Privacy Policy
Privacy Policy
THEMA FOUNDRIES BV
PRIVACY POLICY
Last updated: April 2026
1. IDENTITY OF THE CONTROLLER
This website is operated by THEMA Foundries BV, a private limited company (“besloten vennootschap”) incorporated and existing under the laws of Belgium, with registered office at Westerring 15, 9700 Oudenaarde, Flanders, Belgium, registered with the Crossroads Bank for Enterprises under enterprise number 1026.517.346 (hereinafter referred to as “Thema”, “we”, “us”, or “our”).
For all privacy-related enquiries, please contact us at: legal@thema-foundries.com
2. SCOPE OF THIS POLICY
This Privacy Policy applies to personal data collected through the website located at thema-foundries.com (the “Website”). It describes what personal data we collect, the purposes for which we process it, the legal bases for processing, how long we retain it, and the rights available to you as a data subject under applicable law.
Thema operates in multiple jurisdictions, including Belgium and the United States. This Policy is designed to comply with the General Data Protection Regulation (“GDPR”) as the primary applicable framework. Where US privacy laws impose additional obligations — including the California Consumer Privacy Act (CCPA) and other applicable state privacy laws — Thema will comply with those requirements to the extent they apply.
This Policy does not apply to data processed in the context of employment, supplier relationships, or other contractual arrangements, which are governed by separate notices.
3. PERSONAL DATA WE COLLECT
3.1 Data You Provide Directly
When you use the contact form on our Website, we collect:
- ●Contact information: full name, company name, phone, e-mail address; or
- ●The content of your message or enquiry.
When you submit an expression of interest through our careers section, we may additionally collect:
- ●Professional background information;
- ●Any other information you voluntarily include in your submission (e.g., resume).
3.2 Data Collected Automatically — Cookies
The Website uses standard technical cookies that are necessary for its operation. These cookies do not track your activity across other websites and are not used for advertising or marketing purposes. They are limited to what is required for the Website to function correctly (for example, maintaining session state).
We do not currently use analytics, advertising, or other tracking technologies beyond these standard operational cookies. If we introduce such technologies in future, this Policy will be updated in advance and, where required by applicable law, an appropriate consent mechanism will be implemented.
4. PURPOSES, LEGAL BASES, AND RETENTION
We process personal data only where we have a lawful basis to do so under the GDPR and the applicable Belgian data protection implementing act (the Data Protection Act of 30 July 2018).
The table below sets out the purposes, legal bases, and corresponding retention periods.
| Personal Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Contact Information and the content of your message or enquiry | Responding to contact form enquiries | Art. 6(1)(b) GDPR — steps prior to contract; or Art. 6(1)(f) GDPR — legitimate interest in responding to business enquiries | 24 months from date of enquiry, unless an ongoing relationship is established |
| Contact Information, Professional background information and/or any other information you voluntarily include in your submission | Processing career expressions of interest | Art. 6(1)(a) GDPR — consent; or Art. 6(1)(b) GDPR — steps prior to potential employment contract | 12 months from submission, unless a recruitment process is initiated or you consent to longer retention |
| Contact Information | Providing updates on products and/or services (e.g., by subscribing to the waitlist or by means of a newsletter). | Art. 6(1)(a) GDPR — consent | 36 months from date of submission of the personal data |
| [--] | Operating the Website (standard cookies) | Art. 6(1)(f) GDPR — legitimate interest in maintaining a functioning website | Session cookies expire on browser close; persistent cookies expire as indicated at placement |
Your personal data will (only) be processed for the purposes stated in the overview above. In case Thema would like to process your personal data for other purposes than those stated above in this Privacy Policy, Thema will notify you without delay and you will receive all necessary information, you can also object to such use, except when it is required for Thema to adhere to its legal obligations.
When Thema processes your personal data on the basis of its legitimate interest, this means that Thema, after weighing your and Thema’s respective interests, has determined that Thema’s identified interest prevails. If you wish to receive more information about the balancing of interests, please contact us via legal@thema-foundries.com.
5. DISCLOSURE OF PERSONAL DATA
We do not sell, rent, or trade your personal data to third parties for commercial purposes.
We may share your personal data with the following categories of recipients, strictly on a need-to-know basis:
- ●Internal staff at Thema Foundries BV;
- ●IT and hosting service providers supporting the operation of our Website and communications infrastructure;
- ●Professional advisors, including legal counsels;
- ●Public authorities or regulatory bodies (where disclosure is required by applicable law or a binding legal order).
It is possible that your personal data is transferred to the United States. Where personal data is transferred to recipients located outside the European Economic Area — including to the United States — we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including where applicable the use of Standard Contractual Clauses adopted by the European Commission. Should you require more information on this aspect, please contact us via legal@thema-foundries.com.
6. SECURITY
Thema implements appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or alteration. These measures are reviewed and updated regularly.
Notwithstanding the above, no transmission of data over the internet can be guaranteed to be completely secure. You transmit personal data to us at your own risk.
7. YOUR RIGHTS AS A DATA SUBJECT
Under the GDPR, you have the following rights with respect to your personal data:
- ●Right of access (Article 15): you may request confirmation of whether we process your personal data and, if so, obtain a copy of that data.
- ●Right to rectification (Article 16): you may request correction of inaccurate or incomplete personal data.
- ●Right to erasure (Article 17): you may request deletion of your personal data in certain circumstances.
- ●Right to restriction of processing (Article 18): you may request that we restrict the processing of your personal data in certain circumstances.
- ●Right to data portability (Article 20): where processing is based on consent or a contract, you may request your personal data in a structured, commonly used, and machine-readable format.
- ●Right to object (Article 21): where processing is based on legitimate interests, you may object to that processing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
- ●Right to withdraw consent (Article 7.3): where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
California residents and other US data subjects with rights under applicable state privacy law may additionally have the right to know what personal information has been collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising their privacy rights. To exercise any such rights, please contact us using the details in Section 10 below.
To exercise any of the above rights, please contact us at: legal@thema-foundries.com
We will do our best efforts to respond to your request within one (1) month of receipt. Where requests are complex or numerous, this period may be extended by a further two months, in which case we will inform you accordingly.
8. RIGHT TO LODGE A COMPLAINT
If you consider that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the competent supervisory authority.
In Belgium, the competent supervisory authority is:
Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)
Rue de la Presse / Drukpersstraat 35, 1000 Brussels, Belgium
contact@apd-gba.be • www.dataprotectionauthority.be
You also have the right to seek an effective judicial remedy against the supervisory authority or against Thema.
9. UPDATES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, operational requirements, or applicable law. The date of the most recent revision will be indicated at the top of this page. We encourage you to review this Policy periodically.
Where changes are material, we will take appropriate steps to inform you, which may include a prominent notice on the Website.
10. CONTACT
For any questions, concerns, or requests relating to this Privacy Policy or our processing of your personal data, please contact:
THEMA Foundries BV
Westerring 15, 9700 Oudenaarde, Belgium
legal@thema-foundries.com
The Website is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete it promptly. If you believe we have collected such data, please contact us at legal@thema-foundries.com.