CompanyBelgium API
Get started
Legal / Privacy Policy

🔒 Privacy Policy

How Espero-Soft Informatiques SRL processes personal data when you use the API BCE website and service, in accordance with Regulation (EU) 2016/679 (GDPR) and the Belgian Act of 30 July 2018.

Last updated:

1. Data controller#

The controller for the processing described here is Espero-Soft Informatiques SRL, Rue de la Colonne 1A, 1080 Molenbeek-Saint-Jean, Belgium, enterprise number BE 1033.022.383. For any question relating to your personal data, contact info@espero-soft.com.

2. Data we process about you#

  • Account data: name, email address, password (hashed), company name and role, when you register for the developer portal;
  • Billing data: VAT number, billing address and transaction references for paid plans (card details are handled by our payment provider, not stored by us);
  • Usage and technical data: API keys, request logs, IP address, timestamps, endpoints called and volumes, used to operate, secure and bill the Service;
  • Communications: the content of messages you send us for support or enquiries.

3. Company data served by the API#

The data returned by the API may include personal data relating to natural persons such as directors, legal representatives and ultimate beneficial owners. This data originates from public sources made available for re-use (the CBE/KBO open data and the Belgian Official Gazette). We process it on the basis of our legitimate interest in providing a company-information service, and in compliance with the conditions attached to the re-use of public-sector information. When you use the API to obtain such data, you become an independent controller for your own subsequent processing and must comply with the GDPR towards the persons concerned.

4. Purposes and legal bases#

  • Providing the Service and managing your account — performance of the contract (Art. 6(1)(b) GDPR);
  • Billing and accounting — legal obligation and performance of the contract (Art. 6(1)(b)–(c));
  • Security, abuse prevention, rate limiting and service improvement — legitimate interest (Art. 6(1)(f));
  • Responding to your requests and support — legitimate interest or contract (Art. 6(1)(b)–(f));
  • Service emails and, where applicable, marketing — legitimate interest or your consent, which you may withdraw at any time (Art. 6(1)(a) or (f)).

5. Recipients and processors#

We do not sell your personal data. We share it only with service providers acting as processors on our instructions and bound by appropriate agreements, in particular: our hosting provider OVHcloud (OVH SAS, Roubaix, France), our payment provider for paid plans, and our email-delivery provider. Data may also be disclosed where required by law or to defend our rights.

6. International transfers#

Our infrastructure is located in the European Union. Should any processing involve a transfer outside the European Economic Area, we ensure an adequate level of protection through an adequacy decision or appropriate safeguards such as the European Commission’s standard contractual clauses.

7. Retention periods#

Account data is kept for the duration of the contractual relationship and deleted or anonymised within a reasonable period thereafter. Invoicing data is kept for the legal accounting retention period (currently ten years in Belgium). Technical logs are kept for a limited period for security and billing purposes. We retain data no longer than necessary for the purposes set out above.

8. Your rights#

You have the right to access, rectify and erase your personal data, to restrict or object to its processing, and to data portability, under the conditions of the GDPR. Where processing is based on consent, you may withdraw it at any time without affecting prior processing. To exercise these rights, contact info@espero-soft.com; we may ask you to verify your identity.

ℹ️

If you believe your rights have not been respected, you may lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit), Rue de la Presse 35, 1000 Brussels — www.dataprotectionauthority.be.

9. Security#

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration, including encryption in transit, access controls and secured hosting. No system is completely secure; we therefore cannot guarantee absolute security, but we act to reduce risks and to notify you and the authorities of any breach where legally required.

10. Changes to this policy#

We may update this Privacy Policy to reflect legal or operational changes. The current version, with its “last updated” date, is always available on this page.