PRIVACY POLICY
Epic Motor Trading
Version: 1.0
Last updated: 5-6-2026
1. Identity of the Controller
(Art. 13 GDPR + Art. 5 Law of 30 July 2018)
Field
Value
Trade name
Epic Motor Trading
Full legal name
Instaal
Legal form
BV (private limited company)
Enterprise number (KBO)
BE0686909458
VAT number
BE0686909458
Registered office
Essenhoutstraat 286, 2950 Kapellen
Email address
privacy@epicmotortrading.com
Epic Motor Trading is the controller within the meaning of Article 4, paragraph 7 of the General Data Protection Regulation (GDPR).
Data Protection Officer (DPO) – Art. 37 GDPR
If a Data Protection Officer has been appointed, they can be reached at:
[DPO email address]
2. Scope of Application
This Privacy Policy applies to all processing of personal data through:
- The website of Epic Motor Trading (www.epicmotortrading.com)
- The online auction platform for classic motorcycles
- Email communication and newsletters
- Customer service and dispute resolution
- Contractual relationships with buyers and sellers
- Social media channels of Epic Motor Trading
3. Categories of Personal Data
3.1 Identification Data
Data
Collected from
Purpose
First and last name
Registration
Identification, invoicing
Date of birth
Registration
Age verification, identity check
Identity data (national register number)
KYC verification
Anti‑money laundering legislation
Copy of ID document
KYC verification (via Stripe only)
Identity verification
Signature
Contracts, delivery confirmations
Proof of agreement
Itsme verification
Optional at registration
If Itsme is used for identity verification, Itsme only confirms identity (no copy of ID). Epic Trading Group only receives a 'verified' status, no identity data. Please consult Itsme's privacy policy for more information.
3.2 Contact Details
Data
Purpose
Email address
Communication, payment reminders, notifications
Phone number
Delivery arrangements, customer service
Postal address
Invoicing, delivery, legal requirements
Billing information
Payment processing, accounting
3.3 Financial Data
Data
Collected from
Purpose
Bank account number (IBAN)
Stripe Connect (KYC)
Payouts to sellers
Payment information (card details)
Stripe Connect
Payment processing (not stored by EMT)
VAT number
Registration (professional sellers)
Fiscal obligations, invoicing
Chamber of Commerce number (KBO/KvK)
Registration (professional sellers)
Business identification
TIN number
Registration (professional sellers)
Fiscal identification
3.4 Transaction Data
Data
Visibility
Purpose
Bidding history (username, bid amount, timestamp)
Visible to other users during auction
Transparency of auction process, fraud prevention
Sales and purchase information
Only for involved parties + EMT
Transaction processing
Invoices
Buyer and seller
Fiscal obligations
Commissions
Seller and EMT
Deduction and invoicing
3.5 Technical Data
Data
Purpose
Retention period
IP address
Security, fraud prevention, geolocation
Maximum 12 months
Browser and device data
Website optimisation, security
Maximum 12 months
Log files
Technical analysis, debugging
Maximum 12 months
Cookies
See Cookie Policy for details
See Cookie Policy
3.6 Communication Data
Data
Purpose
Retention period
Customer service correspondence
Handling questions and complaints
3 years after resolution
Messages between buyer and seller
Transaction handling and disputes
10 years after dispute (if applicable)
Telephone conversations (if recorded)
Training purposes, disputes
Disclosed in advance
4. Legal Bases (Art. 6 GDPR)
4.1 Performance of a Contract (Art. 6(1)(b) GDPR)
This legal basis applies to processing necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
Processing
Why necessary?
Account registration
To create and manage a user account
Publication of motorcycle auctions
To perform the agreement with the seller
Processing of bids
To perform the auction agreement with the buyer
Payment processing
To execute the purchase agreement
Dispute management
To resolve disputes between buyer and seller
Sharing contact details after payment
To enable delivery of the vehicle. Contact details are only shared after the buyer has paid the full amount.
4.2 Legal Obligation (Art. 6(1)(c) GDPR)
This legal basis applies to processing necessary to comply with a legal obligation to which the controller is subject.
