Read aloud

Privacy policy


This privacy policy (“Privacy Policy”) deals with the processing of your personal data when using our Website and related services (collectively referred to as the “Website”). This processing is carried out by the Canon of Flanders Foundation as data controller, with its registered office at Grasmarkt 61, 1000 Brussels (“we”, “us”), registered with the KBO/KVK ¬†under number 1002717803, in accordance with applicable personal data protection legislation.

Our Website uses cookies and similar technologies. Cookies are small text files placed on the hard disk of a device, which contain certain information, sometimes including personal data. For more information regarding our use of cookies, please read our cookie policy.

The Privacy Policy may be amended from time to time. Such changes will be communicated through the Website.

This Privacy Policy was last updated on 27/11/2023.

What data and why do we process it?

When you use the Website, we process your personal data. This data may include:

  1. IP and cookies

The purpose of this processing and legal basis serving as a basis for it are:

  1. Use of the Website (consent and legitimate interest where applicable) / To perform statistical analysis to improve our Website and/or Services, or to develop new products or services.
  2. Contacting us (consent and where applicable legitimate interest)
  3. To provide you with the information on products and services you request in a personalised and efficient manner, whether via the Website, email, telephone or social media channels. (consent)
  4. To process your personal data so that we can provide you with certain Services. (performance of agreement)

In principle, we do not transmit any of the personal data you provide via the Website to social media providers, unless you consent.

In addition to the above purposes, we may also process your personal data :

  • To provide to a financial institution or payment service provider, to enable your financial institution and the payment service provider to fulfil their legal obligations.
  • To transfer to the police or judicial authorities as evidence of possible crimes or if there are justified suspicions of an unlawful act or crime committed by you through your registration with or use of the Website or the Services.
  • In the context of a possible merger with, acquisition of/by or demerger by a third party, even if that third party is located outside the EEA.

With whom we share data

We do not transmit your personal data in an identifiable manner to third parties if this is not required for the operation of the Website, except with your express consent.

We may use third-party processors to provide you with the Website. We ensure that third party processors may only process your personal data upon written instructions from us. We ensure that all third-party processors are selected with due care to ensure the security and integrity of your personal data.

Where we process data

We ourselves and our third-party processors will only process your identifiable personal data in the EEA.

We may transfer your anonymised and/or aggregated data to organisations outside the EEA. If such a transfer takes place, we will ensure that appropriate safeguards are in place to ensure the security and integrity of your personal data, that all rights in relation to personal data that you might enjoy under applicable mandatory law are guaranteed and the necessary legal protection mechanism is put in place.

How we process data

We make every effort to process only the personal data necessary to achieve the purposes set out in this Privacy Policy. We will process your personal data in a lawful, fair and transparent manner and do our utmost to keep it accurate and up-to-date.

Your personal data will only be processed for as long as it is necessary to achieve the purposes stated in this Privacy Policy or until such time as you withdraw your consent to its processing. Please note that withdrawal of consent may imply that you are no longer able to use all or part of the Website.

We will take appropriate technical and organisational measures to keep your personal data safe from unauthorised access, theft, accidental loss, manipulation or destruction. Access by our staff or staff of our third-party processors is only possible on a need-to-know basis and is subject to strict confidentiality obligations. However, you understand that care for safety and security are only best-efforts obligations, which can never be guaranteed. In case, we may be held liable for damages resulting from erroneous or unlawful use by a third party of your personal data.

We may process your data in the interest of ourselves, our partners or third parties if and when your registration on the Website or use of the Website or Services may be considered (a) a violation of the terms and conditions or intellectual property rights or any other right of a third party, (b) a threat to the security or integrity of the Services, (c) a danger to the Website or systems of us or our subcontractors due to viruses, Trojans, spyware, malware, or any other form of malicious code, or (d) in any way illegal or unlawful, discriminatory or offensive.

How long we keep your data

Retention periods vary depending on the service provided. We keep your data:

  • as long as necessary for the purposes for which they are collected and processed;
  • as long as they are necessary to comply with our legal, contractual and judicial obligations and to fulfil our commercial operational activities

Your rights

You have the right to request access to any personal data we process about you. However, requests for access made with the apparent intention of causing inconvenience or damage to us will not be processed.

You have the right to request that any personal data about you that is incorrect or inaccurate be corrected free of charge.

You have the right to withdraw your previously given consent to the processing of your personal data. You can withdraw your consent at any time by sending an e-mail to

You have the right to request that personal data relating to you be deleted if you withdraw your consent to its processing. However, you should note that a deletion request will be assessed by us in light of legal or regulatory obligations or administrative or court orders that may prevent us from deleting the personal data in question. In lieu of deletion, you may also request that we restrict the processing of your personal data.

You have the right to object to the processing of personal data if you can demonstrate that there are serious and legitimate reasons relating to special circumstances that justify such an objection.

Where your personal data are processed on the basis of consent or on the basis of a contract and the processing is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and, if technically feasible, you have the right to transmit this data directly to another service provider. The technical feasibility of this will be assessed solely by us.

If you wish to make a request to exercise one or more of the above rights, please send an e-mail to This request must clearly state which right you wish to exercise and why. We will immediately inform you of the receipt of such request. If the request proves to be valid, we will grant it as soon as reasonably possible and no later than thirty (30) days after receipt of the request. Additional identification regarding your identity may be requested if necessary.

If you have a complaint about the processing of your personal data, you can always contact us at the e-mail address If you remain dissatisfied with our response, you are free to lodge a complaint with the competent data protection authority, de Belgische Gegevensbeschermingsautoriteit, Drukpersstraat 35, 1000 Brussels. For more information, please visit