AquaExposure places the utmost importance on protecting your privacy and personal data. This policy details how we process your information in accordance with the General Data Protection Regulation (GDPR) and the Belgian law of July 30, 2018.
The data controller is:
AquaExposure
[ADRESSE_COMPLETE]
Email: [email protected]
We only collect data necessary for the purposes pursued:
Managing your account, access to courses, provision of ordered services.
Sending newsletters, use of non-essential cookies (Marketing/Analytics).
Invoicing, retention of accounting documents (7 years in Belgium).
Platform security, fraud prevention (account sharing), experience improvement.
AquaExposure uses technical service providers (sub-processors within the meaning of Art. 28 GDPR) to ensure the platform's operation. These sub-processors are bound by Data Processing Agreements (DPA) compliant with the GDPR.
Some providers are established in the United States. Data transfers to these countries are governed by Standard Contractual Clauses (SCC) approved by the European Commission, in accordance with Articles 46 and 47 of the GDPR and the EU-US adequacy decision (Data Privacy Framework, decision of July 10, 2023).
| Sub-processor | Role | Country | Transfer guarantee |
|---|---|---|---|
| Vercel Inc. | Web hosting | USA (EU servers available) | CCT + DPA |
| Neon Inc. | Database | USA (EU Frankfurt servers) | CCT + EU servers |
| Cloudflare Inc. (R2) | Media and photo storage | USA | CCT + DPA |
| Stripe Inc. |
In accordance with Article 8 of the GDPR and the Belgian law of July 30, 2018, the use of AquaExposure services is reserved for persons aged at least 13 years. Below this age, the consent of a holder of parental authority is required.
AquaExposure does not knowingly collect personal data from persons under 13 years of age. If you become aware that a child under 13 has created an account on our platform, please contact us at [email protected] so that we can delete this data.
In the event of a personal data breach likely to pose a risk to your rights and freedoms, AquaExposure commits to:
For any questions regarding the security of your data: [email protected]
In accordance with the GDPR, you have the following rights:
To exercise these rights, contact us by email at [email protected]. A response will be provided within 30 days.
In accordance with the GDPR, you can request the deletion of your account and all your personal data by contacting us by email. We will process your request within 30 days.
We never sell your data. It is only shared with our technical sub-processors listed in section 5, bound by Data Processing Agreements (DPA) and Standard Contractual Clauses (SCC) compliant with the GDPR. No data is transferred for commercial purposes.
| Online payments |
| USA (EU entity: Stripe Payments Europe) |
| CCT + DPA |
| Resend Inc. | Transactional emails | USA | CCT |
| Google LLC (Gemma API) | Automated content translations | USA | CCT + Google Cloud DPA |
| PostHog / Plausible | Anonymized analytics | UE | Intra-UE |