Legal

Privacy policy.

How we handle personal data on this website and in the course of our work. Short version: we collect as little as possible, we tell you why, and you can ask us to delete it.

Last updated: 22 April 2026

1. Who we are

This website is operated by LEANX BVBA, trading under the name Data Panda, with registered office at Geldenaaksevest 36, 3000 Leuven, Belgium, registered with the Crossroads Bank for Enterprises under number BE 0628.693.127. For any question about this policy you can reach us at hello@datapanda.eu or on +32 16 18 55 06. For the processing described below, LEANX BVBA acts as the data controller within the meaning of the GDPR.

2. What data we collect

We keep our data collection deliberately light. In practice we process the following categories of personal data:

  • Contact details you give us when you email us, fill in a form, or call us: name, email address, phone number, company, and the content of your message.
  • Newsletter subscription: your email address and, optionally, your first name. The subscription form is hosted by Kit (ConvertKit, Inc.), which acts as our processor.
  • Technical data generated automatically when you visit the site: IP address, browser type, pages visited, referring URL, and timestamps. This data is kept in server logs for security and troubleshooting.
  • Analytics data: we use Google Analytics to understand which pages are useful and which are not. It collects aggregated usage information (pages viewed, time on page, approximate location derived from IP, device and browser type) through cookies and similar identifiers. We have IP anonymisation enabled so Google truncates the last octet before storage. Analytics cookies are only loaded after you give consent via our cookie banner, and you can withdraw consent at any time.
  • Delivery and security data: this site sits behind Cloudflare, which acts as a reverse proxy. Cloudflare processes your IP address, request headers, and rate-limiting and bot signals in order to protect the site against abuse and to speed up delivery. Cloudflare may set a __cf_bm cookie for bot management, which we treat as strictly necessary.
  • Client project data: where we work with you under a consulting engagement, we may process personal data on your behalf. Those activities are governed by the data processing agreement attached to the engagement contract, not by this website policy.

This site uses two categories of cookies. Strictly necessary cookies (including Cloudflare’s __cf_bm and your language preference) are always on. Analytics cookies are only placed once you accept them through our cookie banner. You can change your choice at any time, or clear your browser’s site data to reset it.

3. Why we use it and on what legal basis

  • To reply to your enquiry and to follow up on a commercial conversation (Art. 6(1)(b) GDPR, pre-contractual steps, and Art. 6(1)(f), our legitimate interest in running our business).
  • To send our newsletter if you subscribed (Art. 6(1)(a), consent, which you can withdraw at any time via the unsubscribe link at the bottom of every email).
  • To measure how the site is used and to improve it (Art. 6(1)(a) GDPR, consent given through our cookie banner, which you can withdraw at any time).
  • To keep the site secure, prevent abuse, and meet our legal obligations (Art. 6(1)(f) and Art. 6(1)(c) GDPR).

4. Who we share it with

We do not sell your data. We share it only with:

  • Service providers that help us run Data Panda, acting as our processors under a written agreement. Current examples: Kit (newsletter), Google LLC (Google Analytics), Cloudflare, Inc. (CDN, bot mitigation, DDoS protection), our hosting provider, and our email provider.
  • Authorities, when we are legally required to.

Some of these providers are located outside the European Economic Area, for example in the United States. Where that is the case, transfers are protected by the European Commission’s Standard Contractual Clauses or an equivalent mechanism under Chapter V of the GDPR.

5. How long we keep it

  • Commercial contact and enquiry data: up to three years after our last contact, unless a client relationship warrants keeping it longer.
  • Newsletter data: until you unsubscribe.
  • Technical logs: typically 30 days.
  • Accounting and invoicing data: seven years, in line with Belgian tax law.

6. Your rights

Under the GDPR you have the right to ask for access to your data, to correct it, to have it erased, to restrict or object to our processing, and to receive a copy in a portable format. You can also withdraw your consent at any time, without affecting the lawfulness of processing before the withdrawal.

To exercise any of these rights, send an email to hello@datapanda.eu. We may ask for proof of identity before we act, and we will reply within one month.

If you believe we are mishandling your data, you can file a complaint with the Belgian Data Protection Authority: Gegevensbeschermingsautoriteit, Drukpersstraat 35, 1000 Brussels, contact@apd-gba.be, www.gegevensbeschermingsautoriteit.be.

7. Security

We apply reasonable technical and organisational measures to protect personal data against loss, misuse, and unauthorised access. That includes encrypted connections (HTTPS), restricted access to client data, and a regular review of our suppliers.

8. Changes to this policy

We may update this policy when our practices change or when the law requires it. The “last updated” date at the top shows when the current version took effect. Material changes will be flagged on the home page.