Sepia Solutions Events and Messages
Sepia Solutions
Menu Footer


It's a personal thing

At Sepia Solutions it has never only been about privacy; it has always been -and will always be- about respect.
GDPR does not change that in the slightest but in light of GDPR this sentiment is documented explicitly.

Sepia Solutions respects its clients, partners, contractors, suppliers, various business contacts.
And so it is only logical that Sepia Solutions also respects those individual's privacy and contact details.

At Sepia Solutions your personal and contact information is treated the way I would appreciate my personal data being processed too. Yes indeed, I take this personal, so that means that Sepia Solutions ...
  • does not use website trackers;
  • never sends large amounts of emails via automated means;
  • never buys contact data from third parties;
  • never sells personal data to third parties;
  • does not perform (trend) analysis, profiling, or automated decision making using your personal data;
  • only uses limited personal data, professional contact details and publicly available information;
  • employs the same measures protecting its business data to protect your personal data.

At Sepia Solutions we respect you so we also respect your personal data.
All resulting policies, procedures and control measures to process and protect your personal data are basically following "common sense".

With respect,
Alain Rousseau
on behalf of Sepia Solutions

Privacy Statement

Sepia Solutions BVBA processes personal information in compliance with this privacy statement.
For further information, questions or comments on our privacy policy, please send an email to

Personal information from whom?

Sepia Solutions does not collect data from visitors to the website. The website is public and people are welcome to spend as much or little time reading it as they wish. We hope you find it informative.

Contact information is being processed from people we do business with or communicate with. This means clients, suppliers, contractors, prospects, partners, but also individuals met at conferences, professional events, training sessions, or even chance meetings, etc. Potentially anyone we interact with on a professional level.

What personal data are we talking about?

Very particularly: name; office address/location; professional phone, fax and email address; and possibly publicly available information (such as a LinkedIn photo and profile URL).
This data very explicitly does not include cookie information, browser history, nationality, data of birth, preferences, financial, political, racial or religious information.

Why is this data processed at all?

Well, most importantly to communicate. That is why the data typically only consists of professional contact details not home address, habits, preferences, browser history, etc. Then, for each of the different categories of contacts, there are specific reasons.
  • Clients: to inform them about updates or news related to the GRC software they purchased, to tell them about events or webinars, to provide technical support, to request and generate license files, to process invoices correctly, to communicate about project work, etc.
  • Partners: to contact them, to request information, to order goods, to process invoices, to receive technical assistance, to work together on various initiatives and projects, etc.
  • Suppliers: to order goods or services, to request information, to process orders and invoices correctly.
  • Prospects: to provide the requested proposal or information, to request and generate temporary license files, to very infrequently and always manually contact them to provide them news about events or product developments (i.e. direct marketing).
  • Other: simply to stay in touch so it remains possible to contact these individuals (think about job offers, referals, training opportunities, etc.)

Is this data shared with or sent to other organisations?

As a rule, "no"; though sometimes this is necessary in following circumstances:
  • Agreements: Sepia Solutions does not itself develop the magnificent GRC software suites but is the distributor for these software packages. This means that certain agreements (license agreement, SLA, support agreement) may get shared with the software manufacturers. Those agreements may include a name, telephone and/or email address of key contacts at the client organisation (e.g. purchasing offices, legal counsel, etc.).
  • License files: License files are generated by the software manufacturers and they need to know to whom these license files are issued.
  • Technical support: It may be necessary to escalate technical issues reported by clients. While doing so, it is possible that the contact details of the individuals involved (e.g. the user or IT staff) are shared with the software vendor but then only to efficiently provide technical assistance.
  • Invoices: Sepia Solutions has outsourced accounting to an accounting office. If the invoices contain personal contact details, those details could be "seen" by the external accounting office. That said, they do not process the contact details; they process the invoice.

Can you review your personal data, have it updated or deleted?

Yes, of course you can. GDPR makes this mandatory, but you have always had that right because, again, it is just being respectful.
Just send a email to with your question or remark.

In the unfortunate and unlikely event that you wouldn't be satisfied with the way your request was handled, please contact the Belgian Privacy Commission.