Privacy Policy
This Privacy Policy explains how Tecklenborgh B.V., a company incorporated under the laws of the Netherlands, registered with the Dutch Chamber of Commerce (Kamer van Koophandel) under number 69415579 ("Tecklenborgh", "we", "us", or "our"), collects, uses, shares, and protects your personal data. Tecklenborgh is the controller within the meaning of Article 4(7) of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, "UAVG").
This Policy applies to personal data processed through our websites, applications, services, and any other interactions you may have with Tecklenborgh (together, the "Site" and "Service", as defined in our Terms and Conditions of Use).
If you have questions about this Policy or wish to exercise your data protection rights, you may contact us via the Contact page on the Site.
Introduction and Identity of the Data Controller
Tecklenborgh B.V. is registered with the Dutch Chamber of Commerce (Kamer van Koophandel) under number 69415579. Tecklenborgh acts as the data controller for personal data collected through the Site and Service.
This Policy applies to personal data processed through our websites, applications, services, and any other interactions you may have with Tecklenborgh.
If you have questions about this Policy or wish to exercise your data protection rights, you may contact us via the Contact page on the Site.
Data Protection Officer / Privacy Contact
Tecklenborgh does not currently meet the criteria for the mandatory appointment of a Data Protection Officer under Article 37 of the GDPR or Section 38 of the UAVG. Accordingly, no DPO has been appointed at this time.
We have designated a Privacy Contact who is responsible for overseeing data protection matters. The Privacy Contact can be reached via the Contact page on the Site.
Should Tecklenborgh appoint a Data Protection Officer in the future, this Policy will be updated accordingly and the DPO's contact details will be published here.
Categories of Personal Data Collected
When you create an account, place an order, subscribe to the Service, or otherwise interact with us, we may collect: identification data (name, date of birth); contact data (email address, telephone number, postal address); account data (username, password, account preferences); payment references (invoice details, transaction identifiers — we do not store full payment card numbers unless a certified payment service provider does so on our behalf under PCI-DSS standards); and the content of communications you send to us (support requests, feedback, correspondence).
When you access the Site, we automatically collect certain technical and usage data, including: your IP address and approximate location derived therefrom; device identifiers, browser type, and operating system; pages visited, time spent, referral URLs, and clickstream data; diagnostic and error logs; and cookie identifiers and similar online identifiers (see Section 9 below).
We may receive personal data from third-party sources, including: identity verification services (to confirm your identity where required); analytics providers (aggregated usage insights); advertising partners (conversion data, audience segments); and social sign-in providers (where you choose to authenticate via a third-party platform, we receive the profile information you have authorized that platform to share).
Tecklenborgh does not intentionally collect special categories of personal data (as defined in Article 9 of the GDPR), such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sexual orientation. Should such data be provided to us incidentally, we will process it only where a lawful basis under Article 9(2) of the GDPR applies (for example, explicit consent) and will otherwise delete it without undue delay.
Purposes and Legal Bases for Processing
We process your personal data for the following purposes, each paired with the applicable legal basis under Article 6(1) of the GDPR:
Service delivery and account management: performance of the contract to which you are party (Article 6(1)(b)).
Payments, invoicing, and VAT compliance: performance of contract (Article 6(1)(b)) and compliance with legal obligations under Dutch tax and accounting law (Article 6(1)(c)).
Customer support and communications: performance of contract (Article 6(1)(b)) and our legitimate interest in providing responsive service (Article 6(1)(f)).
Service improvement, analytics, and security: our legitimate interest in improving the Site, understanding usage patterns, and maintaining security (Article 6(1)(f)).
Marketing communications: your consent (Article 6(1)(a)). You may withdraw consent at any time in accordance with Article 7(3) of the GDPR without affecting the lawfulness of processing prior to withdrawal. Every marketing communication includes an opt-out mechanism.
Legal claims and compliance: compliance with legal obligations (Article 6(1)(c)) and our legitimate interest in establishing, exercising, or defending legal claims (Article 6(1)(f)).
Cookies and online identifiers for non-essential purposes: your consent, obtained in accordance with Article 11.7a of the Dutch Telecommunications Act (Telecommunicatiewet) in combination with Article 6(1)(a) of the GDPR.
Special categories: processed only where applicable under Article 9(2) with explicit consent or another permitted derogation; otherwise not processed.
Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Our standard retention periods are as follows:
| Category | Retention period |
|---|---|
| Account data | Duration of active account plus 24 months following account closure, to enable reactivation and to address any outstanding matters. |
| Communications & support records | 24 months from the date of the last interaction. |
| Logs and security data | 12 months, unless a longer period is required for the investigation of security incidents or fraud. |
| Marketing preferences | Retained until you opt out or withdraw consent. |
| Transactional & financial records | 7 years, in accordance with Dutch tax and accounting retention obligations (Algemene wet inzake rijksbelastingen). |
Where a fixed retention period is not appropriate, we apply criteria-based retention, taking into account the nature of the data, the purposes for which it is processed, and any applicable legal or regulatory requirements. Upon expiry of the applicable retention period, personal data is anonymized or securely deleted.
Sharing of Personal Data
Tecklenborgh does not sell your personal data. We may share personal data with the following categories of recipients:
Processors: third-party service providers that process personal data on our behalf, including hosting and infrastructure providers, analytics services, communications platforms, and payment service providers. We maintain written data processing agreements with each processor in accordance with Article 28 of the GDPR.
Professional advisors: legal counsel, auditors, and accountants, where necessary for the conduct of our business.
