Privacy Policy
At Rubey, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use and safeguard your information when you visit our website, use our platform, or interact with our services. We encourage you to read it carefully and to contact us if you have any questions or wish to exercise your rights.
Version 15 December 2025
Privacy Policy
1. Who We Are
Rubey BV, operating under the commercial name Rubey, is a Belgian company registered with the Belgian Crossroads Bank for Enterprises under number BE0637.818.352.
At Rubey, we attach great importance to the protection of your personal data. We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Belgian data protection legislation.
This Privacy Policy explains what personal data we collect, how and why we process it, and what rights you have in relation to your personal data. In most cases, Rubey acts as the data controller, meaning that we determine the purposes and means of the processing.
By using our website, platform, or services, you acknowledge that certain personal data may be collected and processed as described in this policy. We encourage you to read this document carefully.
If you have any questions or wish to exercise your rights, you can contact our Privacy Coordinator at support@rubey.be.
This Privacy Policy may be updated from time to time. We therefore recommend reviewing it periodically.
2. Processing of Personal Data
Personal data refers to any information relating to an identified or identifiable natural person. This does not include anonymised data where identification is no longer possible.
Rubey applies the principle of data minimisation and only collects personal data that is necessary to deliver its services and comply with legal obligations. All personal data is processed in accordance with applicable data protection laws and must be:
• collected for specific, explicit and legitimate purposes
• processed lawfully, fairly and transparently
• accurate and, where necessary, kept up to date
• retained only for as long as necessary
• protected by appropriate technical and organisational security measures
3. Categories of Personal Data We Collect
Depending on your interaction with Rubey, we may collect one or more of the following categories of personal data:
Identification and contact data
Name, title, gender, date and place of birth, nationality, marital status, address, email address, phone number, language preferences, signature, social media links.
Corporate and professional data
Company name, company address, company role, company registration number, VAT number, Ultimate Beneficial Owner data.
Compliance and regulatory data
Know Your Customer data, Anti Money Laundering data, Anti Terrorism data, ID card data, electronic identification data, consent records.
Financial and transactional data
Bank account details, payment card details, payment history, payment balances, invoicing and accounting data.
Technical and usage data
IP address, date and time data, essential, performance, marketing and third party cookies, website usage and analytics data.
Communication and interaction data
Correspondence content, customer files, support interactions, survey responses, meeting and event participation data.
We rely on you to provide accurate and up to date information. If your data changes, please inform us so we can keep our records current.
4. Purposes of Processing
Rubey processes personal data for the following purposes:
• operation and maintenance of the corporate website
• access to and use of the investor portal and tokenisation infrastructure
• compliance with legal and regulatory obligations
• investor onboarding, qualification and verification
• customer prospecting and relationship management
• customer correspondence and support
• execution of transactions and payments
• invoicing and accounting
• newsletters and promotional communications
• organisation of meetings and events
5. Legal Basis for Processing
Personal data is processed on one or more of the following legal bases:
• your consent
• the performance of a contract or pre contractual steps
• compliance with legal or regulatory obligations
• Rubey’s legitimate interests, provided these do not override your rights and freedoms
Where processing is based on consent, you may withdraw this consent at any time. If you object to certain processing activities, Rubey will assess whether continued use of its services or a contractual relationship remains possible.
Rubey does not engage in automated decision making or profiling within the meaning of Article 22 GDPR. All acceptance or rejection decisions, including KYC related decisions, are subject to human review.
6. Data Retention
Personal data is retained for the minimum period required by applicable law or for as long as necessary to fulfil the purposes for which it was collected, taking into account legal, regulatory, accounting and contractual obligations.
7. Processing of Supplier Data
Rubey also processes personal data of suppliers and professional partners for the purpose of managing business relationships. This typically includes:
• name, work email address and work phone number of contact persons
• VAT number
• vehicle license plate number and visit timing where access to premises is required
Such data is processed securely and retained only for as long as required by law or for the establishment, exercise or defence of legal claims.
8. Processing Personal Data on Your Behalf
In certain cases, Rubey processes personal data of third parties on your behalf. In these situations, you act as the data controller and Rubey acts as the data processor.
When acting as a processor, Rubey will:
• process data only in accordance with your instructions
• implement appropriate technical and organisational security measures
• assist you in fulfilling your GDPR obligations where applicable
9. Transfer of Personal Data to Third Parties
To deliver its services, Rubey may share personal data with trusted third parties such as:
• tokenisation and investor portal providers
• banking and payment partners
• legal, tax and regulatory advisors
• accounting and business management software providers
• website analytics and marketing platforms
• social media platforms
Rubey does not transfer or store personal data outside the European Union or the European Economic Area.
All transfers are carried out in compliance with applicable data protection laws and subject to appropriate safeguards.
10. Data Received from Third Parties
If Rubey receives your personal data from a third party, it assumes that this data was obtained lawfully and with your consent. If this is not the case, please notify Rubey immediately.
Certain platforms, such as social media platforms, may act as joint data controllers together with Rubey.
11. Minors
Rubey’s services are not intended for minors. While minors may access the website, they are not eligible to complete KYC verification, or invest through Rubey.
12. Online Interactions
If you participate in online meetings, calls or conferences organised by Rubey, any information you voluntarily share may be visible or audible to other participants. Please take this into account when sharing personal data.
13. Legal Obligations
Rubey may be legally required to disclose personal data to competent authorities. Where such a legal obligation exists, you cannot object to the transfer.
14. Security and Confidentiality
Rubey implements appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access or disclosure, in line with industry best practices.
Rubey conducts regular security audits with external specialists and has procedures in place to detect, assess and manage potential personal data breaches in accordance with applicable law.
15. Website and Cookies
Rubey uses cookies and similar technologies to ensure the proper functioning of its website and to improve user experience. You will be informed of the cookies used and asked to provide consent where required.
Rubey’s web server may automatically process your IP address and domain name when you visit the website.
The website may contain links to third party websites. Rubey is not responsible for the privacy practices of these websites and encourages you to review their privacy policies.
16. Social Media
When you interact with Rubey via social media platforms or use social media functionalities on the website, personal data may be processed by the platform. In such cases, Rubey and the platform may act as joint data controllers.
Please consult the privacy policies of the relevant social media platforms.
17. Event Photography and Video
Photographs and videos may be taken during Rubey events. These images and recordings may be used for communication and marketing purposes.
If you do not wish to appear in such materials, please inform a Rubey representative during the event or contact support@rubey.be.
18. Data Protection Officer
Rubey has not appointed a Data Protection Officer, as it is not legally required to do so under Article 37 of the GDPR.
19. Your Rights
Under the GDPR, you have the right to:
• access your personal data
• rectify inaccurate or incomplete data
• request erasure under certain conditions
• object to processing, including for direct marketing
• restrict processing in specific circumstances
• withdraw consent at any time
• object to automated decision making, including profiling
• request data portability
Rubey may request proof of identity before fulfilling your request.
Requests can be sent to support@rubey.be or by post to:
Rubey BV
Attn: Maarten Van Doorslaer
Fredericusstraat 11
2640 Mortsel
Belgium
20. Supervisory Authority
If you believe that your rights have been infringed, you may lodge a complaint with the Belgian Data Protection Authority:
Gegevensbeschermingsautoriteit
Drukpersstraat 35
1000 Brussels
Belgium
www.gegevensbeschermingsautoriteit.be