Downloads
Blog
Who we are
Our customers
Contact
Software
Advice
Training & E-learning

Privacy Statement

Privacy Company B.V.

Last updated on 31 March 2026

Thank you for visiting the Privacy Company website. Privacy Company B.V. is committed to protecting and respecting your privacy. This privacy statement describes how Privacy Company collects, uses, shares and otherwise processes personal data and what rights you may exercise in relation to your personal data.

Privacy Company

Privacy Company is a consulting firm specialising in privacy and data protection, and is based in The Hague, Zwolle and Berlin. We have a team of more than 20 consultants with expertise in various disciplines, from policy to technology. Our services include the deployment of privacy officers and data protection officers on a flexible basis, the implementation of the General Data Protection Regulation (hereinafter: GDPR) within the organisation, including the performance of the privacy maturity assessments, and providing training on GDPR, among other things. Furthermore, we offer the privacy management software Privacy Nexus. We process personal data in order to provide our services and our website. For the services and activities described in this privacy statement, Privacy Company acts as the controller within the meaning of the GDPR.

If you have any questions or concerns regarding this privacy statement, please contact us here:

Privacy Company B.V.
Maanweg 174
2516 AB The Hague
The Netherlands
+31 70 820 96 90
compliance@privacycompany.nl
Chamber of Commerce number: 63080052

Personal data we collect

Personal data are any information that enables you to be directly or indirectly identified as an individual. Examples include name, address, telephone number, and account number. The personal data that we collect and process depends on our relation and service. The personal data that we collect and process from you may include the following:

  • contact information, such as name, e-mail address, telephone number;
  • payment details, such as bank account number; and
  • other information you provide, such as when you contact us (name, e-mail address, phone number, and organisation name).

When you visit our website, we collect the following:

  • cookies (please read the cookie statement for more information);
  • IP address, pages visited and referrer URL;
  • browser, plugins and operating system version and screen resolution;
  • approximate city and country; and
  • marketing campaign URL parameters.

Purposes for processing personal data

Privacy Company may process your personal data for the purpose of:

  • offering our services;
  • reviewing job applications;
  • processing payments;
  • maintaining and securing our website;
  • improving and enhancing the performance of the website and related services;
  • to contact you by phone or email in response to a request or a query via our contact form; and
  • to comply with legal obligations.

Legal basis

Privacy Company only processes personal data when we have a legal basis to do so. Privacy Company uses the following legal bases:

  • Performance of a contract: when the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
  • Legal obligation: to comply with a legal obligation, such as keeping financial records to comply with tax laws.
  • Legitimate interest: so that we can offer the most optimal and personalised services. In doing so, we take your interests, rights, and expectations into account. Our legitimate interests include:
    • manage our business operations and administer our client relationships;
    • informing our clients about upcoming events;
    • ensure the website operates effectively and efficiently;
    • operate, maintain, manage and secure the website;
    • improve and enhance the features and performance of the website and relevant services;
    • to provide Privacy Nexus and to provide users of Privacy Nexus with the necessary information regarding updates;
    • provide support and respond to your requests and queries; and
    • enforce our terms and policies.

How we share your personal data

We do not share your personal data with any other organisation allowing them to further process your personal data for their own purpose, except if we are legally obliged to do so.

Privacy Company may share your personal data with third parties when this is necessary for the provision of our services, for example with payment partners or IT service providers. When we share your personal data with third parties who process personal data on our behalf, we ensure that your personal data is protected by, among other things, entering into data processing agreements. We actively monitor compliance with the security obligations of our processors. You can find a list of processors we engage below.

International data transfers

Your personal data is primarily stored in the European Economic Area (EEA). In the event that personal data is processed outside the EEA, Privacy Company implements additional safeguards to guarantee that personal data is protected with an adequate level of security. In cases where the European Commission has not issued an adequacy decision, we ensure that personal data is protected through the use of standard contractual clauses approved by the Commission.  

Automated decision-making and profiling

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

Your rights and how to exercise them

Under the GDPR, you have the following rights that you can exercise in relation to our processing of your personal data.

  • Right of information: You have a right to be informed about how we process your personal data.
  • Right of access: You have a right to obtain confirmation as to whether or not your personal data is processed by us and have access to your personal data.
  • Right to rectification: You have the right to rectify incorrect personal data that Privacy Company processes.
  • Right to erasure: You have the right to request your personal data to be deleted, for example when personal data is no longer necessary for the purpose for which we they were obtained. There are a number of exceptions to this, including our obligation to retain specific financial records for tax authorities.
  • Right to restriction: During the period in which we are determining whether your data needs to be corrected, determining the lawfulness of data processing, determining whether data needs to be deleted, or you have objected to the processing, you have the right to request the restriction of processing.
  • Right to data portability: At your request, we can transfer all personal data we hold about you to you or another organisation of your choice. This right may only be exercised if the processing takes place on the basis of consent or an agreement.
  • Right to object: If we process personal data on the basis of legitimate interest or public interest, it is possible to object, after which a balancing of interests will follow. You always have the right to object to the processing of your personal data for direct marketing purposes.
  • Right to withdraw consent: You always have the right to withdraw your consent whenever the processing of your personal data takes place on the basis of your consent. Withdrawal of consent does not affect the lawfulness of the processing of personal data prior to the withdrawal. Please note that certain features of our website and our services may not be available if your consent has been withdrawn.
  • Right to file a complaint: If you believe that your rights have been infringed you also have the right to lodge a complaint with the relevant supervisory authority. Please consult the website of the Dutch supervisory authority for more information about filing a complaint.