Processing
Legal basis
Accounting obligations
Art. 3:60 Belgian Economic Law Code (7‑year retention period)
Identity verification of buyers
Art. 1528 Belgian Judicial Code (public auctions)
Anti‑money laundering (KYC)
Law of 18 September 2017 (professional sellers)
Retention of transaction data
Tax law (7 years)
4.3 Legitimate Interest (Art. 6(1)(f) GDPR)
This legal basis applies to processing necessary for the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.
Processing
Legitimate interest
Fraud prevention
Protection of platform and users against fraud
Platform security
Protection against cyber attacks and abuse
Internal statistics
Improvement of platform functionality
Protection against abuse
Enforcement of general terms and conditions
We conduct a balancing test in accordance with Recital 47 GDPR. If you wish to object to processing based on legitimate interest, you can contact us at privacy@epicmotortrading.com.
4.4 Consent (Art. 6(1)(a) GDPR)
This legal basis applies to processing for which the data subject has given explicit consent.
Processing
Consequence of refusal
Newsletters
No newsletters received
Marketing (personalised)
No personalised offers
Non‑essential cookies
Limited website functionality
Consent can be withdrawn at any time via your account or by sending an email to privacy@epicmotortrading.com. Withdrawal does not affect the lawfulness of processing before withdrawal.
5. Purposes of Processing
Personal data is processed exclusively for the following purposes:
Purpose
Which data?
Legal basis
Facilitating online auctions
Identification, contact and transaction data
Performance of contract
User identification
Identification data, Itsme status
Legal obligation
Payment processing (Stripe Connect)
Financial data (via Stripe)
Performance of contract
Customer support
Communication data
Legitimate interest
Legal compliance (KYC, anti‑money laundering)
Identification, financial data
Legal obligation
Marketing (with consent)
Contact details
Consent
Fraud and abuse prevention
Technical data, bidding history
Legitimate interest
Escrow arrangement (important):
Transactions use an escrow arrangement via Stripe Connect. The
amount paid is temporarily held in a separate Stripe account until delivery is
confirmed. Epic Trading Group has no direct access to these
funds for purposes other than paying out the seller. Stripe acts as a
processor.
6. Automated Decision‑Making (Art. 22 GDPR)
Epic Trading Group may use automated systems for:
- Fraud prevention – detection of suspicious bidding patterns, multiple accounts, unusual transactions
- Bid risk analysis – identification of potentially fraudulent or non‑solvent bidders
What are the possible consequences?
Our fraud prevention systems may lead to:
- Temporary blocking of an account
- Suspension of a payment
- Cancellation of a bid
- Freezing of escrow funds upon suspicion of fraud
What are your rights?
No decisions with legal consequences are made solely on the basis of automated
processing without human intervention. In all cases, the user is informed and
has the opportunity to request human intervention (Art. 22
GDPR). For this, please contact privacy@epicmotortrading.com.
7. Recipients of Personal Data
We may share data with the following categories of recipients:
Recipient
Which data?
Purpose
Legal basis
Stripe Inc. (Stripe Connect)
Identity data (copy of ID), bank account number, UBO data, payment information
Payment processing, escrow management, KYC verification of professional sellers
Performance of contract + legal obligation
Hosting and IT service providers
Technical data, log files
Platform management and security
Legitimate interest
Identity verification services (Itsme, eID)
Verification status (no substantive data)
Identity verification
Legal obligation
Accountants and auditors
Financial data, transaction data
Accounting processing
Legal obligation
Government authorities
As required by law
Fraud investigation, tax audits
Legal obligation
Other users (after payment)
Name, address, email address, phone number of seller to buyer (and vice versa)
Execution of purchase agreement, delivery
Performance of contract (Art. 6(1)(b) GDPR)
Important:
- Stripe acts as a processor. For KYC verification, identity data (copy of ID, bank account number, UBO data) may be shared with Stripe. These data are not stored by Epic Trading Group but fall under Stripe's responsibility.
- More information: Stripe Privacy Policy
- Data processing agreements are concluded with all processors in accordance with Art. 28 GDPR.
- Contact details are only shared after the buyer has paid the full amount and may only be used for the execution of the transaction.
8. International Data Transfers (Art. 44–49 GDPR)
If personal data is processed outside the European Economic Area (EEA), this is done exclusively on the basis of:
- Adequacy decision of the European Commission
- Standard Contractual Clauses (SCCs)
- Additional safeguards (such as encryption)
Stripe Inc. is established in the United States. Stripe is certified under the EU‑US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023). For transfers not covered by this framework, Standard Contractual Clauses are used.
