Last updated: June 6, 2026 · Génération Immo SRL · BE 0739.702.303
This policy describes how your personal data is processed in the context of the website and private space of Génération Immo. It complements the General Terms of Use and applies to any person browsing our site or using our online services.
Data Controller
Identity
Génération Immo SRL
Boulevard du Centenaire 2
B-1325 Chaumont-Gistoux, Belgium
BCE / VAT: BE 0739.702.303
IPI n° 503.169
For any questions regarding your personal data or to exercise your rights, please write to aml-rgpd@generationimmo.be.
Purposes and Legal Bases
| Purpose | Legal Basis |
|---|---|
| Create and manage the account and private space; provide requested features | Contract performance / pre-contractual measures |
| Record property preferences and send personalised notifications and alerts | Consent (withdrawable at any time) |
| Respond to requests and follow up on files | Contract performance / legitimate interest |
| Manage access and credentials for the solution; account administration | Contract performance |
| Ensure security, fraud prevention, maintenance and service improvement | Legitimate interest |
| Traffic measurement and usage statistics for the site / solution | Legitimate interest / Legal obligation |
| Handle your requests to exercise rights (access, rectification, objection, etc.) | Legal obligation |
| Comply with the agency's legal obligations (IPI ethics, AML/CFT obligations, etc.) | Legal obligation |
| Send commercial information about services similar to those provided | Legitimate interest (opt-out available) |
| Send other marketing offers or communications | Consent (withdrawable at any time) |
The Company does not sell your personal data to partners or third-party service providers.
Data Collected
Depending on the features used, the following data may be collected:
- —Identity data: name, first name, postal address, email address, phone number.
- —Professional data: profession, IPI registration number (for agent users).
- —Property preferences: search criteria, favourited listings, configured alerts.
- —Technical connection data: IP address, terminal identifier, browser type and version, operating system, navigation language, security logs.
- —Navigation data: pages visited, session duration and frequency, cookie data (see section 10).
- —Third-party module data: when you sync your calendar (Outlook / Google Calendar) or messaging (Outlook / Gmail) with the solution, the data in those modules is processed in accordance with Microsoft's or Google's privacy policies.
Retention Periods
Data is retained for as long as necessary for the purposes described, then deleted or anonymised. As a guide:
| Data Category | Retention Period |
|---|---|
| Account data (private space) | Account activity period + 24 months after last login or deletion |
| Property preferences and alerts | Account activity period or until consent is withdrawn |
| Technical and security logs | 24 months after last login or account deletion |
| Prospecting data (non-client prospects) | 3 years from collection or last contact from the prospect |
| Anti-fraud data | Legal period applicable as intermediate archive after account closure |
| Traffic and maintenance data | Retained indefinitely after full anonymisation |
| Data subject to specific legal obligations (accounting, AML/CFT, etc.) | Applicable legal period (e.g. 10 years for accounting records) |
Retaining certain data beyond its primary purpose responds to administrative, legal and security requirements, particularly to handle your requests to exercise rights and to comply with legal obligations to retain or disclose data to competent authorities.
Recipients and Processors
Your data is only accessible to authorised agency staff and its technical service providers, strictly to the extent necessary and under confidentiality obligations. Authorised internal persons are:
- —Licensed estate agents, commercial agents and trainees of the agency, within the limits of their duties.
- —Administrative staff of the business centre in which the agency is established, exclusively within the scope of their assigned tasks and under a confidentiality undertaking.
The main technical sub-processors are listed below. Each is bound by a data processing agreement (DPA) compliant with Article 28 of the GDPR:
| Sub-processor | Role | Location |
|---|---|---|
| Microsoft Corporation | Cloud hosting (Azure) of the private space and documents | EU – Belgium Central |
| Dropbox, Inc. | File storage and sharing | USA (see section 6) |
| PriceHubble AG | Property valuation tool | Switzerland / EU (see section 6) |
| Proptech Company SRL (Propteo) – BCE 0782.603.918 | Prospect CRM and lead / valuation management | EU – Braine-l'Alleud, Belgium |
| Innovative Solutions SRL – BCE 0740.541.748 | DevOps management and technical support | EU – Brussels, Belgium |
Your data is never sold to third parties.
