1. Controller
   • Site name: Digital Tool Haven
   • Based in the European Union (Belgium)
   • BTW: BE 1033.165.707
   • Contact email: support@digitaltoolhaven.com
   • ‍

1. • Introduction

Digital Tool Haven is committed to protecting your privacy. This Privacy Policy explains what personal data we collect as a one-person business in Belgium (VAT BE1033.165.707), how we use it, and your rights. We comply with the EU General Data Protection Regulation (GDPR) and other applicable laws to ensure your information is handled lawfully and transparently. By using our website or services, you agree to the practices described in this Policy.

Who We Are:

Digital Tool Haven is a small business based in Belgium, operating under the trade name “Digital Tool Haven” (VAT BE1033.165.707). For purposes of data protection law, Digital Tool Haven is the data controller for the personal information collected via our website and services. You can contact us with any privacy-related questions or requests through our website’s contact form or by email at [email protected]. (Please do not send sensitive information by email, as email may not be fully secure.)

‍

1. Personal Data We Collect
   • ‍
   • Contact Form Information:
   • If you reach out to us via our website contact form, we collect the personal data you provide, such as your name, email address, and the contents of your message. We use this information solely to communicate with you and respond to your inquiry. Providing this data is optional, but without it we cannot respond to your questions or requests.
   • Purchase and Order Information:
   • When you buy a digital software tool from us, the payment and checkout are handled by our third-party reseller, Paddle. Paddle acts as the Merchant of Record, which means they process your payment details (such as credit card or PayPal information), billing address, and any other information required for the transaction. We do not directly collect or store your payment card details. After a successful purchase, we receive limited information from Paddle necessary to deliver your product – for example, your name, email address, the product ordered, and date of purchase. We use this information to fulfill your order (e.g. send license keys or download links), to provide customer support, and for our own record-keeping. Paddle may also send you a receipt or emails related to your order on our behalf.
   • Technical Data (Cloudflare):
   • Our website uses Cloudflare for security and performance. When you visit our site, Cloudflare may automatically collect certain technical data, such as your IP address, browser type, operating system, and other standard web log information, as part of the process of routing and protecting our site’s traffic. Cloudflare may temporarily store this data in server logs and use cookies or similar technologies strictly to distinguish legitimate visitors from malicious actors. This helps to block attackers and ensure our website loads quickly and safely for all users. We do not have access to identifiable personal data in these logs except potentially IP addresses, which we only use for troubleshooting or security purposes.
   • No Cookies or Tracking:
   • We do not use any analytics, advertising, or tracking cookies on our website. Aside from Cloudflare’s essential security cookie (if used) and basic session cookies needed for site functionality (if any), no other cookies will be placed on your device by us. We do not use Google Analytics or any third-party tracking scripts. This means we are not profiling you or collecting behavioral data about your browsing. Your visit to our site remains private and is not tracked across other sites.
   • We also do not knowingly collect any sensitive personal data (such as racial or ethnic origin, political opinions, health information, etc.), and our site and services are not intended for children under 16. We do not knowingly collect data from children.
   • ‍
2. How We Use Personal Data
   • ‍
   • We only use your personal data for specified, explicit, and legitimate purposes. In particular
     • To Respond to Inquiries:
     • If you contact us via the contact form or email, we will use your name and email address to reply and provide the information or assistance you requested. We consider responding to customer inquiries a legitimate interest of our business and also a necessary step if you are inquiring about a potential contract or purchase.
     • To Process Orders and Provide Services:
     • When you purchase a digital tool, we use the personal information received from Paddle (such as your name and email) to deliver your digital product (for example, sending you a download link or license key) and to provide any support or updates related to that product. Processing this data allows us to fulfill our contract with you (the purchase agreement) and ensure you can use the software you bought.
     • For Payment and Tax Records:
     • Paddle, as our payment partner, handles billing and taxes for sales. We retain basic information about your purchase (e.g. what was bought, when, and by whom) in our records. This is used for accounting, tax compliance, and financial record-keeping as required by law. (Because Paddle is the seller of record, they handle VAT collection and remittance on our behalf, but we may keep invoices or reports provided by Paddle for our own accounting.)
     • To Ensure Website Security and Functionality:
     • We use the technical data collected by Cloudflare to protect our website, prevent fraud, and ensure reliable performance. For example, Cloudflare helps block malicious traffic (like DDoS attacks) by analyzing requests to our site. Using Cloudflare means your data (such as IP address and browser info) might be processed by Cloudflare’s systems and potentially transferred outside the EU for filtering, but this is solely to secure our site. We have a legitimate interest in keeping our website safe and operational, and Cloudflare’s processing is pursuant to that interest. Cloudflare is GDPR-compliant and, as of the date of this Policy, is certified under the EU-U.S. Data Privacy Framework for transfers to the US. We have also signed a Data Processing Addendum with Cloudflare to ensure they handle personal data on our behalf in compliance with GDPR.
