Last updated: March 2026

Privacy Policy — Virtualtek SRL

We are delighted you are visiting our website and thank you for your interest in our company and our services.

Data protection and data security are very important to us. We would therefore like to inform you about the personal data we may collect and what we use this data for.

We will use your personally identifiable information to contact you by mail, phone or online regarding our services and events, and for marketing, advertising and sales efforts. We may disclose personally identifiable information to trusted affiliates, independent contractors and business partners who will use the information for the purposes outlined above.

We never disclose aggregate or personal data to investors or potential partners. We never transfer information collected from you other than for legal or fiscal reasons. Where any data is transferred to third parties outside the EU, we apply equivalent security measures.

Please note that information submitted via the internet cannot be fully secured at any time. You may withdraw your permission to use your personal data at any time by contacting us at contact@virtualtek.io or contact@virtualtek.be.

We kindly ask you to routinely read this privacy policy as changes to legislation or our internal processes may require updates to its content.

1 — Controller and scope

The controller in the meaning of the EU General Data Protection Regulation (GDPR) and other applicable data protection regulations is:

VIRTUALTEK SRL — BE0689720577 Ruelle des colons, 14 4252 Omal — Belgium Tel.: +32 2 315 97 86 Email: contact@virtualtek.io · contact@virtualtek.be Website: https://www.virtualtek.io (and associated domains operated by Virtualtek SRL)

This privacy policy applies to all websites and digital services operated by Virtualtek SRL, including but not limited to virtualtek.io, virtualtek.be, and any other domains, subdomains or digital platforms operated under the Virtualtek brand.

2 — Data Protection Officer

The Data Protection Officer is the CEO of Virtualtek SRL. Contact: contact@virtualtek.io

3 — Principles of data processing

Personal data refers to all information relating to an identified or identifiable natural person — including name, address, phone number, email address, IP address and user behaviour. Anonymized information that does not allow a connection to a person is not classed as personal data.

Processing personal data always requires a legal basis or your consent. Processed personal data is deleted as soon as the purpose for which it was collected is fulfilled and statutory retention periods no longer apply.

4 — Individual processing activities

4.1 — Website provision and use

Type and scope When you visit our website, we collect personal data that your browser automatically sends to our server, stored temporarily in a log file:

• IP address of the requesting device
• Date and time of access
• Name and URL of the requested file
• Browser type and version
• Referring URL

Legal basis Art. 6 Para. 1 (f) GDPR — legitimate interest in making the website accessible and ensuring its security and stability.

Duration of storage Data is deleted as soon as it is no longer required to display the website. In some cases data may be stored longer if required by law.

4.2 — Live online events

Type and scope Virtualtek hosts live online events and webinars. If you register for one of our online events, we process the following data:

• First name and last name
• Job title and company
• Email address
• Phone number (optional)

Legal basis Art. 6 Para. 1 (b) GDPR — fulfillment of a contract or pre-contractual activities.

Duration of storage Event-related data is deleted 30 days after the event, unless required by law.

4.3 — Contact form

Type and scope When you use our contact form, we collect:

• Name
• Email address
• Company
• Message content
• Phone number (if callback requested)

Your data is not disclosed to any third party in connection with contact form inquiries.

Legal basis Art. 6 Para. 1 (a) GDPR — your consent, given at the time of submission.

Declaration of consent: By entering my data and clicking « Send », I consent to the processing of my email address, name and company for the purpose of responding to my inquiry. I accept the current privacy policy. I may withdraw my consent at any time by contacting contact@virtualtek.io.

Duration of storage Data is deleted once the inquiry has been handled and the subject matter closed.

4.4 — Email contact

General contact: contact@virtualtek.io · contact@virtualtek.be

Type and scope Data collected is limited to the email address used to contact us and any personal data disclosed within the inquiry.

Legal basis Art. 6 Para. 1 (f) GDPR — legitimate interest of both parties in communicating.

Duration of storage Data is deleted once the inquiry has been handled.

5 — AI Act and artificial intelligence processing

Virtualtek designs, deploys and operates AI infrastructure for enterprise clients, and is the exclusive European distributor of the RAIGF™ responsible AI governance framework. In this capacity, Virtualtek may process personal data in the context of AI-related services, including AI infrastructure assessments, governance implementation projects, and RAIGF™ compliance engagements.

Where personal data is processed in connection with AI systems, Virtualtek applies the principles of the EU Artificial Intelligence Act (Regulation (EU) 2024/1689, applicable from 2 August 2026) in addition to the GDPR obligations detailed in this policy. This includes applying appropriate transparency, human oversight, and risk classification measures to AI systems that process personal data.

