Privacy Policy

Privacy Policy

GDPR · AI Act · NIS2 Aligned

GDPR · AI Act · NIS2 Aligned

How your data is handled, protected, and respected.

How your data is handled, protected, and respected.

How your data is handled, protected, and respected.

How your data is handled, protected, and respected.

The data on this website is processed by Peck Gianni. For any questions about privacy or data protection, you can contact us directly at contact@heypeck.com or via LinkedIn.

The data on this website is processed by Peck Gianni. For any questions about privacy or data protection, you can contact us directly at contact@heypeck.com or via LinkedIn.

01 / Controller

01 / Controller

Who is the controller within the meaning of the GDPR for this website?

Who is the controller within the meaning of the GDPR for this website?

Who is the controller within the meaning of the GDPR for this website?

Who is the controller within the meaning of the GDPR for this website?

The data on this website is processed by:

The data on this website is processed by:

Peck Gianni

Peck Gianni

Address

Address

Hundelgemsesteenweg 882, 9820 Merelbeke-Melle, Belgium

Hundelgemsesteenweg 882, 9820 Merelbeke-Melle, Belgium

Enterprise number

Enterprise number

TBA

TBA

VAT number

VAT number

TBA

TBA

Email

Email

contact@heypeck.com

contact@heypeck.com

For any questions about privacy or data protection, you can contact us directly at contact@heypeck.com or via LinkedIn.

For any questions about privacy or data protection, you can contact us directly at contact@heypeck.com or via LinkedIn.

02 / Commitment

02 / Commitment

Commitment to proactive compliance.

Commitment to proactive compliance.

Commitment to proactive compliance.

Commitment to proactive compliance.

We are committed to keeping this Privacy Policy accurate, complete, and compliant with applicable law.

We are committed to keeping this Privacy Policy accurate, complete, and compliant with applicable law.

We actively monitor relevant developments in privacy legislation, AI regulation, and cybersecurity law, including but not limited to the GDPR, the EU AI Act (Regulation (EU) 2024/1689), the NIS2 Directive, and applicable Belgian implementing legislation. Where legal, technical, or operational changes require an update to this policy, we will revise it without undue delay. We encourage you to review this page periodically to stay informed of any updates.

We actively monitor relevant developments in privacy legislation, AI regulation, and cybersecurity law, including but not limited to the GDPR, the EU AI Act (Regulation (EU) 2024/1689), the NIS2 Directive, and applicable Belgian implementing legislation. Where legal, technical, or operational changes require an update to this policy, we will revise it without undue delay. We encourage you to review this page periodically to stay informed of any updates.

03 / Collected Data

03 / Collected Data

What data is collected and how?

What data is collected and how?

What data is collected and how?

What data is collected and how?

We collect data that you provide directly, for example when you contact us by email, through a form, or when you request information about our services. This may include your name, email address, company name, phone number, and any message or project details you choose to share.

We collect data that you provide directly, for example when you contact us by email, through a form, or when you request information about our services. This may include your name, email address, company name, phone number, and any message or project details you choose to share.

Additionally, some technical data may be collected automatically when you visit the website, such as your IP address, browser type, device information, operating system, referring pages, and usage data. This may happen through Framer, hosting infrastructure, analytics tools, cookies, or similar technologies used to operate and improve the website.

Additionally, some technical data may be collected automatically when you visit the website, such as your IP address, browser type, device information, operating system, referring pages, and usage data. This may happen through Framer, hosting infrastructure, analytics tools, cookies, or similar technologies used to operate and improve the website.

04 / Legal Basis

04 / Legal Basis

What is the legal basis for processing your data?

What is the legal basis for processing your data?

What is the legal basis for processing your data?

What is the legal basis for processing your data?

If you contact us about a project, quote, or collaboration, we process your data because it is necessary to respond to your request and, where applicable, to take steps before entering into a contract (Article 6(1)(b) GDPR).

If you contact us about a project, quote, or collaboration, we process your data because it is necessary to respond to your request and, where applicable, to take steps before entering into a contract (Article 6(1)(b) GDPR).

If you become a client, we process relevant data as necessary for the performance of a contract and for related administration (Article 6(1)(b) GDPR).

If you become a client, we process relevant data as necessary for the performance of a contract and for related administration (Article 6(1)(b) GDPR).

Some technical or website-related data is processed on the basis of legitimate interest in order to keep the website secure, stable, and functional, and to improve the performance and content of the site (Article 6(1)(f) GDPR).

