Privacy Statement

Summary

We collect only the data we need to make the website and Qwenda work, and we keep it secure. Most of what you do on faqir.eu is anonymous; we only process identifying data when you actively submit a form (contact, newsletter) or use Qwenda.

What we collect

• Identification and contact information needed to access your account.
• Your date of birth, to verify that you are at least 16 years old.
• Health and health-related data to identify your health needs.
• Medication-use data to monitor administration.
• Your language preference, to customise the experience.

Access: Only you have access to your personal data. FAQIR does not have access to your personal data or to your account.

Your rights

• Withdraw your consent at any time.
• Modify or delete your personal data within Qwenda.
• Request a copy of the data we hold by contacting support@faqir.eu.
• File a complaint by contacting privacy@faqir.eu.

Data protection. Data is stored on secure servers in Germany; processing only takes place in Belgium. Technical and organisational measures comply with the GDPR.

Article 1 — General

1.1 Controlling organisations

Two entities operate as independent controllers:

• FAQIR Foundation — non-profit association under Belgian law.
  Volderrede 58, 9070 Destelbergen · Enterprise number 0789.225.256
• FAQIR Institute — limited liability company under Belgian law.
  Koutergatstraat 2, 1703 Dilbeek · Enterprise number 0786.609.226

1.2 Legal framework

Processing complies with:

• European Regulation 2016/679 (GDPR) of 27 April 2016.
• All Belgian laws implementing this regulation.

1.3 Controller responsibilities

• FAQIR Foundation controls health vault data storage and exchange.
• FAQIR Institute controls account creation and health-module functionalities.

Article 2 — Website visitors

This article covers personal data processed when you visit faqir.eu. Data related to using Qwenda is described from Article 3 onwards.

2.1 Anonymous browsing

Reading public pages, downloading the Press Kit and switching language are anonymous — we don't ask you to identify yourself and we don't build a profile of your visit unless you explicitly opt in to analytics via the cookie banner. See our Cookie Policy for details on cookies and similar technologies.

2.2 Contact form

When you submit the contact form, we process the data you provide and a small amount of technical metadata to operate the form responsibly.

• Data: name, email address, message; plus your IP address and a Cloudflare Turnstile token (anti-bot).
• Legal basis: our legitimate interest in being reachable and able to reply (Art. 6.1.f GDPR), and our legitimate interest in protecting the service from automated abuse for the Turnstile token (Art. 6.1.f).
• Recipients: submissions are delivered to a FAQIR Institute team mailbox via Google Workspace (Google Ireland Ltd) under a Data Processing Agreement.
• Retention: for as long as needed to handle your enquiry and the related correspondence. You may request deletion at any time by emailing privacy@faqir.eu.

2.3 Newsletter subscription

If you tick the consent box and submit the newsletter form, we process additional data to record valid consent and to send you the newsletter through our processor.

• Data: email address, the time you gave consent, your IP address, your browser's user-agent string, and the page URL where you signed up.
• Legal basis: your explicit consent (Art. 6.1.a GDPR).
• Processor: Mailcoach, operated by Spatie BV (Antwerp, Belgium) under a Data Processing Agreement. Mailcoach hosts within the EU/EEA.
• Double opt-in: you are only added to the list after you click the confirmation link Mailcoach sends. The consent metadata is retained as evidence (Art. 7 GDPR).
• Retention: we keep your subscription until you unsubscribe. Unsubscribe via the link in every newsletter email, or email privacy@faqir.eu to be removed and to have your consent record deleted.

2.4 Server access logs

Our webserver writes standard access logs — your IP address, the URLs you fetched, your browser's user-agent string, and the timestamps. We use these to operate the site (debug errors, spot abuse, and track capacity).

• Legal basis: our legitimate interest in operating a reliable, secure service (Art. 6.1.f GDPR).
• Retention: 14 days. Logs are then automatically rotated and older entries deleted. We do not use access-log data for marketing or profiling.

2.5 Cookies and analytics

Cookies, browser storage and third-party CDN requests on this site are described in detail in our Cookie Policy. In short: only strictly-necessary technologies run by default; Google Analytics 4 is off unless you opt in via the cookie banner.

Article 3 — Qwenda — personal data we collect

FAQIR collects the data needed to operate Qwenda, in two contexts.

