Controller
Site name: Digital Tool Haven
Based in the European Union (Belgium)
BTW: BE 1033.165.707
Contact email: support@digitaltoolhaven.com
Introduction
Digital Tool Haven is committed to protecting your privacy. This Privacy Policy explains what personal data we collect as a one-person business in Belgium (VAT BE1033.165.707), how we use it, and your rights. We comply with the EU General Data Protection Regulation (GDPR) and other applicable laws to ensure your information is handled lawfully and transparently. By using our website or services, you agree to the practices described in this Policy.
Who we are
Digital Tool Haven is a small business based in Belgium, operating under the trade name “Digital Tool Haven” (VAT BE1033.165.707). For purposes of data protection law, Digital Tool Haven is the data controller for the personal information collected via our website and services. You can contact us with any privacy-related questions or requests through our website’s contact form or by email at support@digitaltoolhaven.com. Please do not send sensitive information by email, as email may not be fully secure.
Personal Data We Collect
Contact Form Information: If you reach out to us via our website contact form, we collect the personal data you provide, such as your name, email address, and the contents of your message. We use this information solely to communicate with you and respond to your inquiry. Providing this data is optional, but without it we cannot respond to your questions or requests.
Purchase and Order Information: When you buy a digital software tool from us, the payment and checkout are handled by our third-party reseller, Paddle. Paddle acts as the Merchant of Record, which means they process your payment details (such as credit card or PayPal information), billing address, and any other information required for the transaction. We do not directly collect or store your payment card details. After a successful purchase, we receive limited information from Paddle necessary to deliver your product – for example, your name, email address, the product ordered, and date of purchase. We use this information to fulfill your order (for example, provide download access), to provide customer support, and for our own record-keeping. Paddle may also send you a receipt or emails related to your order on our behalf.
Technical Data (Cloudflare): Our website uses Cloudflare for security and performance. When you visit our site, Cloudflare may automatically collect certain technical data, such as your IP address, browser type, operating system, and other standard web log information, as part of the process of routing and protecting our site’s traffic. Cloudflare may temporarily store this data in server logs and use cookies or similar technologies strictly to distinguish legitimate visitors from malicious actors. This helps to block attackers and ensure our website loads quickly and safely for all users. We do not have access to identifiable personal data in these logs except potentially IP addresses, which we only use for troubleshooting or security purposes.
No Cookies or TrackingWe do not use any analytics, advertising, or tracking cookies on our website. Aside from Cloudflare’s essential security cookie (if used) and basic session cookies needed for site functionality (if any), no other cookies will be placed on your device by us. We do not use Google Analytics or any third-party tracking scripts. This means we are not profiling you or collecting behavioral data about your browsing. Your visit to our site remains private and is not tracked across other sites.
We also do not knowingly collect any sensitive personal data (such as racial or ethnic origin, political opinions, health information, etc.), and our website and services are intended for professional users and are not directed to children under 16. We do not knowingly collect personal data from children.
How We Use Personal Data
To Respond to Inquiries: If you contact us via the contact form or email, we use your name, email address, and message contents to respond to you and provide the information or assistance you requested.
To Process Orders and Provide Services: When you purchase a digital tool, we use the personal information received from Paddle (such as your name and email) to deliver your digital product (for example, providing download access) and to provide support related to that product. Processing this data allows us to fulfill our contract with you (the purchase agreement).
For Payment and Tax Records: Paddle, as our payment partner, handles billing and taxes for sales. We retain basic information about your purchase (e.g. what was bought, when, and by whom) in our records. This is used for accounting, tax compliance, and financial record-keeping as required by law. (Because Paddle is the seller of record, they handle VAT collection and remittance on our behalf, but we may keep invoices or reports provided by Paddle for our own accounting.
To Ensure Website Security and Functionality: We use the technical data collected by Cloudflare to protect our website, prevent fraud, and ensure reliable performance. For example, Cloudflare helps block malicious traffic (like DDoS attacks) by analyzing requests to our site. Using Cloudflare means your data (such as IP address and browser info) might be processed by Cloudflare’s systems and potentially transferred outside the EU for filtering, but this is solely to secure our site. We have a legitimate interest in keeping our website safe and operational, and Cloudflare’s processing is pursuant to that interest. Cloudflare may process data outside the EU as part of providing security and delivery services. Cloudflare states it uses appropriate safeguards for international transfers (such as the EU-U.S. Data Privacy Framework and/or standard contractual clauses, where applicable). Cloudflare processes personal data under its applicable data processing terms and safeguard.
