Privacy Policy
Last updated: 8 June 2026
This Privacy Policy (Privacyverklaring) explains how Pureflexback.ddd ("we", "us", "our") collects, uses, stores, and protects your personal data (persoonsgegevens) when you visit our website or contact us. We process data in accordance with:
- the General Data Protection Regulation (EU) 2016/679 ("GDPR");
- the Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, "UAVG");
- the Dutch Telecommunications Act (Telecommunicatiewet), where relevant to cookies and similar technologies;
- guidance from the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP).
1. Data Controller (Verwerkingsverantwoordelijke)
The data controller responsible for your personal data is the operator of Pureflexback.ddd, registered in the Netherlands with the following details:
- Trade name / Website: Pureflexback.ddd
- Address: Prinsesseweg, 9747 AV Groningen, Netherlands
- Email: reach@pureflexback.world
- Phone: +31 6 42243836
- Chamber of Commerce (KVK): 76988899
- VAT identification number (BTW): 39058036430
We have not appointed a Data Protection Officer (Functionaris Gegevensbescherming). For all privacy matters, contact us using the details above.
2. Personal Data We Collect and Sources
We collect personal data directly from you or automatically when you use the Website:
- Contact data — name, email address, and message content when you submit our contact form (provided by you).
- Consent data — your cookie and GDPR consent choices, including timestamp (provided by you via checkboxes/banner).
- Technical data — IP address, browser type and version, device type, operating system, language settings, referring URL, and date/time of access (collected automatically via server logs).
- Usage data — pages visited, session duration, and click patterns, only if you consent to analytics cookies.
- Embedded content data — only if you choose to load Google Maps on our contact page, Google may process your IP address and interaction data. See Section 8.
We do not collect special categories of personal data (Article 9 GDPR) and we do not use automated decision-making or profiling within the meaning of Article 22 GDPR.
3. Purposes and Legal Bases (Doeleinden en Grondslagen)
We process personal data only where a legal basis under Article 6 GDPR / Article 6 UAVG applies:
| Processing activity | Purpose | Legal basis |
|---|---|---|
| Contact form | Respond to your enquiry | Consent (Art. 6(1)(a)) — GDPR checkbox; and/or legitimate interest (Art. 6(1)(f)) in handling correspondence |
| Server logs | Security, fraud prevention, troubleshooting | Legitimate interest (Art. 6(1)(f)) — protecting our systems and visitors |
| Cookie consent storage | Record and honour your cookie choices | Legal obligation (Art. 6(1)(c)) under Telecommunicatiewet; legitimate interest (Art. 6(1)(f)) |
| Analytics cookies | Understand site usage and improve content | Consent (Art. 6(1)(a)) via cookie banner |
| Marketing cookies | Measure campaigns and relevant advertising | Consent (Art. 6(1)(a)) via cookie banner |
| Legal compliance | Respond to lawful requests from authorities | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interest, we balance our interests against your rights and freedoms. You may object to processing based on legitimate interest at any time (see Section 9).
4. Data Retention (Bewaartermijnen)
We retain personal data no longer than necessary for the purposes stated above:
- Contact form data: up to 12 months after your enquiry is resolved, unless a longer statutory retention period applies (e.g. tax or legal claims).
- Server and security logs: up to 90 days, unless required longer for incident investigation.
- Cookie consent records: up to 12 months from the date of consent, or until you withdraw consent and records are deleted.
- Analytics data: according to the analytics provider's settings (typically 14–26 months), only if you have consented. Data is deleted or anonymised after the retention period.
After expiry of the retention period, data is securely deleted or irreversibly anonymised.
5. Recipients and Processors (Ontvangers en Verwerkers)
We do not sell your personal data. We may share data with the following categories of recipients:
- Hosting and IT infrastructure providers — to operate the Website (processors under Article 28 GDPR; bound by data processing agreements).
- Analytics providers (e.g. Google Analytics) — only if you consent to analytics cookies.
- Google Ireland Limited — when you interact with embedded Google Maps on our contact page.
- Public authorities — when required by Dutch or EU law, court order, or lawful request.
We require all processors to implement appropriate security measures and process data only on our documented instructions.
6. International Transfers
We primarily store and process data within the European Economic Area (EEA). Where data is transferred outside the EEA — for example, to Google LLC in the United States via Google Maps or analytics services — we ensure appropriate safeguards are in place, such as:
- EU Commission adequacy decisions, where applicable;
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- supplementary measures where required following Schrems II case law.
You may request a copy of applicable safeguards by contacting us.
7. Security Measures (Beveiliging)
We implement appropriate technical and organisational measures (Article 32 GDPR), including:
- HTTPS/TLS encryption for data in transit;
- access controls limiting who can view contact form submissions;
- regular review of security practices;
- data minimisation — we collect only what is necessary;
- procedures for detecting, reporting, and responding to personal data breaches (meldplicht datalekken) to the AP within 72 hours where required.
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but take reasonable steps to protect your data.
8. Cookies, Maps, and Similar Technologies
We use cookies and local storage. Non-essential cookies are placed only after your consent, in accordance with the Telecommunicatiewet (Article 11.7a) and GDPR. Full details, including Google Consent Mode v2, are in our Cookie Policy.
On our contact page, Google Maps is loaded only after you click Load map. Until then, no map cookies are set and no data is sent to Google. If you load the map, Google Ireland Limited may process your IP address and usage data under its own privacy policy.
9. Your Rights (Uw Rechten)
Under the GDPR and UAVG, you have the following rights regarding your personal data:
- Right of access (recht op inzage) — obtain confirmation and a copy of your data.
- Right to rectification (recht op rectificatie) — correct inaccurate or incomplete data.
- Right to erasure (recht op wissing) — request deletion where legally applicable.
- Right to restriction (recht op beperking) — limit processing in certain circumstances.
- Right to data portability (recht op dataportabiliteit) — receive data you provided in a structured, commonly used, machine-readable format.
- Right to object (recht van bezwaar) — object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal.
To exercise your rights, email reach@pureflexback.world with sufficient information to identify your request. We respond within one month (extendable by two further months for complex requests, with notice).
If you believe your data is processed unlawfully, you may lodge a complaint with the Dutch Data Protection Authority:
- Autoriteit Persoonsgegevens (AP)
- Website: autoriteitpersoonsgegevens.nl
- Phone: +31 70 388 85 00
EU consumers may also use the EU Online Dispute Resolution (ODR) platform for certain disputes.
10. Children's Data
This Website is not directed at children under 16. We do not knowingly collect personal data from children under 16 without parental consent. If you believe a child has provided data to us, contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy to reflect legal, technical, or operational changes. The "Last updated" date will be revised. Material changes will be communicated where appropriate. We encourage you to review this page periodically.
12. Contact
For privacy-related questions or to exercise your rights:
- Email: reach@pureflexback.world
- Contact form
- Post: Prinsesseweg, 9747 AV Groningen, Netherlands