Privacy Policy

Last update: September 03th 2021

1) General information regarding Steepconsult

Steepconsult is a brand of Positive Thinking Company S.A. which is established in Belgium. Positive Thinking Company S.A. is legally registered in accordance with Belgian law with registered offices in Chaussée de Charleroi, 112, 1060 Brussels, Belgium and registered under the company number 0895.492.518

2) Steepconsult’s commitments regarding the protection of personal data

Given the importance of protecting personal data, Steepconsult is committed to adhere to regulations concerning the privacy, especially to the local laws in relation with the enforcement of the GDPR within the countries we operate, as well as the General Data Protection Regulation of 27 April 2016 (“GDPR”), and take all reasonable measures to ensure that personal data provided to us will remain properly handled, confidential where appropriate and safely protected.

This Privacy Policy published on our website explains why and how we collect, record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose, align or combine, restrict, erase or destroy your personal data when you use our services, visit our website, use our mobile application or interact with us. This Privacy Policy also instructs you how to exercise your rights relating to your personal data.

More specifically, Steepconsult undertakes to respect the following principles:

  1. your personal data are processed lawfully, fairly, and transparently, in accordance with article 5.1 a) of the GDPR;
  2. your personal data are collected for specific, explicit and legitimate purposes and are not further processed in way incompatible with these purposes, in accordance with article 5.1 b) of the GDPR;
  3. your personal data are stored in an appropriate and relevant manner and are limited to what is necessary for the purposes for which they are processed, in accordance with article 5.1 c) of the GDPR;
  4. your personal data are accurate, kept up to date and all reasonable steps are taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased or rectified without delay, in accordance with article 5.1 d) of the GDPR;
  5. your personal data are kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data are processed, in accordance with article 5.1 e) of the GDPR;
  6. in accordance with article 5.1 f) of the GDPR, Steepconsult implements appropriate technical and organizational measures to ensure appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
    1. Finally, Steepconsult undertakes to comply with all other principles required under the applicable regulations on the protection of personal data.

However, Steepconsult does not accept unauthorized idea submissions outside of established business relationships. To protect the interests of our current clients and ourselves, we must treat the issue of such submissions with great care. Importantly, without a clear business relationship, Steepconsult cannot and does not treat any such submissions in confidence. Accordingly, please do not communicate unauthorized idea submissions to Steepconsult through this website. Any ideas disclosed to Steepconsult outside a pre-existing and documented confidential business relationship are not confidential and Steepconsult may therefore develop, use and freely disclose or publish similar ideas without compensating you or accounting to you. Steepconsult will make every reasonable effort to return or destroy any unauthorized idea submissions without detailed review of them. However, if a review is necessary in Steepconsult’s sole discretion, it will be with the understanding that Steepconsult assumes no obligation to protect the confidentiality of your idea or compensate you for its disclosure or use. By submitting an idea or other detailed submission to Steepconsult through this website, you agree to be bound by the terms of this stated policy.

By accepting this Privacy Policy, the data subject declares that he or she is familiar with the information below and authorizes Steepconsult in line with what is outlined below, to process data of a personal nature which is transmitted via the services (including via online forms, applications, e-mails sent to Steepconsult e-mail addresses, cookies, etc.).

If you have any questions regarding this Privacy Policy, please contact the following e-mail address:

3) Items of personal information which may be collected and processed by Steepconsult

When using Steepconsult’s services or contacting and interacting with us, you may provide us with your personal information voluntarily which is collected on an individual basis. This includes:

Steepconsult uses cookies on its website. To access Steepconsult cookies policy, click on this link.

4) Methods of personal data collection

Steepconsult may collect the personal information or data set forth in Article 3 of the Privacy Policy when you use our services, website or applications.

5) Purposes for which the information is collected and processed

The main purposes for which Steepconsult collects and processes your personal information are as follows:

To perform our contractual obligations and enable an appropriate level of service

For customer care purposes

To communicate with you

For direct marketing purposes

For your career (applications processing).

6) Legal basis of the processing of your personal data

Steepconsult processes your personal data (i) on the basis of your explicit consent, (ii) to perform the contract or in order to take steps at the request of the data subject prior to entering into a contract, (iii) to comply with legal obligations Steepconsult is subject to or (iv) to perform Steepconsult’s legitimate interests.

Your consent may always be withdrawn at any time in accordance with Article 10. In such case, be aware that the withdrawal of consent shall not affect the lawfulness of processing based on your consent before the withdrawal.