Hosting and Transfers Outside the EEA
Data processed via the private space is hosted on the Microsoft Azure Belgium Central infrastructure, consisting of availability zones located in the Brussels periphery. Data is stored at rest on Belgian territory.
Some service providers may involve a transfer of data outside the European Economic Area (EEA). In such cases, the Company ensures that your data benefits from an equivalent level of protection through the following safeguards:
| Provider | Destination Country | Applicable Safeguard |
|---|---|---|
| Microsoft Azure | United States (possible via Cloud Act) | SCCs – Decision 2021/914 + EU–US Data Privacy Framework |
| Dropbox, Inc. | United States | SCCs – Decision 2021/914 + EU–US Data Privacy Framework |
| PriceHubble AG | Switzerland / United States (to be confirmed) | Standard Contractual Clauses (SCCs) – Decision 2021/914 |
| Propteo (Proptech Company SRL) | EU (Belgium) | Hosted within the European Union — no transfer outside EEA |
For any other transfer that may prove necessary, it will be carried out exclusively to countries with a European Commission adequacy decision, or on the basis of standard contractual clauses or binding corporate rules.
Security
Appropriate technical and organisational measures are implemented to protect your data against unauthorised access, loss, alteration or disclosure:
- —Access rights control and management; password policy and workstation locking.
- —Communications encryption (HTTPS/TLS) and database encryption at rest.
- —Security logging and intrusion detection; network zone firewalls.
- —Hosting on a certified cloud infrastructure (Microsoft Azure Belgium Central).
- —Protection of sensitive files against unauthorised direct access.
- —Request rate limiting to prevent abusive use.
- —Antivirus and protection tools on the operating environment.
Your Rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
- —Right of access – obtain confirmation that data concerning you is being processed and receive a copy.
- —Right to rectification – correct or update inaccurate or incomplete data.
- —Right to erasure – request deletion of your data, subject to legal retention obligations.
- —Right to restriction of processing – restrict processing in the cases provided for by the GDPR.
- —Right to object – in particular to processing based on legitimate interest or for prospecting purposes.
- —Right to data portability – receive your data in a structured, machine-readable format. This right does not extend to data derived or inferred by us.
- —Right to withdraw consent – at any time, without retroactive effect on prior processing.
- —Right not to be subject to automated decision-making – producing legal effects or significantly affecting you.
These rights may be exercised by writing to aml-rgpd@generationimmo.be. Proof of identity may be requested. In the case of manifestly unfounded or repetitive requests, the Company reserves the right to charge reasonable administrative fees or to refuse to comply.
Profiling and Automated Decision-Making
Personalised notifications and alerts are based on the preferences you record yourself in your account. This processing constitutes a form of profiling within the meaning of Article 4(4) of the GDPR, but it does not lead to any decision producing legal effects or significantly affecting you within the meaning of Article 22 of the GDPR. You can modify or delete your preferences at any time from your private space.
Cookie Policy
A cookie is a small text file deposited on your device during your browsing. The site uses the following cookie categories:
| Category | Description | Consent required |
|---|---|---|
| Necessary cookies | Essential for the operation of the site and private space (session, authentication, security). Without them, certain essential features are unavailable. | No |
| Functional cookies | Remember your preferences (language, display settings) to improve your experience. | No (legitimate interest) |
| Analytics cookies | Measure site audience and usage in order to improve content and performance. | Yes |
| Marketing cookies | Allow us to present content or advertising tailored to your interests, where applicable. | Yes |
You can accept, refuse or customise your choices via the cookie banner displayed on your first visit, and change your preferences at any time. You can also configure your browser to block or delete cookies, noting that disabling certain cookies may affect the operation of the site or private space.
Policy Updates
This policy may be adapted in response to legal, regulatory or technical developments. In the event of significant changes, we will inform you by email or via a prominent notice on the site, to allow you to review them before they take effect. The version in force is always the one published on the site.
By continuing to use the site or private space after notification of material changes, you are deemed to have accepted the updated policy.
Last updated: June 6, 2026.