     We will not use your personal data for any purpose that is incompatible with the above, and we do not sell or rent your information to third parties. In particular, we do not use your data for marketing unless you have explicitly requested and consented (for example, if in the future you opt-in to a newsletter, which we do not currently offer). There is also no automated decision-making or profiling based on your data.
3. Legal Bases for Processing
   • ‍
   • We process personal data only when we have a valid legal basis under GDPR. The legal grounds for our processing activities are:
     • Performance of a Contract (GDPR Article 6(1)(b)):
     • When you purchase a product from us, we must process certain personal data (like your name and email) to fulfill our contract with you by delivering the product and providing support. Similarly, if you ask us pre-sale questions, we may consider that processing as taking steps at your request prior to entering into a contract.
     • Legitimate Interests (GDPR Article 6(1)(f)):
     • We rely on legitimate interests to process data in certain cases, such as responding to unsolicited inquiries and using Cloudflare to secure our website. We have a legitimate business interest in communicating with people who contact us and in protecting our online services. We ensure that these interests are balanced with your rights – for example, we only use your information in ways you would reasonably expect when contacting us, and using Cloudflare benefits both us and users by keeping the service safe without unduly intruding on privacy. You have the right to object to processing based on legitimate interests (see “Your Rights” below).
     • Consent (GDPR Article 6(1)(a)):
     • In general we do not rely on consent for most processing, because we do not do any tracking or marketing by default. If you voluntarily provide information via the contact form, we take that as consent to use it to reply. If we ever seek to use your personal data for a new purpose, we would ask for your consent. You can withdraw your consent at any time by contacting us.
     • Legal Obligation (GDPR Article 6(1)(c)):
     • We may process or retain certain data if required to comply with laws. For example, Belgian accounting or tax regulations might require us to keep records of sales (which could include personal data like names on invoices) for a certain period. In such cases, we process and retain the minimum data necessary to meet our legal obligations.
4. Third-Party Service Providers
   • ‍
   • We use a few trusted third-party service providers to run our business and website. Whenever we share your data with these providers, we ensure it’s necessary for the service provided and that they commit to protecting your data.
   • ‍
     • Paddle (Reseller and Payment Processor):
     • All online payments for our products are handled by Paddle. When you make a purchase, you are actually buying from Paddle as the Merchant of Record. Paddle will collect your payment details and personal information during checkout, and they are responsible for securely processing that information. They also handle all VAT/taxes, invoicing, and compliance for the transaction. Paddle may share your name, email, and purchase details with us so that we can deliver the product and support you, but they do not share sensitive payment info like your credit card number with us. Paddle is a company based in the UK and is GDPR-compliant; the UK is recognized by the EU as providing an adequate level of data protection. For more details on how Paddle handles your data, you can refer to Paddle’s Privacy Policy (available on Paddle’s website). If you have any billing questions or wish to exercise data rights regarding information held by Paddle, you may need to contact Paddle directly as well.
     • ‍
     • Cloudflare (Content Delivery Network & Security):
     • As described, we use Cloudflare Inc. to protect our site from attacks and provide faster load times globally. Cloudflare may process site visitor data (like IP addresses and request data) for security purposes. Cloudflare operates a global network, so your data might be transmitted through servers outside your country (including outside the EU). However, Cloudflare has legal safeguards for cross-border data transfers (they have certified to the EU-U.S. Data Privacy Framework and use European Commission’s Standard Contractual Clauses). Cloudflare acts as a data processor for us, meaning they only process personal data under our instructions to provide their service. We have a contract (Data Processing Agreement) with Cloudflare to ensure GDPR compliance. Cloudflare will generally retain log data for a short period (for example, a few days) unless needed longer for analysis of an attack, after which it is deleted. For more information, see Cloudflare’s own privacy policy.
     We do not share your personal data with any other third parties, except if required by law or with your consent. For instance, we would disclose information to government authorities or law enforcement if compelled by a lawful request, or to accountants/auditors if needed for financial compliance. In all cases, we would ensure there is a lawful basis and only share what is necessary.
5. Data Retention
   • ‍
   • We keep personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by law
   • ‍
     • Contact Form Messages:
     • If you contact us, we may retain your message and our response for a period of time to efficiently manage our communications. Generally, we keep routine correspondence for up to 1 year. This allows us to reference past communications if you contact us again. We will delete your communications sooner upon request, provided we are not required to keep it for legal reasons.
     • ‍
     • Purchase and Account Data:
