Sceau
How it worksDataCompliance serviceKnowledge centreResearchAboutContact
ENFRNLDE
Book a demo Log in

Privacy statement

Last updated: 2026-06-11 · Galactic Automation BV · BE 0768.244.354

1. Who we are

This website and the Sceau platform are operated by Galactic Automation BV, Zottegem, Belgium, enterprise number BE 0768.244.354 ("we"). We are the controller for personal data processed through this website, and — for office account data — for the platform. For client data that offices process inside the platform, the office is the controller and we act as processor under a data processing agreement. Contact: stijn@sceau.eu.

2. What we process, and why

  • Website. Server logs (IP address, user agent, pages requested) for security and abuse prevention — legitimate interest, retained max. 12 months.
  • Contact. The contact form opens your own e-mail client; we process what you send us to answer you — legitimate interest / pre-contractual steps, retained as long as the correspondence is relevant.
  • Readiness scan. If you request the PDF report, we process your e-mail address, office name and answers to deliver the report and follow up commercially — consent and legitimate interest; you can object at any time.
  • Platform accounts. Name, professional e-mail, role and authentication data of office users — performance of contract; retained for the duration of the contract plus legal retention periods.
  • Platform compliance data. Offices process client identification, beneficial-ownership, screening and evidence data inside the platform to meet their legal AML obligations (Regulation (EU) 2024/1624 and national law). The office is controller; we process exclusively under instruction, within the EU.

3. Where your data lives

All production data is hosted on EU-sovereign infrastructure inside the European Union. We do not transfer personal data outside the EU/EEA. Evidence data is content-addressed and protected by a tamper-evident ledger.

4. Who receives data

EU-based hosting and infrastructure providers bound by processing agreements; competent authorities where the law requires it. We do not sell personal data and do not use it for advertising.

5. Your rights

You have the rights of access, rectification, erasure, restriction, portability and objection under the GDPR, and the right to lodge a complaint with the Belgian Data Protection Authority (gegevensbeschermingsautoriteit.be). Note that AML law obliges offices to retain certain compliance records for statutory periods; erasure requests concerning such records are handled by the controlling office within those legal limits.

6. Security

Encryption in transit and at rest, role-based access, four-eyes controls on high-impact actions, content-addressed document storage and a hash-chained evidence ledger. Incidents affecting personal data are notified in line with articles 33–34 GDPR.