← Back to home

    Privacy Policy

    Last updated: March 29, 2026

    1. Data Controller

    KonsultIA.be, an AI-assisted legal and financial information platform established in Belgium, is the data controller within the meaning of Regulation (EU) 2016/679 (GDPR) and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.

    DPO contact: info@konsultia.be

    2. Data Collected

    We collect the following categories of data:

    • Identification data: name, email address (when creating an account)
    • Connection data: IP address, browser type, access timestamps
    • Usage data: conversation history with AI agents, language preferences, credits consumed
    • Payment data: processed exclusively by our PCI-DSS certified payment provider — we never store your banking details
    • Uploaded documents: files (PDF, DOCX, TXT, images) voluntarily deposited in the document vault or agent configuration

    3. Purposes and Legal Bases

    Your data is processed for the following purposes:

    • Performance of contract (Art. 6.1.b GDPR): account management, provision of the AI assistance service, billing and credit management
    • Legitimate interest (Art. 6.1.f GDPR): service improvement, fraud prevention, aggregated and anonymised usage statistics
    • Legal obligation (Art. 6.1.c GDPR): Belgian accounting and tax obligations (7-year retention)
    • Consent (Art. 6.1.a GDPR): sending marketing communications (if applicable, withdrawable at any time)

    4. Artificial Intelligence and Automated Processing

    KonsultIA.be uses artificial intelligence models to provide you with personalised responses in legal, tax, HR, financial and other Belgian areas of expertise. Your conversations are transmitted to our AI providers under data processing agreements compliant with Article 28 GDPR.

    Important points regarding AI processing:

    • AI-generated responses are a decision-support tool and do not replace certified professional advice (lawyer, accountant, notary, etc.) under any circumstances.
    • No automated decision-making within the meaning of Article 22 GDPR takes place: our AI agents do not produce decisions with legal or significant effects on you without human intervention.
    • We recommend that you do not enter sensitive data (health data, national register number, full banking details, information about minors).
    • In accordance with Article 50 of the European Artificial Intelligence Act (AI Act), we clearly inform you that you are interacting with an AI system and not with a human professional.

    Your conversations are not used to train or improve our providers' AI models.

    5. Hosting and Data Location

    Your data is hosted on secure servers located within the European Union (EMEA region), in compliance with the GDPR. Our entire infrastructure — databases, file storage and processing functions — is located in Europe.

    Processing by our AI providers may involve a transfer of data to the United States. These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, in accordance with Articles 44 to 49 GDPR, ensuring an adequate level of protection of your personal data.

    6. Categories of Processors

    Your data may be processed by the following categories of processors, all bound by data processing agreements (DPAs) compliant with Article 28 GDPR:

    • Artificial intelligence providers (EU/US, governed by SCCs): processing conversations and generating responses
    • Cloud infrastructure (EU): hosting databases, file storage and service execution
    • Payment provider (EU/US with SCCs): secure transaction processing

    We do not share your data with third parties for commercial or advertising purposes.

    7. Retention Period

    Your data is retained for the following periods:

    • Account data — duration of contractual relationship + 5 years (Belgian statutory limitation)
    • AI conversation history — 12 months after last activity, then automatic deletion
    • Vault documents — deleted within 30 days of account termination, or upon request at any time
    • Billing data — 7 years in accordance with Belgian accounting and tax obligations

    8. Your Rights

    Under the GDPR, you have the following rights, which you can exercise at any time by contacting us at info@konsultia.be:

    • Right of access (Art. 15) — obtain a copy of all your personal data
    • Right to rectification (Art. 16) — correct inaccurate or incomplete data
    • Right to erasure (Art. 17) — request deletion of your data ('right to be forgotten')
    • Right to restriction of processing (Art. 18) — temporarily restrict processing
    • Right to data portability (Art. 20) — receive your data in a structured, commonly used and machine-readable format
    • Right to object (Art. 21) — object to processing based on legitimate interest
    • Right to withdraw consent at any time (Art. 7.3), without affecting the lawfulness of prior processing

    We commit to responding to your request within 30 days. If the request is complex, this period may be extended by 60 days, of which you will be informed.

    9. Security

    We implement appropriate technical and organisational measures to protect your data: encryption in transit (TLS 1.3) and at rest, role-based access control (RBAC), secure authentication, access logging, encrypted backups and regular security testing.

    10. Cookies

    This site uses only strictly necessary cookies for the operation of the service (authentication, language preferences, visual theme). No tracking, advertising or analytics cookies are used. In accordance with Article 129 of the Belgian Act of 13 June 2005, these functional cookies do not require your prior consent.

    11. Complaint

    If you believe that the processing of your data does not comply with the GDPR, you have the right to lodge a complaint with the Belgian Data Protection Authority (DPA):

    Rue de la Presse 35 — 1000 Brussels
    contact@apd-gba.be
    www.autoriteprotectiondonnees.be

    12. Contact

    For any questions about this policy or to exercise your rights, contact us at: info@konsultia.be