Privacy Statement

Data Protection Institute
Privacy Statement

Personal data

Who processes your personal data?
Data Protection Institute BV (DPI) is an independent educational institution and provides training by recognised experts with years of experience in the field of data protection and privacy. DPI’s registered office is at Grotehondstraat 44 1/1, 2018 Antwerp, company number 0849.293.297. As of 23/4/2021, DPI has become a majority-owned subsidiary of Toreon BV. This change in ownership does not alter our commitment to protecting your personal information.

Principles on the processing of personal data
DPI recognises the importance of data protection and privacy of personal data of training participants and will handle the personal data of these data subjects with due care and only for specified purposes. DPI explicitly confirms that all personal data will be processed in accordance with both the Belgian act of 30 July 2018 on the protection of individuals with regard to the processing of personal data and Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR).

Which personal data do we process?
Personal data can be defined as any information relating to an identified or identifiable individual (data subject). DPI may process (both physically and via this website) the following data, which may constitute personal data of the data subject, i.e. personal contact data of the registered person such as:

  • Surname
  • First name
  • Title
  • Email
  • If applicable: contact in the company
  • Telephone number
  • Comments
  • Evaluations of examinations and obtained scores
  • Data on the diet of the registered person for the purpose of providing meals
  • Personal data of the person registering, such as surname, first name, title, email

Why do we process this data?
We collect this data to fulfil our administrative obligations such as billing for services provided to the customer by DPI or keeping our legally required accounts.
For our internal operations, it is also important that we create files to ensure the portability and demonstrability of personal data for purposes of accreditation or certification, for example. This is in the interest of the efficient operation of the company. Specifically, this concerns the following purposes:

  • Administrative and organisational tasks related to the registration of the person concerned in one of the DPI training courses.
  • To invite the data subject to events organised by DPI (for example: the Alumni event).
  • Management of the student database.
  • Update of course material or training.
  • Information on DPI’s activities.
  • Issuing and managing a certificate provided by DPI, if applicable.
  • Direct marketing purposes such as promotions related to the products and services provided by DPI to the data subject. We use the contact data for activities directly related to DPI, in particular our products and services offered in the context of lifelong learning (new courses and Alumni activities).
    We will only process these personal data for the above purposes unless the data subject’s explicit consent is requested to use them for purposes other than those for which they were originally collected.

To whom do we transfer your personal data?
We do not transfer personal data to third parties such as sponsors or employers, unless explicit permission has been requested from the course participant. DPI will refrain from releasing personal data to third parties and shall not disclose personal data of data subjects.
Personal data relating to the organisation of the course itself will be transferred to the DPI-affiliated instructors and parties who support the course day, including the publisher of the course material (only if they deliver personalised course material).

How long do we retain your data?
If the course participant is taking part in a certification programme, the relevant data shall be kept for 15 years after the last contact for the purpose of demonstrating and proving the certification (this refers to administrative data, data on the evaluation, attendance, date of issue of certificate and attendance certificate).

The personal data necessary to justify a subsidy file will be retained for 10 years.

Personal data used for invoicing and accounting purposes are kept for 7 years in accordance with the legal retention period.

For all other purposes, the retention period is 3 calendar years.

Your rights

What rights can the data subject exercise?
The data subject is able to exercise his/her rights as described in the General Data Protection Regulation at any time. The data subject may exercise the following rights:

  • Right of access: the data subject shall always have the possibility to make a request to review all personal data collected (including processing purposes, categories of personal data, estimated retention period). Examination questions are not personal data and are therefore never provided to students.
  • Right of rectification or right to restriction of processing: the data subject has the right to demand that DPI rectifies any of his or her personal data which are inaccurate or incomplete. The data subject may also request that his or her personal data be temporarily withheld until they are accurate or complete.
  • Right to erasure (“right to be forgotten”): if the data subject wishes to have his or her personal data deleted, he or she may contact DPI ( at any time, requesting that his or her personal data be deleted. This is a simple and free request. Attention: please note that this right does not always apply, in some cases it is not possible to delete the data, but this will be clearly stated.
  • Right to object: if the data subject no longer wishes to be informed of updates or no longer wishes to receive direct marketing emails, he or she has the right to do so. This can be done by emailing a request to Please note that the data subject does not have the right to object to the processing of his or her personal data if such personal data is necessary for the performance of the contract between DPI and the data subject or the data subject’s company (e.g. for billing the data subject or the data subject’s company for the ordered training, etc.).
  • Right to data portability: the data subject has the right to receive his or her personal data in a universally readable format such as a text file or other digital file.
  • Complaints: if the data subject is not satisfied with the way his or her personal data are handled, he or she can file a complaint with the competent Data Protection Authority (DPA). For more information, please visit the following website:

Protection of personal data
DPI recognises that the protection of personal data is an essential part of data protection. Where it is impossible to fully guarantee security, DPI will provide the appropriate technical and organisational measures to protect personal data.


Use of cookies
DPI only processes personal data via its website that is automatically collected by using the website, such as IP address, browser type and operating system, the number of times a data subject has visited the website and the pages he or she visited. These personal data are obtained through the use of cookies.
DPI shall only use these data for statistical and performance purposes on a global level. Therefore, DPI shall not process any data that can be linked to an individual. This would require actions that are not reasonably feasible for DPI. On the other hand, this data will be used for limited marketing purposes, as DPI uses this data to run its marketing campaigns: analyzing the profitability of our marketing campaigns based on conversions tracked, making remarketing audiences out of page visitors of the DPI website, etc.

A cookie is a small amount of data generated by a website and stored in the data subject’s browser for the purpose of remembering information about the data subject. Cookies allow a website to recognise the data subject’s browser and for the user to browse a website quickly and easily.
They also ensure that personal settings and preferences are stored, for example, that when visiting the website again the language does not have to be selected again. Certain cookies may also be installed by a third party to measure the use of the website (these are so-called third party cookies).
If the data subject does not want a website to install cookies on his or her computer, the browser settings need to be changed.

Please note that by disabling cookies, certain graphics may not be as clear, or it may be impossible to use certain applications.

DPI does everything necessary for the website to run smoothly although some elements of the website require the use of cookies.
The following table shows which cookies process which personal data and for which purposes. The table also contains information on the retention period of the data and on what basis the processing activity is justified (lawfulness of processing):

Purpose Expiry period Content Name
Google Tag Manager 1 minute 1 _dc_gtm_UA
Used by Google Tag Manager to measure conversions 18 days 1.1.87775659.1565689120 _gcl_au
This is how the website knows what language you have chosen 1 year nl/fr pll_language
This is how the website knows if you have accepted the cookies 1 year yes accept_all_cookies
Used by WordPress to customise the interface and operation of the website for WordPress administrators 1 year


element_vcUIPanelLeft%3D286px%26 edit_element_vcUIPanelTop%3D81px%26

%3Dnone%26advImgDetails%3Dshow %26hidetb%3D1

Used by WordPress to customise the interface of the website for WordPress administrators 1 year 1569854397 wp-settings-time-1


Changes to our privacy statement

DPI may change this privacy statement at any time and will always post the updated version on the website, including the date and version number of the “last update”.

Version: Version 2.3
Last update: 20 October 2023