Some technical or website-related data is processed on the basis of legitimate interest in order to keep the website secure, stable, and functional, and to improve the performance and content of the site (Article 6(1)(f) GDPR).

Where legally required, for example for certain cookies or optional marketing-related tools, processing is based on your consent (Article 6(1)(a) GDPR).

Where legally required, for example for certain cookies or optional marketing-related tools, processing is based on your consent (Article 6(1)(a) GDPR).

05 / Purpose

05 / Purpose

What do we use your data for?

What do we use your data for?

What do we use your data for?

What do we use your data for?

We use your data to respond to inquiries and contact requests, to prepare quotes, proposals, and business communications, to provide our services and manage client relationships, to secure, maintain, and improve the website, to monitor website usage and performance, and to comply with legal, accounting, and administrative obligations.

We use your data to respond to inquiries and contact requests, to prepare quotes, proposals, and business communications, to provide our services and manage client relationships, to secure, maintain, and improve the website, to monitor website usage and performance, and to comply with legal, accounting, and administrative obligations.

We do not sell your personal data.

We do not sell your personal data.

06 / Third Parties

06 / Third Parties

Do we share your data with third parties?

Do we share your data with third parties?

Do we share your data with third parties?

Do we share your data with third parties?

We may share your data where necessary with service providers that help us operate the website or deliver our services, such as hosting providers, website and form tools, analytics providers, communication tools, automation platforms, AI providers, accountants, legal advisers, or other professional service providers.

We may share your data where necessary with service providers that help us operate the website or deliver our services, such as hosting providers, website and form tools, analytics providers, communication tools, automation platforms, AI providers, accountants, legal advisers, or other professional service providers.

Where these third parties process personal data on our behalf, we aim to ensure that appropriate contractual and data protection safeguards are in place.

Where these third parties process personal data on our behalf, we aim to ensure that appropriate contractual and data protection safeguards are in place.

07 / EEA Transfers

07 / EEA Transfers

Are your data transferred outside the EEA?

Are your data transferred outside the EEA?

Are your data transferred outside the EEA?

Are your data transferred outside the EEA?

Some providers we use may process data outside the European Economic Area, or make data accessible from outside the EEA. Where this happens, we ensure that a valid legal transfer mechanism is in place, such as an adequacy decision, standard contractual clauses, or another lawful basis under the GDPR.

Some providers we use may process data outside the European Economic Area, or make data accessible from outside the EEA. Where this happens, we ensure that a valid legal transfer mechanism is in place, such as an adequacy decision, standard contractual clauses, or another lawful basis under the GDPR.

08 / Retention

08 / Retention

How long do we keep your data?

How long do we keep your data?

How long do we keep your data?

How long do we keep your data?

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law or is reasonably necessary for contractual, legal, accounting, or evidentiary reasons.

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law or is reasonably necessary for contractual, legal, accounting, or evidentiary reasons.

Inquiry data is generally retained for as long as needed to handle the request and reasonable follow-up. Client and project data may be kept for the duration of the business relationship and an appropriate period afterward.

Inquiry data is generally retained for as long as needed to handle the request and reasonable follow-up. Client and project data may be kept for the duration of the business relationship and an appropriate period afterward.

09 / Protection

09 / Protection

How do we protect your data?

How do we protect your data?

How do we protect your data?

How do we protect your data?

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. This may include access controls, careful handling of credentials, secure tools, and reasonable operational safeguards appropriate to the nature of our business. However, no method of transmission over the internet or electronic storage can be guaranteed to be completely secure.

We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. This may include access controls, careful handling of credentials, secure tools, and reasonable operational safeguards appropriate to the nature of our business. However, no method of transmission over the internet or electronic storage can be guaranteed to be completely secure.

10 / By Design

10 / By Design

Data protection by design and by default.

Data protection by design and by default.

Data protection by design and by default.

Data protection by design and by default.

In accordance with Article 25 GDPR, we integrate data protection considerations into the design of our services and operational processes from the outset. We apply technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific purpose is processed. This applies to the amount of data collected, the extent of processing, the period of storage, and the accessibility of that data. We do not collect more data than is strictly necessary and we do not retain it longer than required.

In accordance with Article 25 GDPR, we integrate data protection considerations into the design of our services and operational processes from the outset. We apply technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific purpose is processed. This applies to the amount of data collected, the extent of processing, the period of storage, and the accessibility of that data. We do not collect more data than is strictly necessary and we do not retain it longer than required.

11 / AI Tools

11 / AI Tools

Do we use AI tools or automations?

