Privacy Policy
How we collect, use, protect, and handle your personal information.
Last Updated: March 3, 2026
Rui Codex is committed to GDPR compliance and protecting your privacy.
1. Introduction
Rui Codex ("we", "us", "our") is an enterprise software engineering company registered and operating in Brussels, Belgium. We are committed to protecting the privacy and security of your personal data in compliance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679), the Belgian Data Protection Act, and all applicable data protection laws.
This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website ruicodex.com, use our services, or communicate with us. By using our website or services, you acknowledge that you have read and understood this policy.
Data Controller: Rui Codex, Brussels, Belgium
Contact: info@ruicodex.com
2. Information We Collect
2.1 Information You Provide Directly
- Contact Form Submissions: Name, email address, company name, phone number, project description, budget range, and any additional information you provide voluntarily through our contact form.
- Email Communications: Name, email address, and content of emails you send to us.
- Service Inquiries: Business-related information you share during consultations, proposals, and project discussions.
- Account Information: If applicable, login credentials for our admin panel (hashed and encrypted).
2.2 Information Collected Automatically
- Log Data: IP address (anonymized where possible), browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on each page.
- Device Information: Screen resolution, device type (desktop, mobile, tablet), language settings.
- Cookies and Similar Technologies: See Section 8 (Cookie Policy) for details.
2.3 Information We Do Not Collect
We do not collect or process:
- Special categories of personal data (racial/ethnic origin, political opinions, religious beliefs, genetic or biometric data, health data, sexual orientation) unless explicitly provided by you for a specific service purpose.
- Financial information such as credit card numbers or bank account details (payment processing, if applicable, is handled entirely by third-party processors).
- Data from minors under the age of 16.
3. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Responding to your contact form submissions | Legitimate interest / Consent |
| Providing requested services and project delivery | Performance of a contract |
| Sending project updates and service communications | Performance of a contract / Legitimate interest |
| Website analytics and performance optimization | Legitimate interest |
| Ensuring website security and preventing abuse | Legitimate interest |
| Compliance with legal obligations | Legal obligation |
| Marketing communications (only with opt-in) | Consent |
4. How We Use Your Information
- Service Delivery: To respond to your inquiries, provide project proposals, deliver contracted software development services, and maintain ongoing client relationships.
- Communication: To send you project updates, technical documentation, and respond to support requests.
- Website Improvement: To analyze website usage patterns, optimize user experience, fix technical issues, and improve content relevance.
- Security: To detect, prevent, and respond to security incidents, fraud, or technical issues.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
We will never sell, rent, or trade your personal data to third parties for their marketing purposes.
5. Data Sharing and Disclosure
We may share your personal data only in the following circumstances:
- Service Providers: Trusted third-party providers who assist us in operating our website, conducting our business, or servicing you (e.g., hosting providers, email services), subject to strict data processing agreements.
- Legal Requirements: When required by law, regulation, legal process, or governmental request.
- Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred. You will be notified before your data becomes subject to a different privacy policy.
- Protection of Rights: When we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
Current third-party processors include:
- Hosting infrastructure provider (EU-based data centers)
- Email delivery service (for contact form notifications)
All processors are bound by data processing agreements compliant with GDPR Article 28.
6. International Data Transfers
Your personal data is primarily processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure adequate protection through:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding Corporate Rules where applicable
7. Data Retention
- Contact form submissions: Retained for 2 years after last interaction, then permanently deleted.
- Client project data: Retained for the duration of the contractual relationship plus 5 years for legal and audit purposes.
- Server logs: Automatically deleted after 90 days.
- Analytics data: Aggregated and anonymized after 26 months.
- Email correspondence: Retained for 3 years after last interaction.
You may request earlier deletion at any time (see Section 9).
8. Cookie Policy
8.1 What Are Cookies
Cookies are small text files stored on your device when you visit our website. They help us provide and improve our services.
8.2 Types of Cookies We Use
| Category | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for website functionality, security, and authentication | Session / up to 1 year |
| Functional | Remember your preferences and settings | Up to 1 year |
| Analytics | Understand how visitors interact with our website (anonymized) | Up to 26 months |
We do not use advertising or marketing cookies, and we do not engage in behavioral tracking or profiling for advertising purposes.
8.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality. Most browsers allow you to:
- View and delete existing cookies
- Block third-party cookies
- Block cookies from specific websites
- Block all cookies
9. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right of Access
Request a copy of all personal data we hold about you (Art. 15).
Right to Rectification
Correct inaccurate or incomplete personal data (Art. 16).
Right to Erasure
Request deletion of your personal data ("right to be forgotten") (Art. 17).
Right to Restriction
Restrict processing of your personal data under certain conditions (Art. 18).
Right to Portability
Receive your data in a structured, machine-readable format (Art. 20).
Right to Object
Object to processing based on legitimate interests or direct marketing (Art. 21).
To exercise any of these rights, please contact us at info@ruicodex.com. We will respond within 30 days as required by GDPR. If you are not satisfied with our response, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).
10. Data Security
We implement appropriate technical and organizational security measures to protect your personal data, including:
- Encryption: TLS 1.2+ encryption for all data in transit; AES-256 encryption for sensitive data at rest.
- Access Controls: Role-based access control, multi-factor authentication for administrative access, principle of least privilege.
- Infrastructure: Hosted on secure, ISO 27001 certified data centers with regular security audits, firewalls, and intrusion detection systems.
- Password Security: All passwords are hashed using industry-standard algorithms (bcrypt/PBKDF2) and never stored in plaintext.
- Regular Audits: Periodic security assessments and vulnerability testing.
- Incident Response: Documented data breach notification procedure in compliance with GDPR Art. 33-34 (notification within 72 hours).
11. Third-Party Links
Our website may contain links to third-party websites (e.g., LinkedIn, everytranslate.com). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal data.
12. Children's Privacy
Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take immediate steps to delete such information.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page with a revised "Last Updated" date. We encourage you to review this policy periodically.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:
Supervisory Authority: Belgian Data Protection Authority (APD/GBA) — www.dataprotectionauthority.be
Table of Contents
Legal Documents
Our Commitment
- GDPR Compliant
- ISO 27001 Standards
- No Data Selling
- 72h Breach Notification
- EU Data Centers