Infracademy Privacy Policy

1. Purpose and Who We Are

This Privacy Policy describes how VOS BV, a private limited liability company registered in Flanders, Belgium, operating under the brand name Infracademy (“Infracademy”, “we”, “us”, or “our”), collects, uses, discloses, and safeguards personal data when you use our websites, mobile applications, e-learning platform, and related services (collectively the “Services”).

VOS BV is the data controller within the meaning of the General Data Protection Regulation (GDPR).

Contact details

Address: [Registered Office, Flanders, Belgium]
Email (privacy matters): privacy@infracademy.org
Email (legal matters): legal@infracademy.org
Supervisory Authority: Belgian Data Protection Authority (GBA/APD) – https://www.gegevensbeschermingsautoriteit.be

Your use of the Services is also governed by our Terms of Use.

2. Scope of This Policy

This Privacy Policy applies to all information we collect through:

• Infracademy-hosted websites and learning portals;
• Our mobile and desktop applications;
• AI-driven tutoring, assessment, or analytics tools integrated into the platform;
• Communications with our learners, instructors, partners, or visitors by email, chat, or other channels.

It does not apply to third-party websites or tools that have separate privacy notices.

3. Legal Bases for Processing

We process personal data only where one or more of the following legal bases apply under Article 6 GDPR:

• Performance of a contract – to deliver the Services you requested.
• Legal obligation – to comply with Belgian or EU law (e.g., invoicing, tax, security).
• Legitimate interests – to secure our platform, prevent fraud, and improve user experience.
• Consent – for optional analytics, marketing communications, or specific data uses.
• Public interest / research – for anonymised educational analytics in compliance with Recital 159 GDPR.

4. What Personal Data We Collect

We collect data in several categories:

4.1 Information You Provide Directly

• Account registration (name, email, password, organisation, and profile information).
• Course enrolments, assignments, quizzes, forum posts, and certifications.
• Messages or requests sent to our support or academic teams.
• Payment and billing details (processed securely by third-party payment processors).
• Identity-verification materials (photo ID, webcam snapshot) where proctoring is required.

4.2 Information We Collect Automatically

• Device, browser, IP address, and activity logs.
• Learning analytics: time spent on modules, assessment outcomes, progress data.
• Cookies and similar technologies (see Section 11).

4.3 Information From Third Parties

• Organisational or university partners who enrol you in programmes.
• Payment and authentication providers.
• Marketing partners (only with your prior consent).

We do not intentionally collect special-category data under Article 9 GDPR unless required for accessibility or equality reporting, in which case explicit consent will be obtained.

5. How We Use Personal Data

We use your data for the following purposes:

• To provide the Services – account creation, course participation, progress tracking, certification, and support.
• To maintain security – authentication, fraud detection, and incident response.
• To personalise learning – adaptive recommendations, AI-based tutoring, and progress feedback.
• To communicate – course updates, system notifications, marketing (with consent).
• To conduct research and analytics – aggregated, pseudonymised studies to improve educational quality.
• To comply with the law – e.g., record-keeping, tax, anti-fraud obligations.

Automated decision-making is limited to educational analytics that do not produce legal or significant effects on users. Any decision with such effects will include human review as required by Article 22 GDPR.

6. Sharing and Disclosure

We share data only when necessary and under written data-processing agreements compliant with Article 28 GDPR.

Categories of recipients include:

• Cloud-hosting and IT-infrastructure providers (EU or EEA-based whenever feasible);
• Learning-analytics and AI vendors processing data on our behalf;
• Payment providers (e.g., Stripe, PayPal – acting as separate controllers for transactions);
• Academic or industrial partners delivering co-branded courses;
• Public authorities or courts when legally obliged to disclose information.

We never sell personal data.

7. International Data Transfers

Where data is transferred outside the EEA, we ensure adequate protection by:

• Using entities certified under the EU–US Data Privacy Framework; or
• Executing Standard Contractual Clauses (SCCs) approved by the European Commission; or
• Implementing Binding Corporate Rules where applicable.

Copies of relevant safeguards may be requested at privacy@infracademy.org.

8. Retention Period

Personal data is retained only as long as necessary for the purpose collected:

• Active learner accounts: for the duration of your registration.
• Certification records: 10 years (academic integrity).
• Financial data: 7 years (legal/tax obligations).
• Support communications: 2 years.
• Aggregated analytics: indefinitely in anonymised form.

9. Security of Personal Data

We apply technical and organisational measures in line with Article 32 GDPR, including:

• TLS encryption in transit and AES encryption at rest;
• Access control, audit logging, and role segregation;
• Staff confidentiality undertakings and annual GDPR training;
• Incident-response procedures and breach notification to the GBA/APD within 72 hours per Articles 33–34 GDPR.

10. Your Rights Under EU Law

Under Chapter III GDPR, you have the right to:

• Access your data;
• Rectify inaccuracies;
• Erase data (“right to be forgotten”);
• Restrict processing;
• Data portability;
• Object to processing, including direct marketing;
• Withdraw consent at any time; and
• Lodge a complaint with the Belgian Data Protection Authority (GBA/APD).

Requests may be submitted to privacy@infracademy.org. We respond within 30 days as required by Article 12 GDPR.

11. Cookies and Tracking Technologies

Infracademy uses cookies and similar technologies as permitted by the ePrivacy Directive 2002/58/EC and national Belgian law:

• Strictly necessary cookies – essential for platform operation.
• Analytics cookies – to understand usage (used only with your consent).
• Functional cookies – to remember preferences.

Users can manage consent through the cookie banner or browser settings. Detailed information is provided in our Cookie Notice.

12. Children’s Data

Under Belgian implementation of Article 8 GDPR, children under 13 require parental consent to use online services. We take reasonable steps to verify such consent and delete any data collected without it.

13. Research and Artificial Intelligence Processing

As part of our mission to improve education, anonymised and aggregated data may be used for research in accordance with Recitals 159–162 GDPR.

Where AI tools process learner interactions, we:

• Limit data to pseudonymised identifiers;
• Prohibit secondary use by third-party vendors;
• Provide transparency on AI-assisted features in compliance with the EU AI Act proposal.

14. Digital Services Act (DSA) Transparency

Infracademy qualifies as an online platform under Regulation (EU) 2022/2065 – Digital Services Act.

We provide mechanisms to:

• Report illegal content (“notice-and-action”);
• Appeal content-moderation decisions; and
• Publish annual transparency summaries as required by Article 15 DSA.

15. Changes to This Policy

We review this Policy periodically to reflect changes in law or operations.

Updates will be posted on the Infracademy website with a revised “Effective Date”.

Material changes will be notified by email or platform notice.

16. Contact Us

Data Controller: VOS BV (“Infracademy”)
Address: [Registered Office, Flanders, Belgium]
Email: privacy@infracademy.org
Supervisory Authority: Belgian Data Protection Authority (GBA/APD) – https://www.gegevensbeschermingsautoriteit.be