Virtualtek does not use automated decision-making or AI-based profiling that produces legal effects or similarly significant effects on individuals without appropriate human oversight and a documented legal basis under Art. 22 GDPR.

For any questions regarding the processing of your personal data in the context of AI services or RAIGF™ engagements, contact: contact@virtualtek.io

6 — Disclosing data to third parties

We will only disclose your data to third parties if:

• You have explicitly granted your consent (Art. 6 Para. 1 (a) GDPR)
• It is necessary to fulfill our contractual obligations (Art. 6 Para. 1 (b) GDPR)
• We are obligated to do so by law (Art. 6 Para. 1 (c) GDPR)
• Disclosure is necessary to protect our legitimate interests or to assert, exercise or defend legal claims (Art. 6 Para. 1 (f) GDPR) and no overriding interest in non-disclosure exists

7 — Use of cookies

Type and scope Our website uses cookies — small files stored by your browser when you visit our pages. Some cookies are technically essential; others enable analysis of usage patterns.

Legal basis Art. 6 Para. 1 (f) GDPR for essential cookies. Art. 6 Para. 1 (a) GDPR for performance and marketing cookies, subject to your consent via our cookie banner.

Duration of storage Cookies are deleted when their purpose is fulfilled. Persistent cookies can be deleted via your browser settings.

Browser settings You can configure your browser to reject all or certain cookies. Note that disabling cookies may affect the functionality of our website.

8 — Tracking and analytics

8.1 — Google Analytics

This website uses Google Analytics (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyse website usage and improve our online offering.

Google Analytics uses cookies to collect the following information: pages visited, time and frequency of visits, browser type, approximate location (country/region), referring URL. This information is transmitted to and stored on Google servers.

We use IP anonymization: the last 8 bits of your IP address are deleted before transmission to Google, ensuring your IP address is anonymized. Google will not associate your anonymized IP address with any other data held by Google.

You can prevent Google Analytics from collecting data about your visits by installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout

Legal basis Art. 6 Para. 1 (f) GDPR — legitimate interest in analysing and improving website performance. Art. 6 Para. 1 (a) GDPR where consent has been granted via the cookie banner.

Data transfer to the USA Google LLC is based in the United States. Data transfers are governed by Google’s compliance with the EU-US Data Privacy Framework. The European Commission has issued an adequacy decision for this framework (July 2023).

9 — Hyperlinks

Our website may contain links to third-party websites. Activating a hyperlink will transfer you directly to the corresponding website. Virtualtek is not responsible for the data protection practices of linked websites. Please refer directly to the website concerned for information on how your personal data is handled.

10 — Your rights under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15 GDPR): request information about your personal data processed by us
• Right to rectification (Art. 16 GDPR): request correction of incorrect or incomplete data
• Right to erasure (Art. 17 GDPR): request deletion of your data where processing is no longer required
• Right to restriction of processing (Art. 18 GDPR): request that we restrict our use of your data
• Right to data portability (Art. 20 GDPR): receive your data in a structured, machine-readable format
• Right to withdraw consent (Art. 7 Para. 3 GDPR): withdraw previously granted consent at any time
• Right to lodge a complaint (Art. 77 GDPR): contact the supervisory authority of your Member State of habitual residence, place of work or place of the alleged infringement. In Belgium: Autorité de Protection des Données (APD) — https://www.autoriteprotectiondonnees.be

To exercise any of these rights, contact: contact@virtualtek.io. We will respond within 30 days.

11 — Right to object

In relation to the processing of your personal data on the basis of legitimate interests (Art. 6 Para. 1 (f) GDPR), you have the right to object at any time on grounds relating to your particular situation, or where your objection concerns direct marketing. Contact: contact@virtualtek.io

12 — Data portability

You may request a copy of your personal data in a structured, commonly used and machine-readable electronic format by contacting us at contact@virtualtek.io. We will respond within 30 days.

13 — Data security

Virtualtek implements extensive technological and organizational measures to prevent manipulation, loss or misuse of personal data stored on our servers. These measures are routinely reviewed and updated to reflect technological developments. They include the use of SSL/TLS encryption for data transmission.

Please note that the structure of the internet makes it possible for parties outside our control to circumvent security measures. In particular, data transmitted without prior encryption — for instance by email — can be read by third parties. Users are responsible for protecting data they provide by using appropriate means such as encryption.

14 — Applicable law and jurisdiction

This privacy policy is governed by Belgian law. Any disputes relating to this policy shall be brought exclusively before the competent courts of Liège, Belgium.

Virtualtek SRL — BE0689720577 — Ruelle des colons, 14 — 4252 Omal — Belgium contact@virtualtek.io · contact@virtualtek.be Last updated: March 2026