Privacy Policy

Last updated: May 2026

This privacy policy describes how VO Europe SA collects, uses, and shares personal data when you visit and purchase from our online shop eshop.vo-eu.be (hereinafter "the Shop"), operated in connection with the NATO Edge 2026 (NE26) event.

1. Who we are

The data controller is:

  • VO Europe SA Rue Haute 139/16 1000 Brussels — Belgium
  • BCE: 0849.627.948 VAT: BE0849627948
  • Email (privacy): privacy@vo-europe.eu

2. What data we collect and why

2.1 Information you provide

When you register an account or place an order on the Shop, we collect:

  • Identity — first name, last name, company name
  • Contact — email address, phone number (optional)
  • Billing address — street, city, postcode, country
  • VAT number (optional, used for B2B reverse charge under EU Directive 2006/112/EC)
  • Account credentials — username, hashed password
  • Order details — purchased products, quantities, amounts, order date
  • Payment data — handled directly by Stripe (see Section 4). We never store full card numbers on our servers.

2.2 Information collected automatically

When you browse the Shop, we automatically collect:

  • IP address — used for fraud prevention, geolocation for tax determination, and security
  • Browser and device data — user agent, language, screen resolution
  • Cookies — strictly necessary cookies for cart and session management; optional analytics cookies (see Section 5)
  • Navigation data — pages viewed, products viewed, time spent

2.3 Legal basis for processing

We process your data on the following bases (GDPR Art. 6):

  • Contract performance — to process your order and deliver the service
  • Legal obligation — to comply with tax, accounting, and VAT regulations
  • Legitimate interest — for fraud prevention, security, and improvement of our service
  • Consent — for optional cookies (analytics)

3. How we use your data

We use your personal data to:

  • Process and fulfil your orders
  • Send order confirmations and invoices 
  • Calculate applicable taxes based on your billing country for B2B reverse charge
  • Process refunds and handle support requests
  • Comply with our legal obligations (notably Belgian accounting and tax law)
  • Detect and prevent fraud
  • Improve the Shop's functionality and user experience

We do not send marketing communications from this Shop. No newsletter or promotional emails are sent based on your purchase activity here.

4. Who we share data with

We share personal data only with the following categories of third parties, strictly as necessary to operate the Shop: none.

4.1 Payment processing — Stripe

All payments are processed by Stripe Payments Europe Ltd. (Ireland). When you pay, Stripe collects and processes your card details directly on its own infrastructure (we never see or store your card number).

Stripe acts as an independent data controller for fraud-prevention purposes. Their privacy policy: https://stripe.com/privacy

4.2 Hosting — Infomaniak

The Shop is hosted by Infomaniak Network SA (Switzerland), which provides secure data storage in compliance with GDPR. Their privacy policy: https://www.infomaniak.com/en/legal/privacy-policy

4.3 VAT validation — European Commission VIES

For B2B customers, VAT numbers are validated against the European Commission's VIES (VAT Information Exchange System). Only the VAT number is transmitted, no other personal data.

VIES information: https://ec.europa.eu/taxation_customs/vies/

4.4 Email delivery — Microsoft 365

Transactional emails (order confirmations, invoices) are sent through Microsoft 365 infrastructure (Microsoft Ireland Operations Ltd.). Microsoft privacy: https://privacy.microsoft.com/

4.5 Analytics — Google Analytics (if enabled)

Subject to your cookie consent, we may use Google Analytics (Google Ireland Ltd.) to measure audience and improve the Shop. Anonymised IP and aggregated browsing data may be transmitted. You can opt out at any time via our cookie banner or using the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout

Google privacy policy: https://policies.google.com/privacy

4.6 Legal authorities

We may disclose your data when required by law, court order, or in response to a valid request by a public authority.

We do not sell your personal data to anyone.

5. Cookies

The Shop uses the following categories of cookies:

  • Strictly necessary — required for the cart, checkout, and login to function. Cannot be disabled.
  • Analytics (optional, with consent) — Google Analytics, if enabled, to measure traffic.

You can manage your cookie preferences via the cookie banner displayed at your first visit, or by clearing cookies in your browser.

6. How long we keep your data

Type of data Retention period
Order records, invoices, tax-relevant data 10 years (Belgian accounting law)
Customer account (if no order placed) Until you request deletion
Customer account (after orders) 10 years after last activity, then anonymised
Logs (security, access) 12 months maximum
Analytics data 14 months (Google Analytics default)
Cookies Per cookie expiration date (max 13 months)

7. International transfers

Some of our service providers (Stripe, Microsoft, Google) may process data outside the European Economic Area. In such cases, transfers are safeguarded by:

  • Standard Contractual Clauses (SCC) approved by the European Commission, or
  • An adequacy decision for the destination country, or
  • The EU–U.S. Data Privacy Framework where applicable.

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten"), subject to legal retention obligations
  • Restrict or object to certain processing activities
  • Data portability — receive a copy of your data in a machine-readable format
  • Withdraw consent at any time (for analytics cookies)
  • Lodge a complaint with the Belgian Data Protection Authority: Autorité de protection des données — APD/GBA Rue de la Presse 35, 1000 Bruxelles https://www.dataprotectionauthority.be/

To exercise any of these rights, contact us at: privacy@vo-europe.eu

9. How we protect your data

We apply appropriate technical and organisational measures, including:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted storage of sensitive data (passwords are hashed, never stored in plain text)
  • Access controls — only authorised staff (administrators and shop managers) can access order and customer data
  • Tokenised payments — card details handled exclusively by Stripe (PCI-DSS compliant)
  • Regular backups and security updates
  • Anti-spam and fraud detection at the email and checkout layers

10. Data breach procedure

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will:

  • Notify the Belgian Data Protection Authority within 72 hours of becoming aware of the breach
  • Inform affected users without undue delay where the risk is high
  • Document the breach internally and take corrective measures

11. Automated decision-making

We do not use automated decision-making or profiling that produces legal effects on you.

12. Who has access on our team

Only the following members of our staff can access your personal data, and only for the purposes described above:

  • Administrators — full access for technical maintenance and compliance
  • Shop managers / Sales team — access to orders, customer details, and invoices for fulfilment and support

All staff are bound by confidentiality obligations.

13. Changes to this policy

We may update this Privacy Policy from time to time. The latest version is always available on this page, with the "Last updated" date at the top.

14. Contact

For any questions or concerns regarding this Privacy Policy or the processing of your personal data:

VO Europe SA Rue Haute 139/16, 1000 Brussels — Belgium Email: privacy@vo-europe.eu

0
    Your Cart
    0
    Your cart is emptyReturn to E-Shop
    Continue Shopping