Privacy Policy
Last updated: 2nd December 2025
Controller
This website and associated services (forms, applications, newsletters, emails, events registration) are operated by North Star AGI (NS2AGI) vzw, a Belgian non-profit association with registration number BE 1025.122.625, registered in Antwerp, Belgium.
For any questions regarding this Privacy Policy or to exercise your data-protection rights, you can contact us at:
- Location: Antwerp, Belgium
- Registration Number: BE 1025.122.625
- Email: [email protected] (cc [email protected])
Data We Collect
We collect the following categories of personal data when you use our platform:
Account Information
When you create an account on Etoile, we collect:
- Email address (used for login and communications)
- Name (first name and last name)
- Profile photo/avatar (if you choose to upload one)
- Login credentials and authentication data
Profile Information (Optional)
You may choose to provide additional profile information:
- Professional headline (e.g., "Product Manager")
- Bio/description about yourself
- City/location
- Occupation and company name
- Social media links (e.g., LinkedIn, Twitter, personal website)
Event Registration Data
When you register for events, we collect:
- Registration status (confirmed, pending, waitlisted, checked-in, cancelled)
- Special requests or requirements (e.g., dietary restrictions, accessibility needs)
- Check-in timestamps (when you attend events)
- Cancellation data (if you cancel, including optional reason)
Community & Organization Data
When you join or interact with communities:
- Organization memberships and roles
- Join dates and participation history
- Organization follow/unfollow actions
Usage & Analytics Data
We automatically collect technical and behavioral data:
- Event interactions (views, clicks, calendar additions, shares)
- IP address, browser type and version, device type, operating system
- Usage patterns: pages visited, time spent, navigation paths, referral sources
- Session data and activity timestamps
- Cookies for authentication, preferences, and analytics (see Cookies section below)
Communications Data
Records of our communications with you:
- Email notifications sent to you (event updates, registration confirmations)
- Notification preferences and subscription settings
- Support or inquiry messages you send us (via email or contact forms)
Note: We do not collect payment information directly. If we offer paid services in the future, payment processing will be handled by third-party payment processors who will collect necessary payment details (credit card, billing address) under their own privacy policies.
How We Collect Data
Directly from you
We collect data when you:
- Create an account or sign in
- Complete your profile (headline, bio, location, social links)
- Register for events or update your event attendance status
- Join or follow communities/organizations
- Submit special requests or preferences
- Contact us via email or support channels
Automatically via technology
We collect data automatically through:
- Cookies: Small files stored on your device for authentication and preferences
- Analytics tools: Track usage patterns, page views, and user interactions
- Server logs: Automatically record IP addresses, browser info, and access times
- Interaction tracking: When you view, click, or interact with events
From third-party services
We may receive data from third-party service providers:
- Authentication and identity management services
- Analytics and user behavior tracking services
- Email delivery and notification services
Purposes of Processing & Legal Bases
We process personal data for the following purposes, on the following legal bases:
| Purpose | Data Processed | Legal Basis |
|---|---|---|
| Provide services, event registration, user account management | Contact and registration data, payment info if relevant | Performance of a contract, or pre-contractual duties |
| Communicate with you (e.g. respond to requests, send confirmations/updates) | Contact data, communications data | Legitimate interest / necessary for contract |
| Marketing / Newsletter / Promotional communications (if you consent) | Contact data, preferences | Your explicit consent |
| Improve and analyze our website, services, user experience, usage statistics | Automatically collected data (analytics, cookies, logs) | Legitimate interest (or consent for non-essential tracking) |
| Legal compliance (e.g. obligations to authorities) and protection of rights | Data as required (could include contact data, transaction records) | Legal obligation / legitimate interest |
If we rely on your consent (e.g. for newsletters or tracking cookies), we will obtain consent in a clear, specific and unambiguous manner (e.g. opt-in checkbox), and you may withdraw consent at any time by contacting us.
Cookies and Tracking Technologies
We use cookies and similar technologies for the following purposes: essential site functionality (e.g. login, session management), analytics, performance optimisation, and marketing (if you consent).
You will be presented with a cookie-consent banner upon your first visit. Non-essential cookies / trackers will only be activated after you have given explicit consent.
If you disable cookies or refuse consent, some features of the site may not work properly.
Recipients / Third-Party Processors
We share your personal data with the following categories of third parties:
Essential Service Providers
We use trusted third-party services to operate our platform:
- Authentication services for secure login and account management
- Hosting providers for website infrastructure and performance
- Analytics services to understand how users interact with our platform
- Email services for sending event updates and notifications
- Cloud infrastructure for database storage and backend operations
Legal & Regulatory
- Legal authorities if required by law, regulation, court order, or to respond to legal requests
- Professional advisors (lawyers, accountants) under confidentiality obligations
Business Transfers
In the event of a business sale, merger, or restructuring, we may transfer your data to third parties acquiring our assets, with appropriate safeguards to protect your rights.
International Data Transfers:
Some of our service providers may process data outside the EU/EEA, including in the United States. When this occurs, we ensure adequate safeguards are in place through:
- Standard Contractual Clauses (SCCs) approved by the EU
- EU-US Data Privacy Framework participation (where applicable)
- Additional security and encryption measures
All third-party processors are bound by data processing agreements that meet GDPR requirements and are prohibited from using your data for their own purposes.
Data Retention
We retain your personal data only as long as necessary for the purposes for which it was collected (e.g. for the duration of your relationship with us, or as required by law). After that period, data will be securely deleted or anonymized.
The criteria we use to determine retention periods depend on the purpose (e.g. while you remain a registered user / customer, plus X years for legal or accounting obligations).
Your Rights (as data subject under GDPR)
Under GDPR you have the following rights:
Right to access
Request a copy of the personal data we hold about you, and confirm whether we process it.
Right to rectification
Ask us to correct or complete inaccurate or incomplete data.
Right to erasure ("right to be forgotten")
Ask us to delete your personal data, under certain conditions (e.g. if data no longer needed, or consent withdrawn).
Right to restrict processing
Request a suspension of processing under certain circumstances.
Right to object
Object to processing — for example for direct marketing, profiling, or processing based on legitimate interests.
Right to data portability
Obtain your data in a structured, commonly-used, machine-readable format and transfer it to another controller.
Right to withdraw consent
Withdraw consent at any time (if processing is based on consent), without affecting the lawfulness of prior processing.
Right to lodge a complaint
Lodge a complaint with the relevant supervisory authority (e.g. Belgian Data Protection Authority) if you believe your rights have been violated.
To exercise any of these rights, please contact us at the email/phone listed above. We will respond within one month (or longer if justified under GDPR).
Security and Data Minimization
We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
We collect and process only the personal data that is necessary for the specified purposes. We regularly review our practices to ensure compliance with data-minimization and privacy-by-design principles.
Children
Our services are not intended for children under the age of 13. We do not knowingly collect personal data from children under 13.
If we become aware that we have inadvertently collected such data without verifiable parental consent, we will delete it.
Changes to this Policy
We may update this Privacy Policy from time to time (e.g. when our services evolve, or for legal/regulatory reasons). We will post the updated version on our website, with the "Last updated" date clearly indicated.
If the changes are significant (e.g. new processing purposes), we may seek renewed consent from you where required.
Contact & Supervisory Authority
If you have any questions, complaints, or wish to exercise your data protection rights, you can contact us at:
- Email: [email protected] (cc [email protected])