Legal Bases for Processing
We process personal data only when we have a valid legal basis under GDPR. The legal grounds for our processing activities are
Performance of a Contract (GDPR Article 6(1)(b)):
When you purchase a product from us, we must process certain personal data (like your name and email) to fulfill our contract with you by delivering the product and providing support. Similarly, if you ask us pre-sale questions, we may consider that processing as taking steps at your request prior to entering into a contract.
Legitimate Interests (GDPR Article 6(1)(f)):
We rely on legitimate interests to process data in certain cases, such as responding to unsolicited inquiries and using Cloudflare to secure our website. We have a legitimate business interest in communicating with people who contact us and in protecting our online services. We ensure that these interests are balanced with your rights – for example, we only use your information in ways you would reasonably expect when contacting us, and using Cloudflare benefits both us and users by keeping the service safe without unduly intruding on privacy. You have the right to object to processing based on legitimate interests (see “Your Rights” below).
Consent (GDPR Article 6(1)(a)):
We generally do not rely on consent as a legal basis because we do not use analytics, advertising tracking, or marketing by default. Where we do rely on consent (for example, if you explicitly opt in to receive communications in the future), you can withdraw your consent at any time.
Right of Access
You have the right to request confirmation of whether we are processing your personal data, and to obtain a copy of the data we hold about you. We will provide you with relevant information, such as the data we have, the purposes of processing, and the third parties with whom it is shared (if any).
Legal Obligation (GDPR Article 6(1)(c)):
We may process or retain certain data if required to comply with laws. For example, Belgian accounting or tax regulations might require us to keep records of sales (which could include personal data like names on invoices) for a certain period. In such cases, we process and retain the minimum data necessary to meet our legal obligations.
Your Rights
As an individual in the European Union (or in jurisdictions with similar laws), you have certain rights regarding your personal data. We are committed to upholding these rights, which include:
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. For example, if you change your email address or notice a typo in the information we have, let us know and we will update it.
Right to Erasure
You can request that we delete your personal data, also known as the “right to be forgotten.” We will honor such requests where applicable – for instance, if you withdraw your consent (in cases where consent is our legal basis) or if the data is no longer necessary for our purposes. Note that we may not be able to delete data that we are required to keep by law (e.g. transaction records needed for tax) or that is necessary to establish or defend legal claims. We will inform you if any data cannot be deleted for those reasons.
Right to Restrict Processing
You have the right to ask us to restrict or pause the processing of your personal data in certain circumstances. For example, if you contest the accuracy of the data or have objected to our use of it (pending our evaluation of your objection), you can request that we limit processing in the meantime.
Right to Data Portability
For data you provided to us and which we process by automated means on the basis of consent or contract, you have the right to request a copy in a structured, commonly used, machine-readable format (for instance, CSV). You can also ask that we transmit this data to another service provider where technically feasible.
Right to Object
When we process data based on legitimate interests, you have the right to object to that processing. You can also object at any time to any processing of your personal data for direct marketing (though we currently do not perform any marketing). If you object to processing for security (Cloudflare) or communications, we will consider your request and whether our legitimate grounds override your privacy rights. For example, if you object to Cloudflare’s processing, the only way to fully stop it may be to refrain from using our site, since Cloudflare is integral to its security. However, if you have a special situation, we’ll do our best to accommodate and can explain any decisions.
Right to Withdraw Consent
In the rare cases where we rely on your consent to process data, you have the right to withdraw that consent at any time. For example, if you signed up for a hypothetical newsletter and then change your mind, you could opt out, and we would stop that processing.
International Data Transfers
We are based in Belgium, but some personal data may be processed outside the European Union because we use service providers such as Paddle (for payments) and Cloudflare (for website security and delivery). Where transfers outside the EU occur, we rely on appropriate safeguards under GDPR (such as adequacy decisions and/or standard contractual clauses). If you would like more information about these safeguards, you can contact us.