Do we use AI tools or automations?

Do we use AI tools or automations?

Do we use AI tools or automations?

Because our business involves AI automations, APIs, and digital workflows, personal data may in some cases pass through external tools or service providers used to deliver our services. This includes platforms such as n8n, Make.com, Zapier, OpenAI, and Anthropic, among others. Where we process personal data on behalf of clients, we act as a data processor. In those cases, a formal Data Processing Agreement (DPA) in accordance with Article 28 GDPR will be concluded before processing begins. The client remains responsible for the lawfulness of the data and the processing instructions they provide.

Because our business involves AI automations, APIs, and digital workflows, personal data may in some cases pass through external tools or service providers used to deliver our services. This includes platforms such as n8n, Make.com, Zapier, OpenAI, and Anthropic, among others. Where we process personal data on behalf of clients, we act as a data processor. In those cases, a formal Data Processing Agreement (DPA) in accordance with Article 28 GDPR will be concluded before processing begins. The client remains responsible for the lawfulness of the data and the processing instructions they provide.

In accordance with the EU AI Act (Regulation (EU) 2024/1689), we do not develop or deploy AI systems that fall under prohibited applications as defined in Article 5 of that Regulation. Where AI systems are used in the delivery of our services, the client remains responsible for assessing whether their specific use case qualifies as a high-risk AI application and for ensuring compliance with any obligations that apply to them as a deployer or provider under applicable AI regulation. We operate with human oversight in all AI-assisted processes and do not use AI to produce automated decisions that affect individuals without appropriate review.

In accordance with the EU AI Act (Regulation (EU) 2024/1689), we do not develop or deploy AI systems that fall under prohibited applications as defined in Article 5 of that Regulation. Where AI systems are used in the delivery of our services, the client remains responsible for assessing whether their specific use case qualifies as a high-risk AI application and for ensuring compliance with any obligations that apply to them as a deployer or provider under applicable AI regulation. We operate with human oversight in all AI-assisted processes and do not use AI to produce automated decisions that affect individuals without appropriate review.

12 / NIS2

12 / NIS2

Network and information security.

Network and information security.

Network and information security.

Network and information security.

We take our cybersecurity obligations seriously and apply reasonable technical and organisational security measures in line with good industry practice and applicable legislation, including the principles underlying the NIS2 Directive (Directive (EU) 2022/2555) as transposed into Belgian law. This includes proportionate measures to protect the systems, networks, and data involved in the delivery of our services against incidents, unauthorised access, and disruption. Where we become aware of a security incident that may affect personal data or the continuity of our services, we follow the applicable notification and response procedures.

We take our cybersecurity obligations seriously and apply reasonable technical and organisational security measures in line with good industry practice and applicable legislation, including the principles underlying the NIS2 Directive (Directive (EU) 2022/2555) as transposed into Belgian law. This includes proportionate measures to protect the systems, networks, and data involved in the delivery of our services against incidents, unauthorised access, and disruption. Where we become aware of a security incident that may affect personal data or the continuity of our services, we follow the applicable notification and response procedures.

13 / Automated Decisions

13 / Automated Decisions

Automated decision-making and profiling.

Automated decision-making and profiling.

Automated decision-making and profiling.

Automated decision-making and profiling.

We do not use your personal data for fully automated decision-making or profiling that produces legal or similarly significant effects, within the meaning of Article 22 GDPR. Where automated processing is used as part of our service delivery, it operates under human oversight and does not produce decisions that affect your legal rights or similarly significant interests without human review.

We do not use your personal data for fully automated decision-making or profiling that produces legal or similarly significant effects, within the meaning of Article 22 GDPR. Where automated processing is used as part of our service delivery, it operates under human oversight and does not produce decisions that affect your legal rights or similarly significant interests without human review.

14 / Minimisation

14 / Minimisation

Data minimisation and purpose limitation.

Data minimisation and purpose limitation.

Data minimisation and purpose limitation.

Data minimisation and purpose limitation.

In accordance with Articles 5(1)(b) and 5(1)(c) GDPR, we collect only the personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We do not process personal data for purposes that are incompatible with the original purpose of collection without a new legal basis or your consent.

In accordance with Articles 5(1)(b) and 5(1)(c) GDPR, we collect only the personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We do not process personal data for purposes that are incompatible with the original purpose of collection without a new legal basis or your consent.

15 / Breach Notification

15 / Breach Notification

Security incident notification.

Security incident notification.

Security incident notification.

