Privacy Policy — FemTech Hackathon 2025

Version: 1.0 Date: 24 October 2025

Clusity attaches great importance to your privacy and the careful handling of your personal data. With this privacy policy we explain in clear and plain language which personal data we collect from you, why we use it and what your rights are in this respect.

1. Who we are

“We”, “us” or “our” means the organization of “FemTech Hackathon", an initiative under Clusity VZW, with registered office at Veldkant 33A, 2550 Kontich and company number BE 0746.976.907. We act as the data controller with respect to the personal data we collect in connection with your use of this website.

This privacy policy is intended to inform you about the processing of personal data in connection with our website https://www.femtech-hackathon.com/ and the organisation of the FemTech Hackathon event. For further information, see section 5 of this privacy policy.

If you have questions, comments or complaints regarding this privacy policy or the processing of your personal data, or if you wish to exercise one of your rights, please contact us:

By email: hello@clusity.be

By post: Clusity VZW, Veldkant 33A, 2550 Kontich

This privacy policy was last updated on 07/10/2025.

2. Scope

This privacy policy applies to this website, to the organisation of the FemTech Hackathon event, to our direct marketing activities and to the general organisation of the FemTech Hackathon as an initiative under Clusity VZW.

3. Why and how we process your personal data

If you visit our website, register for the FemTech Hackathon event and/or are otherwise in contact with us, certain personal data may be processed. Below you will find information about the different processing activities that may apply to you.

3.1 Use of our website

When you visit our website we may process personal data using online technologies such as cookies, trackers, scripts and similar technologies (hereinafter “cookies”). These may include: (1) essential cookies strictly necessary to transmit a message over an electronic communications network, to ensure the security of our website or to store information related to an expressly requested service; (2) functional cookies that improve your use of the website; (3) analytical cookies to measure and analyse website usage; (4) marketing cookies to deliver (personalised) advertisements; and (5) third‑party cookies that we allow on our website.

More information is available in our cookie statement: (HYPERLINK)

3.2 Contact via the website

Legal basis: legitimate interest — An email address is available on our website to contact us. You can also reach us by post or telephone. We process the personal data you provide to respond to and handle your contact request, but we have no visibility or control over any additional personal data you may voluntarily provide. We ask you not to share confidential or sensitive data via this channel.

This processing is based on our legitimate interest because you have taken the initiative to contact us and we process your personal data to handle your request and take appropriate action. You may object to this processing as described under “Right to object” in the section “What are your rights and how can you exercise them”.

  • What personal data do we process? Identification and contact details such as email address or telephone number. And any other information you voluntarily provide (e.g. professional details, personal particulars).

  • How do we obtain these personal data? Directly from you when you contact us by email, post or telephone.

  • How long do we retain them? Up to 1 year after closure of the contact request, plus any archiving period for related communication (e.g. emails).

  • With whom do we share these personal data (other than affiliated and associated entities)? Processors (e.g. our hosting partner or suppliers) engaged to support the website, contact handling or relationship management.

  • Is automated individual decision‑making involved? No.

  • Is there any transfer outside the EEA? As a rule, we do not transfer personal data outside the European Economic Area (EEA). Our website and related services are hosted by a European provider with datacentres within the EU. In exceptional cases certain technical or support processes (e.g. maintenance, monitoring, backups) may be performed by subcontractors outside the EU. In such cases we ensure appropriate safeguards, such as Standard Contractual Clauses (Article 46 GDPR), to guarantee an adequate level of protection.


3.3 Event organisation

Legal basis: consent — When you register via our website for one of our events, personal data are processed to handle your registration and to organise the event.

This processing is based on your consent. You can withdraw your consent at any time without affecting the lawfulness of the processing up to the moment of withdrawal. Practically, withdrawal does not affect processing already carried out for past events you attended, but you will no longer be invited to future events.

  • What personal data do we process? Identification and contact details (name, first name, email address, mobile number, company ) Other data you may provide voluntarily (professional details, hobbies and interests, personal particulars, dietary or allergy information, etc.)

  • How do we obtain these personal data? Directly from you at registration.

  • How long do we retain them? We retain event participation data for up to 1 year after the event.

  • With whom do we share these personal data (other than affiliated and associated entities)? Processors (e.g. affiliated companies, catering suppliers, partners, etc.) and sponsors engaged to organise and support the event and/or to third parties acting as independent controller(s) as set out in article 4 of this Privacy Policy. 

  • Is automated individual decision‑making involved? No.

  • Is there any transfer outside the EEA? As a rule, we do not transfer personal data outside the EEA. Our website, platforms, social media plug-in, tooling and related services are hosted by a provider with datacentres in the EU. In exceptional cases certain technical or support processes by subcontractors outside the EU may occur; in such cases we put in place appropriate safeguards (e.g. Article 46 GDPR standard contractual clauses).


3.4 Use of photos and image material during events

Legal basis: legitimate interest and consent — During our events, general atmosphere photos and videos may be taken in which participants are recognisable. These images may be used for communication purposes by us and our partners (including sponsors and affiliated companies) such as publication on our website, social media, newsletters or other internal and external channels.

