Legal · Proximus NXT

Privacy policy

What personal data Proximus NXT processes, why, for how long, and your rights.

21 June 2026
21 June 2026
1.0

Scope — B2B SaaS, not telecom

Proximus NXT is a B2B SaaS platform (BusinessTV / Digital Media). It does none of the telecom-consumer processing in the general Proximus notice (no call/traffic/location records, no advertising joint-controllers, no device trade-in). Those sections do not apply here.

01

Who we are (controller)

The data controller is Proximus NV/SA, Boulevard du Roi Albert II 27, 1030 Brussels, Belgium (enterprise / VAT BE 0202.239.951). For any privacy request or question, use our contact form. No Data Protection Officer is appointed; privacy matters are handled through that channel.

02

Scope / who this covers

Applies to the Proximus NXT platform (digitalmedianova / digitalmedialuna / digitalmediaterra) and its public pages. Data subjects:

  • Staff users (Proximus NXT internal staff),
  • Partner users (Luna) and reseller users (Terra),
  • Customer users (Nova customer-portal accounts),
  • Public website visitors (marketing pages, brochures, status, this notice).
03

Personal data we process

Personal data we process, with examples and source
CategoryExamplesSource
Account / identityname, email, role, realm, organisationprovided at invite/sign-up
AuthenticationIdentity Platform / Firebase session, MFA enrolmentgenerated at sign-in
Workspace contentquotes, documents, channels, release notes the user authors/viewsprovided in use
Usage / audit logsactions, timestamps, IP, user-agent (ISO 27001 audit trail)generated in use
Support / commsemails sent (invitation, quote-ready, MFA, digest), contact-form leadsprovided/generated
Preferenceslanguage, theme, layout, density (cookies)set by the user

We do not process special-category data, and the platform accesses workspace content only as needed to provide the service. Public-site analytics (Cloudflare Web Analytics) is cookieless and collects no personal data.

05

Cookies

We use only strictly-necessary and user-set functional cookies; no advertising or third-party tracking cookies, so no consent banner is required (ePrivacy consent-exemption). Full detail — categories, per-cookie table and how to manage them — is in the cookie policy.

06

Who we share data with (subprocessors)

No advertising partners, no joint-controllers, no data sale. All subprocessors are EU-established and process data only on our instructions under their data-processing terms:

Subprocessors, purpose and region
SubprocessorPurposeRegion
Google Cloud (Cloud Run, Cloud SQL, Cloud Storage)hosting, database, file storageeurope-west1 (Belgium)
Google Identity Platform / Firebase Authauthentication, MFAEU (europe-west1 residency)
Resendtransactional email deliveryEU region
Cloudflarecookieless web analyticsEU
07

International transfers

All processing and storage is within the EU (GCP europe-west1; Resend EU; Cloudflare EU). No transfers outside the EEA are intended.

08

Retention

We keep personal data only as long as needed for the purpose, then delete or anonymise it:

Retention period per data class
Data classRetention
Customer + customer-user recordsContract end + 7 years (accounting/tax)
Staff-user recordsEmployment end + 5 years
Quote data (incl. context)Quote close + 7 years
Audit logs (action, IP, user-agent)7 years (ISO 27001); IP/UA nulled at 12 months
Session tokens~15 minutes (auto-expire; no persistent session store)
Application logs30 days
Preference cookies365 days

The seven-year window reflects the Belgian accounting/tax retention obligation. Where the law requires longer retention of specific records, we keep those for the period required.

09

Your rights (GDPR Art. 15–22)

You have the right of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where applicable. You can exercise the access, portability and erasure rights from your account, or through our contact form. We respond within the one-month statutory window. You may lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

10

Changes

We update this notice as the platform evolves; material changes will be dated and surfaced on this page.

Questions about this document?

Talk to a human.

For access, correction, erasure or any question about this document, reach us through our contact form — we respond within one month.

Contact us

© 2026 Proximus NV/SA · Boulevard du Roi Albert II 27, 1030 Brussels, Belgium · VAT BE 0202.239.951. This document is governed by Belgian law.