Privacy & Data Protection Policy

Last updated: 2 June 2026 · Effective immediately

1. Data Controller

ENRAX Systems
Roeselare 8800, Belgium
Email: enraxenergy@outlook.com
VAT: Pending registration

For all data protection inquiries, contact us at the email above. We will respond within 7 business days and no later than one calendar month (as per GDPR Article 12(3)).

2. Our Core Principle

We operate on a data minimization first philosophy. We collect less data than legally permitted. We do not engage in profiling, behavioural advertising, or data trading of any kind.

3. What Data We Process

Data Category	What	Legal Basis	Retention
Email correspondence	Your email address, name, and message content when you contact us	Art. 6(1)(b) GDPR — pre-contractual measures at your request	Deleted within 12 months of last contact, unless a contract is formed
Contractual data	Name, company, address, VAT number, project details	Art. 6(1)(b) GDPR — performance of contract	7 years after contract end (Belgian accounting law)
Local preferences	Theme (light/dark) and language choice stored in your browser's localStorage	Art. 6(1)(f) GDPR — legitimate interest (site functionality)	Stored only on your device. We never access it server-side.
Analytics (Google Analytics 4)	Anonymised page views, visit count, general geographic region (country-level), device type, browser type. No personal identifiers.	Art. 6(1)(f) GDPR — legitimate interest (understanding aggregate site traffic)	Automatically deleted after 14 months (Google's retention setting). IP addresses are anonymised before storage.

4. What We Do NOT Collect

• We do not serve ads or share data with ad networks
• We do not use Facebook Pixel, remarketing tags, or any behavioural advertising tool
• We do not use fingerprinting or cross-site tracking
• We do not collect or store your full IP address (IP anonymisation is enabled in Google Analytics)
• We do not embed social media widgets that track you
• We do not perform automated individual decision-making or profiling (GDPR Art. 22)
• We do not sell, trade, or monetise analytics data in any way

4a. Google Analytics

We use Google Analytics 4 (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) solely to count how many people visit our website and which pages are viewed. We have configured it with the strictest possible settings:

• IP anonymisation enabled (your full IP is never stored)
• Data sharing with Google disabled
• Google Signals disabled (no cross-device tracking)
• Advertising features disabled (no remarketing, no demographics)
• Data retention set to 14 months (minimum)
• No User-ID tracking
• We have signed a Data Processing Agreement with Google

Your choice: You can opt out of Google Analytics entirely by installing the Google Analytics Opt-out Browser Add-on, or by using any ad-blocker that blocks the GA script.

5. Data Sharing & Transfers

We do not sell, rent, lease, or trade personal data to any third party under any circumstances.

Sub-processors:

• Cloudflare Inc. — hosting & CDN. Processes network-level data (IP addresses) as a data processor. Certified under the EU-U.S. Data Privacy Framework.
• Google Ireland Limited — analytics. Processes anonymised page view data. EU-U.S. Data Privacy Framework + Standard Contractual Clauses in place.

International transfers: We do not transfer personal data outside the EEA unless the recipient country has an EU adequacy decision or appropriate safeguards (Standard Contractual Clauses) are in place.

6. Your Rights (GDPR Articles 15–22)

You have the right to:

• Access — request a copy of all personal data we hold about you (Art. 15)
• Rectification — correct inaccurate or incomplete data (Art. 16)
• Erasure ("Right to be Forgotten") — request deletion of your data (Art. 17)
• Restriction — limit how we process your data (Art. 18)
• Data Portability — receive your data in a structured, machine-readable format (Art. 20)
• Object — object to processing based on legitimate interest (Art. 21)
• Withdraw Consent — at any time, without affecting the lawfulness of prior processing (Art. 7(3))

We will fulfill any request free of charge within 30 days. To exercise your rights, email us at enraxenergy@outlook.com.

7. Data Security

• All communications are encrypted via TLS 1.3
• We use end-to-end encryption for sensitive project documents where possible
• Access to personal data is limited to essential personnel only
• We do not store personal data in public cloud databases

8. Data Breach Notification

In the unlikely event of a personal data breach, we will:

• Notify the Belgian Data Protection Authority (GBA/APD) within 72 hours (GDPR Art. 33)
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Art. 34)
• Document the breach, its effects, and remedial actions taken

9. Children's Data

Our services are aimed at businesses and professionals. We do not knowingly collect data from anyone under 16 years of age (stricter than the Belgian threshold of 13). If we learn we have collected data from a minor, we will delete it immediately.

10. Changes to This Policy

We may update this policy to reflect changes in law or our practices. Material changes will be communicated prominently on this website. The "Last updated" date above will always reflect the latest revision.

11. Supervisory Authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with:

Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35, 1000 Brussels, Belgium
www.gegevensbeschermingsautoriteit.be
Email: contact@apd-gba.be

12. Governing Law

This privacy policy is governed by Belgian law and the General Data Protection Regulation (EU) 2016/679. Any disputes shall be submitted to the courts of Kortrijk, Belgium.