Privacy Policy
1. Who we are
PropTech Lab SRL, doing business as EightySeven, is the controller of the personal data described in this Privacy Policy, unless we clearly state otherwise.
Legal entity: PropTech Lab SRL
Trade name: EightySeven
Registered address: Avenue Louise 350, 1050 Ixelles, Belgium
VAT / enterprise number: BE0723 968 210
Website: https://eightyseven.com
Privacy contact: [insert privacy email]
For questions about this Privacy Policy or the way we process personal data, please contact us at [insert privacy email].
2. Who this Privacy Policy applies to
This Privacy Policy applies to personal data relating to:
website visitors;
event, workshop, webinar, conference, and programme attendees;
members and prospective members;
customers and prospective customers;
sponsors, partners, speakers, mentors, investors, advisors, and ecosystem stakeholders;
newsletter subscribers and marketing contacts;
representatives, employees, founders, directors, and contact persons of companies and organisations that interact with us;
suppliers, service providers, and professional contacts.
Most of our services are aimed at businesses, professionals, organisations, institutions, and ecosystem participants. However, this Privacy Policy also applies where we process personal data relating to individuals acting in a private capacity.
3. Personal data we collect
Depending on how you interact with us, we may collect and process the following categories of personal data.
3.1 Identity and contact data
This may include:
first name and last name;
job title, role, seniority, and professional profile;
company or organisation name;
business address and billing address;
email address;
phone number;
LinkedIn profile or other professional profile;
country, city, and preferred language.
3.2 Company, billing, and transaction data
This may include:
legal company name;
VAT number, enterprise number, or tax identification number;
billing contact details;
invoicing details, including Peppol or e-invoicing details where applicable;
order details;
membership plan, subscription status, renewal date, cancellation status, and payment history;
event ticket, workshop, sponsorship, or partnership purchase details;
invoices, credit notes, payment references, and accounting records.
3.3 Payment data
Payments may be processed through third-party payment providers such as Stripe or through bank transfer, invoice, direct debit, or other approved payment methods.
We do not intentionally store full card numbers or full payment authentication details. Payment providers may process payment information directly under their own terms and privacy notices.
3.4 Membership and community data
This may include:
membership type and membership history;
onboarding information;
areas of interest;
event and workshop participation;
member directory information, where applicable;
introduction requests and networking preferences;
communications with our team;
participation in community platforms, groups, forums, or member-only activities.
3.5 Event and workshop data
This may include:
registration details;
attendee name, company, role, and contact details;
ticket type and attendance status;
dietary, accessibility, or participation requirements voluntarily provided by you;
check-in data;
feedback, survey responses, and questions submitted during sessions;
photos, video, audio, livestreams, or recordings where applicable.
3.6 Marketing and communication data
This may include:
newsletter subscription status;
communication preferences;
email opens, clicks, and interactions;
event interests and campaign source;
responses to surveys, forms, invitations, or promotional campaigns;
records of consent, opt-outs, and unsubscribe requests.
3.7 Website, device, and technical data
This may include:
IP address;
device type, browser type, operating system, and approximate location;
pages viewed and links clicked;
referral source;
date and time of visits;
cookie identifiers and similar technologies;
analytics and performance data;
security logs and access logs.
3.8 Content and communications you provide
This may include:
messages sent through forms, email, social media, or community channels;
speaker bios, photos, logos, company descriptions, pitch materials, and presentation materials;
testimonials, reviews, feedback, and survey responses;
files or information submitted for events, memberships, programmes, sponsorships, or partnerships.
3.9 Special category data
We do not seek to collect sensitive personal data unless it is necessary for a specific purpose or you voluntarily provide it. For example, dietary or accessibility information may indirectly reveal health, religious, or other sensitive information. We use such information only to support your participation in an event or service, and we restrict access to those who need it.
Please do not send us sensitive personal data unless it is necessary for the relevant service or we specifically request it.