Should you have any questions or complaints about this privacy statement or if you wish to exercise any of your rights in respect of your personal data processed by Privacy Company, please send your request to compliance@privacycompany.nl. In order to protect your privacy, we may require you to provide additional information to demonstrate your identity before we process your request.

Privacy Company strives to handle requests as quickly as possible, but in any case within one month of receipt of the request, and to inform you about the handling of the request. If the request is extensive or complex, Privacy Company will use an additional period of two months to respond to the request. If Privacy Company makes use of this additional period, we will inform you of this within one month of the request.

How long do we store your personal data

We store your personal data on the basis of applicable law and regulation and as long as is necessary for us to provide the website and services and operate our business, or when it is necessary to fulfill the purposes for which such information was collected. We determine this based on the nature of the personal data, the specific product or service for which Privacy Company collected it, and what you can reasonably expect to be retained.

If you are no longer a customer of Privacy Nexus, the data associated with your Privacy Nexus environment will be deleted no later than two months thereafter.

How we protect your personal data

Privacy Company takes reasonable steps to ensure that your personal data is properly secured across all our systems using appropriate technical and organisational measures. These measures include, among others, physical access controls to our premises and logical access controls within our IT environment. Privacy Company has implemented encryption for traffic to and from its website. This ensures that data transmitted between you and our web servers is protected against unauthorised access.

We take steps to limit access to personal data to those individuals who need to have access for one of the purposes listed in this privacy statement. All new employees receive security awareness training during their initial period of employment.

Furthermore, we contractually ensure that any third party processing your personal data on our behalf maintains at least equal security and privacy standards. We actively monitor our processors’ compliance with their contractual and statutory security obligations. Where we engage a processor, we endeavor to select a provider established within the European Union. If this is not feasible, we ensure that any transfer of personal data outside the European Union is subject to appropriate safeguards, such as an adequacy decision issued by the European Commission or the implementation of other legally recognised transfer mechanisms, including Standard Contractual Clauses.

Contact us

If you have any questions about this privacy statement or if you wish to exercise the rights described above with regard to your personal data, please contact us at compliance@privacycompany.nl. You can also contact us to report complaints about the processing of your personal data.

Changes to this privacy statement

We may update this privacy statement from time to time. We encourage you to periodically review this privacy statement to stay informed of any changes.

Overview of Processors

The following parties process personal data on our behalf when delivering our website and Privacy Nexus to you.

Processor: Webflow, Inc.

  • Used for: Hosting our website
  • Type of data: IP address and request information
  • Applies to: Website

Processor: InnoCraft Ltd. (Matomo)

  • Used for: Analytics of our website
  • Type of data: Website visitor data
  • Applies to: Website

Processor: Laposta B.V.

  • Used for: Service updates to customers
  • Type of data: E-mail addresses of Privacy Company contact persons and Privacy Nexus users
  • Applies to: Privacy Company and Privacy Nexus

Processor: Microsoft Ireland Operations Limited (Microsoft 365)

  • Used for: Storage of our own email and documents
  • Type of data: Business management data
  • Applies to: Privacy Company and Privacy Nexus

Processor: Microsoft Ireland Operations Limited (Azure cloud hosting)

  • Used for: Hosting of Privacy Nexus
  • Type of data: Hosting data
  • Applies to: Privacy Nexus

Processor: ActiveCampaign, LLC (Postmark)

  • Used for: Handles emails from Privacy Nexus
  • Type of data: E-mail addresses and names of Privacy Nexus users
  • Applies to: Privacy Nexus

Processor: HelpDocs Ltd

  • Used for: Hosting of knowledge base
  • Type of data: IP address and request information
  • Applies to: Privacy Nexus

Processor: Simplicate

  • Used for: Customer relationship management
  • Type of data: Contact details
  • Applies to: Privacy Company and Privacy Nexus

Processor: Exact

  • Used for: Financial administration
  • Type of data: Contact details
  • Applies to: Privacy Company and Privacy Nexus

Changelog

Privacy Statement Privacy Company B.V.
Version: 31 March 2026

  • 2026-03-31:
    • Full rewrite of our privacy statement, the previous version is available here.
    • Replaced processor Teamleader with Simplicate.
    • Clarified our legal basis for processing Privacy Nexus data.
  • 2026-02-23: Replaced processor MailerLite Limited with Laposta B.V.
  • 2025-11-21: Clarified that access and error log files are kept when using Privacy Nexus.
  • 2025-03-31: Removed Weglot from the list of processors.
  • 2024-04-04: Removed Tilaa from the list of processors.
  • 2024-03-26: Full rewrite of our privacy statement and start of this changelog. You can find the previous version here.
The Hague
Maanweg 174
2516 AB Den Haag
+31 708209690
info@privacycompany.nl
Berlin
Friedrichstrasse 68
10117 Berlin
+49 16098404354
info@privacycompany.nl
© Privacy Company
ImpressumPrivacy StatementCookie Statement
We're working with