Privacy Policy

Data Controller Information

BrightDelphinium B.V. is the data controller responsible for your personal data. Our contact details are:

Data Collection

The data we collect includes information you provide directly to us and information we collect automatically when you use our website and services.

Personal Data We Collect

• Contact information (name, email address, phone number, postal address)
• Company information (company name, job title, business details)
• Communication preferences and enquiry details
• Website usage data (IP address, browser type, pages visited, time spent on site)
• Technical information (device type, operating system, screen resolution)
• Cookies and similar tracking technologies (see our Cookie Policy for details)

How We Use Your Information

We use the personal data we collect for the following purposes, based on legitimate business interests and your consent where required:

• To respond to your enquiries and provide customer support
• To deliver our e-commerce platform services and solutions
• To improve our website functionality and user experience
• To send you relevant business communications and updates
• To comply with legal obligations and protect our legitimate interests
• To analyse website performance and optimise our services
• To prevent fraud and ensure website security

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: For marketing communications and non-essential cookies
• Contractual necessity: To provide our services and fulfil our obligations
• Legitimate interests: For website analytics, security, and business development
• Legal compliance: To meet our legal and regulatory obligations

Data Sharing and Third Parties

We may share your personal data with trusted third parties in the following circumstances:

• Service providers who assist us in operating our website and delivering services
• Analytics providers (such as Google Analytics) to understand website usage
• Marketing platforms for advertising and remarketing purposes
• Legal authorities when required by law or to protect our rights
• Business partners for legitimate business purposes with your consent

All third parties are required to maintain appropriate security measures and use your data only for specified purposes.

Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected:

• Contact enquiries: 3 years from last contact
• Customer data: Duration of business relationship plus 7 years for legal compliance
• Website analytics data: 26 months (Google Analytics default)
• Marketing consent: Until consent is withdrawn
• Legal compliance data: As required by applicable law

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data to another organisation
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for processing at any time

To exercise any of these rights, please contact us at [email protected] or +31 508027604.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure hosting infrastructure with regular security updates
• Access controls and authentication procedures
• Regular security assessments and monitoring
• Staff training on data protection and security practices

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules or certification schemes

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and provide analytics insights. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you through our website or by email. The "Last updated" date at the top of this policy indicates when it was most recently revised.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the relevant supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).