4. How we collect personal data
We collect personal data in the following ways:
directly from you when you complete a form, purchase a ticket, buy a membership, register for an event, subscribe to a newsletter, contact us, or communicate with us;
from your company, employer, colleague, or another authorised representative when they register or purchase on your behalf;
from payment providers, ticketing platforms, event platforms, community platforms, CRM tools, email tools, and website tools used to deliver our services;
from publicly available professional sources, such as company websites, LinkedIn, public registers, event pages, press releases, and professional directories;
from partners, sponsors, speakers, investors, mentors, and ecosystem stakeholders where they introduce you to us or invite you to participate in our activities;
automatically through cookies and similar technologies when you use our website.
5. Why we process personal data and legal bases
We process personal data only where we have a lawful basis to do so under applicable data protection law.
Providing our website and responding to enquiries
Examples: contact forms, website operation, and support requests.
Legal basis: legitimate interests and steps before entering into a contract.Selling and delivering memberships, subscriptions, events, workshops, and services
Examples: registration, access, onboarding, customer support, and fulfilment.
Legal basis: contract and legitimate interests.Managing billing, payments, accounting, tax, and e-invoicing
Examples: invoices, VAT records, payment follow-up, and Peppol or e-invoicing details.
Legal basis: contract, legal obligation, and legitimate interests.Organising events, workshops, conferences, and programmes
Examples: registration, check-in, attendee management, session delivery, and logistics.
Legal basis: contract and legitimate interests.Facilitating networking and community participation
Examples: member introductions, member directories, community activities, and partner connections.
Legal basis: contract, legitimate interests, and consent where required.Sending service communications
Examples: event updates, membership notices, payment reminders, and operational emails.
Legal basis: contract and legitimate interests.Sending newsletters and marketing communications
Examples: invitations, updates, campaigns, offers, and ecosystem news.
Legal basis: consent and legitimate interests where permitted.Documenting and promoting events
Examples: photos, videos, recaps, social media posts, website content, and reports.
Legal basis: legitimate interests and consent where required.Improving our services and communications
Examples: feedback, analytics, surveys, and engagement data.
Legal basis: legitimate interests and consent where required for cookies or similar technologies.Protecting security and preventing misuse
Examples: fraud prevention, access logs, incident management, and abuse prevention.
Legal basis: legitimate interests and legal obligation.Complying with legal obligations
Examples: accounting, tax, company records, and regulatory requests.
Legal basis: legal obligation.Establishing, exercising, or defending legal claims
Examples: contract enforcement, dispute management, and legal correspondence.
Legal basis: legitimate interests and legal obligation.
Where we rely on legitimate interests, we do so only where we believe our interests are not overridden by your rights and freedoms.
Where we rely on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect processing that took place before withdrawal.
6. Events, photography, video, and recordings
We organise and participate in events, workshops, conferences, webinars, roundtables, and community activities. These activities may be photographed, filmed, livestreamed, or recorded.
We may use event photos and videos for:
event documentation;
internal reporting;
community communications;
website and social media updates;
newsletters;
promotional materials;
post-event summaries and ecosystem reporting.
We generally rely on legitimate interests for wide-angle, crowd, atmospheric, and non-intrusive event photography or video. We will request consent where required, especially for testimonials, interviews, close-up promotional use, or uses that are not reasonably expected.
If you do not want to appear in identifiable event photos or videos, please inform us before or during the event. We will make reasonable efforts to accommodate your request, but this may not always be possible in crowd settings or public event areas.
7. Marketing communications
We may send you newsletters, invitations, event announcements, membership updates, ecosystem news, partner opportunities, and relevant commercial communications.
We may send marketing communications where:
you have subscribed or given consent;
you are an existing customer, member, attendee, sponsor, or partner and the communication relates to similar or relevant services;
we have a legitimate interest in contacting professional business contacts, where permitted by law.
You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us at [insert privacy email].
Even if you opt out of marketing communications, we may still send service, transactional, legal, payment, security, or membership-related communications where necessary.
8. Cookies and similar technologies
Our website may use cookies, pixels, local storage, analytics tags, and similar technologies.
8.1 Types of cookies we may use
We may use:
strictly necessary cookies required for the website to function, security, checkout, forms, or consent management;
functional cookies that remember preferences or improve the user experience;
analytics cookies that help us understand how visitors use the website;
marketing cookies or pixels used to measure campaigns, personalise communications, or support advertising.
