Privacy Policy

Last updated: January 2025

1. Introduction

This Privacy Policy explains how BVOOC collects, uses, stores, and protects your personal data. I am committed to protecting your privacy and handling your data transparently and in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

This Privacy Policy applies to all users, including those located outside the European Union.

2. Data Controller

The data controller responsible for your personal data is:

BVOOC

Bart van Os

The Netherlands

Email: bart@bvooc.com

Phone: +31 6 11 09 11 11

For any questions about this Privacy Policy or your personal data, please contact me at the email address above.

2.1 Role as Controller and Processor

BVOOC acts as an independent data controller for its own business operations and as a data processor when providing services on behalf of clients.

3. What Personal Data I Collect

I only collect data that is necessary to provide my services. Depending on our interaction, this may include:

3.1 Contact Information

Name
Email address
Phone number
Business name and address (if applicable)

3.2 Communications

Messages sent via WhatsApp, email, or contact forms
Project-related correspondence
Support requests

3.3 Account Credentials

Login details you share with me for account management (Google Workspace, Netlify, Cloudflare, etc.)
These are stored securely and used only for agreed services

3.4 Business Information

Company name and registration details
Billing address
Payment information (processed by third-party payment providers)

3.5 Technical Data

When you visit bvooc.com: IP address (anonymized), browser type, pages visited
This data is minimal as I do not use analytics or tracking cookies

4. How I Use Your Data

I use your personal data exclusively for the following purposes:

Purpose	Legal Basis (GDPR)
Providing agreed services (website development, support)	Contract performance (Art. 6(1)(b))
Communicating about your project	Contract performance (Art. 6(1)(b))
Sending invoices and processing payments	Contract performance (Art. 6(1)(b))
Managing accounts on your behalf	Consent (Art. 6(1)(a))
Responding to inquiries	Legitimate interest (Art. 6(1)(f))
Legal compliance and record-keeping	Legal obligation (Art. 6(1)(c))

I will never:

Sell your personal data to third parties
Use your data for marketing without your explicit consent
Share your data except as described in this policy

5. Sharing Data with Third Parties

I may share your personal data with the following categories of third parties, solely for the purpose of providing my services:

5.1 Service Providers (Data Processors)

Provider	Purpose	Location	Safeguards
Cloudflare, Inc.	Domain registration, DNS management, website security	USA	SCCs, EU-US Data Privacy Framework
Netlify, Inc.	Website hosting	USA	Standard Contractual Clauses (SCCs)
Google LLC	Google Workspace (email, calendar, drive)	USA	SCCs, EU-US Data Privacy Framework
Meta Platforms, Inc.	WhatsApp communication	USA	SCCs, EU-US Data Privacy Framework

5.2 International Data Transfers

Personal data may be processed in countries outside the European Economic Area (EEA), including the United States. Where required, appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms are used.

When your data is transferred outside the EEA, I ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): Contractual protections approved by the European Commission
EU-US Data Privacy Framework: For providers certified under this framework
Adequacy Decisions: Where the European Commission has determined a country provides adequate protection

You can request more information about these safeguards by contacting me.

5.3 Other Disclosures

I may also disclose your data:

When required by law, court order, or government authority
To protect my legal rights or defend against legal claims
In connection with a business transfer (merger, acquisition, etc.) — you will be notified in advance

6. Cookies and Tracking

6.1 Current Cookie Usage

This website (bvooc.com) uses strictly necessary cookies only. These are essential for the website to function and cannot be disabled. They do not track you or collect personal information for marketing purposes.

Examples of strictly necessary cookies:

Session cookies to maintain website functionality
Language preference cookies

6.2 What I Do NOT Use

Analytics cookies (Google Analytics, etc.)
Advertising or marketing cookies
Social media tracking pixels
Third-party tracking scripts

6.3 Third-Party Embeds

If the website contains embedded content (e.g., YouTube videos, maps), those third parties may set their own cookies. I recommend reviewing their privacy policies:

Google/YouTube: https://policies.google.com/privacy
Other embeds as applicable

6.4 Managing Cookies

You can control cookies through your browser settings:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Cookies and Site Permissions

Blocking all cookies may affect website functionality.

6.5 Future Changes

If I add analytics or other non-essential cookies in the future, I will:

Update this Privacy Policy
Implement a cookie consent banner
Obtain your consent before setting non-essential cookies

7. Data Retention

I retain your personal data only as long as necessary for the purposes described in this policy:

Data Type	Retention Period	Reason
Project files and correspondence	2 years after project completion	Business records, potential support needs
Invoices and financial records	7 years	Dutch legal requirement (fiscal administration)
Account credentials you shared	Deleted within 30 days after collaboration ends	No longer needed
Contact form inquiries	1 year if no project results	Follow-up and business development
Support communications	Duration of Support Contract + 1 year	Service continuity

After the retention period, data is securely deleted or anonymized.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

8.1 Right of Access (Art. 15)

You can request a copy of the personal data I hold about you.

8.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete data.

8.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your data, subject to legal retention requirements.

8.4 Right to Restriction of Processing (Art. 18)

You can request that I limit how I use your data in certain circumstances.

8.5 Right to Data Portability (Art. 20)

You can request your data in a structured, commonly used format (e.g., CSV, JSON).

8.6 Right to Object (Art. 21)

You can object to processing based on legitimate interests.

8.7 Right to Withdraw Consent (Art. 7)

Where processing is based on consent (e.g., account access), you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

8.8 How to Exercise Your Rights

To exercise any of these rights:

Email me at bart@bvooc.com with your request
Include your name and enough information to identify you
Specify which right you wish to exercise

Response time: I will respond to your request within one month. If your request is complex, I may extend this by two additional months, but I will inform you within the first month.

Cost: Requests are free of charge. However, I may charge a reasonable fee for manifestly unfounded or excessive requests.

Verification: I may need to verify your identity before processing your request.

9. Data Security

I take appropriate technical and organizational measures to protect your personal data:

9.1 Technical Measures

Encrypted communication (HTTPS for website, TLS for email)
Secure password management (unique, strong passwords)
Two-factor authentication where available
Regular software updates

9.2 Organizational Measures

Limited access to personal data (only me)
Confidential handling of account credentials
Secure deletion of data when no longer needed

9.3 Incident Response

In the event of a data breach that poses a risk to your rights and freedoms, I will:

Notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours
Notify you without undue delay if the breach is likely to result in high risk

10. Children's Privacy

My services are not directed at children under 16 years of age. I do not knowingly collect personal data from children. If you believe I have inadvertently collected data from a child, please contact me immediately.

11. Links to Third-Party Websites

My website may contain links to third-party websites. I am not responsible for the privacy practices of those websites. I encourage you to read their privacy policies before providing any personal data.

12. Changes to This Privacy Policy

I may update this Privacy Policy from time to time. Changes will be:

Posted on this page with an updated "Last updated" date
Communicated via email for significant changes (if you are an active client)

I encourage you to review this policy periodically.

13. Complaints

If you are not satisfied with how I handle your personal data, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens

Postbus 93374

2509 AJ Den Haag

The Netherlands

Website: autoriteitpersoonsgegevens.nl

Phone: +31 (0)70 888 8500

I encourage you to contact me first so I can try to resolve your concern.

14. Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: bart@bvooc.com

Phone: +31 6 11 09 11 11

This Privacy Policy is effective as of January 2025.