Privacy and Cookie Policy
Last Updated: June 2026
Welcome to the website of LSW Tech (accessible via www.lsw-tech.be). We are committed to transparency and compliance regarding the General Data Protection Regulation (GDPR) and the ePrivacy Directive. Because our website provides secure web applications, we process specific personal data necessary to keep our systems running safely and efficiently.
1. Data Controller Contact Information
For any inquiries, requests to exercise your data rights, or questions regarding this policy, you may reach out to the Data Controller:
Luc Vandenbroucke
BE 0854.640.274
Mol, Belgium
Email:privacy@lsw-tech.be
2. Personal Data We Collect & Why (Keycloak IAM)
We use Keycloak as our centralized Identity and Access Management (IAM) provider to secure our infrastructure and client portals. If you register or authenticate on our site, we process:
- Account Identifiers: First name, last name, username, and email address.
- Security Logs: IP addresses, browser user-agents, and timestamps of login/logout activities.
Legal Basis for Processing: Account data is processed under Performance of a Contract (Art. 6(1)(b) GDPR) to provide access to secure portals. Security logs are processed under our Legitimate Interest (Art. 6(1)(f) GDPR) to prevent unauthorized access and defend against malicious technical threats.
3. Data Retention & Storage Location
- Account Data: Retained for as long as your corporate client relationship with LSW Tech remains active, or until you formally request account erasure.
- Security and Access Logs: Automatically rotated and permanently deleted after 90 days.
- Hosting Location: All server infrastructures, including our Keycloak authentication databases, are hosted strictly within the European Economic Area (EEA).
4. Use of Cookies and Local Storage
Our website relies exclusively on Strictly Necessary / Essential Cookies and local storage mechanisms. Because these are strictly mandatory to provide the service you requested (logging in and maintaining session stability), they do not legally require prior opt-in consent under the ePrivacy Directive.
| Technology / Cookie Name | Provider | Purpose | Type / Duration |
|---|---|---|---|
| KEYCLOAK_IDENTITY / KEYCLOAK_SESSION |
First-Party (Keycloak) | Maintains your authenticated secure session token so you don't have to log back in on every page click. | Session / Persistent |
| OAuth_Token_Space (Local / Session Storage) | First-Party (Blazor/App) | Stores the JSON Web Token (JWT) securely inside the client browser to allow valid API requests. | Browser Storage |
| ARRAffinity (If applicable to your cloud host) |
Cloud Infrastructure | Ensures the Blazor Server SignalR circuit maintains its real-time link to the exact same server instance. | Session |
5. Your Data Subject Rights
Under the GDPR, you possess the following legal rights regarding your personal data:
- Right to Access & Portability: Request a complete copy of the information Keycloak stores about you.
- Right to Rectification: Request correction of inaccurate account details.
- Right to Erasure ("Right to be Forgotten"): Request full deletion of your user credentials (provided no outstanding contractual obligations remain).
- Right to Complain: If you believe your data is handled improperly, you have the right to lodge a complaint with the Belgian Data Protection Authority (GBA / APD).
To execute any of these rights, please send an explicit request to privacy@lsw-tech.be.