Purpose of the privacy policy

Privacy is important to the data subject, but also to Level27 as the responsible entity and data processor. This privacy policy contains more information about how Level27 uses, stores and protects your personal data.


Level27 bv
Kunstlaan 18/4
3500 Hasselt
VAT no.: BE 0890.439.412

If you have any questions about this privacy policy, please email Level27 at privacy [at] level27.be. Level27 aims to respond within thirty days.


Clients are entitled to submit a complaint to the data protection authority at any time if they believe that Level27 has handled personal data incorrectly. Complaints can be submitted at https://www.privacycommission.be. Level27 asks that clients always send a copy of their complaint to privacy [at] level27.be.


Level27 collects your personal data when you use our services and/or if you have provided this data voluntarily. This data is managed by our company. Level27 or its partners only use this data to carry out the contracted work.


When you visit the Level27 website at https://level27.be, we store the following information:

  • Your email address (if entered on the website)
  • All information you provide us with voluntarily (e.g. contact details and/or information regarding the service).

We use this information for the following purpose:

  • to carry out the requested services.


We will store the following information when you use our control panel:

  • your email address/username
  • your password (hashed in the DB)
  • your invoicing details (business name, first name, name of contact person, address, VAT number. email address, phone number)
  • all information you provide us with voluntarily (e.g. contact details and/or information regarding the service)
  • payment history
  • an overview of purchased products (domains, hosting packages, servers, applications, mailboxes)
  • system backups

We use this information for the following purposes:

  • invoicing
  • carrying out the requested services


We need your personal data for our business activities and invoicing purposes. We also have a legal interest to contact our clients from a marketing standpoint for promotions, news and other relevant information.
With respect to processing personal information on the client’s infrastructure, Level27 will only do so at the client's request and will have no claim to this information. Level27 follows the client’s instructions and may not process this personal data in any way without the prior written consent of the client. Concrete agreements and policies will be laid down in a processing agreement complete with appendices.


Level27 will not share the client’s personal data with third parties and will only provide this information if it is strictly necessary for the execution of its services or to comply with the law.


Level27 will not save your personal data beyond what is strictly necessary to achieve the purposes for which your data is collected. Of course, we will save your data for the duration of your agreement with us. We will also take into account the limitation period for contractual liability. All personal data will be stored for a maximum of ten years after the date on which the services are terminated or the date of the final invoice. All data will be physically removed from the systems after the termination of the agreement and expiration of the final backup cycle, with a safety margin of forty days.


Level27 takes the protection of your personal data seriously and takes appropriate measures to counter abuse, loss, unauthorised access, unwanted disclosure and unauthorised changes. When we receive your data, we always use encoding technologies that are recognised as the accepted standards within the IT sector. We have taken the necessary security measures to prevent loss, improper use or change to information we receive. We always use a secure server to receive and transfer sensitive information, such as financial data. In addition, only those employees tasked with carrying out activities on your behalf will have access to your data for the purpose of these activities.


Level27 obtained ISO27001 certification and ISO9001 certification in September 2017. Without elaborating on the details of the ISO implementation, this offers an extra certainty for clients that the supplier, as a processor, approaches all aspects of the service with care. ISO9001 offers the additional guarantee that the supplier, as a processor, has incorporated this quality awareness into its corporate DNA. ISO27001 pertains obvious elements such as physical security, workstations and employee access to systems. It also clearly describes how the supplier handles encryption, data security and firewalling.


All databases, designs, process descriptions, market surveys and other business-specific data deemed confidential by the client will be treated by Level27 as confidential data owned by the client.
Both the client and Level27 undertake to keep all sensitive information acquired in the context of the negotiations and the execution of the agreement confident, both during and after the execution of the agreement.
The client undertakes to impose the same confidentiality obligation on its employees and appointees that are granted access to Level27 software and/or other confidential information.
Unless agreed otherwise, Level27 retains the right to use the client's works council or the work carried out on behalf of the client as a reference for professional purposes.


As the responsible entity, Level27 is required to comply with the rights of the data subject. The data subject has the right to information, correction, supplementation, limited processing, data transfers, removal, and objections.


The data subject whose personal data is processed by Level27 in the control panel has the right to view this data. Level27 will comply with data requests submitted by the data subject. The data subject is entitled to request answers to the following questions:

  • Why is this data being processed?
  • What type of data is being processed?
  • Which organisations is this data shared with?
  • What is the storage period for this data?


The data subject whose personal data is processed by Level27 in the control panel has the right to have their data corrected and supplemented. The data subject is entitled to correct and/or supplement their personal data in the control panel. Level27 will cooperate with the client if he or she needs help correcting and/or supplementing this data.


This concerns the right to have less data processed. For example, if incorrect data is processed, the data should not be used until it is corrected. If the data subject objects to the processing of his or her personal data, Level27 must stop on request, unless Level27 has compelling statutory grounds that supersede the interests and rights of the data subject.


This is the right to transfer digital personal data. The data subject must be able to access the personal data that Level27 makes available in the control panel. At the request of the data subject, Level27 must forward the data to another organisation that offers the same services. Alternatively, the data subject can ask Level27 to forward the data directly to another organisation. This does not include hardcopy data.
Level27 must make all personal data provided by the data subject available to said subject. This does not include so-called derived data, such as data generated by Level27 through data analysis.


The data subject has the right to be forgotten. In some cases, Level27 may be required to delete personal data at the request of the data subject. This is the case if:

  • Level27 no longer needs the personal data for processing purposes
  • The data subject withdraws their consent
  • The data subject files a complaint
  • Level27 unlawfully processes the data
  • The right to removal also applies to backup files


The data subject has the right to object to the processing of his or her personal data at all times for personal reasons. The client must notify Level27 of this objection and ask Level27 to stop processing their personal data, unless Level27 has compelling statutory grounds that supersede the interests, rights and freedoms of the data subject or those pertaining to the establishment, exercise or defence of legal claims.