Privacy Policy

Camelot bv · last updated 8 May 2026

Camelot respects your privacy and ensures that you can entrust your personal data to us with confidence. During your interactions with Camelot, certain data is collected and processed. Because you can be identified through this data, it constitutes personal data. Below you can read which data we collect, and how we handle it carefully.

1. This Privacy Policy

This Privacy Policy applies to all personal data that Camelot collects and processes about you. By using the website, apps, web shops, products or services of Camelot, you agree that this policy applies to the data processed by Camelot.

Camelot reserves the right to amend this policy at any time.

2. Personal data held by Camelot

The data below may be collected and processed by Camelot in various ways:

Data you share directly

• Identification and contact: surname, first name, address, place of residence, email address, telephone, date of birth, age, gender, …
• Financial data: account number, BIC code, name of the account holder, …
• User account credentials: username, email address, password, security question and answer, connection times, …
• Information about the products or services you wish to book, your preferences and interests.
• Complaints or feedback through our support channels, comments, suggestions, testimonials.
• Other content you share during a programme, retreat, weekend, seminar, workshop or via our online channels — such as text, image or audio recordings.

Data through use of our sites and apps

When you use our (mobile) websites or apps, the following information may be processed: pages visited, websites, search queries via cookies, data you enter yourself, and other data to which you explicitly grant Camelot access (such as location data).

Data from other sources

Camelot may also collect data via specialised suppliers, partners, public sources or social media. When using social-media channels, the rules and preference settings of those providers also apply. The Camelot websites may contain links to other websites with their own privacy policies; Camelot recommends that you review those yourself and cannot accept responsibility for those external sites.

You are not obliged to provide your data to Camelot or to consent to processing — but in certain cases this is necessary for proper service delivery and to comply with applicable legislation.

3. Processing of personal data

Camelot processes personal data for the following purposes:

• Concluding and performing an agreement (subscription, booking, user account), and following up and collecting invoices — whether or not via third parties.
• Enabling the exchange of information or contact with other users via our online channels.
• Support and aftercare.
• Continuous improvement, maintenance and security of our products, services and sites — and the optimisation of our general, commercial and marketing strategy.
• Personalising products, services and associated supporting communications.
• Targeted sending of advertisements, newsletters and information. Camelot may bundle your preferences in a profile for this purpose. For advanced profiling techniques we always ask your consent in advance.
• Compliance with legislation applicable to Camelot.
• Other specific purposes for which your consent may be requested separately.

4. Sharing personal data

Camelot may exchange personal data with parent, sister and subsidiary companies. In addition, data may be shared with partners, suppliers or appointees of Camelot when their processing is necessary for the delivery, execution or settlement of products and services. Agreements have been concluded with these parties that limit the use and guarantee a sufficient level of protection.

Where your consent is required by law, or where we deem it appropriate depending on the circumstances, we always request it before sharing your data or transferring it to a country outside the European Economic Area.

Your data is only released in accordance with this policy or when legally required. In rare cases Camelot may have to disclose data on the basis of a court order or mandatory regulation — to the extent permitted by law, Camelot will inform you of this in advance.

Our partners may only use your data to send you commercial communications if you have given separate consent. If you no longer wish to receive these, you can always contact such third parties directly or contact Camelot (see point 8).

Finally, personal data can always be shared anonymously with third parties — in that case you are no longer identifiable through the data.

5. Your rights

• Right of access and rectification of your personal data.
• Right to erasure, restriction of processing and data portability, insofar as the legislation provides for this.
• You may at any time withdraw your consent for certain processing operations and object on serious and legitimate grounds.
• You have the right to object to the use of your data for direct marketing, to its transfer to third parties (where this is not necessary for the service), and to the creation of a profile.
• To exercise these rights, please contact Camelot via the details under point 8.
• You also have the right to lodge a complaint with the supervisory authority: Data Protection Authority (Drukpersstraat 35, 1000 Brussels — tel. +32 (0)2 274 48 00, fax +32 (0)2 274 48 35).

6. Security policy

Security — to protect your data optimally, Camelot takes all reasonable measures and applies best practices to prevent loss, misuse, disclosure, unauthorised access or alteration. Both technically and organisationally, the necessary steps are taken to ensure an adequate level of security. Payment data is always secured according to the prevailing standards for financial information.

Retention — Camelot does not retain your data longer than necessary for processing, taking into account contractual and legal obligations, the mission to correctly answer customers' questions, to improve the quality of the service and to comply with its own legal obligations.

Custody of NFT and NØA tokens — when using the custody arrangement, Camelot retains your email address, first and last name, phone number, billing address, reference code and order details for the duration of the custody period (maximum 12 months from payment). This data is required to contact you regarding delivery and to correctly attribute your NFT and NØA tokens. After delivery, cancellation or refund, this data is retained only in accordance with applicable statutory retention periods (accounting records: 7 years per article III.86 of the Belgian Code of Economic Law).

Hedera Account ID and wallet data — Camelot processes your Hedera Account ID (format 0.0.xxxxxx) to send NFT, NØA, SØF and AVALØN to you and to register your participation in staking, governance and partner payments. Hedera Account IDs and associated transactions are inherently publicly accessible via the Hedera Mirror Node and Hedera explorers such as HashScan; this data is therefore inherently public. Camelot uses this data solely for the services described in this policy and in the terms and conditions.

Partner accreditation (AML/KYC) — for accreditation as a Camelot Family Partner, Camelot collects and processes identification data (manager, company number, bank details, identification of ultimate beneficial owners) as required by Belgian anti-money-laundering (AML) and Know-Your-Customer (KYC) obligations. Suspicious transaction patterns may be monitored and, if legally required, reported to the competent authorities without prior notification to the party concerned.

7. Minors (under 18 years)

Camelot never knowingly collects or processes personal data of minors without the consent of a parent or guardian. If such data is nevertheless processed in good faith, it will be removed from our records as soon as possible after we become aware.

8. Contact details

Camelot bv
Meersemhof 41
9050 Gentbrugge, Belgium
Company number 0477.799.234

For questions: support@camelotlabs.be