BrantCom B.V. is committed to protecting the privacy of individuals who interact with our website and services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (Uitvoeringswet AVG).
1. Data Controller
The data controller responsible for the processing of your personal data is:
BrantCom B.V.
Parnassusweg 819, 1082 LZ Amsterdam, The Netherlands
KvK: 59387661 · BTW: NL853454656B01
Email: info@brantcom.nl
2. Personal Data We Collect
We collect personal data only to the extent necessary for the purposes described in this policy. The categories of data we may process are:
Contact and enquiry data
When you submit an enquiry via our website contact form, we collect the following data you provide:
- First name and last name
- Business email address
- Service area of interest
- Message content
Technical and log data
Our web server may automatically record standard technical information when you visit our website, including:
- IP address (anonymised after 24 hours)
- Browser type and version
- Operating system
- Pages visited and time of visit
- Referring URL
This data is used exclusively for security monitoring and server administration purposes.
Client and contractual data
Where we enter into a service agreement with you or your organisation, we will process business contact details, correspondence, and data necessary for the performance of that contract. This is governed separately by the terms of our engagement and, where applicable, a Data Processing Agreement.
3. Purposes and Legal Basis
We process personal data on the following legal bases under GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Responding to website enquiries and pre-contractual communications | Art. 6(1)(b) — Steps prior to entering a contract |
| Performance of IT services under a client contract | Art. 6(1)(b) — Performance of a contract |
| Server security monitoring and fraud prevention | Art. 6(1)(f) — Legitimate interests |
| Compliance with legal obligations (e.g. tax, invoicing) | Art. 6(1)(c) — Legal obligation |
| Marketing communications (only where you have opted in) | Art. 6(1)(a) — Consent |
4. Retention Periods
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, subject to any statutory retention requirements:
- Website enquiry data: Deleted or anonymised within 12 months if no engagement results.
- Client and contractual records: Retained for 7 years from the end of the contract, in accordance with Dutch fiscal retention requirements (Belastingdienst).
- Server log data: Automatically purged after 30 days.
5. Third-Party Processors
We may share your data with third-party service providers acting as data processors on our behalf. All processors are bound by data processing agreements and may not use your data for their own purposes. Categories of processors we use include:
- Hosting and infrastructure: Our website and systems are hosted on servers within the European Economic Area (EEA).
- Email delivery: To respond to your enquiries, we use a business email platform subject to EU data protection standards.
- Accounting software: For invoicing and record-keeping obligations.
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
6. International Transfers
We process and store personal data within the EEA wherever possible. Where a processor or tool requires a transfer of data outside the EEA, we ensure that adequate safeguards are in place in accordance with GDPR Chapter V, such as the European Commission's Standard Contractual Clauses (SCCs) or an applicable adequacy decision.
7. Your Rights
Under the GDPR, you have the following rights with respect to your personal data:
- Right of access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You may ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17): You may request deletion of your data where there is no longer a legal basis for processing.
- Right to restriction (Art. 18): You may ask us to restrict processing in certain circumstances.
- Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interests at any time.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at info@brantcom.nl. We will respond within 30 days.
8. Complaints
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens (AP)
Hoge Nieuwstraat 8, 2514 EL Den Haag
www.autoriteitpersoonsgegevens.nl
9. Security
BrantCom B.V. implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. As a cyber security specialist, we apply security controls that meet or exceed industry standards including those relevant to ISO 27001 and NIS2.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The current version will always be available on this page with a revised "last updated" date. Material changes will be communicated directly to affected individuals where required by law.
11. Contact
For questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact:
BrantCom B.V.
Parnassusweg 819, 1082 LZ Amsterdam, The Netherlands
Email: info@brantcom.nl