Privacy policy

GAST Tech cares about your privacy. Below you can read which personal data I process, why, on which legal basis and for how long, who I share it with, and which rights you have. This policy applies to this website (gast.gent) and to my services.

Last updated: 30 May 2026.

Who processes your data

GAST Tech is the sole proprietorship of Gaëtan Steijaert, based in Ghent (Belgium), with company and VAT number BE 0784.848.576. I am the controller for the personal data processed through this website and in the course of my engagements. A question or a request about your data? Mail [email protected].

Which data I process, what for and on which legal basis

I do not process more data than needed, always with a clear purpose and a legal basis from the GDPR.

When you get in touch

Through the contact form or by e-mail I process your name, e-mail address, optionally your phone number and company, and the content of your message. Purpose: answering your question, planning a meeting and preparing a possible collaboration. Legal basis: your consent and the steps that precede a contract (art. 6.1.a and 6.1.b GDPR), and my legitimate interest in responding to your question (art. 6.1.f). Retention: up to two years after our last contact if no engagement follows.

Your data and the follow-up of our contact are kept in my own customer follow-up (CRM), which I host myself on my own WordPress environment at my hosting provider. I do not use an external CRM service for this. My e-mail runs on Microsoft 365 (Microsoft Ireland), so I can answer you properly and reliably.

During an engagement

The data I need to carry out the engagement, including the access you give me to your systems. Purpose: performing our agreement. Legal basis: performance of the contract (art. 6.1.b GDPR). Retention: for the duration of the engagement and a reasonable period afterwards.

Invoicing

The data on my invoices and in my bookkeeping. Purpose: meeting my legal accounting and tax obligations. Legal basis: legal obligation (art. 6.1.c GDPR). Retention: seven years, as required by Belgian law.

Visiting this website

My server keeps standard technical log files, such as your IP address, the time of your visit and your browser details. Purpose: security, troubleshooting and the proper working of the site. Legal basis: my legitimate interest (art. 6.1.f GDPR). Retention: limited, usually a few weeks to months.

Access to your systems during an engagement

If I carry out an engagement in which I get access to systems containing personal data of your customers or employees, I process that data exclusively on your behalf. For that data I am a processor and you remain the controller. We record this in a data processing agreement (art. 28 GDPR): I use the data only for the engagement, secure it, and do not pass it on to anyone else.

Who I share data with

I never sell your data and do not share it for advertising purposes. To run my services I do rely on a small number of trusted providers, who act exclusively on my behalf and under a data processing agreement: my hosting provider (where this website and my self-hosted customer follow-up run) and Microsoft 365 for my e-mail. So my customer follow-up is not shared with an external CRM vendor. Beyond that I only share data when the law requires it or when it is needed to defend my rights.

Transfers outside the European Economic Area

I try to keep your data within the EEA. If a provider does process data outside the EEA, this only happens with appropriate safeguards, such as an adequacy decision of the European Commission or standard contractual clauses (art. 44 ff. GDPR).

Cookies

This site only uses strictly necessary cookies needed for it to work, plus one cookie that remembers your language choice (Dutch or English). No consent is required for those. I use no tracking, advertising or social media cookies.

For visitor statistics I use Matomo, which I host on my own server. Matomo sets no cookies, anonymises your IP address, shares no data with third parties and does not follow you across websites. No consent is required for that. If cookies that do require consent are ever added, I will ask first through a clear cookie banner and update this policy.

Security

I take appropriate technical and organisational measures to protect your data against loss, misuse and unauthorised access.

Your rights

You have the right to access, rectify, erase, restrict and port your data, the right to object, and the right to withdraw any consent you have given at any time. Mail [email protected] to do so. I respond within one month. To protect you I may ask you to confirm your identity.

Filing a complaint

If you are not happy with how I handle your data, let me know first and we will look for a solution together. You also always have the right to file a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit), Drukpersstraat 35, 1000 Brussels, [email protected], www.gegevensbeschermingsautoriteit.be.

Changes

I may update this privacy policy when my services or the tools I use change. The date at the top shows the latest change.