Affiliates and corporate transactions: entities within any corporate group to which Tecklenborgh belongs, or in connection with a merger, acquisition, reorganization, or sale of assets, subject to appropriate safeguards.
Authorities: government bodies, regulators, law enforcement agencies, or courts where disclosure is required by applicable law or regulation, or is necessary to protect our rights or the rights of third parties.
International Data Transfers
Tecklenborgh primarily stores and processes personal data within the European Economic Area ("EEA"). Where a transfer of personal data outside the EEA is necessary, we ensure that appropriate safeguards are in place, relying on one or more of the following mechanisms:
(a) Adequacy decisions: transfers to countries or territories that the European Commission has determined provide an adequate level of data protection.
(b) Standard Contractual Clauses: transfers made pursuant to the Standard Contractual Clauses adopted by the European Commission under Article 46(2)(c) of the GDPR, supplemented by additional technical and organizational measures where required following a transfer impact assessment consistent with the principles set out by the Court of Justice in Case C-311/18 (Schrems II).
(c) Other appropriate safeguards: Binding Corporate Rules, approved codes of conduct, or certification mechanisms, as applicable.
You may request a copy or summary of the Standard Contractual Clauses or other safeguards by contacting us via the Contact page.
Data Subject Rights
Under the GDPR, you have the following rights in relation to your personal data. You may exercise these rights at any time by contacting us via the Contact page:
Right of access (Article 15): you may request confirmation of whether we process your personal data and, if so, obtain a copy of that data together with supplementary information about the processing.
Right to rectification (Article 16): you may request correction of inaccurate personal data or completion of incomplete data.
Right to erasure (Article 17): you may request deletion of your personal data where, for example, the data is no longer necessary for the purposes for which it was collected, or you withdraw consent on which processing is based.
Right to restriction of processing (Article 18): you may request that we restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of contested data.
Right to data portability (Article 20): you may request that we provide your personal data in a structured, commonly used, machine-readable format, or that we transmit it directly to another controller where technically feasible.
Right to object (Article 21): you may object to processing based on legitimate interests, including profiling. Where we process personal data for direct marketing purposes, you have an absolute right to object at any time.
Right to withdraw consent (Article 7(3)): where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
Right not to be subject to automated decision-making (Article 22): you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless permitted under Article 22(2).
Upon receipt of a request, we may ask you to verify your identity to ensure the security of your personal data. We will respond to your request without undue delay and in any event within one month of receipt. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
If you are not satisfied with our response or believe that we are processing your personal data in a manner that is not in accordance with the law, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens (AP), Postbus 93374, 2509 AJ Den Haag, Nederland. Telefoon: +31 (0)70 888 8500.
We encourage you to contact us first so that we may attempt to resolve your concern before you approach the supervisory authority.
Cookies and Tracking Technologies
The Site uses cookies and similar tracking technologies. Cookies are small text files placed on your device when you visit the Site. We use the following categories of cookies:
Strictly necessary cookies: essential for the operation of the Site (e.g., session management, security). These do not require your consent.
Preference cookies: enable the Site to remember your choices (e.g., language, region) and provide enhanced functionality.
Analytics cookies: help us understand how visitors interact with the Site by collecting information about pages visited, time spent, and navigation paths.
Advertising cookies: used to deliver relevant advertisements and measure campaign effectiveness.
For non-essential cookies (preference, analytics, and advertising cookies), we obtain your prior consent through a cookie banner and preference center displayed upon your first visit to the Site, in accordance with Article 11.7a of the Telecommunicatiewet. You may withdraw your consent or adjust your preferences at any time through the preference center. You may also configure your browser to refuse cookies; however, this may affect the functionality of the Site.
For further detail on specific cookies deployed, their purposes, and retention periods, please refer to the cookies section in our Terms and Conditions of Use. A standalone Cookie Policy may be published separately in the future; in such case, this Policy will be updated to cross-reference it.
Security Measures
Tecklenborgh implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, where appropriate:
(a) encryption of personal data in transit (TLS/HTTPS) and at rest where applicable; (b) access controls based on the principle of least privilege, with role-based permissions and multi-factor authentication for administrative access; (c) logging and monitoring of access to systems containing personal data; (d) regular vulnerability assessments and patch management; (e) due diligence on third-party suppliers and processors, including contractual security requirements; (f) data minimization and pseudonymization where suitable to reduce risk; and (g) an incident response procedure, including notification to the Autoriteit Persoonsgegevens within 72 hours (Article 33 GDPR) and to affected data subjects without undue delay (Article 34 GDPR) where a personal data breach is likely to result in a high risk to their rights and freedoms.
You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. We encourage you to use a strong, unique password and to notify us immediately if you suspect any unauthorized use of your account.
Children's Data
The Site and Service are not directed to children under the age of 16. Accounts must be created by individuals who are at least 16 years of age or, where younger, with the verifiable consent of the holder of parental responsibility, consistent with Article 8 of the GDPR and the UAVG.
Where consent is required for information society services offered directly to a child, Tecklenborgh will make reasonable efforts to verify that consent is given or authorized by the holder of parental responsibility over the child, taking into account available technology. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that data without undue delay.
Changes to this Privacy Policy
Tecklenborgh may update this Privacy Policy from time to time to reflect changes in our processing activities, legal requirements, or business practices. If we make material changes, we will notify you by email (to the address associated with your account) or by posting a prominent notice on the Site in advance of the changes taking effect, and we will indicate the effective date at the end of this Policy.
We will archive prior versions of this Policy and make them available upon request. We encourage you to review this Policy periodically to stay informed about how we protect your personal data.