Privacy and protection of privacy


We respect your privacy. And that makes sense really. This privacy policy explains how we handle all kinds of data, including your personal details. We explain which of your personal details we save, how we process them and why we do this.

We guarantee that we treat your personal data confidentially and that we save it in an extremely secure environment. We never pass on your personal data to our commercial partners. Let’s be clear about that. 

We save and process your personal data in accordance with the rules of the GDPR, specifically Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and the national implementing legislation. In this privacy policy we use specific terms that are defined in those regulations (for instance, ‘personal data’, ‘processing’, ‘processor’, ‘controller’).

Who are we?

Value Square nv is a Belgian company with its registered office in Belgium: Schoonzichtstraat 23A, 9051 Ghent (Sint-Denijs-Westrem), Belgium. Our VAT number is BE 0885.750.253. We are responsible for the collection and processing of personal data via the website ('controller'). This means that we determine the purpose and means of this processing. 

11 Quick answers


  1. Do you store my personal data?
  2. Do you store any other data?
  3. Do you use cookies?
  4. Do you use plugins?
  5. Will you continue to use my data if I delete my account?
  6. Do you delete all my data if I delete my account?
  7. Can I exercise my GDPR rights?
  8. Do you sell my personal data?
  9. Will you tell commercial partners who I am?
  10. Do you earn money with my data?
  11. Can I file a complaint somewhere?


  1. YES
  2. NO
  3. YES
  4. NO
  5. NO
  6. NO
  7. YES
  8. NO
  9. NO
  10. NO
  11. YES

Categories of data processed – purpose of the data processing

Which data?

Identification details

your name, e-mail address, postal address, the contact request or any other comments and  possibly your telephone number


  • identification
  • to provide our services
  • to stay in touch

On what basis?

  • legal obligation
  • contractual
  • legitimate interest (customer relationship management)


if you submit a contact form or register for event

ID details

surname, first name, date and place of birth, gender, nationality, tax ID no., document expiry date, place of issue, residential address (if available on the ID), photo of the identity document

  • identification
  • to provide our services

legal obligation

When passing on this data if you want to become a customer.

Usage data

Device brand, operating system, location details, cookies, user data

providing and improving services


when using the site

Anti-Money Laundering

details of the background check, analysis of payment initiations

ML/TF check (money laundering / terrorism financing)

legal obligation

  • upon receipt of ID details
  • upon each payment initiation (as a customer)

Extended data

all kinds of data we receive by asking you questions

to provide our services

legitimate interest (improving service levels)

when communicating with us


all communication between you and us
(e.g., email/phone call)

to provide our services

legitimate interest (improving service levels)

when communicating with us

Where do we save that data?

We save all our data in an extremely secure environment. We use services from Microsoft that provide all kinds of databases, depending on the type of data and purpose for saving the data. The servers Microsoft uses are at two different European locations and are extremely well secured. 

Of course, we have implemented appropriate technical and organisational measures to ensure the security of the processing of your data. Unfortunately, when it comes to the internet there is no such thing as a 100% guarantee. So, if someone were to break into our database at any point, you can’t claim damages for that, unless your harm is caused by a breach of our obligations under the GDPR. But we repeat, we apply high security standards that are tested regularly, both by ourselves as well as our auditors.

Who receives data?
  1. Cloud database service providers
  2. Ombudsman services
Why do they receive my data?
  1. To enable us to store your data in highly secured and encrypted databases.
  2. If you are not satisfied with our services, you can submit a complaint to an ombudsman service. In this case, the ombudsman service may ask us for information about your complaint.

How long do we process that data?

We process all the data about you for as long as you are using our services. Once you are no longer a user, it depends on which data we are talking about. It sounds complicated, so we will explain.

We are legally obliged to keep certain data for a longer period. We fall under financial legislation, in particular, the Act of 18 September 2017 on the prevention of money laundering and the financing of terrorism. This Act is also called the Anti-Money Laundering Act. Well, the Anti-Money Laundering Act states in its Article 60 that we are obliged to save a number of details for 10 years after the collaboration has ended. In other words: after you have stopped using our services, we have to save a number of details for another 10 years. These are identification details and registration details of transactions. So, this is something we can’t avoid. However, all other personal data which we are not required to keep will be deleted immediately when you stop begin a customer.

In short, we retain your personal data for the length of time we need in order to do what we do, unless we are legally obliged to save it for longer.

Added to that, we may save your personal data longer if you have given us permission to do so, or if we require those details for court proceedings. We will of course do all we can to prevent us ever having to use your details as evidence in court.

Your rights

In principle, you have a number of rights based on the GDPR. Let’s take a moment to go through these rights. To start with, you have the right to request us to obtain access to your personal data, to obtain rectification or erasure of your personal data, or to limit the processing of your personal data. You also have the right to object to the processing of your personal data and the right to data portability. Furthermore, you have the right to withdraw your consent to the processing of your personal data at any time. It is a priority for us to respect all these privacy rights. It is, however, important to clarify that we must take the following particularities into account.

As said earlier, we are legally obliged to keep your identification data and transaction registration data for 10 years. Most of your GDPR rights do not apply to this storage. The Anti-Money Laundering Act, Article 65 to be precise, states the following: “The person whose personal data are processed in accordance with this Law does not have the right to access and correct his or her data, nor the right to be forgotten, nor the right to portability of these data, nor the right to object, nor to the right not to be profiled, nor to the notification of security failures.”

Your privacy rights do remain applicable to the processing of your personal data for commercial purposes, for example, the processing for events. This means, for example, that you have the right to request that we no longer process your personal data for these purposes, or to limit its processing.

If you want to exercise your rights, please send our DPO a mail. Please specify clearly which right you want to exercise. We do ask you to attach a copy of the front of your ID to your email for identification purposes.

To be clear

We are under the strict supervision of the financial supervisory authorities. This means that we have to check our users to see whether they are on international sanction lists, PEP (Politically Exposed Persons) lists or other official lists. For this purpose we use the surname, first name, date and place of birth. 

Consequently, no one can object to this processing. This also means that if we suspect money laundering or terrorism financing, we are obliged to pass on the personal data with additional information (evidence) to the competent authorities. The GDPR can’t prohibit this.

Questions or complaints?


Do you have questions about your privacy, your rights, or about the way we process your data? You can reach our Data Protection Officer (DPO) by sending an email to


Do you have a complaint? Send us an email  ( or call (+32 9 241 57 57) use and we will get back to you as soon as possible. If we can’t find a solution, you are free to submit a complaint to a competent authority. In Belgium, this is the Belgian Data Protection Authority