ALPHA&CO
ALPHA&COMATERIAUX DE CONSTRUCTION
Privacy & data

Privacy policy (GDPR)

Updated: 1 April 2026 — Compliant with the GDPR (EU 2016/679) and the Belgian law of 30 July 2018

1. Data controller

ALPHA & CO BOUWMATERIALEN SRL, Ninoofsesteenweg 77-79, 1700 Dilbeek, Belgium, BE 1028.386.674.

2. Data Protection Officer

[email protected]

3. Data collected

We collect the following data:

  • Identification: surname, first name, e-mail, phone, address
  • Pro account: company name, company number, VAT
  • Orders: products purchased, amounts, payment methods
  • Browsing: IP address, pages visited, duration, traffic source (via cookies — see cookies)
  • Communication: content of e-mails, chat and recorded calls (with prior consent)

4. Purposes of processing

  • Performance of the sales contract (orders, deliveries, payments, after-sales)
  • Management of the customer account
  • Sending commercial communications (with consent)
  • Service improvement (anonymised statistics)
  • Compliance with legal obligations (10-year accounting, fraud prevention)

5. Legal basis

Processing is based on: (a) performance of the contract, (b) consent (newsletter), (c) legitimate interest (security, fraud prevention), (d) a legal obligation (accounting).

6. Recipients

The data is intended for authorised staff of ALPHA&CO and our processors: Stripe (payment), DPD/bpost (delivery), Mailgun (transactional e-mails), Brevo (marketing e-mails), Google Analytics 4 and Plausible (anonymised statistics). All our processors are bound by a GDPR-compliant DPA agreement.

7. Transfers outside the EU

Some processors (Stripe, Google) may process data outside the EU. These transfers are governed by the European Commission's Standard Contractual Clauses.

8. Retention period

  • Customer account: lifetime of the account + 3 years
  • Order data: 10 years (Belgian accounting obligation)
  • Newsletter: until unsubscription
  • Cookies: 13 months maximum
  • Phone recordings: 6 months

9. Your rights

You have a right of access, rectification, erasure, portability, objection and restriction of processing. You may withdraw your consent at any time and lodge a complaint with the Belgian Data Protection Authority (DPA).

To exercise your rights: [email protected] or by post to the registered office.

10. Security

We implement appropriate technical and organisational measures (TLS 1.3 encryption, bcrypt-hashed passwords, secure access with two-factor authentication for teams, annual security audits, encrypted backups) to protect your data.