Data protection
Privacy policy
Last updated : 1 July 2026
1. Data controller
The processing of personal data collected via the expertise-immobiliere-bruxelles.brussels website is carried out by Mon Etat Des Lieux SRL, a company under Belgian law with its registered office at Avenue Louise 367, 1050 Bruxelles (Ixelles), Belgium.
- Enterprise number (CBE): BE 1024.840.830
- VAT number: BE1024840830
- RLE: French-speaking Enterprise Court of Brussels
The data controller within the meaning of the GDPR is the management body of Mon Etat Des Lieux SRL. For any question regarding the protection of your data, you may contact our data protection officer at [email protected]. We undertake to respond to any request within a maximum of 30 calendar days, in accordance with Article 12 of the GDPR.
Mon Etat Des Lieux SRL operates the brand Expertise Immobilière Bruxelles, a firm of real-estate expertise in the Brussels-Capital Region.
2. Personal data collected
We collect only the data strictly necessary to provide our services and operate this site. No sensitive data within the meaning of Article 9 of the GDPR (health, political opinions, religion, sexual orientation, etc.) is collected. The categories of data collected are:
- Identity: surname, first name (quote form and newsletter)
- Contact details: e-mail address, telephone number (contact and quote forms)
- Property address: for expertise and valuation missions
- Communications: the content of the messages you send us (e-mail, forms)
- Browsing data: anonymised statistics via Plausible Analytics (pages visited, average duration, without any IP address stored or profiling)
We carry out no advertising profiling and we neither buy nor sell data to third parties.
3. Purposes of processing
Your data is processed for the following five purposes:
- Contract performance — preparing and carrying out expertise and valuation missions (quotes, invoices, reports). Legal basis: performance of a contract or pre-contractual measures (Art. 6.1.b GDPR).
- Newsletter — sending our advice and resources, subject to explicit consent. Legal basis: consent (Art. 6.1.a GDPR). Unsubscribe available at any time via the link in each e-mail.
- Site improvement — anonymised traffic statistics (pages viewed, journeys). Legal basis: legitimate interest (Art. 6.1.f GDPR).
- Responding to contacts — handling questions received via form or e-mail. Legal basis: the visitor's legitimate interest in obtaining a reply (Art. 6.1.f GDPR).
- Legal obligations — retention of invoices and accounting documents for Belgian statutory periods. Legal basis: legal obligation (Art. 6.1.c GDPR; Belgian VAT Code, Art. 60).
Your data is never used for unsolicited commercial prospecting.
4. Legal basis
The table below summarises the legal basis applicable to each processing operation:
- Quotes and missions: contract performance. Without this data, the service cannot be provided.
- Newsletter: explicit consent via a tick box. Withdrawable at any time without justification.
- Anonymised analytics: legitimate interest. No profiling cookie. Plausible solution self-hosted in the European Union.
- Invoices (archiving): legal obligation (Belgian VAT Code).
- Replies to contacts: legitimate interest (you expect a reply).
For each processing based on consent (the newsletter in particular), you may withdraw that consent at any time via the unsubscribe link in each e-mail, or by simple request to [email protected].
5. Retention period
We keep your data only for the period strictly necessary for the intended purpose:
- Quotes not followed up: 3 years from the last interaction. Beyond that, anonymised archiving for internal statistics only.
- Completed expertise missions: 10 years from delivery of the report, on the basis of the expert's professional liability and applicable limitation periods. Beyond that, the file documents are securely destroyed.
- Newsletter: until you unsubscribe, which triggers deletion within 30 days maximum.
- Accounting documents (invoices): 7 years (legal obligation, Belgian VAT Code).
- Analytics: data aggregated to 26 months maximum. No individual storage.
- Server logs: 30 days for the detection of security incidents, then automatic deletion.
Beyond these periods, data is deleted or irreversibly anonymised.
