Close Cookie Popup
Cookie settings
By clicking "Accept all cookies", you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Accept all cookiesCookie settings
Close Cookie Preference Manager
Cookie settings
By clicking 'Accept all cookies', you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings

Privacy Policy

Last updated: August 26, 2025

Your privacy matters to me. This policy explains how I collect, use, and protect your personal information when you visit my website, subscribe to my newsletter, or work with me professionally.

Who we are (Data Controller)

Creytens.com BV
Sint-Michielslaan 2, 8200 Brugge, Belgium
Enterprise number (KBO/BTW): 0423.339.078
VAT: BE 0423.339.078
Privacy contact: hello@philippecreytens.be
Data Protection Officer: not appointed

Information I Collect

Information You Provide Directly

When you interact with my services, I may collect:

  • Contact Information: Your name, email address, company name, and other details you provide when subscribing to my newsletter, filling out contact forms, or engaging my services
  • Communication Records: Messages you send through contact forms, emails, or other communication channels
  • Professional Information: Details about your organization, role, and specific needs when you inquire about consulting services

Information Collected Automatically

When you visit my website, I automatically collect certain technical information:

  • Usage Data: Pages visited, time spent on site, referral sources, and general browsing patterns
  • Device Information: Browser type, operating system, IP address, and device characteristics
  • Cookies and Similar Technologies: Small data files that help improve your experience and analyze website performance

Newsletter Subscriptions

When you subscribe to Reboot Required, I collect your email address and any additional information you voluntarily provide. I use this information solely to send you the weekly newsletter and related communications about Google Workspace and productivity tips.

Legal Bases

I process personal data on the following legal bases:

  • Newsletter (Reboot Required): consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time via the unsubscribe link.
  • Consulting inquiries and client delivery: performance of a contract or pre-contractual steps (Art. 6(1)(b)).
  • Service communications and account-related updates: performance of a contract (Art. 6(1)(b)) and, where appropriate, legitimate interests in running my business and supporting clients (Art. 6(1)(f)).
  • Website analytics and other non-essential cookies: consent (Art. 6(1)(a)).
  • Security, fraud prevention, bookkeeping, and legal compliance: legal obligation (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f)).

How I Use Your Information

I use the information I collect for the following purposes:

Service Delivery

  • Providing consulting services and support
  • Responding to your inquiries and communication
  • Delivering the Reboot Required newsletter
  • Customizing content and recommendations based on your interests

Business Operations

  • Improving my website and services
  • Analyzing usage patterns to create better content
  • Managing client relationships and project delivery
  • Complying with legal and regulatory requirements

Communication

  • Sending you the weekly newsletter (if subscribed)
  • Responding to your questions and requests
  • Providing updates about services that may interest you
  • Sharing relevant resources and educational content

No automated decision-making or profiling that produces legal or similarly significant effects is carried out.

Cookies and Tracking

  • Non-essential cookies, including analytics, are used only with your consent.
  • You can change or withdraw consent at any time via the cookie banner or the Cookie Settings link in the site footer.
  • Most browsers also allow you to view and delete cookies, block cookies from specific websites, block all cookies, or receive warnings before cookies are stored. Blocking cookies may affect site functionality.

Information Sharing and Disclosure

I respect your privacy and do not sell, rent, or trade your personal information. I may share your information only in the following limited circumstances:

Service Providers

II work with trusted third-party service providers who help me operate my business. These providers process personal data only on my instructions and under a data processing agreement (DPA):

Website hosting & CMS — Webflow, Inc. (USA)
Purpose: Hosting and delivery of the website, forms, and related logs.
Typical data: Contact form submissions (name, email, message), website usage metadata (IP address, user agent), error and security logs.
Location & transfers: Data may be processed in the United States. Transfers from the EU are covered by Webflow’s DPA (including Standard Contractual Clauses) and, where applicable, the EU–US Data Privacy Framework.

Google Workspace lab tenant — Google LLC (USA)
Purpose: Operating a separate Google Workspace “lab” environment for hands-on training and course exercises.
Typical data: Training account identifiers (name, email alias), activity metadata generated during exercises, and any files created in the lab context.
Location & transfers: Governed by Google Workspace’s Data Processing Amendment (includes SCCs) and Google’s GDPR commitments. Lab accounts are minimized and purged periodically.

Automations — n8n (n8n GmbH, EU / n8n, Inc., USA)
Purpose: Workflow automation (for example routing form submissions, syncing newsletter preferences).
Typical data: Contact details and message metadata necessary to execute a workflow; integration payloads depending on the specific automation (minimized).
Location & transfers: n8n provides a DPA for cloud usage and supports EU self-hosting to keep data in the EU. Where cloud processing occurs outside the EU, transfers are covered by SCCs and, where applicable, the EU–US Data Privacy Framework.