8.2 Consent
Strictly necessary cookies may be used without consent because they are required for the website to operate. Analytics, marketing, and non-essential cookies will be used only where consent is required and obtained through the cookie banner or preference tool.
You can change or withdraw cookie consent using the cookie settings tool on our website, where available. You can also manage cookies through your browser settings.
8.3 Cookie details
Based on the cookie audit performed before publication, the website uses the following cookies, pixels, tags, and similar technologies. This table should be reviewed whenever EightySeven adds, removes, or changes website tools, analytics, advertising pixels, forms, payment flows, or event registration tools.
Framer website platform cookies
Provider: Framer
Purpose: Supports website delivery, site functionality, session handling, security, and technical operation of the website.
Category: Strictly necessary / functional
Duration: Session to approximately 1 year, depending on the cookie.Google Analytics cookies, including
_gaand_ga_*
Provider: Google
Purpose: Measures website traffic, page views, user interactions, and aggregated website usage statistics.
Category: Analytics
Duration: Up to approximately 2 years.Google tag / measurement cookies, including
FPID,FPLC,FPAU,FPGSID, and similar measurement identifiers
Provider: Google
Purpose: Supports analytics, campaign measurement, conversion measurement, and attribution where Google tags are used.
Category: Analytics / marketing
Duration: Session to approximately 2 years, depending on the cookie.HubSpot tracking cookies, including
__hstc,__hssc,__hssrc, andhubspotutk
Provider: HubSpot
Purpose: Helps understand visitor sessions, page views, form interactions, CRM attribution, and marketing engagement.
Category: Analytics / marketing
Duration: Session to approximately 6 months, depending on the cookie.Meta Pixel cookie, including
_fbp
Provider: Meta
Purpose: Measures advertising performance, campaign attribution, and may support retargeting or audience measurement where Meta Pixel is enabled.
Category: Marketing
Duration: Approximately 3 months.TikTok Pixel cookie, including
_ttp
Provider: TikTok
Purpose: Measures campaign performance, conversion attribution, and may support advertising or retargeting where TikTok Pixel is enabled.
Category: Marketing
Duration: Up to approximately 13 months.Stripe payment and fraud-prevention cookies, including
__stripe_mid,__stripe_sid, and related Stripe cookies
Provider: Stripe
Purpose: Enables secure payment processing, fraud prevention, checkout functionality, and payment security when a user interacts with Stripe checkout or payment pages.
Category: Strictly necessary
Duration: Session to approximately 1 year, depending on the cookie.Cloudflare security cookie, including
__cf_bm, where active
Provider: Cloudflare
Purpose: Supports bot management, fraud prevention, traffic security, and protection of website or third-party platform services.
Category: Strictly necessary
Duration: Approximately 30 minutes.Event, workshop, or registration platform session cookies, where active
Provider: Relevant event or registration platform
Purpose: Supports event registration, login/session handling, booking flows, checkout, and fraud/security controls for events or workshops.
Category: Strictly necessary / functional
Duration: Session to the period specified by the relevant platform.
Analytics and marketing cookies are used only where the user has given consent through the website’s cookie banner or consent tool, unless an applicable legal exception applies. Visitors can change or withdraw their cookie choices through the cookie settings tool where available.
9. Sharing personal data
We may share personal data with the following categories of recipients where necessary and lawful:
our team members, contractors, and authorised representatives;
payment processors, such as Stripe;
banks, accounting providers, invoicing providers, Peppol/e-invoicing providers, and tax advisers;
website hosting providers, IT providers, CRM providers, email tools, form tools, analytics tools, and security providers;
event registration platforms, community platforms, webinar platforms, video conferencing tools, event apps, and ticketing tools;
venues, caterers, security providers, photographers, videographers, production providers, and other event suppliers;
speakers, moderators, facilitators, mentors, sponsors, and partners, where needed for the relevant event, membership, programme, or opportunity;
professional advisers, insurers, auditors, lawyers, and consultants;
public authorities, courts, regulators, law enforcement, or tax authorities where required by law or necessary to protect rights.