Security incident notification.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Belgian Data Protection Authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay in accordance with Article 34 GDPR.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Belgian Data Protection Authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay in accordance with Article 34 GDPR.

16 / Legitimate Interest

16 / Legitimate Interest

Legitimate interests assessment.

Legitimate interests assessment.

Legitimate interests assessment.

Legitimate interests assessment.

Where we rely on legitimate interest as a legal basis under Article 6(1)(f) GDPR, we have assessed that our interests are not overridden by your interests or fundamental rights and freedoms. You have the right to object to processing based on legitimate interest at any time by contacting us at contact@heypeck.com We will assess your objection and cease the relevant processing unless we can demonstrate compelling legitimate grounds that override your interests.

Where we rely on legitimate interest as a legal basis under Article 6(1)(f) GDPR, we have assessed that our interests are not overridden by your interests or fundamental rights and freedoms. You have the right to object to processing based on legitimate interest at any time by contacting us at contact@heypeck.com We will assess your objection and cease the relevant processing unless we can demonstrate compelling legitimate grounds that override your interests.

17 / Tax Retention

17 / Tax Retention

Retention under Belgian accounting and tax law.

Retention under Belgian accounting and tax law.

Retention under Belgian accounting and tax law.

Retention under Belgian accounting and tax law.

Certain data, including invoices, contracts, and related financial and business documentation, may be retained for a minimum of seven (7) years in accordance with Belgian accounting legislation and applicable tax obligations. This retention is based on a legal obligation under Article 6(1)(c) GDPR and applies regardless of any earlier deletion request for that specific data.

Certain data, including invoices, contracts, and related financial and business documentation, may be retained for a minimum of seven (7) years in accordance with Belgian accounting legislation and applicable tax obligations. This retention is based on a legal obligation under Article 6(1)(c) GDPR and applies regardless of any earlier deletion request for that specific data.

18 / ePrivacy

18 / ePrivacy

Belgian ePrivacy obligations and cookies.

Belgian ePrivacy obligations and cookies.

Belgian ePrivacy obligations and cookies.

Belgian ePrivacy obligations and cookies.

In addition to GDPR, the processing of personal data in connection with electronic communications and the use of cookies on this website is governed by the Belgian Act of 13 June 2005 on electronic communications, as amended, and the implementing regulations. Non-essential cookies are only placed after obtaining your prior consent. You can withdraw your consent at any time through your browser settings or by contacting us directly.

In addition to GDPR, the processing of personal data in connection with electronic communications and the use of cookies on this website is governed by the Belgian Act of 13 June 2005 on electronic communications, as amended, and the implementing regulations. Non-essential cookies are only placed after obtaining your prior consent. You can withdraw your consent at any time through your browser settings or by contacting us directly.

19 / Your Rights

19 / Your Rights

Your rights in detail.

Your rights in detail.

Your rights in detail.

Your rights in detail.

If the GDPR applies to your data, you have the following rights.

If the GDPR applies to your data, you have the following rights.

Art. 15

Art. 15

The right of access. You may request a copy of the personal data we hold about you and information about how it is processed.

The right of access. You may request a copy of the personal data we hold about you and information about how it is processed.

Art. 16

Art. 16

The right to rectification. You may request correction of inaccurate or incomplete personal data.

The right to rectification. You may request correction of inaccurate or incomplete personal data.

Art. 17

Art. 17

The right to erasure. You may request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where processing is unlawful, subject to legal retention obligations.

The right to erasure. You may request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where processing is unlawful, subject to legal retention obligations.

Art. 18

Art. 18

The right to restriction of processing. You may request that we limit the processing of your data in certain circumstances.

The right to restriction of processing. You may request that we limit the processing of your data in certain circumstances.

Art. 21

Art. 21

The right to object. You may object to processing based on legitimate interest or for direct marketing purposes at any time.

The right to object. You may object to processing based on legitimate interest or for direct marketing purposes at any time.

Art. 20

Art. 20

The right to data portability. Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, and machine-readable format.

The right to data portability. Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, and machine-readable format.

Art. 7(3)

Art. 7(3)

The right to withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

The right to withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

Complaint

Complaint

The right to lodge a complaint. You have the right to lodge a complaint with the competent supervisory authority at any time. In Belgium, this is the Data Protection Authority (Gegevensbeschermingsautoriteit), reachable at gegevensbeschermingsautoriteit.be, Drukpersstraat 35, 1000 Brussels, Belgium.

