Privacy

Privacy Policy

Last updated: April 2026

Thank you for visiting our website and for your interest in our services. The protection of your personal data is essential to us: Yggra handles commercially sensitive data from clients and candidates every day, and treats your personal data with the same discipline. We deploy appropriate technical and organisational measures to protect your data against loss, alteration, unauthorised access and any other unlawful processing.

This policy explains who we are, what personal data we process, on what legal basis, how long we retain it, and what rights you have.

1. Who are we?

Yggra BV, with registered office at Fruitmarkt 18/3.01, 3500 Hasselt, Belgium, registered with the Crossroads Bank for Enterprises under number BE1033.451.361 (hereafter: Yggra, we, or us).

Contact:

  • E-mail: contact@yggra.eu
  • Phone: +32 474 86 57 81
  • Address: Fruitmarkt 18/3.01, 3500 Hasselt, Belgium

We process your personal data in accordance with Regulation (EU) 2016/679 (hereafter: GDPR) and Belgian implementing legislation.

2. Some terms explained

Personal data: any information relating to an identified or identifiable natural person — such as name, e-mail address, phone number, IP address, job title, or visual material.

Processing: any operation performed on personal data — collecting, recording, organising, storing, consulting, modifying, transmitting, erasing, and so on.

Data Controller: the entity that determines the purpose and means of processing. For most processing activities described in this policy, Yggra acts as the Data Controller.

Data Processor: an entity that processes personal data on behalf of a Data Controller. For Yggra Sentinel (see section 5), Yggra acts as a Data Processor for our clients — the mutual obligations are set out in a separate Data Processing Agreement (DPA).

3. When do we collect your personal data?

We collect personal data when you, among other things:

  • visit or use our website or social media;
  • complete the contact form, or contact us via e-mail, phone or post;
  • book a meeting via Calendly;
  • participate in an online or in-person meeting with Yggra (see section 4 on AI transcription);
  • download a whitepaper, report or other document;
  • apply for a vacancy or share your CV with us with a view to an interim or permanent placement via Yggra Talent;
  • become or are a client, partner or supplier of Yggra;
  • enter into an agreement with us and communicate with us in that context.

We do not collect personal data from individuals under the age of 16. Our services are exclusively aimed at professional B2B contacts.

4. AI meeting transcription (Fireflies.ai)

Yggra uses Fireflies.ai for automated transcription and summarisation of business meetings. This is a deliberate choice to enhance the quality and traceability of our service delivery.

What we do:

  • At the start of every meeting where Fireflies is present, we explicitly announce its use and request your consent before recording starts.
  • Fireflies records the audio, generates a transcript, extracts action items and decisions, and produces an AI-generated summary.
  • Audio is retained briefly; transcripts and summaries are retained for as long as useful for the engagement and in line with the retention periods in section 10.
  • Fireflies.ai Inc. (United States) acts as a sub-processor under Standard Contractual Clauses (SCCs).

Your choice:

  • You may object to recording at any time. In that case, we will disable Fireflies or jointly choose to hold the meeting without transcription.
  • You may also schedule a meeting on a platform of your choice and invite Yggra as a guest — your standards will then apply.
  • No recording takes place without prior consent of all attendees.

5. Yggra Sentinel — our role as a Data Processor

When you use Yggra Sentinel (our pricing analytics service), we process commercial transaction data from your ERP: invoices, orders, customer data, price lists, discounts, margins. This data may contain personal data (for example, contact details of your customers or employees).

For this processing, Yggra acts as a Data Processor on your instructions. You are the Data Controller. The mutual obligations are set out in a Data Processing Agreement (DPA) that forms part of our Sentinel subscription contract.

Core principles of Sentinel processing:

  • Purpose: strictly limited to the pricing analysis and reporting agreed in the engagement. No use for our own commercial purposes.
  • Sub-processors: Peliqan BV (Belgium, primary data hub), Microsoft Corporation (EU Data Boundary, storage and documents), Anthropic PBC (United States, Claude AI — exclusively in privacy mode without training use).
  • Retention period: duration of the subscription contract, plus a 30-day handover period. Thereafter all client data is fully deleted, unless a legal retention obligation provides otherwise.
  • Transfer outside the EEA: only under Standard Contractual Clauses (SCCs) and following a Transfer Impact Assessment.

