Take the quiz

Politique de vie privée

Last changes made on 3 November 2022.

This privacy policy (hereinafter, the " Privacy Policy ") governs the protection, collection and processing of your personal data by Symp SRL, a limited liability company under Belgian law, with its registered office at Avenue Ernest Cambier 151, 1030 Schaerbeek, registered with the Crossroads Bank for Enterprises in Belgium under number 0783.700.909, (hereinafter referred to as " Symp ", " we ", " our " or " our ") as part of the performance of our services as described in our general terms of services (hereinafter, the " Services ").

We attach the utmost importance to the confidentiality and security of your (hereinafter, " you ", " your " or " your ") personal data. The purpose of our Privacy Policy is to inform you about :

●     of the (categories of) personal data that we collect and process as part of the services we provide through the www.symp.co website (hereinafter, the " Site "),

●     the purposes for which we collect and process your personal data, and the legal basis on which we rely,

●     how long we keep your personal data,

●     of any disclosure of your personal data to third parties,

●     of any transfer of your data outside the European Union or to international organisations,

●     of the rights you may exercise in respect of your personal data or the processing thereof, and

●     of the security measures we put in place to ensure the protection and confidentiality of your personal data.

We advise you to read this Privacy Policy carefully, of which our policy relating to the storage and use of cookies (the " Cookie Policy "), accessible here, forms an integral part.


For the purposes of this Privacy Policy, we are to be considered responsible for processing your personal data.

As a result, we are subject to certain obligations under personal data protection legislation. This legislation includes

●     the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016 or " RGPD "),

●     the Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of personal data, and

●     the law of 13 June 2005 on electronic communications, including their future adaptations and amendments, hereinafter, collectively referred to as the " Applicable Data Protection Legislation ".

If you have any questions about our Privacy Policy or the processing of your personal data, or if you feel that your interests are not being represented or are not being represented adequately, you can always send us your questions, comments or complaints by sending an e-mail to hello@symp.co.

You also have the right to lodge a complaint with the competent data protection authority or to request further information from it. You will find all the information you need to do this in article 8 below. If you have any questions or comments, or if you wish to lodge a complaint, we invite you to contact us first so that we can resolve any problems you may encounter.


The personal data we collect and process about you will always be linked to the specific purposes set out below.

We may receive your personal data directly from you, for example when you interact with us via e-mail. We may also receive your personal data by any means related to information and communication technologies, in particular by automated means, for example cookies. We refer you to our Cookie Policy for more information on this subject.

Below, we set out in more detail the different categories of personal data that we collect and process about you, the purposes of such processing and the way in which we process your personal data.

A. Processing of personal data when you visit the Site


1.    Cookies[1]


We use different types of cookies:

-       technically essential cookies with functional purposes.

These cookies are technically essential. This means that these cookies are necessary for the Site to function properly. It is not possible to refuse these cookies if you wish to visit our Site;

-       of cookies for analytical purposes.

We also use MicroAnalytics for analytical purposes. This analysis tool installs cookies which we use to quantify visits (traffic) to the Site. In particular, this allows us to know how many times a given page has been read. We use this information solely to improve the content of our Site.

Base(s) of lawfulness

-       Technically essential cookies with functional purposes : necessary for the performance of the service (articles 6.1.b of the RGPD)

-       Other cookies (analytical) : The use of these cookies from third parties, for which we are the joint controller, is subject to your prior consent (Article 6.1.a of the RGPD).

You may refuse to have these cookies installed on your device. This will not prevent you from accessing our Site. However, certain functions may not be available.

Data categories

We refer you to our Cookie Policy detailing the different data collected depending on your choices.

Storage life

Cookies generally also have an expiry date. Some cookies, for example, are automatically deleted when you close your browser (known as session cookies), while others remain on your computer for longer, sometimes even until you delete them manually (known as permanent cookies)[2].


This communication to our service providers and subcontractors (IT service providers, hosting companies) may be necessary.

[1] We refer you to our Cookies Policy for full technical information about cookies.

[2] We refer you to our Cookies Policy for details regarding the different retention periods for our cookies.

B. Processing of personal data when you register on the Site and in connection with the performance of the Services


1.    Performance of Services


If you have subscribed to our Services, we process your personal data in order to perform the contract between you and us.


Base(s) of lawfulness

Personal data is processed on the basis of the performance of the service provision contract (article 6.1.b) of the RGPD).

Personal data concerning your health (or any other personal data listed in article 9.1 of the RGPD) are processed on the basis of your explicit consent (article 9.2.a) of the RGPD).

Data category

This includes your surname, first name, telephone number and e-mail address.

The following sensitive personal data:

●     Your answers to the questionnaire

●      The analysis results of your samples (stool, urine or saliva samples) sent by the laboratory


In addition, during any visit to the Site we also collect the following data: your internet location (IP address, domain name of the .be or .com type, originating url) and the telephone prefix of your computer, the pages of our Site that you consulted during your visit, the advertisements that you clicked on and any searches that you carried out. [1] [FLR2] 

Storage life

Personal data is kept for a period of 10 years from the end of the Services.

Personal data falling under the definition of Article 9.1 of the GDPR is kept until the end of the Services.[3] 


Communication of your data to our service providers and subcontractors:

●     Symp  partner laboratory;

●      Your GP or other healthcare professional  in a strict therapeutic, diagnostic or medical monitoring context (Doctors, other laboratories etc) ;

●     Stripe (payment service on our Site).

C. Processing of personal data when you provide services to Symp


The data you send us is processed for the purpose of managing our contractual relationship: managing orders, offers, delivery, invoicing and payment and evaluating the supplier's performance (where applicable).