3.1 Account creation and health vault

• Identification and contact information — full name, gender, date of birth, phone number, email, language preference. Collected when you create your account.
• Health and health-related data — health-status information including height and weight. Collected when you create your account or use the vault.

3.2 Health modules

• Health and health-related data — medical conditions, treatments, medication use, and your responses to health questions. Collected when you activate and use a health module.

Article 4 — Qwenda — purpose of processing

4.1 Account creation and health vault

Identification and contact information — legal basis: performance of contract (Art. 6.1.b GDPR). Used to create your account on Qwenda, create your health vault, and contact and identify you during use.

Health and health-related data — legal basis: performance of contract (Art. 6.1.b GDPR) and explicit consent (Art. 9.2.a GDPR). Used to create your health vault.

4.2 Health modules

Health and health-related data — legal basis: performance of contract (Art. 6.1.b GDPR) and explicit consent (Art. 9.2.a GDPR). Used to record your health and treatment of certain conditions, record and monitor medication use, and improve Qwenda.

Article 5 — Qwenda — duration of processing

Both categories — identification/contact information and health data — are kept for five (5) years after account deletion. The data is also deleted automatically if Qwenda is not used at least once every five years.

FAQIR will notify you if we are no longer able to retain your data and offer you the opportunity to download it.

Article 6 — Your rights

The rights below apply to all personal data we process — whether from your visit to faqir.eu, the contact form, the newsletter, or Qwenda.

6.1 Access and information

You can request information about your personal data and the purposes for which it is processed at any time.

6.2 Rectification, erasure, and restriction

• You can request corrections to inaccurate data.
• Self-correction is available within Qwenda.
• You have the right to request deletion if anonymisation is impossible.
• You have the right to restrict processing of inaccurate data.

Refusing to share data may limit our ability to optimise the service.

6.3 Right to object

You may object to processing where you have serious and legitimate reasons, and oppose direct-marketing use without justification.

6.4 Right to data portability

You may obtain your personal data in a structured, common and machine-readable form and transfer it to another controller.

6.5 Right to withdraw consent

You can withdraw your consent at any time without justification. Withdrawal does not affect medical care.

Newsletter: every email we send includes an unsubscribe link that removes you from the list instantly. You can also email privacy@faqir.eu to be removed and to have your consent record deleted.

Analytics cookies: reopen the cookie banner via the "Cookies" link in the footer (or the "Manage preferences" button on the Cookie Policy page) and toggle analytics off.

6.6 Automated decisions and profiling

You may request exemption from solely automated decisions with legal effects. Profiling requires your explicit consent.

6.7 Exercising your rights

Use the designated method inside Qwenda, or email support@faqir.eu. Please include enough information to identify you and omit data that isn't relevant to your request.

6.8 Right to file a complaint

We prefer to resolve issues directly — please contact privacy@faqir.eu first.

Belgian Data Protection Authority (for EU residents whose data is processed in Belgium):

• Rue de la Presse / Drukpersstraat 35, 1000 Brussels, Belgium
• +32 (0)2 274 48 00
• contact@apd-gba.be

Residents of other EU member states may file with their own national authority — the list is at ec.europa.eu/justice/article-29/structure/data-protection-authorities.

You may also bring a claim for damages if you have suffered any.

Article 7 — Security and confidentiality

7.1 Security measures

FAQIR implements appropriate technical, administrative and organisational measures to prevent unauthorised access, destruction, loss or alteration. In the event of a breach, we will inform you with a description of the impact and recommended mitigation steps.

7.2 Liability

FAQIR is not liable for misuse of personal data by third parties.

7.3 User responsibility for privacy

You are responsible for keeping your use of Qwenda private by preventing unauthorised third-party access.

7.4 Account security

• You are responsible for keeping your IP address and identification data confidential.
• Notify us immediately of any unauthorised use via support@faqir.eu.

Article 8 — Applicable law and jurisdiction

This statement is governed exclusively by Belgian law. The courts of Ghent have exclusive jurisdiction for any disputes.

Article 9 — Questions and contacts

General contact: privacy@faqir.eu

FAQIR Foundation — Data Protection Officer

• Volderrede 58, 9070 Destelbergen, Belgium
• dpo@faqir.org

FAQIR Institute — Data Protection Officer

• Koutergatstraat 2, 1703 Dilbeek, Belgium
• dpo@faqir.eu