A current DPA template is available on simple request via contact@yggra.eu.

6. Yggra Talent — processing of candidate data

When you apply for a Yggra vacancy, or entrust your candidacy to Yggra Talent for an interim or permanent placement with one of our clients, Yggra processes personal data as Data Controller.

Which data:

  • Identification and contact details (name, e-mail, phone number, place of residence)
  • CV, cover letter and professional background (education, work experience, certifications)
  • LinkedIn profile and publicly available professional information
  • Salary expectations and preferences regarding work environment, where relevant
  • Interview notes and assessments built up during the engagement

Legal bases:

  • Yggra's legitimate interest in identifying and approaching pricing talent for open engagements.
  • Your consent for retaining your file beyond the conclusion of a specific engagement, and for sharing your candidacy with specific client employers.

Retention period:

  • Standard: 2 years after our last meaningful contact.
  • Based on your explicit consent: extendable to 5 years, allowing Yggra to contact you for future opportunities.
  • You can request deletion at any time, subject to any ongoing contractual or legal obligations.

Transfer to clients:

We share your candidacy with a client employer only after your explicit consent and after alignment on the specific role. Candidacies are typically presented anonymously in the first phase; your identity is shared only upon mutual interest.

No automated selection:

Yggra does not use AI or algorithms to automatically select or reject candidates. Every assessment is performed by a human recruiter.

7. What personal data do we process, why, and on what legal basis?

The table below summarises the categories of personal data we process, the purpose, and the legal basis.

Legal bases — explanation:

  • Contract: processing is necessary for the performance of a contract to which you are party (or for pre-contractual steps).
  • Legal obligation: processing is necessary to comply with a legal obligation (e.g. accounting law, tax law).
  • Legitimate interest: processing is necessary for a legitimate interest of Yggra or a third party, provided your interests or fundamental rights do not override that interest.
  • Consent: you have given consent for one or more specific processing purposes.
Category of personal data Purpose Legal basis
Identification and contact data (name, company, job title, email, phone, address, IP address) Execution of our agreement, client and supplier management, invoicing Agreement
Contact details + content of your message Responding to your inquiry via contact form, email or phone Agreement / pre-contractual + legitimate interest
Contact details + calendar availability Scheduling meetings via Calendly Agreement / pre-contractual
Audio, transcripts and summaries of meetings Documenting commercial conversations, extraction of action points and decisions (see section 4) Consent (recording) + legitimate interest (storage of transcript)
Commercial transaction data from client ERP (may contain personal data) Delivery of Yggra Sentinel services (see section 5) Yggra = processor; legal basis with client
CV, motivation, professional background Assessment of your candidacy for an internal vacancy or a Talent placement (see section 6) Legitimate interest + consent
Contact details + complaint content Handling complaints about our services Agreement + legitimate interest
Contact details + payment details + invoices Compliance with legal obligations (accounting, tax law, anti-fraud) Legal obligation
Contact details + correspondence + invoices Defense and protection of our rights Legitimate interest
Contact details + feedback Improving our services, methodology and content Legitimate interest
Contact details (for newsletter / insights) Sending Yggra Insights and updates Consent (opt-in)

8. To whom do we transfer your personal data?

Within Yggra, your personal data is accessible only to staff members who need it to perform their duties.

Yggra collaborates with a number of external service providers who process your personal data on our instructions (sub-processors). A contractual arrangement compliant with the GDPR is in place with each sub-processor.

Current list of sub-processors:

Sub-processor Role Processing location Transfer safeguard
Webflow Inc.Website hostingUnited StatesStandard Contractual Clauses (SCC)
Microsoft CorporationEmail, file storage, Teams, SharePointEU Data BoundaryWithin EEA
Peliqan BVData hub for Yggra Sentinel and internal dashboardBelgiumWithin EEA
Fireflies.ai Inc.Meeting transcription and AI summary (section 4)United StatesSCC
Anthropic PBC (Claude)AI assistance for analysis, reporting and content (privacy mode)United StatesSCC
OpenAI (ChatGPT)AI assistance for non-sensitive tasksUnited StatesSCC
Calendly LLCMeeting schedulingUnited StatesSCC
Overloop.aiCommercial outreachFranceWithin EEA
Canva Pty LtdVisual content and designAustraliaAdequacy decision
ContentStudioSocial media content schedulingPakistanSCC + Transfer Impact Assessment
Odoo S.A.CRM, project management, invoicing, subscriptionsBelgiumWithin EEA
Accounting & social secretariatAccounting and payroll administrationBelgiumWithin EEA
Legal and tax advisorsLegal and tax advice (ad hoc)BelgiumWithin EEA

This list is updated periodically. The most recent version is available on simple request.