The right to lodge a complaint. You have the right to lodge a complaint with the competent supervisory authority at any time. In Belgium, this is the Data Protection Authority (Gegevensbeschermingsautoriteit), reachable at gegevensbeschermingsautoriteit.be, Drukpersstraat 35, 1000 Brussels, Belgium.

To exercise any of these rights, contact us at contact@heypeck.com or via LinkedIn.

To exercise any of these rights, contact us at contact@heypeck.com or via LinkedIn.

20 / Special Categories

20 / Special Categories

No special categories of data.

No special categories of data.

No special categories of data.

No special categories of data.

We do not intentionally collect or process special categories of personal data as defined in Article 9 GDPR, such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. If you voluntarily provide such information in a message to us, we will treat it with the highest level of confidentiality and process it only to the extent strictly necessary to respond to your communication.

We do not intentionally collect or process special categories of personal data as defined in Article 9 GDPR, such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. If you voluntarily provide such information in a message to us, we will treat it with the highest level of confidentiality and process it only to the extent strictly necessary to respond to your communication.

21 / Liability

21 / Liability

Limitation of liability for website use.

Limitation of liability for website use.

Limitation of liability for website use.

Limitation of liability for website use.

This website and its content are provided for business and informational purposes only. We make reasonable efforts to ensure the accuracy and completeness of the information published on this website, but we do not warrant that the content is error-free, complete, or up to date at all times. We accept no liability for any loss or damage arising from reliance on the information published on this website, to the fullest extent permitted by applicable law.

This website and its content are provided for business and informational purposes only. We make reasonable efforts to ensure the accuracy and completeness of the information published on this website, but we do not warrant that the content is error-free, complete, or up to date at all times. We accept no liability for any loss or damage arising from reliance on the information published on this website, to the fullest extent permitted by applicable law.

22 / IP

22 / IP

Intellectual property.

Intellectual property.

Intellectual property.

Intellectual property.

All content on this website, including but not limited to text, images, graphics, logos, and structural design, is the intellectual property of Peck Gianni and is protected under applicable Belgian and international copyright and intellectual property law. Reproduction, distribution, or use of any content without prior written permission is prohibited.

All content on this website, including but not limited to text, images, graphics, logos, and structural design, is the intellectual property of Peck Gianni and is protected under applicable Belgian and international copyright and intellectual property law. Reproduction, distribution, or use of any content without prior written permission is prohibited.

23 / External Links

23 / External Links

Links to third-party websites.

Links to third-party websites.

Links to third-party websites.

Links to third-party websites.

This website may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or accuracy of those third parties. We encourage you to review the privacy policies of any third-party websites you visit.

This website may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or accuracy of those third parties. We encourage you to review the privacy policies of any third-party websites you visit.

24 / Governing Law

24 / Governing Law

Governing law.

Governing law.

Governing law.

Governing law.

This Privacy Policy is governed by Belgian law. Any disputes relating to this policy shall be subject to the exclusive jurisdiction of the competent courts of the judicial district of the registered address of Peck Gianni, unless mandatory law provides otherwise.

This Privacy Policy is governed by Belgian law. Any disputes relating to this policy shall be subject to the exclusive jurisdiction of the competent courts of the judicial district of the registered address of Peck Gianni, unless mandatory law provides otherwise.

25 / Changes

25 / Changes

Can this Privacy Policy change?

Can this Privacy Policy change?

Can this Privacy Policy change?

Can this Privacy Policy change?

Yes. We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The most recent version will always be published on this page with the updated date. Where changes are material, we will take reasonable steps to notify you.

Yes. We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The most recent version will always be published on this page with the updated date. Where changes are material, we will take reasonable steps to notify you.

26 / Contact

26 / Contact

How can you contact us?

How can you contact us?

How can you contact us?

How can you contact us?

If you have any questions about this Privacy Policy or about the way we process personal data, you can reach us at contact@heypeck.com or via LinkedIn.

If you have any questions about this Privacy Policy or about the way we process personal data, you can reach us at contact@heypeck.com or via LinkedIn.

Contact

Let's begin the work.

Let's begin the work.

Let's begin the work.

Let's begin the work.

Interested in collaborating or talking? Email me at contact@heypeck.com or reach out via LinkedIn.

Interested in collaborating or talking? Email me at contact@heypeck.com or reach out via LinkedIn.

Interested in collaborating or talking? Email me at contact@heypeck.com or reach out via LinkedIn.

— Social Media

Connect

LinkedIn

LinkedIn

— Contact

— Location

Based In

Hundelgemsesteenweg 882 9820 Merelbeke-Melle Belgium