Privacy Policy

This privacy statement explains how NormNest processes personal data in connection with the use of the Trust Platform. NormNest attaches great importance to the protection of personal data and processes such data in accordance with the General Data Protection Regulation (GDPR).
1. Data Controller

NormNest

Established in Belgium
E-mail: dpo@normnest.eu

NormNest acts as the data controller for all personal data processed through the Trust Platform, unless explicitly stated otherwise.

2. Scope

This privacy statement applies to:

  • Customers and users of the Trust Platform;

  • Visitors to the platform (including non‑logged‑in visitors);

  • Individuals who contact NormNest in relation to the Trust Platform.

3. Categories of Personal Data

3.1 Personal data of customers and users

Through the Trust Platform, the following categories of personal data may be processed:

  • Company name

  • First name and last name

  • Email address

  • Phone number

  • VAT number

  • Address

  • Website

  • Username and authentication details

  • Usage and log data (such as login times and actions performed within the platform)


3.2 Personal data of visitors

When visiting and using the platform, the following data may be processed automatically:

  • IP address (limited and technically necessary)

  • Browser and device information

  • Date and time of access

  • Functional cookies and session data

4. Cookies

The Trust Platform uses strictly necessary and functional cookies only, including:

  • Cookies for user authentication and session management;

  • Cookies for storing user preferences and settings;

  • Cookies required for content editing and publishing.

These cookies are essential for the proper functioning of the platform and do not require consent via a cookie banner, in accordance with applicable legislation.


5. Purposes of Processing

NormNest processes personal data solely for specific and legitimate purposes, including:

  • Creating and managing user accounts;

  • Providing access to the functionalities of the Trust Platform;

  • Technical and functional management of the platform;

  • Ensuring the security and integrity of systems and data;

  • User support and communication;

  • Compliance with legal and contractual obligations.

Personal data is not used for marketing, profiling, or advertising purposes.


6. Legal Basis for Processing

Personal data is processed on the basis of one or more of the following legal grounds (Article 6 GDPR):

  • Consent of the data subject, where applicable;

  • Necessity for the performance of a contract to which the data subject is a party;

  • Compliance with a legal obligation to which NormNest is subject;

  • Legitimate interests of NormNest, such as securing and improving the Trust Platform, insofar as these interests do not override the fundamental rights and freedoms of the data subject.


7. Data sharing with Third Parties

NormNest does not sell or rent personal data to third parties.

Personal data may be processed by carefully selected service providers acting as data processors (e.g. hosting or infrastructure providers), solely for the purposes described in this privacy statement and under strict contractual and security obligations.


8. International Data Transfers

Personal data is not transferred outside Belgium or the European Economic Area (EEA). Should such a transfer become necessary in the future, NormNest will ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR.


9. Retention Periods

Personal data is retained only for as long as necessary to achieve the purposes for which it was collected:

  • User account data is retained for the duration of the active use of the platform;

  • After account deactivation, personal data is retained for a maximum period of two (2) years, unless a longer retention period is required by law.


10. Rights of Data Subjects

Data subjects have the following rights under the GDPR:

  • Right of access;

  • Right to rectification;

  • Right to erasure;

  • Right to restriction of processing;

  • Right to object to processing;

  • Right to data portability.

Requests to exercise these rights can be submitted via dpo@normnest.eu. NormNest will respond in accordance with the time limits set out in the GDPR.


11. Security Measures

NormNest implements appropriate technical and organisational security measures in accordance with Article 32 GDPR to protect personal data against loss, unauthorised access, or unlawful processing. These measures include, among others:

  • Encrypted storage of data;

  • Access control and authentication mechanisms;

  • Regular security monitoring and updates.


12. Changes to this Privacy Statement

NormNest reserves the right to update this privacy statement from time to time. The most recent version will always be made available via the Trust Platform.


12. Complaints

If a data subject believes that their personal data is processed unlawfully, they have the right to lodge a complaint with the competent supervisory authority, in particular in the EU Member State of their habitual residence, place of work, or place of the alleged infringement.