AskAlfred
AskAlfredBack home
Legal

Privacy Policy

Last updated: 24 April 2026

1. Who we are

AskAlfred BV/SRL is a company incorporated under Belgian law, with registered office at Generaal Lemanlaan 67, 8310 Bruges (Belgium), registered with the Crossroads Bank for Enterprises (KBO/BCE) under number 1004.594.257 (“AskAlfred”, “we”, “us” or “our”).

AskAlfred operates a mobile application and related services that allow users to collect, organise and curate travel content (the “Service”). In the context of the Service, AskAlfred acts as data controller within the meaning of Regulation (EU) 2016/679 (the “GDPR”) in respect of personal data it processes.

For any questions about this Privacy Policy or our data processing practices, please contact us at info@askalfred.be.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data we process in connection with:

  • registered users of the Service (including Creator Programme participants);
  • visitors to our website at askalfred.be;
  • any person who contacts us by email or through the app.

It does not apply to personal data processed by third-party platforms (TikTok, Instagram, Booking.com, etc.) that you access through the Service. Those platforms are governed by their own privacy policies.

3. Personal data we collect

The personal data we collect depends on how you use the Service. We collect only what is necessary for the purposes described in Section 4.

3.1 Data you provide directly

  • Account registration data: name, email address, username, password.
  • Profile information: profile picture, travel preferences (optional).
  • Content you create: Spot descriptions, tags, lists, annotations, itineraries.
  • Communications: messages you send to us via email or in-app support.
  • Creator Programme data: payment details (bank account or payment service credentials), tax identification information, where applicable.

3.2 Data collected automatically

  • Device and technical data: device type, operating system, app version, IP address, browser type.
  • Usage data: features accessed, content viewed, search queries, date and time of access, crash reports.
  • Location data: approximate location derived from IP address; precise location only if you grant explicit permission in your device settings.
  • Cookies and similar technologies: as described in our Cookie Policy.

3.3 Data received from third parties

If you connect the Service to a third-party account (e.g., login via Google or Apple), we receive basic profile information (name, email address) from that provider in accordance with your authorisation. We do not receive or store your password for those accounts.

We do not purchase or otherwise obtain personal data from data brokers or marketing lists.

4. How and why we use your data

We process your personal data only for legitimate purposes and on a valid legal basis under Article 6 GDPR (and Article 9 GDPR where special categories of data are involved). We do not engage in profiling or automated decision-making with legal or similarly significant effects.

4.1 To provide and operate the Service

Legal basis: performance of contract (Art. 6(1)(b) GDPR) / legitimate interest (Art. 6(1)(f) GDPR) for non-contractual users.

  • Creating and managing your Account;
  • Generating and displaying Spots from content you link to the Service;
  • Displaying Affiliate Links associated with Spots;
  • Enabling sharing of itineraries and Spot collections;
  • Providing customer support.

4.2 Creator Programme

Legal basis: performance of contract (Art. 6(1)(b) GDPR).

  • Processing your participation in the Creator Programme;
  • Calculating and processing revenue-sharing payments;
  • Issuing payment confirmations and financial records.

4.3 To improve and develop the Service

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) — our interest in offering a reliable and improving service.

  • Analysing usage patterns and feature adoption;
  • Diagnosing technical issues and crashes;
  • Conducting internal research and product testing.

4.4 To communicate with you

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) for service communications; consent (Art. 6(1)(a) GDPR) for marketing.

  • Sending service notifications (account updates, security alerts, policy changes);
  • Sending marketing communications about AskAlfred features and updates — only if you have given your explicit opt-in consent. You may withdraw consent at any time by using the unsubscribe link in any marketing email or by contacting us at info@askalfred.be.

4.5 To comply with legal obligations

Legal basis: legal obligation (Art. 6(1)(c) GDPR).

  • Complying with applicable tax, accounting and financial regulations;
  • Responding to lawful requests from competent public authorities;
  • Retaining records as required by applicable law.

4.6 To protect our legitimate interests

Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

  • Detecting, preventing and investigating fraud, abuse or security incidents;
  • Enforcing our Terms & Conditions;
  • Defending or exercising legal claims.