The processing of such images relies on our legitimate interest in reporting on our activities and visually supporting our operations. We ensure that images respect the dignity and privacy of the persons depicted. If you object to the use of a specific image in which you are recognisable, contact us at the email address above and we will remove or anonymise the image, unless its use is necessary for reporting or archiving.

For portrait photos, targeted images or close‑ups we will request explicit consent in advance. Consent is deemed given by your attendance at the event and acceptance of the participation terms, unless you actively pose or explicitly agree at the time of the recording. This consent covers use and sharing of the images for communications as set out above and may include sharing with processors such as our suppliers, affiliates,  sponsors and marketing agencies. You have the right to withdraw this consent at any time without giving reasons. After withdrawal we will stop using the image and, where technically possible, remove it from our media. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

  • What personal data do we process? Photos and other image material such as videos.

  • How do we obtain these personal data? By taking atmosphere shots or targeted recordings at an event.

  • How long do we retain them? We retain event image material for up to 5 years after the event. If a separate consent provides for a different retention period, that will apply as stated on the consent form.

  • With whom do we share these personal data (other than affiliated and associated entities)? Processors (e.g. affiliated entities, photographers, marketing agencies) and sponsors engaged to organise and promote the event.

  • Is automated individual decision‑making involved? No.

  • Is there any transfer outside the EEA? As a rule, we do not transfer personal data outside the EEA. Our website and related services are hosted by a provider with datacentres within the EU. In exceptional cases certain technical or support processes by subcontractors outside the EU may occur; in such cases we implement appropriate safeguards (e.g. Article 46 GDPR standard contractual clauses).


3.5 Supplier relationship management (including prospecting new suppliers)

Legal basis: legitimate interest — We work with various suppliers (e.g. photographers, caterers) and therefore maintain and develop contacts with new and existing suppliers and sponsors. In this context we process personal data of supplier employees (e.g. account managers).

This processing is based on our legitimate interest. You may object as described under “Right to object” in the section “What are your rights and how can you exercise them”.

  • What personal data do we process? Identification and contact details and any other information discussed during ongoing contacts (professional details, hobbies and interests, personal particulars, etc.).

  • How do we obtain these personal data? Directly from you through relationship management.

  • How long do we retain them? Up to 7 years after completion of the last assignment or contact.

  • With whom do we share these personal data (other than affiliated and associated entities)? Processors (e.g. our CRM platform) used for relationship management.

  • Is automated individual decision‑making involved? No.

  • Is there any transfer outside the EEA? As a rule, we do not transfer outside the EEA. Our CRM and related services are hosted by a European provider with datacentres in the EU. In exceptional cases subcontractors outside the EU may perform technical/support tasks; in such cases we ensure appropriate safeguards (e.g. Article 46 GDPR standard contractual clauses).


4. Sharing personal data with third parties

When you visit our website or use our products and services, we may rely on third parties such as partners, affiliated companies, sponsors and suppliers to whom we disclose personal data. These third parties help us deliver, support and develop our services and provide hosting, customer and technical support, marketing, analytics, content delivery, and online payment services.

Our website also uses external platforms and social media plugins that link to our social media channels or allow you to share content. These platforms may collect personal data (e.g. profile information) when you click such links. We are not responsible for how these social media platforms use your data; they act as independent controllers. For your information, relevant links (which may change) include:

Linkedin: https://www.linkedin.com/legal/privacy-policy 

Instagram: https://privacycenter.instagram.com/policy

Google Drive / Google forms: https://policies.google.com/privacy 

Insofar our website contains a link to our partners, affiliated and associated companies or other third parties we would like to clarify that we are not responsible after you click that link and visit those websites, as this is covered within the privacy policy as included on those websites. 

During an event, we may use WhatsApp as a communication tool to share updates, practical information, or respond to participant inquiries. By interacting with us via WhatsApp, your personal data (such as your phone number and profile information) may be processed by WhatsApp Inc., which acts as an independent data controller. We are not responsible for how WhatsApp handles your data. For more information on how WhatsApp processes personal data, please refer to their privacy policy: https://www.whatsapp.com/legal/privacy-policy 

It is also possible that, in the context of a reorganisation, restructuring, merger, sale or other transfer of business assets, we may share data (including personal data) with third parties. We disclose the information you provided, automatically collected information and information from others to these third parties to the extent necessary to enable them to provide their services or support. For the activities described above we indicate, per activity, which categories of third parties (other than affiliated and associated companies) we share your personal data with.

Furthermore, we may be required to grant access to your data or to disclose your data because of a legal obligation. This may be to authorities, public bodies or other third parties.

Finally, we may disclose your data if this is necessary to protect your vital interests.

  1. Transfer of personal data outside the EEA 

We endeavour to limit transfers of personal data to third parties outside the European Economic Area (the “EEA”).

If such a transfer nevertheless occurs, we will, as soon as possible, ensure that the transfer is made in accordance with the GDPR (for example by relying on the existence of an adequacy decision for the country in question or by putting in place an appropriate transfer mechanism, and, where relevant, additional safeguards).

For specific transfers, please refer to the chapter “Why and how we process your personal data?”.