We do not sell personal data.
We do not share attendee, member, or customer contact lists with sponsors or partners for their independent marketing unless we have a lawful basis to do so and, where required, your consent or clear notice has been provided.
10. International transfers
Some service providers may process personal data outside the European Economic Area. Where this occurs, we take steps to ensure that appropriate safeguards are in place, such as:
an adequacy decision by the European Commission;
Standard Contractual Clauses approved by the European Commission;
additional technical, contractual, and organisational safeguards where required.
11. How long we keep personal data
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide services, comply with legal obligations, resolve disputes, maintain records, and enforce agreements.
Indicative retention periods are:
Data categoryIndicative retention periodCustomer, membership, and subscription recordsDuration of the relationship plus up to 10 years where needed for accounting, tax, contractual, or legal purposesInvoices, accounting, VAT, and tax recordsAs required by applicable accounting and tax law, generally up to 10 yearsEvent registration and attendance recordsUp to 3 years after the event, unless longer retention is needed for legal, reporting, partnership, or contractual reasonsEvent photos and videosAs long as relevant for documentation, archive, communication, or promotional purposes, unless a valid objection requires removal where possibleMarketing contactsUntil unsubscribe, withdrawal of consent, objection, or inactivity reviewEnquiry and sales communicationsUp to 3 years after the last meaningful interaction, unless a longer period is justifiedWebsite analytics and cookie dataAccording to the applicable cookie duration and consent settingsLegal claims and dispute recordsAs long as necessary for the establishment, exercise, or defence of legal claims
We may retain anonymised or aggregated data for longer because it no longer identifies individuals.
12. Security
We use reasonable technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
These measures may include access controls, authentication, secure service providers, internal policies, backups, limited access rights, staff awareness, and contractual safeguards with service providers.
No system is completely secure. If you believe your interaction with us is no longer secure, please contact us immediately at [insert privacy email].
13. Your rights
Subject to applicable law and the conditions under the GDPR, you may have the right to:
be informed about how your personal data is processed;
access your personal data;
request correction of inaccurate or incomplete personal data;
request deletion of your personal data;
request restriction of processing;
object to processing based on legitimate interests;
object to direct marketing at any time;
request data portability where applicable;
withdraw consent where processing is based on consent;
not be subject to certain decisions based solely on automated processing that produce legal or similarly significant effects.
To exercise your rights, please contact [insert privacy email].
We may need to verify your identity before responding. We will normally respond within one month, unless the request is complex or we are legally allowed to extend the response period.
Some rights are not absolute. For example, we may need to retain certain data for accounting, tax, contractual, security, or legal reasons.
14. Complaints
If you have a concern about how we process your personal data, please contact us first at [insert privacy email] so we can try to resolve the issue.
You also have the right to lodge a complaint with the Belgian Data Protection Authority:
Belgian Data Protection Authority / Gegevensbeschermingsautoriteit / Autorité de protection des données
Rue de la Presse 35, 1000 Brussels, Belgium
Email: contact@apd-gba.be
Website: https://www.dataprotectionauthority.be
15. Children
Our website, events, memberships, and services are intended for professionals, businesses, organisations, and adults. We do not knowingly target or collect personal data from children. If you believe a child has provided us with personal data, please contact us.
16. Third-party websites and platforms
Our website, emails, events, and community activities may link to third-party websites, platforms, sponsors, partners, payment providers, event tools, social media platforms, or community tools.
We are not responsible for the privacy practices of third parties. We encourage you to review their privacy notices before providing personal data to them.
17. Automated decision-making
We do not use personal data to make decisions based solely on automated processing that produce legal effects or similarly significant effects for individuals.
We may use limited profiling or segmentation for professional communications, such as grouping contacts by sector, role, geography, interests, membership status, event attendance, or engagement, in order to send more relevant communications.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, website, legal obligations, tools, or data practices.
The updated version will be published on this page with a new effective date. Where required by law or where changes are material, we may notify affected individuals by email or another appropriate method.