Privacy Policy

Data Controller Information

Crevion B.V. is the data controller responsible for your personal data. Our contact details are:

Data We Collect

We collect and process the following types of personal data:

Information You Provide Directly

• Contact Information: Name, email address, phone number, company name, job title
• Communication Data: Messages, enquiries, and correspondence you send to us
• Service Data: Information related to our consulting services and client relationships
• Marketing Preferences: Your communication and marketing preferences

Information We Collect Automatically

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent on site, referral sources, user interactions
• Location Data: General geographic location based on IP address
• Cookie Data: Information collected through cookies and similar tracking technologies

How We Use Your Information

We process your personal data for the following purposes and legal bases:

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

• Service Providers: Third-party vendors who provide services such as website hosting, email delivery, analytics, and payment processing
• Professional Advisors: Legal advisors, accountants, auditors, and other professional service providers
• Business Partners: Trusted partners who assist in delivering our services (under strict confidentiality agreements)
• Legal Authorities: Government agencies, law enforcement, or regulatory bodies when required by law
• Business Transfers: In connection with mergers, acquisitions, or other business transactions

We ensure that all third parties are contractually bound to protect your personal data and use it only for the specified purposes.

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Other appropriate safeguards approved by supervisory authorities

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

• Client Data: Retained for the duration of our business relationship and up to 7 years after termination for legal and tax purposes
• Marketing Data: Retained until you withdraw consent or request deletion
• Website Data: Analytics data typically retained for 26 months
• Legal Obligations: Some data may be retained longer to comply with legal, tax, or regulatory requirements

When personal data is no longer needed, we will securely delete or anonymise it in accordance with our data retention and deletion policies.

Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month, though this may be extended in complex cases.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Access controls and authentication measures
• Regular security assessments and updates
• Employee training on data protection and security
• Incident response and breach notification procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breaches as required by law.

Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date at the top of this policy
• Sending you a notification if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

If you believe we have not handled your personal data in accordance with this Privacy Policy or applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority: