP addresses are anonymised before storage. You may opt out at any time by withdrawing your cookie consent.

2.4 — Communications

If you correspond with us by email, we retain those communications as part of our relationship management records.

03

Purposes & Legal Bases

We process your personal data only for the purposes listed below, each with a defined legal basis under GDPR (Regulation (EU) 2016/679) and, where applicable, the Ukrainian Law on Personal Data Protection (No. 2297-VI, 1 June 2010, as amended).

Purpose Legal Basis (GDPR) Legal Basis (UA Law)
Responding to your contact form enquiry Art. 6(1)(b) — pre-contractual steps at your request Art. 11(1) — consent / contract performance
Processing a membership application Art. 6(1)(b) — contract performance Art. 11(1) — contract performance
Maintaining a record of our contacts and partners Art. 6(1)(f) — legitimate interests (business development) Art. 11(1) — legitimate interests of the controller
Sending relevant updates about BTU activities (newsletters, event invitations) Art. 6(1)(a) — consent (opt-in, separately obtained) Art. 11(1) — consent
Measuring website audience and improving content (Google Analytics) Art. 6(1)(a) — consent (cookie banner, opt-in) Art. 11(1) — consent
Ensuring website and infrastructure security Art. 6(1)(f) — legitimate interests (security) Art. 11(1) — legitimate interests of the controller
Complying with legal obligations Art. 6(1)(c) — legal obligation Art. 11(1) — legal obligation

Where our legal basis is legitimate interests, we have conducted a balancing test and concluded that our interests do not override your rights and freedoms. You may request a copy of this assessment by contacting us.

Where our legal basis is consent, you may withdraw it at any time without affecting the lawfulness of prior processing. To withdraw consent, contact us at privacy@belgiantechhub.com.

04

Data Sharing

We do not sell, rent, or trade your personal data. We share it only with the following categories of recipients, and only to the extent necessary:

4.1 — Infrastructure (Cloudflare)

This website is hosted on Cloudflare Pages. Cloudflare processes connection-level technical data as part of its CDN and security services. See Cloudflare's Privacy Policy for details.

4.2 — Analytics (Google Analytics)

If you accept analytics cookies, browsing data is shared with Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), acting as our data processor. Google may transfer this data to Google LLC in the United States under Standard Contractual Clauses. See Google's Privacy Policy for details. We have enabled IP anonymisation and do not share any personally identifying information with Google Analytics.

4.3 — Founders and Core Team

Authorised members of the BTU founding team (Belgium and Ukraine) access your data solely to follow up on your enquiry or manage your membership. All team members are bound by confidentiality obligations.

4.4 — Legal Disclosure

We may disclose data if required by law, court order, or a competent authority in Belgium or Ukraine, provided such request is lawful and proportionate.

05

International Transfers

BTU operates as a bilateral platform with team members in Belgium (EU) and Ukraine (non-EU country). Your data may therefore be accessed from both jurisdictions.

5.1 — Transfers to Belgium / EU

Belgium is an EU member state. Processing within Belgium is governed by GDPR. No additional safeguards are required for intra-EU transfers.

5.2 — Transfers to the United States (Google)

If you accept analytics cookies, data collected by Google Analytics may be transferred to Google LLC in the United States. The United States is subject to an adequacy decision under the EU–US Data Privacy Framework (Commission Decision of 10 July 2023). Google LLC participates in this framework. Where transfers fall outside this framework, Standard Contractual Clauses apply. You may avoid this transfer entirely by declining analytics cookies.

5.3 — Transfers to Ukraine

Ukraine is not currently subject to an EU adequacy decision under GDPR Article 45. Transfers of personal data from Belgium/EU to Ukraine are carried out on the basis of Standard Contractual Clauses (European Commission Decision 2021/914) between the EU-based controller and the Ukrainian-based processing party.

Ukraine's own data protection framework (Law No. 2297-VI, as amended) requires that cross-border personal data transfers be permitted only where the recipient country provides an adequate level of protection or where appropriate safeguards exist. We apply equivalent protections when transferring data in the reverse direction.

You may request a copy of the applicable transfer safeguards by contacting us at privacy@belgiantechhub.com.

06

Retention Periods

We retain personal data only as long as necessary for the purpose for which it was collected, or as required by law.