No Tracking and No Profiling.
We do not use cookies for tracking, and we do not engage in profiling or automated decision-making that could significantly affect you. We do not track you across other websites, and we do not use third-party advertising or social media widgets that share your data. Only the minimal technical data needed to serve and secure the website is processed.
To exercise any of these rights, please contact us via the contact form or email provided in the “Who We Are” section. We will respond to your request as soon as possible, and no later than one month from receipt, as required by law. There is no fee for making a request, unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request (but we would provide an explanation in that case).
Finally, you also have the right to lodge a complaint with a supervisory data protection authority if you believe we have infringed your rights or GDPR in how we handle your data. As we are based in Belgium, our lead supervisory authority is the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit/Autorité de protection des données). You can find their contact details on their official website. We would, however, appreciate the chance to address your concerns directly first, so we encourage you to contact us with any questions or issues.
Third-Party Service Providers
We use a few trusted third-party service providers to run our business and website. Whenever we share your data with these providers, we ensure it’s necessary for the service provided and that they commit to protecting your data.
We do not share your personal data with any other third parties, except if required by law or with your consent. For instance, we would disclose information to government authorities or law enforcement if compelled by a lawful request, or to accountants/auditors if needed for financial compliance. In all cases, we would ensure there is a lawful basis and only share what is necessary.
Paddle (Reseller and Payment Processor):
All online payments for our products are handled by Paddle. When you make a purchase, you are actually buying from Paddle as the Merchant of Record. Paddle will collect your payment details and personal information during checkout, and they are responsible for securely processing that information. They also handle all VAT/taxes, invoicing, and compliance for the transaction. Paddle may share your name, email, and purchase details with us so that we can deliver the product and support you, but they do not share sensitive payment info like your credit card number with us. Paddle is a company based in the UK and is GDPR-compliant; the UK is recognized by the EU as providing an adequate level of data protection. For more details on how Paddle handles your data, you can refer to Paddle’s Privacy Policy (available on Paddle’s website). If you have any billing questions or wish to exercise data rights regarding information held by Paddle, you may need to contact Paddle directly as well.
Cloudflare (Content Delivery Network & Security):
As described, we use Cloudflare Inc. to protect our site from attacks and provide faster load times globally. Cloudflare may process site visitor data (like IP addresses and request data) for security purposes. Cloudflare operates a global network, so your data might be transmitted through servers outside your country (including outside the EU). Cloudflare maintains safeguards for cross-border data transfers, such as relying on the EU-U.S. Data Privacy Framework and/or standard contractual clauses where applicable. Cloudflare acts as a data processor for us, meaning they only process personal data under our instructions to provide their service. We have a contract (Data Processing Agreement) with Cloudflare to ensure GDPR compliance. Cloudflare will generally retain log data for a short period (for example, a few days) unless needed longer for analysis of an attack, after which it is deleted. For more information, see Cloudflare’s own privacy policy.
Data Security
We take reasonable technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse. These include using reputable service providers like Cloudflare to mitigate attacks, keeping our software and systems updated with security patches, and restricting access to personal data to only the owner of Digital Tool Haven who needs it for the described purposes. Our contact form submissions are delivered to us via email; while we cannot guarantee absolute security of internet transmissions, we use secure protocols (our website is served over HTTPS and our email systems employ encryption where possible). Internally, any stored customer data is protected by passwords and, where applicable, encryption.
If we become aware of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law.
Data Retention
We keep personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by law.
When we no longer need personal data, we will delete it or anonymize it. Please note that due to backups and archives, data may persist in secure storage for a short period beyond deletion but will be removed in the normal course of our data management procedures.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will update the “Last Updated” date at the bottom of this Policy. If the changes are significant, we may also provide a more prominent notice (such as a banner on our site or an email notification if appropriate). We encourage you to review this Policy periodically to stay informed about how we are protecting your information.
Your continued use of our website or services after any changes to this Privacy Policy constitutes acceptance of the updated terms. If you do not agree with any update, you should stop using our site and services and you may request that we remove your personal data as outlined above.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us. The best way to reach us is through our contact form on the website, or you may email us at support@digitaltoolhaven.com. We will be happy to assist you and will typically respond within a few business days.
Last Updated: 09/03/2026
