Privacy and cookies policy

Last updated: 1 January 2026

This policy explains how Marvesta (“we”, “us”, “our”) processes personal data when you visit
marvesta-group.com (the “Website”), and how cookies and similar
technologies are used.

Table of contents

1. Who is responsible for your data

The data controller for the processing described in this policy is:

Marvesta Group

Registered address: [Street, number, postal code, city, country]

Company/VAT number: [VAT / company registration number]

Email: KM@marvesta-group.com

Phone (optional): [phone number]

 

2. Personal data we collect

2.1 Data you provide

When you contact us via the Website contact form or by email, we may process:

  • Identification data (e.g., name)
  • Contact data (e.g., email address)
  • Message content and any data you choose to share
  • Business context (e.g., company name, role), if you provide it

2.2 Data collected automatically

When you browse the Website, our servers and security systems may automatically collect:

  • IP address
  • Device and browser information (e.g., user agent)
  • Log data (date/time, pages visited, referring URL, error logs)

2.3 Anti-spam and security (Cloudflare Turnstile)

We use Cloudflare Turnstile on our forms to prevent spam and abuse. Turnstile processes
client-side signals such as IP address, user agent and technical fingerprinting signals to determine whether
interactions are likely human. (Cloudflare explains the types of signals processed for Turnstile in its
Turnstile privacy documentation.)

3.1 Responding to your inquiries

Purpose: to respond to messages, provide information, and handle business inquiries.

Legal basis: our legitimate interests (GDPR Art. 6(1)(f)) in communicating with prospects and partners,
and/or taking steps at your request prior to entering into a contract (GDPR Art. 6(1)(b)), depending on the context.

3.2 Website security and abuse prevention

Purpose: to protect the Website, detect fraud/bots, and prevent abuse (including via Turnstile).

Legal basis: our legitimate interests (GDPR Art. 6(1)(f)) in securing our systems and services.

3.3 Technical operation of the Website

Purpose: to operate, maintain, and troubleshoot the Website (e.g., server logs, error diagnostics).

Legal basis: our legitimate interests (GDPR Art. 6(1)(f)) in running and improving the Website.

If we ever use optional cookies or trackers (e.g., analytics or marketing), we will update this policy and, where required,
request your consent before placing them.

4. Who receives your data

We do not sell your personal data. We may share personal data with:

  • Service providers (processors) who help us operate the Website and communications, such as:
    hosting providers, email service providers, IT/security providers, and website maintenance providers.
  • Cloudflare as a security and anti-abuse provider for Turnstile and related protections.
  • Authorities or third parties where required by law, or to protect our rights and security.

List of key processors (fill in as applicable)

  • Website hosting: [Hosting provider name + country]
  • Website maintenance/development: [Provider name (e.g., SDS) + country]
  • Email provider: [Provider name + country]
  • Security/anti-abuse: Cloudflare (Turnstile)

5. International transfers

Some providers may process data outside the European Economic Area (EEA). When we transfer personal data outside the EEA,
we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or other lawful transfer mechanisms),
as required by GDPR.

Cloudflare publishes contractual and transfer safeguard information (including Standard Contractual Clauses for customers)
in its customer documentation.

6. How long we keep your data

We keep personal data only as long as necessary for the purposes described in this policy:

  • Contact requests: typically up to 24 months after the last contact, unless a longer retention is required (e.g., for contractual or legal reasons).
  • Security and server logs: typically retained for 180 days, unless needed longer to investigate incidents or comply with legal obligations.

7. How we protect your data

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction,
loss, alteration, unauthorised disclosure, or access. Measures may include access controls, least-privilege practices, encryption in transit
(HTTPS), monitoring, and secure configuration practices.

8. Your rights

Subject to the conditions and limits set by applicable law, you may have the right to:

  • Request access to your personal data
  • Request rectification of inaccurate or incomplete data
  • Request erasure of your data
  • Request restriction of processing
  • Object to processing (especially where based on legitimate interests)
  • Request data portability (where applicable)
  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us using the details in the Contact section.
We may ask for additional information to verify your identity before fulfilling your request.

9. Complaints

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with your supervisory authority.
In Belgium, the supervisory authority is the Data Protection Authority (APD/GBA), Rue de la Presse 35, 1000 Brussels, Belgium,
email: contact@apd-gba.be.

10. Cookies and similar technologies

10.1 What cookies are

Cookies are small text files stored on your device. Similar technologies (like local storage or pixels) may also be used.
Cookies can be “session” cookies (deleted when you close your browser) or “persistent” cookies (stored for longer).

10.2 Cookies used on this Website

Based on our current configuration, we aim to use only strictly necessary cookies for security and form protection.
We do not intentionally place analytics or marketing cookies.

Strictly necessary security / anti-abuse cookies (Cloudflare)

Cloudflare security features (including Turnstile and bot protections) may set cookies that are necessary to protect the Website,
reduce spam, and prevent fraudulent traffic. Depending on your visit and security conditions, Cloudflare may set cookies such as:

  • __cf_bm (bot management / bot detection)
  • cf_clearance (challenge clearance cookie, if a challenge is used)

These cookies are generally considered strictly necessary for security and do not require consent under EU cookie rules,
but we disclose them here for transparency.

WordPress functional cookies (conditional)

If you log in to the Website as an administrator/editor, WordPress may set functional cookies required for login and session management.
Regular visitors typically do not receive these cookies unless such features are used.

10.3 Managing cookies

You can control and delete cookies via your browser settings. Disabling strictly necessary cookies may affect the Website’s security
features and may prevent forms from working correctly.

11. Changes to this policy

We may update this policy from time to time (for example, if we add new Website features or providers). The “Last updated” date at the top
indicates when the policy was last revised. Material changes will be reflected on this page.

12. Contact

For privacy-related questions or requests, contact:

Marvesta Group

Email: KM@marvesta-group.be

Address: Antwerp

 

Home

About us

Services

Contact