Privacy Policy
Last Updated: March 12, 2026
1. Introduction & Controller Identity
This Privacy Policy explains how Vik-Immo (“we”, “our”, “us”) collects, uses, and protects your personal data when you visit our website and interact with our financial education services. We operate from Belgium and provide educational programs designed for learners across Canada. Data Controller: Vik-Immo BV, Nachtegalendreef 17, 2280 Grobbendonk, Belgium. Contact email: [email protected]. We provide education-only services and do not offer financial, investment, tax, or legal advice. If you have any questions about this Policy or how we process your data, contact us at the email above. We have not appointed a statutory Data Protection Officer; privacy-related enquiries are handled by our administration team.
This Policy applies to our website, contact forms, and communications. It does not apply to third-party sites or services that may be referenced for educational context. By using our site, you acknowledge this Policy. Where required by law, we will ask for your consent before processing non-essential cookies or similar technologies.
2. Personal Data We Collect
We collect the following categories of personal data, depending on your interaction:
- Identity and contact details: name, email address, and phone number when you submit a contact or registration form.
- Form content: free-text messages, course selections, and learning goals you choose to share with us.
- Technical data: IP address, browser type, operating system, device identifiers, language, and basic diagnostics generated when you access our site.
- Usage data: pages visited, time on page, navigation paths, referral sources, and link clicks collected via analytics cookies subject to your consent.
- Cookies and online identifiers: records of your cookie preferences and, where consented, analytics/marketing identifiers (see Section 4).
- Conversion events: successful form submissions and follow-up outcomes (e.g., enrollment confirmation) recorded for internal reporting.
We do not intentionally collect special category data (such as health information, religious or political opinions) and we do not request government IDs, bank account details, or payment card numbers on this website.
3. Why We Process Personal Data & Legal Bases
- Responding to contact/registration requests: to communicate about courses, availability, and enrollment steps. Legal bases: GDPR Art. 6(1)(b) contract or pre-contractual steps and Art. 6(1)(a) consent where applicable.
- Analytics and performance measurement: to understand website usage and improve content, only after consent. Legal basis: GDPR Art. 6(1)(a).
- Marketing/remarketing: to measure campaign performance and reach relevant audiences, only after consent. Legal basis: GDPR Art. 6(1)(a).
- Security and fraud prevention: to protect our services, investigate anomalies, and maintain service integrity. Legal basis: GDPR Art. 6(1)(f) legitimate interests.
- Legal compliance: to fulfil legal, tax, and regulatory obligations. Legal basis: GDPR Art. 6(1)(c).
Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects under GDPR Art. 22.
4. Cookies, Pixels, and Similar Technologies
Our website uses cookies and similar technologies to operate and to, with your consent, measure usage and support marketing. We categorise cookies as follows, which align with our Cookie Policy:
- Essential: strictly necessary for the website to function (e.g., session continuity, cookie preference storage). Active without consent.
- Analytics (consent): used to generate aggregate usage statistics. Example identifiers: _ga (2 years), _ga_XXXXXXXXXX (2 years, GA4 property). We apply IP anonymisation where analytics are used.
- Marketing (consent): used for remarketing, conversion measurement, and audience insights. Examples: _gcl_au (90 days, Google Ads), _fbp and _fbc (90 days, Meta).
Beyond cookies, measurement can occur via pixel tags or server-side forwarding. These tools activate only after you give consent in our cookie banner. You can change your choice at any time using “Manage cookie preferences” in the footer. See also Section 5 (Consent) and Section 8 (Retention).
5. Consent for Users in the EEA/UK
Users in the European Economic Area and the United Kingdom receive a consent prompt. Analytics and marketing cookies are set only after you provide explicit, informed, and freely given consent (GDPR Art. 6(1)(a)). Your choice is stored in the cookie_consent cookie for up to 12 months. You can withdraw consent at any time via the cookie preferences panel or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
6. Sharing With Advertising and Service Partners
We share limited data with service providers to operate our site and measure performance. Categories of recipients include:
- Analytics and advertising platforms (for example, Google Analytics 4, Google Ads, Meta): cookie identifiers, page view events, conversions, and audience membership where consented.
- Infrastructure and security providers (for example, content delivery and security services) for availability, performance, and threat detection based on IP and device information.