     • For customers who have purchased our digital tools, we retain your basic account/purchase information for as long as you continue to use the product and a reasonable period thereafter. This is so we can verify your license, provide support, and keep records of transactions. Typically, we keep purchase records for at least 5 years to comply with bookkeeping and tax regulations in Belgium. After that period, or if they are no longer needed, we will securely delete or anonymize the data. If you request deletion of your personal data related to a purchase, we will do so provided that we do not need to keep certain information for legal compliance (for example, we might need to keep a record of sales for tax purposes even if we delete your contact info; in such cases we would retain only the minimal data required).
     • ‍
     • Cloudflare Logs:
     • Any network logs or security data collected by Cloudflare are generally retained by Cloudflare for a short duration (often less than a week, unless used to investigate threats). We do not separately store Cloudflare log data beyond what Cloudflare provides. Our website’s server may also log basic data (IP address, time of visit, URL requested) automatically; these server logs, if generated, are typically rotated and deleted within 30 days. We only review logs when necessary for security or troubleshooting.
     When we no longer need personal data, we will delete it or anonymize it. Please note that due to backups and archives, data may persist in secure storage for a short period beyond deletion but will be removed in the normal course of our data management procedures.
6. Data Security
   • ‍
   • We take reasonable technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse. These include using reputable service providers like Cloudflare to mitigate attacks, keeping our software and systems updated with security patches, and restricting access to personal data to only the owner of Digital Tool Haven who needs it for the described purposes. Our contact form submissions are delivered to us via email; while we cannot guarantee absolute security of internet transmissions, we use secure protocols (our website is served over HTTPS and our email systems employ encryption where possible). Internally, any stored customer data is protected by passwords and, where applicable, encryption.
   • ‍
   • If we become aware of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law.
   • ‍
   • ‍
7. Your RightsAs an individual in the European Union (or in jurisdictions with similar laws), you have certain rights regarding your personal data. We are committed to upholding these rights, which include:
   • Right of Access:
   • You have the right to request confirmation of whether we are processing your personal data, and to obtain a copy of the data we hold about you. We will provide you with relevant information, such as the data we have, the purposes of processing, and the third parties with whom it is shared (if any).
   • ‍
   • Right to Rectification:
   • If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. For example, if you change your email address or notice a typo in the information we have, let us know and we will update it.
   • ‍
   • Right to Erasure:
   • You can request that we delete your personal data, also known as the “right to be forgotten.” We will honor such requests where applicable – for instance, if you withdraw your consent (in cases where consent is our legal basis) or if the data is no longer necessary for our purposes. Note that we may not be able to delete data that we are required to keep by law (e.g. transaction records needed for tax) or that is necessary to establish or defend legal claims. We will inform you if any data cannot be deleted for those reasons.
   • ‍
   • Right to Restrict Processing:
   • You have the right to ask us to restrict or pause the processing of your personal data in certain circumstances. For example, if you contest the accuracy of the data or have objected to our use of it (pending our evaluation of your objection), you can request that we limit processing in the meantime.
   • Right to Data Portability: For data you provided to us and which we process by automated means on the basis of consent or contract, you have the right to request a copy in a structured, commonly used, machine-readable format (for instance, CSV). You can also ask that we transmit this data to another service provider where technically feasible.
   • ‍
   • Right to Object:
   • When we process data based on legitimate interests, you have the right to object to that processing. You can also object at any time to any processing of your personal data for direct marketing (though we currently do not perform any marketing). If you object to processing for security (Cloudflare) or communications, we will consider your request and whether our legitimate grounds override your privacy rights. For example, if you object to Cloudflare’s processing, the only way to fully stop it may be to refrain from using our site, since Cloudflare is integral to its security. However, if you have a special situation, we’ll do our best to accommodate and can explain any decisions.
   • ‍
   • Right to Withdraw Consent:
   • In the rare cases where we rely on your consent to process data, you have the right to withdraw that consent at any time. For example, if you signed up for a hypothetical newsletter and then change your mind, you could opt out, and we would stop that processing.
   To exercise any of these rights, please contact us via the contact form or email provided in the “Who We Are” section. We will respond to your request as soon as possible, and no later than one month from receipt, as required by law. There is no fee for making a request, unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request (but we would provide an explanation in that case).Finally, you also have the right to lodge a complaint with a supervisory data protection authority if you believe we have infringed your rights or GDPR in how we handle your data. As we are based in Belgium, our lead supervisory authority is the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit/Autorité de protection des données). You can find their contact details on their official website. We would, however, appreciate the chance to address your concerns directly first, so we encourage you to contact us with any questions or issues.

