Privacy policy

Immoplatform BV (“we”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you use our platform or interact with our website.

1.1 Scope

This policy applies to personal data processed in our capacity as data controller (e.g. your agency account) and describes our standard obligations as processor for data you upload (e.g. property owner details). Processor obligations are further detailed in our Data Processing Agreement.

2.1 Account data

Name, work email, company name, VAT number, phone, password hash, role and team assignment.

2.2 Usage data

Pages visited, actions taken, IP address, browser type, device metadata, and approximate geographic region derived from IP.

2.3 Certificate data

Property addresses, owner and tenant contact details, inspection reports and related documents. You remain the controller for this data.

2.4 Payment data

Billing address, VAT number and payment reference. We do not store full card details — they are handled by our PCI-DSS compliant payment processor.

We process personal data to: (a) provide and maintain the Service; (b) authenticate users and prevent abuse; (c) fulfill contractual obligations and invoice you; (d) communicate product updates and security notices; (e) comply with legal obligations; (f) improve the Service through aggregated analytics.

We rely on the following GDPR legal bases: performance of a contract (Art. 6(1)(b)); compliance with legal obligations (Art. 6(1)(c)); our legitimate interests in running and improving the Service (Art. 6(1)(f)); and your consent where specifically requested (Art. 6(1)(a)).

5.1 Accredited inspectors

Assignment data is shared with the inspector assigned to the work, strictly to the extent needed to perform the inspection.

5.2 Sub-processors

We use vetted sub-processors for hosting, email delivery, payment processing and error monitoring. A current list is maintained in our Trust Center and updated with at least 14 days’ advance notice.

5.3 Authorities

We disclose data when legally compelled, and only to the extent strictly necessary.

Account data is retained for the duration of your subscription and 24 months thereafter. Certificates are retained for 10 years as required by Belgian law. Invoicing records are retained for 7 years. Security logs are retained for 13 months.

You have the right to access, correct, delete, restrict, object to, and port your personal data. You can exercise these rights from within your account settings or by emailing Jordan@asbestexperts.be. If you are unsatisfied with our response, you can lodge a complaint with the Belgian Data Protection Authority.

We apply industry-standard technical and organizational safeguards including encryption in transit and at rest, least-privilege access control, regular penetration testing, and 24/7 incident response. No system is perfectly secure, but we take reasonable steps to protect your data.

Our primary infrastructure is in the European Economic Area. Any transfer outside the EEA is protected by appropriate safeguards, typically the European Commission’s Standard Contractual Clauses.

Questions, requests or complaints: Jordan@asbestexperts.be. Our Data Protection Officer can be reached at Jordan@asbestexperts.be.