- Professional advisers (legal/accounting) where necessary for compliance; limited, purpose-bound disclosure.
We do not sell personal data. Service providers act under contract and may not use site data for their own independent commercial purposes.
7. International Data Transfers
Where data is transferred outside the EEA (for example, to the United States for analytics or advertising processors), we rely on appropriate safeguards such as the EU–US Data Privacy Framework and its UK Extension where applicable, the Swiss–US Data Privacy Framework where relevant, and the European Commission’s Standard Contractual Clauses (2021/914) as a fallback. We also assess supplementary measures to protect the data according to European guidance.
8. Data Retention
- Contact and registration records: 2 years from the last interaction unless we are required to keep them longer for legal reasons.
- Analytics data: 14 months (aggregate reporting) where enabled by consent.
- Marketing cookies: per cookie lifetime listed in Section 4 (for example, _gcl_au 90 days; _fbp and _fbc 90 days).
- Email correspondence: for the duration of our relationship plus 1 year.
- Server logs and security records: typically 90 days.
- Cookie consent record: up to 3 years to evidence compliance.
- Legal/tax records: retained as required by Belgian and EU law (commonly 6–10 years for invoices and statutory documents).
9. Your Rights
Under the GDPR, you have the following rights, subject to conditions and exceptions: right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21). You may also withdraw consent at any time (Art. 7(3)) where processing is based on consent. To exercise these rights, email [email protected]. We aim to respond within 30 days and may extend by a further 60 days for complex requests. We may ask you to verify your identity before fulfilling a request.
You also have the right to lodge a complaint with your local Supervisory Authority. As we are established in Belgium, you may contact the Belgian Data Protection Authority. We would appreciate the opportunity to address your concerns directly first.
10. Children
Our services and website are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we discover that such data was collected without verifiable parental consent, we will delete it promptly. Parents or guardians who believe their child has provided personal data should contact [email protected].
11. Do Not Track
Some browsers offer a Do Not Track (DNT) signal. Our website does not respond to DNT signals. Third-party providers may have their own handling of DNT preferences according to their policies and technical capabilities.
12. Account & Data Deletion
If you would like us to delete personal data we hold about you, please email [email protected] with the subject line “Data Deletion Request”. We will assess your request, verify your identity, and respond within 30 days unless an extension is necessary due to complexity. We may retain certain records where required by law (for example, accounting records) or where we have overriding legitimate interests such as security or fraud prevention.
13. Business Transfers
In the event of a merger, acquisition, reorganisation, asset transfer, financing, or insolvency, personal data may be transferred to a successor entity as part of a lawful transaction. We will continue to protect the data consistent with this Policy and notify users via a site notice if the transfer materially changes how your data is used.
14. California (CCPA/CPRA)
If you are a California resident, state privacy laws may grant additional rights. We disclose the following categories of personal information for business purposes in the past 12 months: identifiers (name, email, IP address, cookie IDs), internet or network activity (pages viewed, interactions), and inferences (audience segments) to service providers and advertising partners. We do not sell personal information as defined by the CCPA. We do “share” for cross-context behavioural advertising only with consent, and you may opt out using our cookie preferences panel. California rights include: know/access, delete, correct, and opt out of sale/sharing. Submit requests by emailing [email protected] with “California Privacy Request” in the subject. We will verify identity before responding. We will not discriminate for exercising your rights.
15. Virginia (VCDPA)
Virginia residents have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data. Submit requests by emailing [email protected] with “Virginia Privacy Request” in the subject. If we refuse a request, you may appeal by writing “Appeal of Refusal — Privacy Request” in the subject. We will respond within 60 days. If unresolved, you may contact the Virginia Attorney General as provided by law.
16. Nevada
Nevada residents may submit a verified opt-out request regarding the sale of personal information by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information as defined under Nevada Revised Statutes Chapter 603A.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. Material changes will be signposted on our homepage at least 14 days before taking effect. The “Last Updated” date at the top of this page will be refreshed with each revision. Continued use of our website after changes take effect constitutes acknowledgement of the updated Policy.
18. Contact
Controller: Vik-Immo BV, Nachtegalendreef 17, 2280 Grobbendonk, Belgium. Email: [email protected]. For all privacy enquiries or to exercise your rights, please contact us using this address and include sufficient information for us to locate your records. If contacting us by email, do not include sensitive information.