We may also transfer your personal data when legally required to do so (for example, to supervisory or law enforcement authorities).

9. Transfers outside the European Economic Area

A number of our sub-processors are established outside the European Economic Area (EEA), primarily in the United States. For each transfer to a country outside the EEA for which the European Commission has not adopted an adequacy decision, we rely on the Standard Contractual Clauses (SCCs) as adopted by the European Commission, supplemented with the necessary technical and organisational measures.

For ContentStudio (Pakistan), we have conducted an additional Transfer Impact Assessment and we limit processing to only the functional data necessary for social media scheduling.

10. How long do we retain your personal data?

We retain your personal data no longer than necessary for the purpose for which it was collected. Specific retention periods:

  • Client files and agreements: up to 10 years after end of contract (civil statute of limitations).
  • Accounting records (including invoices): 7 years (legal retention obligation).
  • Tax records: 10 years.
  • Sentinel client data: subscription duration + 30-day handover period.
  • Meeting transcripts and summaries: engagement duration + 3 years, unless longer retention is necessary for legal defence.
  • Prospect and contact data: 3 years after last meaningful contact, unless you unsubscribe or object earlier.
  • Newsletter subscriptions: until you unsubscribe.
  • Applicants for internal vacancies: 1 year after conclusion of the procedure, unless you explicitly consent to longer retention.
  • Talent candidates: 2 years after last meaningful contact, extendable to 5 years with explicit consent.
  • Website log data: maximum 12 months.

For procedural or evidentiary purposes, certain data may be retained longer, in line with applicable statutes of limitation.

11. Your privacy rights

Under the GDPR, you have the following rights:

  • Right of access (art. 15 GDPR): to know whether and which personal data we process about you, with associated information on purpose, retention period, recipients and rights.
  • Right to rectification (art. 16 GDPR): to have inaccurate or incomplete data corrected.
  • Right to erasure ("right to be forgotten", art. 17 GDPR): to have your data deleted, insofar as this does not conflict with legal retention obligations or the establishment of a legal claim.
  • Right to restriction of processing (art. 18 GDPR): to ask us to temporarily suspend processing.
  • Right to data portability (art. 20 GDPR): to receive the data you provided in a structured, commonly used format, or to have it transferred to another Data Controller.
  • Right to object (art. 21 GDPR): to object to processing based on our legitimate interest.
  • Right not to be subject to automated decision-making (art. 22 GDPR): Yggra does not make decisions about you based solely on automated processing.
  • Right to withdraw consent (art. 7 GDPR): when processing is based on consent, you may withdraw it at any time.

How to exercise these rights?

Send an e-mail to contact@yggra.eu. To verify your identity, we may ask you to include a copy of the front of your ID card (the photo may be covered).

We will respond to your request in principle within one month. For complex requests, this period may be extended to three months, of which we will inform you in good time.

Exercising your rights is free of charge, unless your request is manifestly unfounded or excessive (for example, due to its repetitive nature).

12. Security of your personal data

Yggra has implemented reasonable and appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction. These include:

  • Multi-factor authentication on all critical systems;
  • Encryption of data in transit (TLS) and at rest where applicable;
  • Strict access control on a need-to-know basis;
  • Periodic review of user access and sub-processors;
  • Contractual obligations on sub-processors to maintain equivalent measures.

13. Complaints

If you believe we are not processing your personal data correctly, please contact us first via contact@yggra.eu — we are happy to seek a resolution together.

You may also file a complaint with the supervisory authority:

Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données)
Drukpersstraat 35
1000 Brussels, Belgium
Tel.: +32 (0)2 274 48 00
E-mail: contact@apd-gba.be
Website: www.dataprotectionauthority.be

14. Changes to this policy

This privacy policy may be amended to comply with new legislation, changes in our services, or feedback. The most recent version is always available at yggra.eu. For material changes, we will actively notify you.

Any questions? Send a message to contact@yggra.eu.