Privacy Policy
Version 1.1 — 11 June 2026
1. Who we are
ianka fleerackers Comm. V. (hereafter "we", "us", or "our") is a Belgian limited partnership (commanditaire vennootschap) with registered offices at Nieuwstraat 84, 2880 Bornem, Belgium, and enterprise / VAT number BE 0824.677.865.
We operate bookto.eu as the platform marketing site for bookto tools. If you are a merchant using one of our tools, a separate privacy policy applies to that tool — see bookto checkout Privacy Policy.
For any question about your personal data, or to exercise the rights described in section 8, contact us at legal@bookto.eu. You may write in English or Dutch; we will respond in the language you used.
2. Scope
This policy applies to all personal data we process through bookto.eu as data controller — meaning visitors to the marketing site, newsletter subscribers, and people who contact us directly.
It does not cover the processing of personal data through our tools (checkout.bookto.eu and other subdomains). Those are governed by the privacy policy of the respective tool.
It does not cover third-party websites you may reach by following an external link — once you leave, the privacy practices of the destination apply.
3. What personal data we collect
If you visit bookto.eu
Through Google Analytics 4 we receive your IP address in pseudonymised form, browser type and version, operating system, the pages you visit, and the approximate region inferred from your IP address. This only happens after you give consent through the cookie banner. The specific cookies used are listed in our cookie policy.
If you sign up for our newsletter
When you subscribe to our newsletter, we process your email address and, if you provide it, your first name. Subscriptions are managed through Kit (ConvertKit). You may subscribe directly on bookto.eu, or by ticking the optional consent box when signing up for a bookto checkout trial or account — both feed the same mailing list. You can unsubscribe at any time via the link in every email.
If you correspond with us by email
If you email us (for example at legal@bookto.eu), we receive your email address, your name if included in your signature, and the content of your correspondence. Emails are processed through Microsoft 365 (see section 5).
What we do not collect on this site
- No card numbers, CVC codes, or bank account numbers.
- No special categories of personal data under article 9 GDPR.
- No social media tracking pixels or advertising identifiers.
- No video embed cookies — this site has no YouTube or Vimeo embeds.
4. Why we process your data and on which legal basis
Under the GDPR (article 6), we may only process personal data if we have a valid legal basis.
Analytics and site improvement. We use Google Analytics 4 to understand how visitors use the site. Legal basis: your consent under article 6(1)(a) GDPR, given (or declined) through the cookie banner.
Newsletter. When you subscribe to our newsletter — whether on bookto.eu or by opting in during a bookto checkout trial or account signup — we process your email address to send you updates about bookto. Legal basis: your consent under article 6(1)(a) GDPR, given at the moment of subscription. You may withdraw this consent at any time by unsubscribing.
Responding to your messages. When you contact us, we process your name, email address, and message content to reply. Legal basis: performance of a contract under article 6(1)(b) GDPR for service-related inquiries, or your consent under article 6(1)(a) GDPR for general correspondence.
Keeping the site secure and functioning. Our hosting provider (Vercel) processes technical data to keep the site available and prevent abuse. Legal basis: our legitimate interest in operating secure infrastructure under article 6(1)(f) GDPR.
Marketing and advertising (currently not active). We do not currently operate marketing or advertising pixels from Meta, LinkedIn, TikTok, or any similar platform. If we activate such tools, the legal basis will be your consent under article 6(1)(a) GDPR, requested separately through our cookie banner. This policy will be updated before any such tool is activated.
5. Who we share your data with
We do not sell, rent, or trade your personal data. We share it only with service providers who process it on our behalf, bound by a data processing agreement.
