Privacy policy

Your privacy matters to us - learn how we protect your personal data

Last updated: June 24th, 2025
This privacy policy explains how Oh Dear collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and Belgian data protection law.

1. Data Controller

The data controller responsible for your personal data is:
Immutable VOF
Hemelshoek 277
2590, Berlaar, Belgium
VAT number: BE 0699.594.682
Email: [email protected]

2. What Personal Data We Collect

We collect and process the following categories of personal data:

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

4. How We Use Your Data

We use your personal data to:

5. Data Sharing and Third Parties

We may share your personal data with:

We ensure adequate protection through Data Processing Agreements (DPAs) with all third-party processors.

6. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When transferring data internationally, we ensure adequate protection through:

7. Data Retention

We retain your personal data only as long as necessary:

8. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

You can request access to your personal data and information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when it's no longer necessary or you withdraw consent.

Right to Restrict Processing

You can request limitation of processing in certain circumstances.

Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

9. Exercising Your Rights

To exercise any of your rights, please contact us at [email protected] or use our contact form. We will respond within one month of receiving your request.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit/Autorité de protection des données) if you believe we have not handled your personal data properly.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

11. Data Breach Notification

In case of a personal data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR.

12. Cookies and Tracking

We do not use tracking cookies. We do use cookies for technical purposes such as session management.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through our service. The current version is always available on our website.

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

15. Data Processing Agreement

For customers who process personal data through our services, our Data Processing Agreement (DPA) is available here.