Privacy Policy

    Effective date: 28 May 2026

    1. Introduction

    This Privacy Policy explains how DxH Consulting ("DxH", "we", "us", or "our") collects, uses, and protects personal data when you visit dxh.be or use the tools embedded on this site. DxH is established in Belgium, and we process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Belgian data protection law.

    2. Data Controller & Contact

    DxH Consulting is the data controller for personal data processed via this website. For any privacy-related question, request, or to exercise your rights, contact us at privacy@dxh.be. You can also reach us through the contact form available on the site.

    3. What Data We Collect

    We only collect data that you actively provide or that is generated through your use of the site. We do not buy or enrich personal data from third parties.

    3.1 Contact form

    When you submit our contact form, we collect your full name, work email, company, and the content of your message. The form is delivered to us through Formspree, a third-party form processor based in the United States.

    3.2 Tools

    This site hosts a number of interactive tools. When you use any of these tools, the inputs you provide are sent to our server for one-time processing and forwarded to an AI provider to generate a result. Depending on the tool, those inputs may include text or content that you paste, type, or upload, including information that could constitute personal data of you or of third parties (such as names, email addresses, or other details contained in the material you submit), as well as contextual information you choose to provide (such as organisation size, industry, or other assessment-related context).

    Tool inputs and the AI-generated outputs are processed in-session and are not persisted on our servers beyond the duration of the request. Any downloadable report produced by a tool is generated for you and is not stored on our side.

    3.3 Technical and analytics data

    When you browse the site, we collect limited technical data, including approximate location derived from IP address, device and browser metadata, referring URLs, and page-view events. This is processed via Vercel Analytics and Vercel Speed Insights. We also record custom interaction events (such as button clicks and tool usage) which may be forwarded to Google Analytics through the browser data layer where Google Analytics is loaded.

    4. Why We Process This Data (Legal Bases)

    Under Article 6 GDPR, we rely on the following legal bases:

    • Contact form and business enquiries: your consent when submitting the form, combined with our legitimate interest in responding to and managing prospective client relationships.
    • Use of the tools (Email Automation, ADKAR Diagnostic, EU AI Act Risk Classifier): performance of a service you have requested (Art. 6(1)(b)).
    • Analytics and site performance: our legitimate interest in understanding how the site is used and improving it (Art. 6(1)(f)).

    5. How Long We Keep It

    • Contact form submissions: kept only as long as needed to respond to and follow up on your enquiry, and otherwise subject to Formspree's retention.
    • Tool inputs and outputs: not stored on our servers beyond the duration of the request that processes them.
    • Analytics data: retained according to the default retention periods of Vercel Analytics and, where applicable, Google Analytics.

    6. Who We Share Data With

    We work with a small number of trusted sub-processors that help us operate the site and its tools:

    • Anthropic (Claude API) — AI processing of inputs submitted to our tools.
    • OpenAI — AI processing of inputs submitted to our tools, where used.
    • Google (Gemini API) — AI processing of inputs submitted to our tools, where used.
    • Vercel — hosting, Vercel Analytics, and Speed Insights.
    • Formspree — delivery of contact-form submissions.
    • Google Analytics — usage analytics, where loaded.

    Some of these sub-processors are established in the United States. Where personal data is transferred outside the European Economic Area, transfers are protected by appropriate safeguards under GDPR, such as the European Commission's Standard Contractual Clauses and the providers' own data-processing terms.

    7. Cookies

    Cookies are small text files that a website stores in your browser. They allow the site to remember your actions and preferences, and help us understand how the site is used. We group the cookies we may set into three categories.

    7.1 Functional cookies

    Functional cookies are strictly necessary for the site and its tools to work correctly. They support things like maintaining your session while you use a tool, remembering interface preferences, and ensuring secure delivery of the pages you request. These cookies cannot be switched off without breaking core functionality of the site.

    7.2 Statistics cookies

    Statistics cookies help us understand how visitors interact with the site by collecting information in aggregated form (for example, which pages are visited and how often). We use Vercel Analytics, Vercel Speed Insights and, where loaded, Google Analytics for this purpose. The data is used to improve site performance and content.

    7.3 Marketing cookies

    Marketing cookies are used to track visitors across websites in order to display advertising that is relevant and engaging. We do not currently set marketing cookies ourselves. If we add such cookies in the future, we will update this policy and, where required, ask for your consent before they are set.

    7.4 Managing cookie settings

    You can manage or delete cookies at any time through your browser settings. Most browsers allow you to refuse cookies, delete existing ones, or be notified before a cookie is stored. Please note that disabling functional cookies may affect the operation of parts of the site. For questions about how we use cookies, contact us at privacy@dxh.be.

    8. Rights of Persons Concerned

    Under the GDPR you have the following rights:

    • information on stored data (Art. 15 GDPR);
    • correction of inaccurate data (Art. 16 GDPR);
    • deletion (“right to be forgotten”, Art. 17 GDPR);
    • restriction of processing (Art. 18 GDPR);
    • data portability (Art. 20 GDPR);
    • objection to certain processing (Art. 21 GDPR);
    • lodging a complaint with a supervisory authority (Art. 77 GDPR).

    To exercise these rights, contact us at privacy@dxh.be. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données) at www.dataprotectionauthority.be.

    9. Children

    This site and its services are directed at professionals and organisations, and are not intended for children under the age of 16. We do not knowingly collect personal data from children.

    10. Security

    We use reasonable technical and organisational measures to protect personal data, including encryption in transit (TLS) and the principle of data minimisation. No method of transmission or storage is fully secure, however, and we cannot guarantee absolute security.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, the tools we offer, or the law. When we make material changes, we will update the effective date at the top of this page.

    12. Contact

    For any questions about this Privacy Policy or how we handle your personal data, contact us at privacy@dxh.be.