  1. How long do we retain your personal data? 

We retain your personal data no longer than is strictly necessary to fulfil the purposes for which the personal data were collected or as required by law. For specific retention periods, please refer to the chapter “Why and how we process your personal data?”.

  1. Automated individual decision-making

European data protection law (GDPR) imposes certain conditions when organisations make decisions about individuals solely on the basis of fully automated processing, including profiling, and when such decisions produce legal effects or similarly significant consequences. We do not engage in such automated decision-making.

  1. What are your rights and how can you exercise them? 

We consider it important that you retain control over the processing of your personal data. Below you will find information about the different rights you may exercise in relation to the processing of your personal data:

Depending on the processing activity and its legal basis, certain conditions or limitations may apply to the exercise of the rights described below.

To exercise the rights listed above or to request further information, please contact us using the email address provided in the introduction. We will provide additional details where specific formalities apply to your request. We may also ask for additional information to verify your identity so that personal data are not wrongfully deleted or disclosed to someone who is not entitled to them. We strive to respond without undue delay and in any event within one month of receipt of your request. If we need to extend the response period beyond one month, or if we will not comply with your request, we will inform you accordingly.

8.1 Right of access If we process your personal data, you have the right to access your personal data and certain supplementary information as described in this privacy policy. You have the right to receive a copy of the personal data we hold about you, provided this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge; for repeated requests we reserve the right to charge a reasonable fee.

8.2 Right to rectification If the personal data we hold about you are inaccurate or incomplete, you have the right to have them corrected or completed, taking into account the purposes of the processing.

8.3 Right to restriction of processing You have the right to request restriction of processing of your personal data. This means that the data may only be stored by us and processed for limited purposes. This right applies where one of the following situations occurs:

  • You contest the accuracy of the personal data during a period that allows us to verify the accuracy;

  • The processing is unlawful and you oppose erasure and request restriction instead;

  • We no longer need the personal data for the purposes described above but you need them for the establishment, exercise or defence of legal claims; or

  • You have objected to processing and request restriction pending verification whether our legitimate grounds override yours.

Notwithstanding our right to retain your personal data, we may continue to process them only:

  • With your consent;

  • For the establishment, exercise or defence of legal claims;

  • For the protection of the rights of another natural or legal person; or

  • For reasons of public interest.

We will inform you before lifting any restriction on processing.

8.4 Right to data portability Where processing is based on your consent and is carried out by automated means, you have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format. You also have the right, where technically feasible, to have the data transmitted directly to another data controller. This right does not apply where it would adversely affect the rights and freedoms of others.

8.5 Right to object You have the right to object to the processing of your personal data as described above. This right applies where the activity is carried out: (1) in the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or (2) for the purposes of our legitimate interests or those of a third party.

If you object to processing, we will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms.

Where personal data are processed for direct marketing purposes (including profiling to the extent it relates to direct marketing), you have the right to object at any time and free of charge; we will then stop processing your data for that purpose.

8.6 Right to erasure (right to be forgotten) You have the right to request that we erase your personal data without undue delay. This right applies where one of the following grounds applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

  • You withdraw consent and there is no other legal basis for the processing;

  • The personal data have been unlawfully processed;

  • Erasure is necessary to comply with EU or Belgian law.

If you request erasure, we will erase the personal data unless one of the following exceptions applies:

  • Processing is necessary for exercising the right to freedom of expression and information;

  • Erasure is not possible for reasons of public interest in the area of public health;

  • Erasure is not possible due to archiving in the public interest, scientific or historical research purposes, or statistical purposes;

  • There is a legal obligation to retain the data; or

  • Erasure is not possible because the data are needed for the establishment, exercise or defence of legal claims.

8.7 Right to withdraw consent If you have given consent for a specific processing, you may withdraw that consent at any time. We make withdrawing consent as easy as giving it.

8.8 Right to object to automated individual decision-making If your personal data are used for automated individual decision-making that produces legal effects or similarly significant consequences, you may request that we stop using your data. If you object, we will cease or restrict the processing unless there are compelling reasons to continue.

  1. Who can I contact for further questions or complaints about privacy? 

If, after reading this privacy policy, you have further questions or comments regarding the collection and processing of your personal data, you may contact us at hello@clusity.be 

You also have the right to lodge a complaint with the supervisory authority responsible for data protection. You may do so in the EU Member State where you live, where you work or where the alleged infringement occurred. In Belgium, you may file a complaint with the Data Protection Authority:

Data Protection Authority Drukpersstraat 35, 1000 Brussels +32 (0)2 274 48 00 https://www.gegevensbeschermingsautoriteit.be/ burger/ acties/ klacht-indienen https://www.gegevensbeschermingsautoriteit.be

Because we highly value our relationship with you, we kindly ask that you first contact us so we can work together to find a solution to the issue underlying your complaint.


  1. Changes to the privacy policy 

Our organisation and therefore our website operate in a dynamic and innovative environment. This privacy policy may be amended as required by changes to our services or applicable law. This means we continuously seek to improve our services to better meet your needs. New features may result in personal data being collected or processed in different ways. We will notify you of any significant changes to this privacy policy and, where required, will obtain your consent.