6. Data recipients
Your data is processed mainly within the European Union, is never sold or transferred for commercial purposes, and is only shared with the following recipients:
- Our internal team: the authorised members of Mon Etat Des Lieux SRL (registered office Avenue Louise 367, 1050 Bruxelles (Ixelles)). Each is bound by professional secrecy and signs a contractual confidentiality clause.
- Web host and e-mail routing: Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA). The site is hosted on Cloudflare Pages and served via Cloudflare's European CDN. E-mail routing for messages received at *@expertise-immobiliere-bruxelles.brussels is operated by Cloudflare Email Routing, which forwards messages to the company's internal mailbox. Cloudflare adheres to the European Commission's Standard Contractual Clauses (SCC) and to the EU–US Data Privacy Framework for any occasional transfer of technical logs outside the EU.
- Transactional e-mail service: for the automated sending of newsletters and quote confirmations. The chosen provider (Brevo, Plunk or an equivalent EU-based, GDPR-compliant service) will be specified here upon activation.
- External accountant: for invoice management only, in strict compliance with professional secrecy (Belgian accounting obligation).
- Partner lawyer: on contentious files only, with your prior explicit consent.
This site uses no third-party scripts (Google Analytics, Facebook Pixel, etc.) and fonts are self-hosted (no call to Google Fonts). No sharing with advertising networks, profiling platforms or commercial third parties.
7. Note on @expertise-immobiliere-bruxelles.brussels e-mails
expertise-immobiliere-bruxelles.brussels is a brand operated by Mon Etat Des Lieux SRL. When you write to contact@ or [email protected], your message is technically routed by our e-mail provider (LWS) to the company's main mailbox ([email protected]). This is an internal transit within the same legal entity — no third party reads your messages. The data controller remains Mon Etat Des Lieux SRL (see section 1).
8. Your rights
In accordance with the General Data Protection Regulation (EU 2016/679), you have the following rights:
- Right of access (Article 15) — obtain a copy of your personal data
- Right to rectification (Article 16) — correct inaccurate or incomplete data
- Right to erasure (Article 17) — request the deletion of your data
- Right to restriction (Article 18) — restrict the processing of your data
- Right to portability (Article 20) — receive your data in a structured, machine-readable format
- Right to object (Article 21) — object to processing based on legitimate interest
- Right to withdraw consent (Article 7.3) — at any time, without affecting the lawfulness of prior processing
To exercise these rights, write to [email protected], specifying the subject of your request, or by post to the registered-office address. Reply within thirty (30) calendar days maximum, in accordance with Article 12 of the GDPR.
In the event of an unresolved dispute, you may lodge a complaint with the Data Protection Authority (DPA):
- Address: Rue de la Presse 35, 1000 Brussels
- Website: autoriteprotectiondonnees.be
- Telephone: +32 2 274 48 00
9. Cookies and trackers
Our site uses a strictly minimal number of cookies, in accordance with Directive 2002/58/EC and the Belgian Act of 13 June 2005:
- Strictly necessary cookies (session, CSRF security): no consent required as they are essential to the site's operation.
- Plausible Analytics: an ethical analytics solution self-hosted in the European Union. No third-party cookies, no IP address stored, no individual profiling. You may block this tracker via your browser without degrading the experience.
No advertising cookies, no Facebook/Google/LinkedIn pixel, no remarketing script. We carry out no form of profiling or retargeting.
10. Security
We implement appropriate technical and organisational measures to protect your data against any unauthorised access, loss, alteration or disclosure:
- Secure HTTPS connection across the entire site
- Hosting on certified infrastructure (Cloudflare, SOC 2 Type II)
- No personal data stored in the site's source code (static site)
- Access to mission data limited to authorised members of the firm
11. Changes to this policy
This policy may be updated to reflect changes in our practices, in legislation or in our technical infrastructure. Any substantial change will be notified:
- at the top of this page (last-updated date visible immediately);
- by e-mail to newsletter subscribers, if the change affects a processing based on their consent;
- with a 30-day notice period before entry into force, for substantial changes.
The history of previous versions is kept and available on simple request to [email protected].