• United Kingdom:
• When you purchase via Paddle, your data is processed by Paddle’s UK entity. The UK is considered an adequate jurisdiction by the EU (meaning personal data can flow from the EU to the UK freely under an adequacy decision). We ensure that this transfer is lawful and protected.
• ‍
• United States and Other Countries:
• Cloudflare may process data in the United States or other locations outside the EU. As noted, Cloudflare participates in the EU-U.S. Data Privacy Framework and/or uses standard contractual clauses, providing safeguards for data transfers. If we ever use other processors outside the EU, we will ensure similar safeguards are in place (either an adequacy decision or contractual clauses and additional measures as needed).

‍

International Data Transfers

As a principle, we prefer to store and process data within the European Union. However, the use of third-party services like Paddle and Cloudflare means some personal data may be transferred to or accessed from other countries

By using our site or providing us with information, you acknowledge that your personal data may be transferred to third parties in other countries as explained, with appropriate protection in accordance with GDPR. If you would like more information about these transfers or safeguards, feel free to contact us.

No Tracking and No Profiling

We reiterate that we do not use cookies for tracking, nor do we engage in any form of profiling or automated decision-making that could significantly affect you. We do not track you across other websites, and we do not allow third-party advertising or social media “like” buttons that share your data. You can browse our site knowing that only the minimal data needed to serve you the pages securely is processed.

‍

1. Changes to This Privacy Policy
   • ‍
   • We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will update the “Last Updated” date at the bottom of this Policy. If the changes are significant, we may also provide a more prominent notice (such as a banner on our site or an email notification if appropriate). We encourage you to review this Policy periodically to stay informed about how we are protecting your information.
   • Your continued use of our website or services after any changes to this Privacy Policy constitutes acceptance of the updated terms. If you do not agree with any update, you should stop using our site and services and you may request that we remove your personal data as outlined above.
   • Contact Us
   • If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us. The best way to reach us is through our contact form on the website, or you may email us at [email protected]. We will be happy to assist you and will typically respond within a few business days.
   • Last Updated: 04/02/2026.