5. With whom we share your data

We do not sell, rent or otherwise make your personal data available to third parties for their own commercial or marketing purposes.

We may share your personal data with the following categories of recipients, strictly to the extent necessary:

5.1 Service providers (processors)

We engage third-party service providers who process personal data on our behalf and under our instructions. These include:

  • Cloud hosting and infrastructure providers (servers located within the EEA);
  • Analytics providers (usage and performance analysis);
  • Payment processors (for Creator Programme payments);
  • Customer support tooling;
  • Email delivery services.

All processors are bound by data processing agreements compliant with Article 28 GDPR and may not use your data for their own purposes.

5.2 Affiliate partners

When you access an Affiliate Link within the Service (e.g., Booking.com, GetYourGuide), your click and booking data is transmitted to the relevant platform in order to attribute the commission. AskAlfred shares only the minimum data necessary for this purpose. The affiliate platform’s own privacy policy applies to any further processing.

5.3 Business transfers

In the event of a merger, acquisition, restructuring or sale of assets, your personal data may be transferred to the relevant third party, subject to the same level of protection as provided in this Privacy Policy. We will notify you of any such transfer where required by law.

5.4 Legal requirements

We may disclose your personal data to competent public authorities, courts or regulators where required by applicable law, provided that we will, where legally permitted, notify you of such request in advance.

6. International data transfers

AskAlfred stores and processes your personal data primarily on servers located within the European Economic Area (EEA).

If we use service providers whose systems are located outside the EEA, we ensure that appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR, or we rely on an adequacy decision by the European Commission in respect of the relevant country.

You may request further information on the safeguards applicable to specific transfers by contacting info@askalfred.be.

7. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law.

CategoryRetention periodBasis
Account dataDuration of Account + 1 year after deletionLegal obligation / legitimate interest
User-generated Content (Spots, lists, annotations)Duration of Account; deleted upon account deletionContract performance
Creator Programme financial records7 years after the relevant transactionLegal obligation (accounting law)
Usage and analytics data13 months (aggregated/anonymised thereafter)Legitimate interest
Marketing consent recordsUntil consent withdrawn + 3 yearsLegal obligation (burden of proof)
Support communications3 years after resolutionLegitimate interest
Security and fraud logs12 monthsLegitimate interest

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or alteration. These measures include encryption of data in transit (TLS), access controls, secure hosting infrastructure within the EEA, and regular security assessments.

No method of electronic transmission or storage is completely secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR.

9. Minors

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data without appropriate consent, we will delete that data promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@askalfred.be.

10. Your rights

As a data subject under the GDPR, you have the following rights in respect of your personal data:

Right of access: You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data and information about how and why it is processed.

Right to rectification: You have the right to obtain the correction of inaccurate personal data and the completion of incomplete data.

Right to erasure: You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw your consent, or where processing is unlawful. This right is not absolute and may be subject to legal retention obligations.

Right to restriction of processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we assess a dispute about accuracy.

Right to data portability: Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.

Right to object: You have the right to object at any time to the processing of your personal data based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests. You have an absolute right to object to processing for direct marketing purposes.

Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects. AskAlfred does not engage in such automated decision-making.

To exercise any of the above rights, please contact us at info@askalfred.be. We will respond within one month of receipt of your request. This period may be extended by a further two months in the case of complex or multiple requests, in which case we will notify you of the extension and reasons for it.

We may request proof of your identity before processing your request. We will not charge a fee for reasonable requests. We reserve the right to charge a reasonable administrative fee for manifestly unfounded or excessive requests.

11. Right to lodge a complaint

If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Belgium, this is:

Gegevensbeschermingsautoriteit (GBA) / Autorité de Protection des Données (APD)
Drukpersstraat 35, 1000 Brussels
T: +32 (0)2 274 48 00
contact@apd-gba.be | dataprotectionauthority.be

You may also lodge a complaint with the supervisory authority of the EU Member State where you habitually reside, work or where the alleged infringement occurred.

12. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Where changes are material, we will notify you via in-app notification or email at least 30 days before the changes take effect. The date of the most recent update is indicated at the top of this document.

Continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.