Effective date: 2026-02-09
This Privacy Policy applies to the MakelaarCC website, the MakelaarCC web application, and MakelaarCC services (collectively, the Service), operated by Mathias Van Hecke, solo entrepreneur, trading as Forgr, VAT number BE1034814905. This Privacy Policy explains how we collect, use, share, retain, and protect personal data when you use the Service.
MakelaarCC is a business-to-business software product for real estate offices and their team members. Parts of the Service, such as public booking pages, are also used by visitors scheduling property viewings. This Privacy Policy applies to both categories of users where relevant.
For information about cookies and similar technologies, see our Cookie Policy. For the contractual terms governing use of the Service, see our Terms of Service.
Personal data means any information relating to an identified or identifiable natural person. This can include names, email addresses, phone numbers, company information, booking details, payment-related information, device data, and information about how the Service is used.
The marketing site means the public-facing informational pages on the MakelaarCC website, including the homepage, product information, pricing, and other public content.
The web application means the authenticated parts of the Service used by offices, administrators, and realtors, including dashboards, office settings, listings, bookings, invitations, and subscription management.
Public booking pages means the pages used by prospective buyers, tenants, or other visitors to schedule viewings without creating a full office account.
We collect information you actively provide to us, information generated through your use of the Service, and certain technical information automatically sent by your browser or device.
We do not sell your personal data or the data entered into the Service.
We may supplement the information you provide with publicly available business information, for example to verify business identity or company details.
We use third-party service providers to operate the Service. These providers may process personal data on our behalf to the extent necessary to provide their services.
| Company | Purpose | Information collected |
|---|---|---|
| Cloudflare | Network, DNS, security, and hosting infrastructure | IP address and request metadata |
| Hetzner | Server infrastructure | IP address and service data processed on hosted systems |
| Company | Purpose | Information collected |
|---|---|---|
| Sentry | Error logging and diagnostics | IP address, technical diagnostics, and error context |
| Stripe | Payment processing and subscription billing | Payment method details, billing data, IP address, and transaction metadata |
| Resend | Transactional email delivery | Email address and message delivery metadata |
The following service is optional and is activated only after you opt in through our consent mechanism.
| Company | Purpose | Information collected |
|---|---|---|
| Microsoft Clarity | Analytics and product improvement | IP address, browser data, clicks, usage patterns, and page interactions |
Under the GDPR, we rely on the following legal bases for processing personal data.
| Processing activity | Legal basis | Detail |
|---|---|---|
| Account creation and management | Performance of a contract, Article 6(1)(b) GDPR | Necessary to provide the Service |
| Bookings and appointments | Performance of a contract, Article 6(1)(b) GDPR | Core service functionality |
| Stripe subscription and payment processing | Performance of a contract, Article 6(1)(b) GDPR | Necessary to bill paid plans and manage subscriptions |
| Transactional emails | Performance of a contract, Article 6(1)(b) GDPR | Required for service communications |
| Infrastructure security and error logging | Legitimate interests, Article 6(1)(f) GDPR | Needed to secure, monitor, and maintain the Service |
| Optional analytics via Microsoft Clarity | Consent, Article 6(1)(a) GDPR | Enabled only after opt-in |
| Billing and accounting records | Legal obligation, Article 6(1)(c) GDPR | Required under Belgian tax and accounting law |
Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards under Chapter V of the GDPR, including the EU-US Data Privacy Framework where applicable and Standard Contractual Clauses where necessary.
| Sub-processor | Country | Transfer mechanism |
|---|---|---|
| Stripe | United States | EU-US Data Privacy Framework |
| Sentry | United States | EU-US Data Privacy Framework |
| Resend | United States | Standard Contractual Clauses |
| Microsoft Clarity | United States | EU-US Data Privacy Framework |
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include access controls, secure hosting, transport-layer security, logging, and operational safeguards. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Subject to applicable law, you may have the right to access, correct, update, delete, restrict, or object to the processing of your personal data, as well as the right to data portability and the right to withdraw consent where processing is based on consent.
To exercise these rights, contact us at [email protected]. We will respond within the period required by applicable law.
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy and to comply with our legal obligations.
| Data type | Retention period | Reason |
|---|---|---|
| Account and office data | Duration of active account plus up to 30 days | Service delivery and post-cancellation processing |
| Booking and appointment data | Duration of active account plus up to 30 days | Service delivery and orderly account closure |
| Billing and invoice records | 7 years after the transaction | Belgian tax and accounting obligations |
| Error logs and diagnostics | Up to 90 days | Debugging, security, and service stability |
| Server access logs | Up to 90 days | Security monitoring and incident response |
| Backup copies | Deleted within 90 days of account deletion | Disaster recovery |
| CRM record | Until deletion is requested, unless legal retention applies | Business administration |
The Service is not directed to children under the age of 18, and we do not knowingly collect personal data directly from children.
The Service may link to external websites or services that are not operated by us. We are not responsible for the content, security, or privacy practices of third-party sites.
This Privacy Policy is drafted in English. If a translated version is provided, it is for convenience only. In the event of any inconsistency, the English version prevails.
We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. When required by law, we will provide notice of material changes before they take effect.
If you have questions or concerns about this Privacy Policy or our data practices, contact us at [email protected].