Course platform — Teachable, Inc. (USA)
Purpose: Hosting on-demand courses, enrollment, payments (via Teachable’s payment processors), and progress tracking.
Typical data: Name, email, course enrollments, progress data; limited billing details handled by payment providers.
Location & transfers: Covered by Teachable’s DPA (including SCCs) and, where applicable, the EU–US Data Privacy Framework.

Newsletter & email — Kit.com (formerly ConvertKit) (USA)
Purpose: Managing newsletter subscriptions, email delivery, consent records, and basic engagement analytics.
Typical data: Email address, name (if provided), subscription preferences, IP/time for consent, basic email engagement events.
Location & transfers: Covered by Kit’s DPA (including SCCs) and, where applicable, the EU–US Data Privacy Framework.

Website analytics — Conva Ventures Inc. (Fathom Analytics) (Canada)
Purpose: Privacy-first, cookie-free website analytics for visits, sources, pages, events, and campaigns. Typical data: Page URL/path, referrer and UTM parameters, device/browser and country-level stats; IP address and User-Agent processed transiently and anonymized for unique counts and security; no cookies.
Location & transfers: EU visitors’ data is processed and anonymized on EU servers via EU Isolation (bunny.net CDN and Hetzner infrastructure); non-EEA traffic may be processed in the USA (AWS). Governed by Fathom’s DPA.

I review these providers periodically for privacy and security posture, use only the minimum data required for each purpose, and update this section if providers change.

International Data Transfers

I am based in Belgium and primarily serve clients in the European Union. Some service providers may process data outside the EU. Where this occurs, I rely on one or more of the following safeguards:

  • The EU–US Data Privacy Framework for certified US providers
  • Standard Contractual Clauses adopted by the European Commission
  • Adequacy decisions for specific countries, where applicable

Legal Requirements

I may disclose your information if required by law, legal process, or to protect the rights, property, or safety of my business or others.

Data Security

I implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure backup and recovery procedures

Google Workspace Security

As a Google Workspace consultant, I follow Google's enterprise security best practices and maintain current certifications. All client data is handled according to enterprise-grade security standards.

Your Rights and Choices

You have several rights regarding your personal information:

Newsletter Subscriptions

  • Unsubscribe: You can unsubscribe from the newsletter at any time using the link at the bottom of each email
  • Update Preferences: Contact me to update your email address or communication preferences

Data Access and Control

Subject to conditions in the GDPR, you have the right to:

  • Access a copy of your personal information
  • Rectify inaccurate or incomplete information
  • Delete your personal information (subject to legal and business requirements)
  • Port your data in a commonly used, machine-readable format
  • Object to processing based on legitimate interests, including direct marketing
  • Restrict processing in certain circumstances
  • Withdraw consent at any time where processing is based on consent

I may request reasonable information to verify your identity before fulfilling a request. If you unsubscribe from email, I keep a minimal suppression record to respect your opt-out.

Data Retention

I retain personal information only as long as necessary for the purposes outlined in this policy or as required by law:

  • Newsletter Subscribers: until you unsubscribe or the newsletter service ends
  • Client Information: for the duration of our professional relationship plus applicable legal retention periods
  • Website Analytics: typically aggregated and anonymized after 26 months
  • Contact Inquiries: generally retained for 2 years to provide follow-up support
  • Bookkeeping and tax records: retained for the statutory period under Belgian law, typically 7 to 10 years depending on document type

Children

This site and services are not intended for individuals under 16. If you believe a child has provided personal data, contact me to request deletion.

Changes to This Policy

I may update this privacy policy from time to time to reflect changes in my practices or applicable laws. When I make significant changes, I will:

  • Post the updated policy on my website with a new "last updated" date
  • Notify newsletter subscribers of material changes
  • Provide additional notice for changes that materially affect your rights

Contact Information

If you have any questions about this privacy policy or how I handle your personal information, please contact me:

Email: hello@philippecreytens.be
Postal address: Creytens.com BV, Sint-Michielslaan 2, 8200 Brugge, Belgium
Response time: I typically respond to privacy inquiries within 48 hours

Supervisory Authority:
Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)
Drukpersstraat 35, 1000 Brussel/Bruxelles, Belgium
Tel: +32 2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be

GDPR Rights (EU Residents)

If you are located in the European Union, you have the right to lodge a complaint with your local data protection authority or with the Belgian GBA/APD.

Special Note for Consulting Clients

If you engage my professional consulting services, additional privacy and confidentiality terms may apply as outlined in our service agreement. Client data handling follows enterprise security standards and may be subject to additional contractual protections.