Privacy Policy

Last updated: 2025-02-01

1. Introduction

Serious Rooster Consultancy B.V. (“we”, “us”, or “our”) is committed to protecting the privacy of individuals who visit our website and interact with our services. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Dutch data protection legislation.

This policy applies to all personal data we process through our website at seriousrooster.com and in the course of our business activities.

2. Data Controller

The data controller responsible for your personal data is:

Serious Rooster Consultancy B.V. Kerkewijk 95, 3901 EC Veenendaal, The Netherlands KvK (Chamber of Commerce): 95350225 BTW-ID: NL866780708B01 Email: info@seriousrooster.com

3. What Personal Data We Collect

We collect and process personal data only when there is a clear purpose and legal basis for doing so. The categories of personal data we may collect include:

3.1 Contact Form Submissions

When you submit our contact form, we collect:

Your name
Your email address
Your company name
The content of your message

3.2 Website Analytics

We may use privacy-friendly analytics to understand how visitors use our website. This may include:

Pages visited and navigation paths
Approximate geographic region (country level)
Device type and browser information
Referring website

We do not use analytics to identify individual visitors or build personal profiles.

3.3 Technical Data

When you visit our website, our hosting provider may automatically collect limited technical data such as your IP address, browser type, and access timestamps. This data is processed for security and operational purposes.

4. Legal Basis for Processing

We process personal data on the following legal grounds under Article 6(1) of the GDPR:

Consent (Art. 6(1)(a)): When you voluntarily submit our contact form, you consent to us processing the data you provide in order to respond to your inquiry.
Legitimate interest (Art. 6(1)(f)): We have a legitimate interest in operating and improving our website, analysing website usage through privacy-friendly analytics, and managing our business-to-business relationships. We ensure our legitimate interests do not override your fundamental rights and freedoms.
Legal obligation (Art. 6(1)(c)): We may process certain data to comply with legal obligations, such as tax and accounting requirements.

5. How We Use Your Data

We use your personal data for the following purposes:

Responding to inquiries: To reply to questions or requests submitted through our contact form.
Business communication: To discuss potential or ongoing projects and engagements.
Website operation: To ensure the security, performance, and availability of our website.
Analytics: To understand website usage patterns and improve our online presence.
Legal compliance: To meet our obligations under applicable laws and regulations.

We do not use your data for automated decision-making or profiling.

We do not sell your personal data to third parties. We may share your data with the following categories of service providers, who process data on our behalf and under our instructions:

Hosting provider: Our website is hosted by a third-party provider that may process technical data (such as IP addresses) as part of delivering the website.
Email service provider: Contact form submissions may be routed through a third-party email service to ensure reliable delivery.

All third-party processors are contractually bound to process your data only in accordance with our instructions and in compliance with the GDPR.

7. International Data Transfers

Serious Rooster Consultancy B.V. operates with team members in both the Netherlands and India. In the course of responding to your inquiries or delivering our services, your personal data may be accessed by team members located in India.

When personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR. These safeguards may include:

Standard Contractual Clauses (SCCs) as adopted by the European Commission
Internal data handling policies and security measures
Data minimisation, ensuring only the data necessary for the specific task is accessible

We regularly review these safeguards to ensure they provide an adequate level of protection for your data.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Contact form submissions: Retained for up to 12 months after our last communication, unless a business relationship is established, in which case data is retained for the duration of that relationship plus any legally required retention period.
Business relationship data: Retained for the duration of the relationship and for up to 7 years thereafter, in accordance with Dutch fiscal record-keeping obligations.
Website analytics data: Aggregated and anonymised data may be retained indefinitely. Any personal data associated with analytics is retained for no longer than 26 months.
Technical logs: Retained for up to 90 days for security and operational purposes.

After the applicable retention period, personal data is securely deleted or anonymised.

Under the GDPR, you have the following rights with respect to your personal data:

Right of access (Art. 15): You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You may request that we correct inaccurate or incomplete personal data.
Right to erasure (Art. 17): You may request that we delete your personal data, subject to legal retention obligations.
Right to restriction of processing (Art. 18): You may request that we restrict the processing of your personal data in certain circumstances.
Right to data portability (Art. 20): You may request to receive your personal data in a structured, commonly used, and machine-readable format.
Right to object (Art. 21): You may object to the processing of your personal data where we rely on legitimate interest as the legal basis.
Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at info@seriousrooster.com. We will respond to your request within one month of receipt, as required by the GDPR. In certain circumstances, this period may be extended by two further months, in which case we will inform you accordingly.

10. Cookies

Our website may use cookies and similar technologies to ensure proper functionality and to improve your experience. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Serious Rooster Consultancy B.V. Kerkewijk 95, 3901 EC Veenendaal, The Netherlands Email: info@seriousrooster.com

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this policy. We encourage you to review this policy periodically.

13. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. In the Netherlands, the relevant authority is:

Autoriteit Persoonsgegevens Bezuidenhoutseweg 30, 2594 AV Den Haag Postbus 93374, 2509 AJ Den Haag Website: autoriteitpersoonsgegevens.nl Telephone: +31 (0)70 888 85 00

You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.