Privacy Policy

Your personal data and privacy are hugely important to VirtualProducts. This policy is not just a legal shield to put us in line with regulations such as the General Data Protection Regulation (further: GDPR), or still, the General Data Protection Regulation. [1]

No, this text writes our data story. It tells what personal data we process and how we treat and protect it with care.

So with this policy, we want to make you fully aware of our data policy. So you can then also make a thoughtful and informed choice about whether to use our services. We therefore assume that when you use our services, you consent to the manner of processing and our policies.

Oh, one more thing. We have done our best to keep this policy as concise and clear as possible. After all, we believe that obligations don't have to be boring.

[1] Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

1. Who processes the data?

VirtualPools BV
BE 0662.523.460
Ijzerenpoortkaai 3
2000 Antwerp
Belgium
info@virtualpools.io
+32 3 377 42 35

2. Who helps us.

Under the GDPR, we act as the data controller. This means that we decide what personal data is collected, how it’s processed, and why it’s needed.

To operate our services efficiently, we rely on carefully selected data processors — trusted third parties who process data on our behalf and under our instructions. Each processor has agreed to comply with the GDPR and to handle your data safely and responsibly.

Our processors help us with tasks such as:

• Hosting and infrastructure, to keep our platform and API available
• File processing and storage, for uploads, conversions, and backups
• Payment and invoicing, to handle subscriptions and transactions
• Email delivery and communication, to send confirmations, updates, and results
• Analytics and performance monitoring, to understand and improve how our services are used
• Customer support and CRM, to manage requests and account information
• Security and identity management, to protect accounts and prevent abuse
• Backup and disaster recovery, to ensure business continuity

We only share personal data with processors who provide sufficient guarantees of security and GDPR compliance.

All processing agreements comply with Article 28 GDPR and are reviewed annually to ensure continued compliance.

Whenever possible, data is stored and processed within the European Economic Area (EEA).
If any processing takes place outside the EEA, we ensure that appropriate safeguards — such as Standard Contractual Clauses — are in place to protect your data.

3. What data are we actually collecting?

‍The "categories of data" is a heavy GDPR term for what "types of data" we need. A small overview:

We keep personal data for as long as necessary to deliver and improve our services, comply with legal obligations, and resolve disputes. When data is no longer required, we securely delete or anonymize it during our regular data reviews.

Category of Data	Purpose	Retention Period / Criteria
Account information (name, email, login data)	Manage user accounts and provide access	While account is active + up to 7 years after closure (to comply with legal retention duties)
Billing and invoicing data (company, VAT, payment records)	Legal and accounting obligations	7 years (legal retention duty)
Device identifiers and history of use	Product functionality and support	While account is active + 24 months
Marketing contact data (email, name)	Send product updates or newsletters	Until consent is withdrawn or 24 months after last interaction
Technical logs and IP addresses	Security and performance monitoring	Up to 24 months

4.  Why do we collect this data?

We don't do this for no reason, of course. The idea is that by collecting your data we can offer you an optimal experience on our website. But what does that mean to you?

We make sure the experience on our website is as safe as possible. That's why we use the data to monitor our website so that everything runs smoothly. This is also how we try to avoid fraud and other bad intentions.

We also like to keep you informed about our products and services. That's why we send you an email very occasionally. Sometimes a promotion, sometimes just a news item. Some people also know this as direct marketing, but don't worry! The emails always contain a link to remove yourself from our database.

Google Analytics collects data for us so we can get our own insights into the audience visiting our website. Statistical data collection, it's called. IP address, which pages were visited, a geographical location of the visitor and the time of visit are processed.

We use Google Analytics only with your prior consent. When you first visit our website, a cookie banner allows you to accept or decline analytics cookies. These cookies are not placed unless you consent to their use. You can withdraw your consent or adjust your preferences at any time through the cookie settings link on our site.

For the application, we need your data to verify that you are the person using the software. After all, we wouldn't want someone to use your license without your knowledge. Therefore, we also store the Device Identifier of your iPad Pro to check how many devices are using the license. When you unregister a device, this data is automatically deleted.

We also use your company information for billing and accounting purposes.

5. Cookies

We use cookies to make our website function properly and to understand how visitors use it.

• Essential cookies ensure the site works securely and efficiently.
• Analytics cookies (such as Google Analytics) help us measure usage and improve our content.

We only place analytics cookies with your prior consent, collected through our cookie banner. You can change your consent at any time via the cookie settings.

6. What can you do? What are your rights?

6.1    Right of access

Your data will of course remain yours. You can therefore ask us at any time to inspect the data we have collected from you and how, why and for how long we have processed it. All this in the broadest sense. You will know exactly how we review your data and what happens to it. Send your request for access to info@virtualpools.io and we will send you everything we have within 1 month of the request.

