Cookie Policy
Version 1.0 — 5-1-2026
1. Introduction
This cookie policy explains how Veyron ("we", "us") uses cookies and similar technologies on veyron.digital, what choices you have and how you can change those choices at any time.
We process cookies and (possibly) personal data exclusively in accordance with:
- the General Data Protection Regulation (GDPR);
- the Belgian cookie legislation (ePrivacy);
- the guidelines of the Data Protection Authority (Gegevensbeschermingsautoriteit, GBA) and the relevant EDPB guidelines.
You manage your choices via our cookie banner (Consent Management Platform, "CMP"). Via the "Cookie settings" link (always available at the bottom of each page), you can withdraw your consent just as easily as you gave it.
Before you make a choice, we only place strictly necessary cookies and technologies required for the website to function safely and correctly.
2. What are cookies and similar technologies?
Cookies are small text files that may be placed on your device when you visit our website. In addition, similar technologies exist, such as pixels, scripts, local storage and tags. We only use these to make the website work, to measure statistics and/or to measure marketing results — depending on your consent.
3. Cookie categories and purposes
Our cookie banner uses three categories. The naming and classification in this policy is aligned with the categories in the banner. If the banner labels change, we update this policy simultaneously so that the terminology corresponds 1-to-1.
3.1 Functional cookies (necessary)
Functional cookies are strictly necessary for the correct operation and security of the website. They support session management, fraud prevention, form and navigation functions and remembering your cookie preferences. These cookies do not require consent and cannot be disabled without impact on the website's operation.
Only cookies that are objectively necessary to provide a service you have requested or to make the website work technically fall into this category. Cookies for analysis, optimisation, personalisation or marketing never fall under 'functional', even if they improve user experience.
3.2 Analytical cookies (optional)
Analytical cookies help us understand how visitors use the website and where the user experience can be improved. This may also include optimisation functions such as heatmaps and A/B testing. Analytical cookies are only placed after you explicitly give consent via the cookie banner.
Analytical cookies are not placed based on legitimate interest, but exclusively based on your consent. Where technically possible, we use aggregated statistics and limit the data collected to what is necessary for website improvement.
3.3 Marketing and tracking cookies (optional)
Marketing and tracking cookies are used to measure marketing performance and conversions, optimise campaigns and (where applicable) enable remarketing. This also includes tracking technologies from social platforms (e.g. Meta, LinkedIn) and technologies linked to embedded content (e.g. video iframes or social widgets), if such elements are used on the website. Marketing and tracking cookies are only placed after you explicitly give consent via the cookie banner.
4. Cookie banner, consent and design principles
On your first visit, a cookie banner appears allowing you to make a free, specific, informed and unambiguous choice.
We apply the following principles:
- No pre-ticked boxes.
- No consent via continued browsing, scrolling or closing the banner.
- On the first layer of the banner, "Accept all" is displayed alongside an equally prominent "Reject all" option.
- You can give or refuse consent per category separately (granularity).
- The banner shows an overview of the vendors/tools used per category and provides a click-through to detailed information (purpose, duration, technology type).
- Your choice can be changed at any time via "Cookie settings" (always available at the bottom of each page).
Refusing non-necessary cookies has no adverse consequences for basic use of the website. Some functionalities may be limited when you refuse analytical or marketing cookies (e.g. less relevant measurement results).
4.1 Re-confirmation of consent (re-consent)
We ask you to re-confirm your preferences (or show the banner again) at least every 12 months, and earlier when there are material changes in cookie categories, purposes, vendors or transfer mechanisms, or when you delete your cookies. In those cases, we do not consider previous choices to be permanently valid.
4.2 Accessibility and mobile user experience
Our cookie banner is designed with attention to accessibility and ease of use on mobile devices. This means: sufficient colour contrast, readable typography, clear and simple language, full keyboard navigation and correct operation in common browsers and screen formats. Where relevant, we follow the WCAG principles.
5. Legal basis (GDPR) and withdrawal of consent
For the placement and reading of cookies, the rules of the ePrivacy legislation apply. For the processing of (possible) personal data associated therewith, we apply the following legal bases:
| Category | Consent required for placement/reading | Legal basis for processing (GDPR) |
|---|---|---|
| Functional (necessary) | No (strictly necessary) | Art. 6(1)(b) (performance of service) and/or Art. 6(1)(f) (legitimate interest: security and operation) |
| Analytical (optional) | Yes (opt-in via banner) | Art. 6(1)(a) (consent) |
| Marketing & tracking (optional) | Yes (opt-in via banner) | Art. 6(1)(a) (consent) |
You can withdraw or adjust your consent at any time via "Cookie settings". Withdrawal is as easy as giving consent and has no adverse consequences for basic use of the website.