Data Category Retention Period Rationale
Contact form submissions (no membership) 12 months from submission Follow-up window; deleted unless a relationship develops
Active member records Duration of membership + 5 years Contractual record-keeping and statutory obligations
Partner and institutional contact records Duration of relationship + 3 years Legitimate interest in maintaining bilateral relationships
Email correspondence 3 years from last interaction Legitimate interest; potential legal basis for claims
Technical / access logs (Cloudflare) Per Cloudflare's policy (typically ≤ 30 days) Security and infrastructure management

When the applicable retention period expires, data is permanently deleted or anonymised. If you request erasure before that date, we will comply unless a legal obligation requires us to retain it.

07

Your Rights

You have rights over your personal data under both GDPR and Ukrainian Law No. 2297-VI. These rights are substantively aligned; we honour both.

Right of Access

You may request a copy of the personal data we hold about you, along with information about how it is processed (GDPR Art. 15; UA Law Art. 16).

Right to Rectification

You may request correction of inaccurate or incomplete data (GDPR Art. 16; UA Law Art. 16).

Right to Erasure

You may request deletion of your data where it is no longer necessary, where you withdraw consent, or where processing is unlawful, subject to legal retention obligations (GDPR Art. 17; UA Law Art. 19).

Right to Restriction

You may request that we restrict processing of your data in certain circumstances, for example while accuracy is contested (GDPR Art. 18).

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, machine-readable format (GDPR Art. 20).

Right to Object

You may object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds (GDPR Art. 21; UA Law Art. 16).

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal (GDPR Art. 7).

Right Not to Be Subject to Automated Decisions

We do not make solely automated decisions with legal or similarly significant effects on you (GDPR Art. 22).

Right to Lodge a Complaint

You have the right to lodge a complaint with a competent supervisory authority — in Belgium, the Gegevensbeschermingsautoriteit (GBA/APD), or the authority of your country of habitual residence or work (GDPR Art. 77). You are not required to contact us first, though we welcome the opportunity to resolve concerns directly.

To exercise any of these rights, submit a written request to privacy@belgiantechhub.com. We will respond within 30 calendar days. In complex cases we may extend this by a further 60 days, with notification.

We will not charge a fee for legitimate requests. We may request verification of identity before processing your request to protect against unauthorised disclosure.

08

Cookies & Tracking

This website uses two categories of cookies:

Strictly Necessary Cookies (no consent required)

Cookie Provider Purpose Duration
__cf_bm Cloudflare Bot management and infrastructure security 30 minutes

Analytics Cookies (consent required)

Cookie Provider Purpose Duration
_ga Google Analytics Distinguishes unique users via a randomly generated client ID 2 years
_ga_* Google Analytics Maintains session state for the GA4 property 2 years

Analytics cookies are only placed after you accept them via our cookie consent banner. You may withdraw consent at any time by clicking "Cookie settings" in the website footer. Withdrawing consent stops future data collection but does not retroactively delete data already sent to Google.

We do not use advertising, retargeting, or behavioural profiling cookies. We do not share cookie data with any party other than Google Analytics as described in Article 04.

09

Security

We implement appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

Measures in place include:

  • TLS encryption for all data in transit (HTTPS enforced)
  • Cloudflare WAF and DDoS protection at the infrastructure level
  • Access to personal data restricted to authorised team members on a need-to-know basis
  • No personal data stored in version control or public repositories

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and inform the competent supervisory authority within 72 hours, as required by GDPR Article 33–34 and UA Law Article 24-1.

10

Policy Updates

This policy may be updated to reflect changes in our data processing activities, legal requirements, or regulatory guidance. When we make material changes, we will:

  • Update the effective date at the top of this page
  • Notify active members and recent contacts by email where the change directly affects their data

The most current version of this policy is always available at belgiantechhub.com/privacy. Continued use of our website or services after an update constitutes acknowledgement of the revised policy, where permitted by applicable law.

11

Contact

For any data protection enquiry, rights request, or complaint, contact us at:

Emailprivacy@belgiantechhub.com
General contacthello@belgiantechhub.com

We are committed to resolving data protection concerns promptly. If you are not satisfied with our response, you retain the right to escalate to a supervisory authority as described in Article 07.