Privacy Policy

Effective Date: January 2025
Last Updated: January 2025

1. Introduction

Onyx Consulting ("Onyx," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.getonyx.eu or engage with our AI consulting and infrastructure services.

We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Belgian data protection laws.

2. Data Controller Information

Company Name: Onyx Consulting
Address: Brussels, Belgium
Email: privacy@getonyx.eu
Website: www.getonyx.eu

3. Information We Collect

3.1 Information You Provide Directly

Contact Information: Name, email address, phone number, company name, job title
Business Information: Company size, industry sector, specific AI requirements
Communication Data: Contents of emails, messages, or inquiries you send to us
Service Data: Information related to consulting engagements, technical requirements, and project specifications

3.2 Information Collected Automatically

Technical Data: IP address, browser type and version, operating system
Usage Data: Pages visited, time spent on pages, referring sites, navigation paths
Cookies: Session cookies and analytics cookies (see Section 8)

3.3 Information We Do Not Collect

We do not collect or process:

Special categories of personal data (health, biometric, genetic data) unless specifically required for a project and with explicit consent
Payment card details directly (processed through secure third-party providers)
Personal data from individuals under 16 years of age

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: When you voluntarily provide information through our contact forms
Contract: To fulfill our consulting services and contractual obligations
Legitimate Interests: To operate our business, provide services, and communicate with clients
Legal Obligations: To comply with applicable laws and regulations

5. How We Use Your Information

5.1 Service Delivery

Providing AI consulting and infrastructure services
Managing client relationships and projects
Technical support and maintenance

5.2 Communication

Responding to inquiries and requests
Sending project updates and relevant information
Newsletter distribution (with consent)

5.3 Business Operations

Improving our services and website
Internal record keeping and administration
Legal compliance and dispute resolution

5.4 Marketing (with consent)

Informing you about new services or offerings
Sharing relevant AI industry insights and updates

We do not sell, trade, or rent your personal data. We may share information with:

6.1 Service Providers

Cloud hosting providers (EU-based)
Email service providers
Analytics providers
Professional advisors (lawyers, accountants)

6.2 Legal Requirements

We may disclose information when required by law, court order, or governmental authority.

6.3 Business Transfers

In case of merger, acquisition, or sale of assets, personal data may be transferred with appropriate safeguards.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption of data in transit (SSL/TLS)
Access controls and authentication
Regular security assessments
Employee training on data protection
Secure data storage within the EU

8. Cookies

Our website uses cookies to enhance user experience and analyze usage patterns.

8.1 Types of Cookies

Essential Cookies: Required for website functionality
Analytics Cookies: Help us understand website usage (e.g. Google Analytics)
Preference Cookies: Remember your settings and preferences

8.2 Cookie Management

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

9. Data Retention

We retain personal data for:

Active Clients: Duration of the business relationship plus 7 years for legal/tax requirements
Prospects: 2 years from last interaction unless consent is renewed
Website Analytics: 26 months
Cookies: Session cookies expire when you close your browser; persistent cookies as specified in cookie settings

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit processing of your data
Portability: Receive your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, contact us at privacy@getonyx.eu.

11. International Data Transfers

We store and process data within the European Economic Area (EEA). Any transfers outside the EEA will be subject to appropriate safeguards as required by GDPR, such as Standard Contractual Clauses or adequacy decisions.

12. AI-Specific Considerations

We do not use your data to train AI models without explicit consent
Client data processed during consulting remains under client control
We maintain strict data isolation between client projects
On-premise solutions ensure your data never leaves your infrastructure

13. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or website notice.

15. Complaints

If you have concerns about our data processing, you have the right to lodge a complaint with:

Belgian Data Protection Authority
Rue de la Presse 35
1000 Brussels
Belgium
Email: contact@apd-gba.be
Phone: +32 2 274 48 00

16. Contact Information

Data Protection Contact:
Email: privacy@getonyx.eu
Address: Brussels, Belgium

This Privacy Policy is provided in English. Translations into Dutch, French, and German are available upon request.