For other transfers outside the EEA (e.g., hosting outside the EU), appropriate safeguards are implemented. You may request a copy of these safeguards by contacting privacy@epicmotortrading.com.
9. Retention Periods
We do not retain personal data longer than necessary for the purposes for which they are processed. The following periods apply:
Category
Retention period
Legal basis / Explanation
Account data
As long as account is active
Performance of contract
Account data after closure
7 years after termination
Fiscal and civil limitation periods
Transaction data (invoices, bids)
7 years
Fiscal retention obligation (Art. 3:60 Belgian Economic Law Code)
Identity data of buyers
10 years after registration
Art. 1528 Belgian Judicial Code + civil liability
KYC data (Stripe)
Determined by Stripe (not stored by EMT)
Stripe is processor
Log data (IP address, browser)
Maximum 12 months
Security, fraud prevention
Marketing data
Until consent is withdrawn
Consent
Data related to a dispute
10 years after resolution
Civil liability (10‑year limitation period)
Customer service correspondence
3 years after resolution
Legitimate interest
Invoice template (completed by seller)
EMT does not retain this
Seller retains their own invoice. EMT does not receive a copy unless necessary for dispute resolution.
After the retention period expires, data will be deleted or anonymised (so that it can no longer be traced back to an identifiable person).
10. Security Measures (Art. 32 GDPR)
Epic Trading Group takes appropriate technical and organisational measures to protect personal data against loss, unlawful processing or unauthorised access. These measures include:
Measure
Explanation
SSL/TLS encryption
All data transfer between user and platform is encrypted
Secure servers within the EU
Servers are located in the European Union, subject to GDPR
Role‑based access control
Only authorised personnel have access to personal data
Two‑factor authentication
For access to sensitive systems and admin dashboard
Backup and recovery procedures
Regular backups, tested recovery procedures
Internal confidentiality obligations
Personnel are bound by confidentiality
Regular security audits
Periodic assessment of security measures
11. Rights of Data Subjects (Art. 15–22 GDPR)
You have the following rights with respect to your personal data:
Right
Description
Right of access (Art. 15)
You may know whether we process data about you and which data that is
Right to rectification (Art. 16)
You may have inaccurate data corrected
Right to erasure (Art. 17)
You may have data deleted ("right to be forgotten")
Right to restriction (Art. 18)
You may have the processing of data temporarily restricted
Right to data portability (Art. 20)
You may receive data in a structured, commonly used format
Right to object (Art. 21)
You may object to processing based on legitimate interest
Right to withdraw consent
You may withdraw previously given consent (no retroactive effect)
Exception for fraud or dispute investigation:
In the case of an ongoing fraud or dispute investigation, the exercise of
certain rights (such as access or erasure) may be postponed to not hinder the
investigation. You will be informed of this.
How to exercise your rights?
Send an email to: privacy@epicmotortrading.com
Please clearly state your name, email address and account ID (if applicable)
and which right you wish to exercise.
Response time:
We will respond within 30 days in accordance with Art. 12
GDPR. In complex cases, we may extend this period by a maximum of 60 days. You
will be informed of this.
12. Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates the GDPR.
Data Protection Authority (GBA)
Rue de la Presse 35, 1000 Brussels
Website: www.dataprotectionauthority.be
Email: contact@apd-gba.be
We would appreciate it if you would contact us first at privacy@epicmotortrading.com, so that we can resolve your complaint internally.
13. Changes
Epic Trading Group reserves the right to amend this Privacy Policy from time to time. Changes may result from:
- Amendments to laws or regulations (GDPR, Belgian privacy law)
- Changes in the functionality of the platform
- New processing of personal data
The most recent version is always available on the website (www.epicmotortrading.com/privacy). In the event of material changes, we will inform users by email (if registered) or display a notice on the platform.
Contact Details
Contact
Details
Email (privacy)
privacy@epicmotortrading.com
Email (general)
info@epicmotortrading.com
Epic Motor Trading
[Signature]
Niels Vochten
5-06-2026
This Privacy Policy has been drafted in accordance with the General Data Protection Regulation (GDPR) and the Belgian Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.