6. Vendors, third-party cookies and international transfer
Our website may use technology from external providers (third parties). These parties may act as (sub-)processors or as independent controllers, depending on the service. The CMP vendor list always shows all currently active vendors (including links to their own information and policies), as well as purposes, durations and processing countries.
Where personal data is processed outside the European Economic Area (EEA), we apply appropriate safeguards, such as Standard Contractual Clauses (SCCs), and conduct a transfer impact assessment (TIA) in advance. New vendors or new transfers are only activated after this assessment. Despite such safeguards, a residual risk may exist that data is requested by foreign authorities.
If embedded content or additional functionalities are used on the website (e.g. YouTube/Vimeo videos, chat widgets, social plugins, tag managers), the associated vendors are also included in the CMP and fall under the relevant category (analytical or marketing & tracking), depending on their function.
The table below provides a transparent overview per core vendor of role, location and safeguards. Where measures depend on configuration, this is explicitly stated; the actual settings are managed internally and periodically verified.
| Vendor | Service | Category | Role (indicative) | Processing country(ies) | Transfer basis | Additional measures (Schrems II) |
|---|---|---|---|---|---|---|
| Zoho PageSense | Analytics, heatmaps, A/B testing | Analytical | Processor (for our measurements) | EEA and/or third countries (depending on Zoho configuration) | DPA + SCCs if transfer outside EEA | Data minimisation; configuration with minimal logging; restricted access; transport encryption; IP anonymisation where possible. |
| Meta (Facebook/Instagram) | Pixel/Conversion API (if used) | Marketing & tracking | Third party / independent controller | Mostly US / global infrastructure | SCCs (vendor); additional safeguards depending on configuration | Consent-first; data minimisation; server-side proxy where possible; limited event parameters; TLS; periodic necessity evaluation. |
| Insight Tag (if used) | Marketing & tracking | Third party / independent controller | Mostly US / global infrastructure | SCCs (vendor); additional safeguards depending on configuration | Consent-first; data minimisation; limited configuration; TLS; periodic necessity evaluation. | |
| Google (Fonts) | Font loading (HTTP request) | Functional | Third party | May be processed outside EEA (request logs) | SCCs (vendor) if transfer outside EEA | Preference for self-hosting; minimisation of request data; TLS; caching where possible. |
7. Retention periods
Retention periods vary per cookie/technology and are shown in detail in the CMP (cookie table in the banner). As a general rule, we apply:
- Functional cookies: session or limited technical validity.
- Analytical and marketing cookies: maximum 13 months, unless you delete them earlier or withdraw your consent.
If a vendor applies a shorter retention period, the shortest period applies. The CMP cookie list is a snapshot; for the most up-to-date list, we refer to the cookie banner.
The CMP performs periodic scans and checks to keep the cookie list up to date, at least monthly and additionally upon material changes.
8. Consent logging (evidence) and retention period
Consent records (consent logs) are kept to demonstrate our compliance (accountability). These logs contain a limited set of data (e.g. timestamp, banner version, chosen preferences and a technical identifier) and are retained for a maximum of 5 years based on our legitimate interest to support legal obligations and evidence preservation.
Consent logs are used exclusively for compliance, audit and evidence purposes and not for marketing, profiling or advertising purposes. Access to these logs is restricted to authorised persons.
9. Your rights under the GDPR
You have the right to:
- withdraw your consent at any time;
- request access to your personal data;
- request rectification, erasure or restriction where applicable;
- object to processing based on legitimate interest;
- file a complaint with the Data Protection Authority.
Contact: privacy@veyron.digital
10. Relationship with the privacy policy
This cookie policy describes the use of cookies and similar technologies. For a broader explanation of our processing of personal data, categories of recipients, retention periods and your rights, we refer to our privacy policy on the website. Purposes, legal bases, recipients and retention periods are kept internally coherent between both policies.
11. Changes
We may update this cookie policy when technology, legislation, cookie use or our vendors' services change. The most recent version is always available on this page and applies from the publication date.
12. Governance and change management (CMP)
Any change in the CMP (vendors, categories, purposes, banner labels or banner UX) triggers a mandatory review and, where necessary, a simultaneous update of:
- the cookie policy (this document);
- the CMP vendor list and cookie table;
- internal documentation on vendor configuration, transfers and TIAs.
We version this document and maintain a changelog so that it can be demonstrated when and why changes were made.
13. Cookie table (CMP-generated list)
The cookie table below is a representation of the configuration as included in our CMP. The CMP is periodically scanned and updated. Therefore, the list is intended as a current overview; the definitive and most recent list always remains accessible via the cookie banner.