1. Who we are
This Privacy Policy applies to ViaICT BV, a private limited company registered in the Netherlands.
Chamber of Commerce (KvK): 71450580
VAT / BTW: NL858720437B01
Address: Aarhusweg 2–9, 9723 JJ Groningen, The Netherlands
Phone: +31 (0)50 785 2393
Email: privacy@viaict.com
ViaICT BV is the controller (verwerkingsverantwoordelijke) within the meaning of the General Data Protection Regulation (GDPR / AVG) for the personal data described in this policy.
2. What data we collect
We collect personal data only when you actively provide it or when it arises naturally from our interaction with you.
| Category | Data elements | How collected |
|---|---|---|
| Contact & enquiry data | Name, business email, company name, phone number, project description / message | Contact form on viaict.com |
| Client & contract data | Name, role, business address, billing details, contract information | During service onboarding and invoicing |
| Communication data | Email correspondence, meeting notes, support messages | Email, phone, video calls |
| Technical / server logs | IP address, browser type, requested URL, HTTP status code, timestamp | Automatically by Cloudflare (our hosting provider) for security and availability |
We do not use cookies for tracking or analytics. We do not set any third-party marketing or advertising cookies. The site uses no persistent cookies of any kind; only a short-lived session token may be set if you submit the contact form.
3. Why we process your data (purposes and legal basis)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Responding to your enquiry or demo request | Art. 6(1)(b) — steps prior to entering into a contract; or Art. 6(1)(f) — legitimate interest (answering a direct business enquiry) |
| Delivering contracted services (software, integrations, AI automation) | Art. 6(1)(b) — performance of a contract |
| Invoicing and accounting obligations | Art. 6(1)(c) — legal obligation under Dutch accounting law (Burgerlijk Wetboek) |
| Security, abuse prevention, and server integrity | Art. 6(1)(f) — legitimate interest (protecting systems and users) |
| Sending product updates or newsletters (if you opted in) | Art. 6(1)(a) — consent (you may withdraw at any time) |
4. Data retention
We keep your personal data only as long as necessary:
- Enquiry data (no contract concluded): 2 years after your last contact, then deleted.
- Client & contract data: 7 years after the end of the contract, in compliance with Dutch statutory accounting retention requirements.
- Server logs: maximum 90 days, then automatically purged by our hosting infrastructure.
- Consent-based communications: until you unsubscribe or withdraw consent.
5. Who we share your data with
We do not sell your personal data. We share data only where strictly necessary:
- Cloudflare, Inc. — CDN, DNS, and hosting infrastructure. Cloudflare processes server log data as a processor under a DPA. Data is stored in the EU where technically feasible.
- Email service providers — for sending transactional email replies to your enquiries (e.g., Cloudflare Email Routing). No marketing profiling is performed.
- Accounting software / auditors — only invoice and billing data, under statutory obligation.
- Subcontractors — if we engage a subcontractor to deliver a service to you, they act as processors under a Data Processing Agreement and may only process data on our instructions.
- Law enforcement / regulators — if required by applicable law, court order, or to protect our legal rights.
When data is transferred outside the European Economic Area (EEA), we ensure an adequate level of protection through Standard Contractual Clauses (SCCs) or equivalent safeguards.
6. Your rights
Under the GDPR / AVG you have the following rights with respect to your personal data:
- Right of access (Art. 15) — request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — have inaccurate data corrected.
- Right to erasure / "right to be forgotten" (Art. 17) — request deletion of your data, subject to legal retention obligations.
- Right to restriction (Art. 18) — ask us to limit processing in certain circumstances.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, contact us at privacy@viaict.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Dutch supervisory authority:
Autoriteit Persoonsgegevens (AP)
Hoge Nieuwstraat 8, 2514 EL Den Haag
www.autoriteitpersoonsgegevens.nl
7. Security
We take appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, or disclosure. These include HTTPS encryption for all web traffic, access controls on systems that hold personal data, and limited access on a need-to-know basis.
8. Children
Our services are directed at businesses (B2B) and are not intended for persons under the age of 16. We do not knowingly collect data from children.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated on our website. The date at the top of this page always reflects the most recent revision. Continued use of our services after changes take effect constitutes acceptance of the revised policy.
10. Contact
For privacy-related questions or requests:
ViaICT BV
Aarhusweg 2–9, 9723 JJ Groningen
privacy@viaict.com
+31 (0)50 785 2393