6.2    Right to correct and delete personal data

You can always have your data corrected or deleted. This may be necessary, for example, when you move or create a new e-mail address. WEBSITE: If you want your data to be deleted or changed you can send this request to info@virtualpools.io . Some data unfortunately cannot be deleted just like that. We are talking about data that we have to keep based on a legal obligation (e.g. accounting) or on a contract (e.g. we still have to deliver your package). Any other request will be granted without unreasonable delay.

6.3    Right to restrict or object to data processing.

If you have submitted a request for erasure, we check the data for accuracy, the data has been processed unlawfully, or the data is necessary for a legal claim, you may request a restriction of processing. Address this request to info@virtualpools.io and we will restrict processing within a month.Do you not want us to process your data? Then object via info@virtualpools.io and then we will stop processing your data as soon as possible (within 1 month of the request). Exceptions to this are again the data we have to keep based on a legal obligation (e.g. accounting) or based on an agreement (e.g. we still have to deliver your package).

6.4    Right to data portability

You have the right to obtain the data you have provided to us in a structured, common and machine-readable form. This allows you to transfer the data to another data controller.

6.5    Right to withdraw consent.

Your consent may be revoked at any time. Naturally, this only affects the data that we have obtained on the basis of your consent. The data that we obtain or have to maintain on the basis of a legal obligation (e.g. accounting) or on the basis of a contract (e.g. we still have to deliver your package) are thus excluded.

7.    Complaints

Complaints can be lodged with the Belgian Data Protection Authority (GBA/APD)

(https://www.gegevensbeschermingsautoriteit.be/).

8. VirtualPools iOS application

Our application, VirtualPools, can also be found in the Apple Appstore. With the appropriate login credentials, one can log into the application. Only the company and contact information provided will be maintained. The above rules also apply to the application.

9. Processing via the Lead Generation Tool

9.1 Purpose of Processing

Through the Lead Generation Tool, users can upload an image of their garden, answer several pool design questions, and provide their name and email address. This data is processed to generate and send a personalized AI visualization to the user’s email address, with the associated pool installer in copy. Leads are stored in the Virtualpools database and made available to the relevant installer for follow-up.

9.2 Children’s Data

Our services, including the Lead Generation Tool, are not intended for children under the age of 16, and we do not knowingly collect or process personal data from minors. If we become aware that data from a child under 16 has been submitted, we will delete it without undue delay.

9.3 Legal Basis

Processing is based on user consent (Article 6(1)(a) GDPR) and legitimate interest (Article 6(1)(f) GDPR) in facilitating communication between potential customers and pool installers.

9.4 Categories of Data

The following personal data may be collected: first name, last name, email address, design preferences, and an uploaded photo of the garden. The photo is only processed temporarily to generate the visualization and is not stored permanently.

9.5 Retention

Lead data is retained as long as the pool installer keeps it within their Virtualpools account. Uploaded photos are deleted immediately after processing unless retention is necessary for service improvement with proper user consent.

9.6 Processors and Transfers

Virtualpools may engage carefully selected third-party service providers to support the secure hosting, storage, and AI-based processing of data. These providers act solely as data processors under written data-processing agreements that comply with the GDPR. All personal data is processed within the European Economic Area (EEA) or in jurisdictions that provide an equivalent level of data protection.

9.7 Joint Controllership

When the tool is used through an installer’s website, Virtualpools and the installer act as joint controllers. The installer may use the data for legitimate follow-up with the user. Virtualpools remains responsible for security and compliance with GDPR obligations.

9.8 Data Security

All personal data is transmitted over encrypted connections (SSL/TLS) and stored securely. Access is limited to authorized personnel only.

9.9 User Rights

Users have the right to access, correct, delete, restrict, or object to the processing of their personal data, and to withdraw consent at any time. Requests may be sent to info@virtualpools.io. Users also have the right to file a complaint with the relevant data protection authority.

9.10 Automated Decision-Making
No fully automated decision-making occurs that produces legal or similarly significant effects on users (Article 22 GDPR). The AI processing in the Lead Generation Tool is limited to generating a visual pool design and does not involve profiling or automated decisions affecting individuals’ rights.

The AI visualization is assistive only and does not constitute design advice or automated decision-making.

10 Updates

Virtualpools may update this Privacy Policy from time to time, for example to reflect changes in technology, law, or our services. The most recent version will always be available at www.virtualpools.io/privacy.

If we make material changes that significantly affect the way we process your personal data, we will inform you in a clear and timely manner — for example, by email or through a prominent notice on our website — before those changes take effect.