GDPR

GDPR Rights & Compliance

Last updated: 14 March 2026

MOLDEREZ-CONSULT SRL · NE 0842.262.084 · Bruxelles/Brussel

1 Our GDPR Commitment

At Famylio, we believe data protection is a fundamental right. We apply privacy by design principles and implement strict measures to ensure your personal data is processed transparently, securely, and in full compliance with the General Data Protection Regulation (GDPR).

Our data processing practices respect Article 5 of the GDPR: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, integrity and confidentiality.

2 Your GDPR Rights

Under the GDPR, you have the following rights:

1. Right of access (Article 15) — Request and obtain a complete copy of your personal data, free of charge, within 30 days.

2. Right to rectification (Article 16) — Correct or update your data if inaccurate or incomplete.

3. Right to erasure (Article 17) — Request deletion of your data, except where we have a legal obligation to retain it (\"right to be forgotten\").

4. Right to restrict processing (Article 18) — Request limitation of data processing in certain circumstances, for example if you contest its accuracy.

5. Right to data portability (Article 20) — Receive your data in a structured, machine-readable format (JSON or CSV), and transfer it to another controller if you wish.

6. Right to object (Article 21) — Object to processing for direct marketing purposes or when processing is based on our legitimate interests.

7. Right to withdraw consent (Article 7) — Withdraw consent at any time without affecting previous processing.

8. Rights related to automated decision-making and profiling (Article 22) — You will not be subject to a decision based solely on automated processing.

3 How to Exercise Your Rights

To exercise any of your GDPR rights, contact our Data Protection Officer:

Email: privacy@famylio.com
Mail: MOLDEREZ-CONSULT SRL, DPO, Square Valère-Gille, 13 box 5, 1050 Ixelles, Belgium

Please include:

— Your full name and Famylio email address
— Proof of identity (copy of ID document)
— Clear description of your request

We will respond to your request within 30 days of receipt. For complex or multiple requests, we may extend this period by two months, with notification.

If you believe we are not respecting your rights, you may lodge a complaint with the Belgian Data Protection Authority (DPA):

www.dataprotectionauthority.be

4 Data We Collect

Famylio collects only data strictly necessary to provide our services. No commercial tracking, no advertising profiling.

Identification data: name, first name, email address, profile picture (emoji).
Family data: names of family members, birth dates, custody information, calendar events, tasks, important documents.
Technical data: IP address (access logs), device type, browser language, session cookies only.
Communication data: family chat messages (stored on your devices and our servers).
Billing data: payment information (processed by Mollie, not stored locally).

We never collect:

— GPS location data
— Phone contacts or calendar
— Photos or videos without explicit consent
— Health data (unless voluntarily entered in Health+)
— GDPR-sensitive data (racial origin, religion, political opinions, etc.)

5 Data Storage & Security

Hosting: Famylio is hosted exclusively in Europe, on servers located in the European Union, subject to strict data protection laws.

Encryption: All data in transit is encrypted with TLS/SSL 1.2+. Sensitive data in the database is encrypted.

Restricted access: The Famylio team only accesses your data if strictly necessary to provide the service or resolve technical issues.

Data sharing: Your data is never sold or shared for advertising purposes. It may only be shared with:

— Technical sub-processors (hosting providers, Mollie secure payment services, transactional email services) — all bound by GDPR-compliant data processing agreements and strict confidentiality clauses.
— Legal authorities — only under legal obligation or court order, with notification where permitted by law.

No EEA transfers: No personal data is transferred outside the European Economic Area.

6 Data Retention

While your subscription is active: your data is retained for the duration of your account.

After account termination:

— Usage data: permanently deleted within 30 days.
— Billing data: retained for 7 years per Belgian and European accounting and tax obligations (Tax Code Article 440).
— Access logs: deleted after 12 months.
— Anonymised data: retained indefinitely for statistical purposes (non-reidentifiable).

Erasure request: You may request early deletion of your data at any time via privacy@famylio.com, subject to legal retention obligations.

7 Cookies & Trackers

Famylio uses only essential cookies for platform operation:

— Session cookies — keep you logged in and manage your account.
— Preference cookies — remember your language and display settings.
— Security cookies — protect against CSRF attacks.

No advertising, tracking or profiling cookies are placed without your explicit prior consent.

Google Analytics: Famylio does not use Google Analytics. We use a privacy-respecting alternative or anonymised internal statistics.

Cookie consent: Essential cookies do not require consent as they are indispensable. For optional cookies, we will inform you and you may refuse them.

8 Children's Data Protection (GDPR Article 8)

Famylio is designed for families and may contain data concerning minor children. We strictly apply GDPR Article 8:

Minimum age: Access to a Famylio account is restricted to adults (18+). Children may only be added as members of a family space under the exclusive responsibility of an adult admin.

Parental consent: By adding a minor child to your Famylio space, you confirm you have parental authority or guardianship and consent to processing of their data via the platform.

Limited sharing: Children's data is never shared with third parties, sold or used for advertising purposes.

Right to erasure: You may request deletion of a child's data at any time within legal timelines.

9 Data Breach Notification (GDPR Articles 33-34)

In case of a personal data breach creating risk to your rights and freedoms, we apply GDPR's strict procedure:

1. Notification to authority: We notify the Belgian Data Protection Authority within 72 hours of discovering a breach, unless risk is low.

2. Notification to users: If the breach creates a high risk to you, we notify you directly via email and platform without undue delay.

3. Communication: Our notification will describe the nature of the breach, affected data, measures taken, and your rights.

We maintain a record of all breaches and are able to present it to authorities.

10 Contact & Data Protection Officer

Company: MOLDEREZ-CONSULT SRL
Enterprise number: NE 0842.262.084
Registered office: Square Valère-Gille, 13 box 5, 1050 Ixelles, Belgium
General email: hello@famylio.com
DPO email (Privacy): privacy@famylio.com

Data Protection Officer: Available for any question or request concerning processing of your personal data. Contact directly via privacy@famylio.com to exercise your GDPR rights without any obstacle.

Belgian Data Protection Authority: www.dataprotectionauthority.be — To lodge a complaint or request advice.