Furthermore, if you refuse to provide Steepconsult with some personal data or if you provide Steepconsult with incomplete or inaccurate information required for the performance of the contract or for compliance with a legal obligation, be aware that we may not be able to provide or deliver your all or parts of the services, which you may have requested from us in full quality.

When we process your personal data for our legitimate interests, Steepconsult ensures that a balance of these interests against your legitimate interests has been done. When necessary we have taken appropriate measures to limit implications and prevent unwarranted harm to you.

7) Disclosure to Third Parties

Potential recipient of your Personal Data

Steepconsult may disclose certain personal information to third parties, such as authorized Steepconsult’s employees, undertakings of Steepconsult’s group (i.e. undertakings of the Positive Thinking Company Group), and strategic partners that work with Steepconsult to provide products and services.

However, Personal Data will not be shared with third parties for their marketing purposes.

Steepconsult may be required by law, legal process, litigation and/or requests from public and governmental authorities within or outside your country of residence to disclose your personal information.

Steepconsult may disclose personal information, on a legitimate basis, if Steepconsult determines that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.

Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

Steepconsult will use its best endeavors to ensure that its employees and strategic partners who are involved in the collection, processing and disclosure of personal information will observe and adhere this privacy policy.

Transfers of Personal Data to third countries

You are informed that Steepconsult may transfer your Personal Data to third parties located outside the European Union in order to be processed and stored.

In that context and if applicable, Steepconsult undertakes to guarantee the processing of your Personal Data in accordance with Article 46 of the GDPR.

8) Technical measures for protecting personal Information

To secure the safety of personal information from a loss, theft, leak, falsification, or damage, Steepconsult implements the following technical, managerial and physical devises:

9) Period for Personal Data retention

Steepconsult will retain your personal information collected for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law or until the information are required to be deleted by you.

10) Your rights to the personal data collected

As being the data subject, you have the following rights which can be exercised at the following email address:

If you choose to request information from Steepconsult you may need to communicate personal information of a general nature. In addition to, if you choose to correspond further with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protection for these electronic communications that we employ in the maintenance of information received by mail or telephone.

Your rights, resulting from the law of July 30th 2018 on the protection of natural persons with regards to the processing of personal data and the GDPR nevertheless remain guaranteed for as much and insofar as this technology allows it.

The right of access:

Any individual concerned may access the data concerning him, processed by Steepconsult and, if necessary, request that incorrect data be corrected or deleted.

The right of rectification:

Steepconsult makes it easy for you to keep your personal information accurate, complete and up to date. You have the right to obtain from Steepconsult the rectification of inaccurate or incomplete personal data concerning you.

The right to be forgotten:

You have the right to obtain the erasure of your personal data stored by Steepconsult in the situations provided by the GDPR such as in situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed as well as situations where they were processed unlawfully.

The right to restriction of processing:

You have the right to obtain from Steepconsult a limitation of the processing of your personal data without deleting the personal data concerned on the conditions stated in the GDPR.

The right to data portability:

You have the right to recover some of your data for your own use or to transmit them to another company in the conditions provided by the GDPR.

The right to object:

You have the right to object at any time to the processing of your data for prospecting and marketing purposes, including profiling and direct marketing.

The right to withdraw consent:

When the processing of your personal data is subject to your prior consent, you have the right to withdraw your consent at any time.

You shall be aware that the withdrawal of consent shall not affect the lawfulness of processing based on your consent before the withdrawal. In case of withdrawal, it may mean that we will not be able to provide or deliver you all or parts of the service.

The right to lodge a complaint:

You have the right to lodge a complaint with the competent Data Protection Authority (DPA) if you consider that the processing of your personal data constitutes a violation of the GDPR.

11) Communication with you and notification to the Data Protection Authority in case of a breach of your personal data

We will communicate immediately, when your personal data are breached, to you and the relevant Data Protection Authority every time it is required by the GDPR. This communication about your personal data breach will describe in clear and plain language the nature of the personal data breach and contain at least the following information and measures:

This communication shall not be required if any of the following conditions are met:

12) The Data Controller and the Data Protection Officer:

The Data Controller is  Positive Thinking Company S.A., with registered offices in Chaussée de Charleroi, 112 in 1060 Brussels and registered under the company number 0895.492.518 (email:

In order to ensure the security of your personal information and to protect your rights and freedoms, Steepconsulthas appointed a Data Protection Officer:

Mr. Cédric Neef de Sainval

Address:  Chaussée de Charleroi, 112 in 1060 Brussels, Belgium