1. Data controller
Handaxavvm, registered at Zuidas Avenue 65, 1082 MD Amsterdam, Netherlands, acts as the controller for personal data collected through this website and associated communications.
2. Categories of personal data
We process identification data (name, organisation), contact data (email address, phone number when provided), and contextual information contained in messages. Technical data such as IP address and browser metadata may be processed for security and analytics.
3. Legal bases for processing
Processing relies on consent (newsletter enrolment, contact form submissions), legitimate interest (site analytics, security monitoring), and contractual necessity (replying to enquiries and maintaining correspondences).
4. Data sources
Data is obtained directly from users who submit forms or correspond with Handaxavvm. Supplementary contextual data may originate from public registers when essential to verify organisational affiliations.
5. Purposes of processing
Personal data enables us to respond to enquiries, distribute requested updates, maintain subscription lists, enhance site usability, and safeguard services against misuse.
6. Analytics and cookies
We use privacy-aware analytics tools focusing on aggregated patterns. Cookies are described in detail within the Cookie Policy, including purposes, durations, and opt-out options.
7. Data retention
Correspondence records are retained for up to three years after the final interaction unless legal requirements mandate longer retention. Analytics logs are kept for 14 months and then deleted or anonymised.
8. Data sharing
Handaxavvm does not sell personal data. Limited sharing occurs with service providers offering secure hosting, email delivery, and analytics tooling. These partners operate under data processing agreements aligning with EU standards.
9. International transfers
Where service providers operate outside the European Economic Area, transfers rely on adequacy decisions or Standard Contractual Clauses to ensure equivalent protection.
10. Security measures
We employ encryption, access controls, and audit trails to protect data. Internal policies govern who can access personal data and under which circumstances.
11. Individual rights
Individuals may request access, rectification, deletion, restriction, or portability of their data. Requests should be directed to [email protected]. We respond within one month.
12. Withdrawal of consent
When processing relies on consent, individuals can withdraw it at any time by contacting us. Withdrawal does not affect processing performed before the withdrawal.
13. Complaints
Individuals may lodge complaints with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if they believe their rights have been infringed.
14. Policy updates
We review this policy annually or when significant changes occur. Updates are posted on this page with a new effective date.