Privacy Policy
Last updated: April 15, 2026
1. Data controller
The data controller for personal data collected through the website dad.pinc.be is:
Pinc Consulting SRL Avenue Louise 65/11 1050 Brussels, Belgium Company number (BCE/KBO): 0742.706.135 Email: dad@pinc.be
2. Data we collect
2.1 Data collected automatically (website visitors)
When you visit our website, we automatically collect:
- IP address (anonymized);
- Browser type and version;
- Operating system;
- Pages visited and duration of the visit;
- Referring website.
This data is collected through cookies and analytics tools in order to improve our website and services.
2.2 Data provided voluntarily
When you use our services, we may collect:
- Email address: when creating an account or ordering a service;
- First and last name: when creating an account;
- Billing information: company name, address, VAT number, for payment and invoicing purposes;
- Website URLs: the addresses of websites you submit for an accessibility audit.
2.3 Data collected via Paddle (Simplified audit and AI-assisted in-depth audit)
When you purchase the Simplified audit (€199) or the AI-assisted in-depth audit (€990), the payment is processed by Paddle.com Market Limited, acting as Merchant of Record. In this context, Paddle collects and processes:
- Payment information (credit card, PayPal, or other payment method);
- Billing address;
- Email address;
- Country and tax information (for VAT calculation).
We do not have access to your full payment details (for example, your credit card number). Paddle only provides us with the information necessary to deliver our services: your name, email address, country, and order details.
The processing of your payment data by Paddle is governed by Paddle’s privacy policy.
2.4 Data collected by Pinc Consulting for quote-based services (In-depth audit — Human testing)
When you request a quote for the In-depth audit — Human testing, the sale is handled directly by Pinc Consulting SRL, without Paddle. In this context, Pinc Consulting collects and processes:
- Your name and professional title;
- Your email address and phone number;
- Your organisation’s name, billing address, and (where applicable) VAT number;
- The URL(s) of the website(s) to be audited;
- Any additional information you provide to help us scope the audit.
Once the offer is accepted, Pinc Consulting issues the deposit and balance invoices directly and receives payment by bank transfer. For this service, Pinc Consulting is the sole data controller of the billing data — Paddle is not involved.
2.5 Audit data published in the directory
The DAD directory contains the results of accessibility audits of publicly accessible websites. This data includes:
- The URL of the audited website;
- The accessibility score;
- A summary of detected violations;
- The date of the last audit.
This information is derived from the technical analysis of publicly accessible websites and does not constitute personal data within the meaning of the GDPR.
3. Purposes of processing
We process your data for the following purposes:
| Purpose | Legal basis (GDPR) |
|---|---|
| Provision of our services (audits, statements, reports) | Performance of a contract (Art. 6(1)(b)) |
| Management of your user account | Performance of a contract (Art. 6(1)(b)) |
| Processing of orders and billing via Paddle (Simplified audit, AI-assisted in-depth audit) | Performance of a contract (Art. 6(1)(b)) |
| Preparation of quotes, invoicing and collection for the In-depth audit (Human testing) | Performance of a contract (Art. 6(1)(b)) |
| Retention of billing data | Legal obligation (Art. 6(1)(c)) |
| Improvement of our website and services | Legitimate interest (Art. 6(1)(f)) |
| Sending service-related communications | Legitimate interest (Art. 6(1)(f)) |
| Sending marketing communications (only with your consent) | Consent (Art. 6(1)(a)) |
| Publication of audit results in the public directory | Legitimate interest (Art. 6(1)(f)) |
4. Data sharing
We never sell your personal data. We may share your data with:
- Paddle.com Market Limited (Merchant of Record, for the Simplified audit and the AI-assisted in-depth audit): for payment processing, billing, and tax collection. Paddle acts as an independent data controller for payment data. See Paddle’s privacy policy. Paddle is not involved in the sale of the In-depth audit — Human testing, which is invoiced directly by Pinc Consulting.
- Service providers: hosting, analytics tools, accounting software, to the extent necessary for the provision and administration of our services;
- Public authorities: where required by law;
- Public directory: audit results (URLs, scores, violations) are published in the DAD directory, which is publicly accessible.
All our service providers are based in the European Union or provide an adequate level of protection in accordance with the GDPR.
5. Data retention
| Type of data | Retention period |
|---|---|
| Account data | Duration of the account + 12 months after deletion |
| Billing data (invoices issued by Paddle or by Pinc Consulting) | 7 years (Belgian legal requirement) |
| Payment data held by Paddle (Simplified audit, AI-assisted in-depth audit) | In accordance with Paddle’s retention policy |
| Quote, offer and bank transfer data for the Human testing audit | 7 years (Belgian accounting and tax records) |
| Audit data in the directory | Retained indefinitely in the public directory |
| Browsing data (cookies) | Maximum 13 months |
| Marketing communications | Until withdrawal of consent |
6. Cookies
Our website uses cookies for the following purposes:
| Type of cookie | Purpose | Duration |
|---|---|---|
| Strictly necessary cookies | Website operation, authentication, language preferences | Session or 12 months maximum |
| Analytical cookies | Audience measurement and website improvement | 13 months maximum |
| Marketing cookies | Only with your explicit consent | 13 months maximum |
You can manage your cookie preferences at any time through the cookie banner or your browser settings. Refusing analytical and marketing cookies does not affect the functioning of the website.
7. International data transfers
Your data is primarily hosted within the European Union. Paddle, as Merchant of Record based in the United Kingdom, may process certain data in the United Kingdom, a country that benefits from an adequacy decision by the European Commission.
If transfers to other countries are necessary, they are safeguarded by appropriate measures in accordance with the GDPR (standard contractual clauses, adequacy decisions).
8. Your rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of the personal data we hold about you;
- Right to rectification: correct inaccurate or incomplete data;
- Right to erasure: request the deletion of your personal data;
- Right to restriction: request the restriction of the processing of your data;
- Right to data portability: receive your data in a structured, machine-readable format;
- Right to object: object to processing based on legitimate interest;
- Right to withdraw consent: withdraw your consent at any time, without affecting the lawfulness of prior processing.
To exercise these rights regarding the data we hold, contact us at: dad@pinc.be.
To exercise your rights regarding payment data held by Paddle (Simplified audit and AI-assisted in-depth audit), please refer to Paddle’s privacy policy or contact Paddle directly.
We will respond to your request within 30 days.
9. Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption of data in transit (HTTPS/TLS);
- Encryption of data at rest;
- Strict access controls;
- Hosting within the European Union.
10. About the public directory
The DAD directory publishes accessibility audit results for publicly accessible websites. This publication is based on our legitimate interest in promoting transparency and improving digital accessibility.
If you are the owner of a website listed in the directory and wish to:
- Update your score: run a free scan at any time;
- Claim your listing: contact us to add information;
- Report an inaccuracy: contact us at dad@pinc.be.
11. Complaints
If you believe that the processing of your data does not comply with the GDPR, you may file a complaint with the Belgian Data Protection Authority:
Belgian Data Protection Authority (DPA) Rue de la Presse / Drukpersstraat 35 1000 Brussels, Belgium https://www.dataprotectionauthority.be contact@apd-gba.be
12. Changes
We reserve the right to modify this privacy policy at any time. The date of the last update is indicated at the top of this page. In the event of a substantial change, we will notify you by email or through a visible notice on our website.