1. Introduction

1.1 What is Respellion’s Privacy Policy?

Respellion’s Privacy Policy describes how Respellion handles privacy-sensitive information, both for its own employees and its customers. This policy covers:

• Which categories of personal data are processed
• The purposes for which Respellion processes personal data (including the applicable legal basis)
• How Respellion complies with the obligation to process no more data than necessary (data minimization)
• The privacy rights of data subjects and how they can exercise these rights (right to lodge a complaint with the Dutch Data Protection Authority + right to access, modify, delete, and receive all registered data)
• The organizational and technical measures taken to secure personal data
• How long Respellion retains personal data

1.2 Is a Privacy Policy Mandatory for Respellion?

The short answer is No. It is only mandatory if our activities primarily involve processing (special categories of) personal data. This is not the case for Respellion.

Although we do not process special categories of personal data (such as health or political preference data) on a large scale, we aim to be clear and transparent with our employees, customers, and third parties about the personal data we process.

2. Information Collected by Respellion

2.1 Data Provided to Respellion

We collect personal data that employees, customers, and third parties voluntarily provide when they:

• Request an account or have an account requested on their behalf (with their consent)
• Make a purchase
• Register for a newsletter or other Respellion communications
• Complete a survey or form
• Contact our support or customer service
• Participate in Respellion promotions or events

Such information may include:

• Name and contact details (email address, phone number, postal address)
• Account information (username, password)
• Payment information (bank card details, credit card details, billing address)
• Demographic data (age, date of birth, gender)
• Business information (company, job title)
• Any other information provided by employees, customers, or third parties

2.2 Automatically Collected Data

When employees, customers, or third parties use our services, we may automatically collect certain data, including:

• Device data (IP address, browser type, operating system, device IDs)
• Usage data (pages visited, time spent, clickstream data, referring URLs)
• Location data (general geographic location based on IP address)
• Cookies and similar tracking technologies (see our Cookie Policy)

2.3 Data from Third Parties

We may receive information about employees, customers, and/or third parties from external sources, such as social media platforms, analytics providers, marketing partners, or publicly available databases. This may include all types of data mentioned above.

3. How We Use Your Data

We use the collected data for various purposes, including:

• Providing and maintaining our services: To deliver requested services, process transactions, and manage your account
• Improving our services: To understand user interactions and enhance the user experience
• Communication: To send updates, newsletters, marketing materials, and respond to inquiries
• Personalization: To tailor content and recommendations based on your preferences
• Security and fraud prevention: To detect, prevent, and address security issues or fraudulent activities
• Legal compliance: To comply with applicable laws, regulations, and legal processes
• Analysis and research: To conduct analytics, market research, and business intelligence

4. Legal Basis for Processing (GDPR)

Our legal basis for collecting and using your personal data depends on the data and context:

• Consent: You have explicitly consented to the processing of your data
• Contract: Processing is necessary to fulfill a contract with you
• Legal obligation: We must comply with a legal requirement
• Legitimate interests: Processing is in our legitimate interest (e.g., fraud prevention, direct marketing)

5. How We Share Your Data

We may share your data with third parties in the following circumstances:

• Service providers: External vendors performing services on our behalf (e.g., payment processors, hosting providers, analytics services)
• Business transfers: In connection with a merger, acquisition, or sale of assets
• Legal requirements: When required by law or to protect our rights, safety, or property
• With your consent: When you have explicitly consented to sharing your data
• Aggregated information: We may share anonymized, aggregated data that does not personally identify you

6. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other approved mechanisms, to protect your data during international transfers.

7. Data Retention Period

We retain your personal data only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period depends on factors such as the nature of the data, why it was collected, and our legal obligations.

When we no longer need your data, we will securely delete or anonymize it.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: Request access to the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (“right to be forgotten”)
• Right to restriction: Request restriction of processing in certain circumstances
• Right to data portability: Request transfer of your data to another service provider
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw consent at any time when processing is based on consent

To exercise these rights, contact us at privacy@respellion.nl. We will respond to your request within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Cookies and Tracking Technologies

We may use cookies and similar tracking technologies to collect information about your browsing behavior. Types of cookies we may use:

• Necessary cookies: Required for the website to function properly
• Performance cookies: Help us understand how visitors use our site
• Functionality cookies: Remember your preferences and choices
• Targeting cookies: Used for advertising and cross-site tracking

You can manage your cookie preferences via your browser settings. For more information, contact us at privacy@respellion.nl. We will respond to your request within 30 days.

11. Links to Third Parties

Our services may contain links to third-party websites or services. We are not responsible for their privacy practices. We recommend reviewing their privacy policies before providing personal information.

12. Children’s Privacy

Our services are not intended for children under the age of [13/16/18]. We do not knowingly collect personal data from children. If we discover that we have collected data from a child without parental consent, we will take steps to delete that information immediately.

13. Do Not Track Signals

Some browsers support “Do Not Track” (DNT) signals. We [do/do not currently] respond to DNT signals.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of significant changes by posting a notice on our website. The “Last Updated” date at the top of this Privacy Policy indicates when it was last revised.

Your continued use of our services after any changes constitutes your acceptance of the updated Privacy Policy.

15. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Respellion

Attn: Privacy Officer / Data Protection Officer

Address: Waldorpstraat 5

2521 CA ‘s-Gravenhage

Netherlands

Email: privacy@respellion.nl

Phone: +31(0)850607428

For residents of the European Economic Area:

If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl).

Appendix: Data Processing Details

Below is a summary table of the categories of personal data we process, the purposes of processing, and the legal basis: