Options Backtests by R&P Consulting · Belgium

Legal

Privacy Policy

Version 1.0 · Effective 27 May 2026

This Privacy Policy explains how R&P Consulting SComm ("we", "us") collects, uses, and protects personal data in the context of the Options Backtests service. It is provided in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable Belgian data protection law.

1. Data controller

The data controller responsible for the processing of your personal data is:

R&P Consulting SComm
Société en commandite under Belgian law
445, Pavé du Roeulx
B-7110 La Louvière, Belgium
VAT: BE0730.636.662
Company number (KBO/BCE): 0730.636.662
Contact: backtests@r-p-consulting.be

2. Categories of personal data processed

Depending on your interaction with the Service, we may process the following categories of personal data:

  • Identification and contact details: name, email address, postal address, country of residence or establishment.
  • Billing and tax information: billing address, VAT number where applicable, currency, payment status, invoice references.
  • Payment-related information: processed by our payment provider Stripe. We do not store credit card numbers, CVV codes, or bank account numbers on our systems. Stripe acts as a separate data controller for cardholder data, in accordance with its own privacy policy.
  • Service usage data: strategy briefs you submit, reports delivered to you, email correspondence, support requests.
  • Technical data: IP address (transiently, by our hosting and email infrastructure), browser and device information when accessing the website (handled by Cloudflare for security and traffic-routing purposes), email transmission metadata.

3. Purposes of processing and legal bases

3.1 Performance of the contract (Art. 6(1)(b) GDPR)

We process personal data to:

  • create and manage your subscription;
  • receive your strategy briefs and deliver the corresponding research reports;
  • handle billing, invoicing, payment processing, and refunds;
  • communicate with you about your subscription and reports;
  • provide customer support.

3.2 Compliance with legal obligations (Art. 6(1)(c) GDPR)

We process personal data to:

  • comply with Belgian tax, accounting, and VAT obligations (including the retention of invoices and accounting records for seven (7) years);
  • comply with anti-money-laundering and fraud-prevention obligations where applicable;
  • respond to lawful requests from competent authorities.

3.3 Legitimate interests (Art. 6(1)(f) GDPR)

We process personal data on the basis of our legitimate interests to:

  • improve the quality of our reports, methodology, and service operations, using de-identified and aggregated data only;
  • maintain the security and integrity of our infrastructure (logging, fraud detection, abuse prevention);
  • defend our legal rights in the event of disputes.

Where we rely on legitimate interests, we have assessed that our processing does not override your fundamental rights and freedoms. You may object to such processing at any time (see section 7 below).

3.4 Consent (Art. 6(1)(a) GDPR)

In limited cases — for example, if we ever introduce optional analytics cookies or marketing communications beyond the contractual relationship — we will rely on your prior, freely given, specific, informed, and unambiguous consent, which you may withdraw at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. Recipients of personal data

We do not sell personal data. We share personal data only with the following categories of recipients, strictly to the extent necessary for the purposes described above:

  • Stripe Payments Europe Limited (payment processor, Ireland) — processes payment information as a separate controller. Stripe Privacy Policy.
  • Cloudflare, Inc. (website hosting and CDN, United States with EU data processing addendum) — serves the website and processes technical data such as IP addresses for security and routing. Cloudflare Privacy Policy.
  • OVH SAS (email infrastructure provider, France) — processes email transmission data.
  • Belgian tax authorities and accounting service providers — receive invoicing data as required by law.
  • Legal advisers, auditors, and competent authorities — where required by law or for the defence of legal claims.

All processors acting on our behalf are bound by data processing agreements requiring them to process personal data only on our instructions and to implement appropriate technical and organisational security measures.

5. International transfers

Some of our service providers, including Stripe and Cloudflare, may process data outside the European Economic Area, in particular in the United States. Where such transfers occur, they are protected by appropriate safeguards, including the European Commission's Standard Contractual Clauses and, where applicable, certification under the EU-U.S. Data Privacy Framework. You may request a copy of these safeguards by contacting us at the address above.

6. Retention periods

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Account and subscription data: for the duration of the subscription, plus a period required for dispute resolution.
  • Strategy briefs and delivered reports: typically seven (7) years from delivery, in line with Belgian legal retention obligations and quality-control needs.
  • Billing and accounting records: seven (7) years from the end of the relevant accounting year, as required by Belgian tax law.
  • Email correspondence and support tickets: typically three (3) years after the last interaction.
  • Technical logs: typically thirty (30) days for security and abuse-prevention purposes.

You may request earlier deletion of identifying information (see section 7 below), subject to our legal retention obligations and legitimate dispute-resolution needs.

7. Your rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access: obtain confirmation of whether we process your personal data, and a copy of the data we process.
  • Right to rectification: request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): request deletion of your personal data, subject to our legal retention obligations.
  • Right to restriction: request that we limit the processing of your personal data in certain circumstances.
  • Right to data portability: receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller.
  • Right to object: object to processing based on our legitimate interests, including for direct marketing.
  • Right to withdraw consent: where processing is based on consent, withdraw your consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at backtests@r-p-consulting.be. We will respond within one (1) month of receipt of your request, possibly extended by up to two additional months for complex or numerous requests, with prior notification.

8. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. In Belgium, the competent authority is:

Belgian Data Protection Authority (Autorité de Protection des Données)
Rue de la Presse 35
1000 Brussels, Belgium
www.dataprotectionauthority.be
Email: contact@apd-gba.be

You may also lodge a complaint with the supervisory authority of your habitual residence or place of work in any EU Member State.

9. Cookies and similar technologies

This website is built as a static site and is served via Cloudflare Pages. It does not set any tracking cookies, advertising cookies, or third-party analytics cookies.

Cloudflare, our content delivery and security provider, may set strictly necessary technical cookies for the sole purpose of protecting the website against abuse and ensuring routing performance. Such cookies fall within the exemption from prior consent under article 5(3) of the ePrivacy Directive and Belgian law, as they are strictly necessary for the provision of a service explicitly requested by the user. More information is available in the Cloudflare Cookie Policy.

Should we ever introduce optional cookies — for example, traffic analytics or product improvement — we will update this section, provide a clear cookie consent mechanism, and process such cookies only on the basis of your prior, freely given, specific, informed, and unambiguous consent.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include: encryption of data in transit (HTTPS/TLS), encrypted storage where applicable, two-factor authentication on administrative accounts, access controls limiting data access to authorised personnel, and contractual obligations on our processors.

No system can be guaranteed to be entirely secure. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and the competent supervisory authority in accordance with our GDPR obligations.

11. Children

The Service is not directed to, or intended for use by, individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data, please contact us and we will take appropriate steps to delete such data.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. Material changes will be communicated by email or through the Service. The "Effective" date at the top of this page indicates the latest revision.

13. Contact

For any question, request, or complaint relating to this Privacy Policy or to your personal data, please contact:

R&P Consulting SComm
Romuald PISTIS — Founder & Managing Partner (associé commandité)
445, Pavé du Roeulx
B-7110 La Louvière, Belgium
Email: backtests@r-p-consulting.be