Privacy policy — GDPR

Last updated: May 2026

This English version is provided for convenience only. The French version (available here) is the legally binding version and prevails in the event of any discrepancy.

Compliant with Regulation (EU) 2016/679 and the Belgian law of 30 July 2018. This policy applies to personal data collected via the menelo.be website and in the context of the services provided by Menelo.

1. Data controller

The controller of the personal data collected via the menelo.be website is:

Data controller	Menelo — Hamande Nicolas
Registered address	Avenue de la Basilique 379/08, 1081 Koekelberg, Brussels
BCE number	BE 1038.179.122
Contact email	contact@menelo.be
Website	menelo.be

Menelo has not appointed a Data Protection Officer (DPO), in accordance with the exemption for small organisations that do not process data on a large scale or sensitive data.

2. Personal data collected

2.1 — Via the contact form (menelo.be)

When the contact form is submitted, the following data is collected:

First and last name
Email address
Phone number (if provided)
Message / Project description
Date and time of submission

Data minimisation principle (art. 5 GDPR): Menelo only collects the data strictly necessary to process your request. No superfluous data (date of birth, gender, etc.) is requested.

2.2 — In the context of Menelo services (clients)

For clients who have subscribed to a Menelo service, the following data may be processed:

Professional identification data (name, company, BCE, email, phone, address)
Billing data
Access data for the entrusted platforms (Meta Business Suite)
Advertising campaign performance data (aggregated metrics)

In this context, Menelo acts as a processor within the meaning of the GDPR — the client remaining the controller of the data of their own prospects and leads.

2.3 — Browsing data (cookies)

Browsing data may be collected via cookies, subject to your prior consent. For more information, see our Cookie policy.

3. Purposes and legal bases of processing

Purpose	Legal basis (art. 6 GDPR)	Retention
Responding to contact requests	Legitimate interest (art. 6.1.f)	3 years after last contact
Performance of subscribed services	Performance of the contract (art. 6.1.b)	Contract duration + 7 years
Invoicing and tax obligations	Legal obligation (art. 6.1.c)	10 years (Belgian tax law)
Anonymised traffic statistics	Legitimate interest (art. 6.1.f)	13 months (anonymised)
Sending marketing emails (if consented)	Consent (art. 6.1.a)	Until consent is withdrawn

4. Data recipients

Your personal data may be shared with the following processors, strictly limited to what is necessary for the provision of services:

Processor	Country / Zone	Purpose
Infomaniak Network SA	Switzerland (EU adequacy)	Hosting of the menelo.be website
Systeme.io	France (EU)	Contact form, client landing pages, email automation
Make.com (Celonis)	EU — Prague	Lead notification automation
Canva Pty Ltd	Australia (EU clauses)	Visual creation
Meta Platforms Ireland	Ireland (EU)	Meta Pixel — advertising performance measurement (if consented)

Your data is never sold, rented or transferred to third parties for commercial purposes. It is only shared with the processors listed above, strictly to the extent necessary for their mission.

5. Your rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights over your personal data:

Right of access (art. 15)	Obtain confirmation that your data is processed and receive a copy
Right to rectification (art. 16)	Correct inaccurate or incomplete data
Right to erasure (art. 17)	Request the deletion of your data (subject to legal conditions)
Right to restriction (art. 18)	Restrict the processing of your data in certain circumstances
Right to portability (art. 20)	Receive your data in a structured, machine-readable format
Right to object (art. 21)	Object to processing based on legitimate interest
Right to withdraw consent	Withdraw your consent at any time, without justification

To exercise your rights, send an email to contact@menelo.be stating your identity. Menelo will respond within one month (extendable to three months for complex requests).

If you believe that the processing of your data does not comply with the regulations, you may lodge a complaint with the Belgian Data Protection Authority (APD): autoriteprotectiondonnees.be — Rue de la Presse 35, 1000 Brussels — contact@apd-gba.be

6. Data security

Menelo implements appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, disclosure, alteration or destruction, in particular:

Hosting with Infomaniak (ISO 27001 certified) — secure infrastructure in Switzerland
Encryption of communications (HTTPS/TLS) across the entire site
Data access limited to strictly authorised persons
Use of strong passwords and two-factor authentication

In the event of a data breach likely to result in a risk to your rights and freedoms, Menelo undertakes to notify the APD within 72 hours in accordance with art. 33 GDPR.

7. Changes to the policy

Menelo reserves the right to modify this privacy policy at any time to comply with legal developments or changes in services. The date of the last update is indicated at the top of the document.

In the event of substantial changes affecting your rights, you will be informed by email if you have consented to receive our communications, or via a notification on the site.