Base(s) of lawfulness

The processing of the data is essential for the performance of the contract. Without the processing of this data, we cannot perform the contract (article 6.1.b) RGPD).

Data categories

It can be :

●    your identification data (surname, first name) ;

●    your contact data (email address, telephone number) ;

●    your data relating to the profession (company, function) ;

●    your financial/accounting information (bank account number, account holder) ;

●    performance monitoring data.

Storage life

Your data will be kept for 10 years after the end of your last contract with us.


This information will be passed on to the tax authorities.

It may also be necessary to communicate with our service providers (IT service providers, accountants, auditors).

In the event of a dispute, it may be necessary to communicate your data to our lawyer, to the other parties or their lawyers, to the courts, to experts, technical advisers, notaries, mediators, arbitrators or bailiffs, and to banking or insurance organisations.


Our offices are located in Belgium and the personal data we collect is stored on servers in Paris.

However, for the purposes set out in Article 2, your personal data may be transferred to other jurisdictions outside the European Economic Area (EEA), and therefore not bound by the GDPR. Your data may also be hosted on servers outside the EEA.

Where your personal data is transferred to third parties residing in such jurisdictions, we will implement appropriate safeguards in our agreement with such third parties in order to provide your personal data with a level of data protection that is adequate and at least equivalent to the level to which you are entitled under the GDPR. To this end, we assess the level of data protection in the country of transit or destination, taking into account in particular the relevant decisions taken by the European Commission. We may use the Standard Contractual Clauses adopted by the European Commission and any other appropriate solution, as required or permitted by Applicable Data Protection Legislation.


Under Applicable Data Protection Legislation, you have certain rights in relation to your personal data that we collect and process.

If you would like further information about your rights as listed below or if you wish to exercise them, please do not hesitate to send us an e-mail to hello@symp.co. We simply ask you, when exercising your data protection rights, to identify yourself correctly so that we can respond to your request within the time limits indicated below.

Exercising your rights is free of charge and will be carried out within one (1) month of receipt of your request. We may extend this period by a further two (2) months for a total period of three (3) months if your request is particularly complex. If we decide to extend the initial deadline, we will inform you of this decision in good time.

In cases where we consider that your request is manifestly unfounded or excessive, we reserve the right to charge you an administrative fee for fulfilling your request, or even to refuse to fulfil it. You will be informed of our decision within the above-mentioned time limits.

Below is a brief overview of the rights you can exercise in relation to your personal data:

●     Withdrawal of consent : you have the right to withdraw your consent for all processing activities that are subordinate to it ;

●     Right of access : you have the right to request a copy of the data we process and store about you, in an understandable format ;

●     Right of rectification : you have the right to ask us to correct, amend or supplement your personal data;

●     Right of erasure : you have the right to request the deletion of personal data that we process or store about you ;

●     Right to restrict processing ;: in certain circumstances, you have the right to ask us to restrict the processing of your personal data. If you exercise this right, the relevant personal data will remain in our possession, but we will not be able to process them further;

●     Right to object to processing : in cases where we process and collect your personal data on the basis of our legitimate interest, you have the right to object to the processing of that data ;

●     Right to portability of your data : this implies that we can, at the request of the data subject, provide them with their personal data and/or provide it to third parties in a structured and machine-readable form.


We use generally accepted and reasonable technical and organisational methods, in line with current technological developments in operational security, to provide protection against the loss, misuse, alteration or destruction of all personal data that we store and process.

Our technical and organisational measures are frequently updated to adapt them to new technical and organisational procedures and to guarantee the ongoing security of your personal data.

All Symp employees, consultants, subcontractors and suppliers who have access to sensitive personal data are bound by professional secrecy and/or confidentiality obligations, and have access to your personal data only to the extent necessary to perform the Services.

Our Site contains links to other websites or Internet resources (hereinafter collectively referred to as "Third Party Sites"), which may also collect personal data, in particular by means of cookies or other technologies. We are not responsible for and have no control over these Third Party Sites or their collection, use or disclosure of your personal data. We invite you to examine the privacy policies of these Third Party Sites in order to understand how they collect and process your personal data.


We may adapt and amend our Privacy Policy from time to time, in particular to take account of new data protection practices and to give you greater control over your personal data.

We will always make our Privacy Policy available on the Site in its most recent version. You can also ask us to send you the current or previous versions of our Privacy Policy by sending us an e-mail to hello@symp.co. At the top of this document, you will be able to check the date on which we last amended our Privacy Policy.


You undertake to provide us with accurate personal data. You can change the personal data we hold about you at any time by sending us an e-mail to hello@symp.co. We cannot be held responsible for any failure in our services as a result of incorrect information provided by you.

If you have any questions about our Privacy Policy or if you feel that your interests are not or are not adequately represented, you can send us all your questions to the e-mail address given above.


Our Privacy Policy is governed by and interpreted in accordance with Belgian law, unless mandatory legal provisions state otherwise.

You have the right to lodge a complaint with the competent data protection authority, i.e. the authority of the Member State of your habitual residence, your place of work or the place of the alleged breach of the Applicable Data Protection Legislation.

The main data protection authority is the Belgian Data Protection Authority (Data Protection Authority or Gegevensbeschermingsautoriteit), which can be reached by the following means of communication :

●     By following the instructions and completing the form accessible via this link ;

●      By sending a letter to the following address : rue de la presse 35, 1000 Brussels, Belgium ;

●     By calling the following telephone number : +32 (0)2 274 48 00 ;

●      By sending an email to the following address : contact@apd-gba.be.