| Service provider | Purpose | Data processed | Location | Transfer safeguards |
|---|---|---|---|---|
| Microsoft 365 — Microsoft Ireland Operations Ltd. | Email content, name, email address | EU (EU Data Boundary) | Standard Contractual Clauses for limited support from outside the EU | |
| Vercel Inc. | Application hosting | Technical request data | EU region (Frankfurt). US-based parent entity. | Standard Contractual Clauses; EU-US Data Privacy Framework |
| Kit (ConvertKit Inc.) | Newsletter email | Email address, first name | United States | Standard Contractual Clauses; EU-US Data Privacy Framework |
| Google Analytics 4 — Google Ireland Ltd. / Google LLC | Analytics (active only with consent) | Pseudonymised IP address, browser, operating system, pages visited, approximate region | EU for EU users; technical processing in United States | Standard Contractual Clauses; EU-US Data Privacy Framework; Google Consent Mode v2 |
Public authorities. In exceptional cases we may be required to disclose personal data to public authorities (court order, law enforcement, tax audit). We only do so when legally obliged and limit disclosure to what is strictly required.
6. International transfers of personal data
Where possible, we keep your personal data within the European Economic Area. Microsoft 365 and Vercel EU regions store your data in the EU by default.
For services with US-based parent entities — Vercel, Kit, Google Analytics — operational routing may involve the United States. We rely on Standard Contractual Clauses (article 46 GDPR) signed with each provider, and on the EU-US Data Privacy Framework certification where the provider is certified. We monitor the status of the framework. If it is invalidated or replaced, we continue to rely on Standard Contractual Clauses.
You have the right to request a copy of the specific safeguards we rely on. Contact us at legal@bookto.eu.
7. How long we keep your data
Newsletter subscribers. As long as your subscription is active. When you unsubscribe, your email address is removed from our mailing list within 30 days. Kit may retain anonymised analytics data after removal.
Email correspondence. Up to 2 years after our last exchange, after which correspondence is deleted unless it relates to an active or anticipated legal matter.
Analytics data. Google Analytics 4 data is retained for 14 months, after which Google deletes event-level data.
Technical logs. Vercel logs are retained for up to 90 days for security, debugging, and abuse prevention.
Legal holds. In case of an actual or anticipated legal dispute, regulatory investigation, or law enforcement request, we may retain otherwise-deletable data as long as strictly necessary. You will be informed if the law permits.
8. Your rights
The GDPR gives you strong rights over your personal data. You can exercise any of them free of charge, and we will respond within 30 days. For complex requests we may extend this period by up to two additional months under article 12(3) GDPR; if we do, we will tell you within the first month and explain why.
Right of access (article 15). Ask whether we process data about you and receive a copy with information about purposes, categories, recipients, and retention.
Right to rectification (article 16). Ask us to correct or complete inaccurate or incomplete data.
Right to erasure (article 17). Ask us to delete your personal data. We will do so unless we are required or entitled to keep it.
Right to restriction of processing (article 18). In certain situations, ask us to pause processing instead of deleting.
Right to data portability (article 20). Receive data you provided, in a structured, commonly used, machine-readable format, or ask us to transmit it to another controller.
Right to object (article 21). Object to processing based on our legitimate interest.
Right to withdraw consent (article 7(3)). Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
Right to lodge a complaint (article 77). File a complaint with the Belgian Gegevensbeschermingsautoriteit (see section 9).
How to exercise your rights
Contact us at legal@bookto.eu. We do not ask for a copy of your ID. We confirm your identity proportionately — usually by replying from the email address we have on file for you, or by asking a limited verification question if we have reasonable doubt. We follow the guidance of the European Data Protection Board: identity verification must be proportionate and must not create unnecessary barriers.
9. Supervisory authority, changes, and contact
Supervisory authority
If you believe we have not handled your personal data correctly, you have the right to file a complaint with the Belgian data protection authority:
Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD) Drukpersstraat 35, 1000 Brussels, Belgium Phone: +32 (0)2 274 48 00 Email: contact@apd-gba.be — Website: www.gegevensbeschermingsautoriteit.be
You also retain the right to seek a judicial remedy before the competent civil court.
Changes to this policy
We may update this policy from time to time. When we do, we update the version number and date at the top. For changes that affect how we process your data materially, we will notify newsletter subscribers in advance where required.
Contact
For any question about this policy, contact us at legal@bookto.eu in English or Dutch.
ianka fleerackers Comm. V. · Nieuwstraat 84, 2880 Bornem, Belgium · VAT BE 0824.677.865