Privacy Policy

AUTRUN PRIVACY STATEMENT

Effective date: January 2026
Last updated: January 2026

1. Who We Are

1.1 Autrun

This Privacy Statement applies to Autrun Holding B.V. (with address at Veluwestraat 43, 2800 Mechelen, Belgium and Belgian company number 1031.101.189) and its subsidiaries (Autrun NL B.V. and Autrun BE B.V.), jointly referred to as “Autrun”, “we”, or “us”.

Autrun acts as Data Controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) for the processing activities described in this Privacy Statement.

Contact details:
Autrun BE Privacy Office
Veluwestraat 43
2800 Mechelen
Belgium
Email: privacy@autrun.io

Autrun NL Privacy Office
Ceresstraat 1 - 1st floor
4811 CA Breda
Netherlands
Email: privacy@autrun.io

1.2 Data Protection Officer

Autrun has not appointed a Data Protection Officer, as it is not legally required under Article 37 GDPR.
For all questions regarding personal data processing, you may contact our Privacy Office using the contact details above.

2. Personal Data We Collect

We process personal data only to the extent necessary for our business activities and services. This may include:

2.1 Categories of Data

  • Contact Information: name, professional email address, phone number, job title, company name
  • Client & Project Data: information shared in the context of providing our services
  • Billing & Administrative Data: invoicing details, payment-related information
  • Website & Usage Data: IP address, browser type, device information, website interaction data

2.2 Mandatory vs. Optional Data

Certain personal data are necessary to enter into and perform a contractual relationship with Autrun. If such data are not provided, we may be unable to deliver our services. Other data are provided voluntarily.

3. Purposes and Legal Bases of Processing

3.1 We process personal data only where a valid legal basis applies:

Purpose

Legal Basis

Service delivery, project execution, client communication

Performance of a contract (Art. 6(1)(b) GDPR)

Billing, accounting, compliance with tax and company law

Legal obligation (Art. 6(1)(c) GDPR)

Business operations and relationship management

Legitimate interest (Art. 6(1)(f) GDPR)

Marketing communications

Consent or legitimate interest (Art. 6(1)(a) or (f) GDPR)

3.2 Marketing Communications

We may send information about our services:

  • where you have explicitly consented; or
  • where you are an existing business client, and the communication relates to similar services, based on our legitimate interest.

You may object to marketing communications at any time by using the unsubscribe link or by contacting us at privacy@autrun.io.

4. Data Sharing and Processors

We do not sell personal data.

We may share personal data with trusted third parties acting as data processors on our behalf, including:

  • Odoo – CRM, invoicing, and project management
  • Google Workspace – email, document storage, and collaboration
  • Financial Service Providers – accountants, banks, and payment processors
  • Legal or Public Authorities – where required by law

All processors are bound by Data Processing Agreements (DPAs) in accordance with Article 28 GDPR.

5. International Data Transfers

Some service providers may process personal data outside the European Economic Area (EEA).

Where such transfers occur, Autrun ensures appropriate safeguards are in place, including:

  • European Commission Standard Contractual Clauses (SCCs); or
  • transfers to countries covered by an adequacy decision under Article 45 GDPR.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Client & Contractual Data: up to 7 years after the end of the contractual relationship, in accordance with Belgian tax and accounting obligations
  • Billing & Financial Records: as required by applicable law
  • Marketing Data: until you withdraw consent or object to processing

After expiry of the retention period, data are securely deleted or anonymised.

7. Your Rights

Under the GDPR, you have the right to:

  • access your personal data
  • rectify inaccurate or incomplete data
  • request erasure of your data (“right to be forgotten”)
  • restrict or object to processing
  • withdraw consent at any time (where applicable)
  • data portability, where legally applicable

You may exercise your rights by contacting privacy@autrun.io.

8. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with the competent supervisory authority.

In Belgium, this is:

Gegevensbeschermingsautoriteit (GBA / APD)
Drukpersstraat 35
1000 Brussels
Belgium
Website: www.gegevensbeschermingsautoriteit.be

9. Automated Decision-Making

Autrun does not engage in automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Article 22 GDPR.

10. Cookies and Website Tracking

Our website may use cookies and similar technologies. For more information, please consult our Cookie Policy, available on our website.

11. Changes to This Privacy Statement

We may update this Privacy Statement from time to time. The most recent version will always be available on our website and will indicate the date of the latest update.