[Privacy policy]
Privacy policy for Neuval.
This policy explains what personal data Neuval processes when someone visits the website, books a call, or chooses optional analytics.
Controller
Who is responsible for this website
Neuval operates this website from Brussels, Belgium. For privacy requests, corrections, deletion requests, or questions about how project information is handled, contact info@neuval.be.
Formal contracting details, invoice details, and any applicable company or VAT information are confirmed in the relevant proposal, statement of work, or invoice.
Plain summary
The short version
- We collect only the information needed to run the website, answer enquiries, prevent spam, and schedule calls.
- The contact drawer asks only for email, phone, and what the visitor wants to discuss.
- Analytics is optional. Google Analytics loads only after a visitor chooses ALLOW.
- Declining analytics does not block access to the website, contact route, portfolio, or FAQ.
- We do not sell personal data.
- We do not use the website to make automated legal, credit, hiring, or eligibility decisions about visitors.
Data categories
What data may be processed
| Context | Examples | Why it is used |
|---|---|---|
| Website visit | Page URL, device/browser signals, approximate technical logs, security events | To serve the website, keep it secure, debug errors, and understand whether pages work. |
| Contact or booking request | Email, phone number, call topic, source page, submitted timestamp | To reply to the enquiry, prepare the call, and decide whether there is a fit. |
| Booking flow | Selected time slot, attendee email, phone number, call topic, Google Calendar event metadata, Google Meet metadata | To show available times and create a Google Calendar event when a visitor books a call. |
| Anti-abuse checks | reCAPTCHA Enterprise token and technical risk signals | To reduce spam, fake bookings, form abuse, and automated submissions. |
| Optional analytics | Google Analytics events such as page view, contact open, booking slot selection, booking submit, and CTA clicks | To understand site performance and improve content, only after consent. |
GDPR basis
Why each processing activity is allowed
| Activity | Primary legal basis | Reasoning |
|---|---|---|
| Responding to project enquiries | Pre-contract steps and legitimate interest | The visitor asks Neuval to evaluate or discuss a possible project. |
| Scheduling a call | Pre-contract steps | The booking flow exists to arrange a requested conversation. |
| Security, spam prevention, and service integrity | Legitimate interest | Neuval needs to protect the website, forms, calendar, and inbox from abuse. |
| Optional analytics | Consent | Analytics runs only after the visitor actively allows it. |
| Invoices, accounting, and legal records after a project starts | Legal obligation and contract performance | Business records may need to be retained for accounting, tax, or legal reasons. |
Service providers
Processors and external services
Neuval uses a small stack of external providers to operate the website and booking workflow. These services may process data as independent controllers, processors, or sub-processors depending on the exact feature.
| Provider | Role in this website | Data involved |
|---|---|---|
| Firebase Hosting and Firebase Functions | Hosting, HTTPS delivery, API routing, serverless booking endpoints | Website files, logs, request metadata, booking API payloads |
| Google Calendar and Google Meet | Availability lookup, event creation, attendee invite, and Meet link creation | Booking time, attendee email, phone number and topic in the event description, Calendar and Meet metadata |
| Google reCAPTCHA Enterprise | Bot and abuse protection for booking submissions | Token, browser and interaction signals used for risk analysis |
| Google Analytics 4 | Optional analytics after consent | Page and event analytics connected to the GA4 measurement ID |
| Google Fonts | Font delivery for IBM Plex Mono | Browser request metadata when the font is requested |
Retention
How long data is kept
| Data | Typical retention |
|---|---|
| Unsubmitted form data | Not intentionally stored by Neuval. It remains only in the browser while the visitor is filling the form. |
| Booking enquiries | Kept while evaluating, replying to, and following up on the enquiry. Leads that do not progress should be reviewed and removed when no longer useful. |
| Calendar booking data | Kept in Google Calendar as long as needed for scheduling, attendance, records, and follow-up. |
| Analytics data | Kept according to the Google Analytics property retention settings. Only collected after consent. |
| Security and hosting logs | Kept according to Firebase and Google Cloud operational retention settings. |
| Client and invoice records | Kept as required for accounting, tax, contract, and legal obligations. |
GDPR rights
Your rights
Depending on the context and legal basis, people in the European Economic Area may request access, correction, deletion, restriction, portability, objection, or withdrawal of consent.
To exercise a right, email info@neuval.be. Neuval may need enough information to verify the request and locate the relevant record.
- Access: ask what data is held about you.
- Correction: ask to fix inaccurate or incomplete data.
- Deletion: ask to delete data when there is no overriding reason to keep it.
- Restriction: ask to limit processing in certain cases.
- Portability: ask for data you provided in a usable format when applicable.
- Objection: object to processing based on legitimate interest.
- Withdraw consent: change your analytics preference at any time.
Supervisory authority
Complaints and official guidance
If a privacy concern cannot be resolved directly, you can contact the Belgian Data Protection Authority or the supervisory authority in your country.
Updates
Policy changes
This policy will be updated when the website, booking flow, analytics setup, providers, or legal requirements materially change.