Privacy statement
This privacy statement explains how we handle your personal data, the purposes for which we process it, your rights under the General Data Protection Regulation (GDPR), and how we safeguard your information.
Our information
Researchable B.V.
Zernikelaan 14
9747 AA Groningen
Phone number: +31 (0)6 40 77 54 83
Chamber of Commerce number: 75313685
Website: www.researchable.nl
Email address: compliance@researchable.nl
Personal data
Personal data refers to information about an individual that directly or indirectly identifies them. Examples include your name, contact information, or bank account details.
Processing personal data
By processing personal data we mean the collection, recording, organizing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by forwarding, dissemination or otherwise making available, combining, blocking, erasure or destruction of your personal data.
Legal Basis and Purposes of Processing
We process personal data for the following purposes, under the associated legal bases:
- Performance of a Contract: Managing accounts, processing orders, and delivering products or services. Contacting you regarding agreements or quotes.
- Consent: Sending newsletters or promotional materials (only if you have opted in). Collecting visual material (if separately agreed upon).
- Legitimate Interests: Improving services and customer experiences. Investigating complaints and preventing fraud.
- Legal Obligations: Complying with tax or employment laws.
More general, we process your personal data for the following purposes: for general or targeted offers, for the ordering process, for your account on our website, so that we can contact you, so that we can deliver our products or services, so that we can inform you of changes to our services or products, to draw up quotations and agreements, to post reviews and to send newsletters if you gave permission. We only process personal data that are necessary for these purposes.
We also process your personal information to fulfill legal obligations, improve our services, investigate complaints, and prevent fraud. We never sell your personal information to third parties. To take care of your personal data, we conclude a processing agreement with companies if those companies process your data in our assignment.
Personal data that we process
- For Employees and Interns: Address, age, bank account number, birthplace, civil service number (BSN), date of birth, email address, education, financial data, first and last name, function, gender, visual material, phone number.
- For Website Visitors: Statistical information collected via Google Analytics and Hotjar, configured to anonymize IP addresses and exclude personal data.
- For Individuals Filling Out Our Contact Form: Company name, email address, first and last name, phone number, and IP address.
- For Clients, Leads, and Collaborators: Address (company/private), date of birth (for birthday cards), bank account number, email address, phone number, financial data, first and last name, function, gender, and visual material (if agreed upon).
You also have rights
Wish to know which personal data we processed? Send an email to the email address mentioned in this document with a request for access to your data. You will receive a response to the request within four weeks.
You also have various rights. Are your personal data incorrect, incomplete, irrelevant for the purposes for which they are processed or otherwise in breach of the General Data Protection Regulation (GDPR) or other legislation? Then you have the right to the correction of your personal data. Correction means correction, addition, deletion, withdrawal of consent, or blocking of your personal data.
You also have the right to object to the processing of your personal data, the right to have less data processed, the right to withdraw permission you have given and the right to data portability. Send your request to the email address mentioned before. You will receive a response to the request within four weeks.
We would also like to point out the possibility of submitting a complaint to the Dutch Data Protection Authority.
Safety
Personal data are personal and should remain personal. We find it just as important as you that your personal data do not go public or are processed unlawfully. We therefore apply all possible technical and organizational measures to safely handle your personal data. To secure your personal data we use a secure internet connection, backups, limited access to personal data, promoting security awareness, passwords for electronic systems, and security systems such as a virus scanner and firewall.
Storage personal data
We do not store your personal data longer than is strictly necessary for carrying out the purposes. If there are legal requirements applicable to the storage, the personal data are no longer stored than required by law.
HR and Financial data
For HR data and financial information, we store data for at least 7 years.
CRM Data and email
We retain contact and lead information in our CRM system and email platform for historical and administrative purposes. The information in the CRM system is periodically reviewed to ensure accuracy and relevance. When a lead becomes inactive or no longer relevant (i.e., when someone is not a viable lead or active collaborator), it is marked as "inactive" rather than being deleted, allowing us to maintain a complete historical record while minimizing unnecessary data processing.
HR and Financial data
Data from visitors to our website is collected on external services according to their privacy statements:
Data from visitors that fill out the contact form on the website is processed using Netlify functions, after which it’s sent to the right people in slack. The information is removed from slack whenever the details are added to the CRM system or the visitor has been contacted by us.
Cookies
We also use cookies. For more information about our cookies, please check the cookie statement.
Third-Party Processors
We work with third-party processors (e.g., Google Analytics, Hotjar) under GDPR-compliant agreements. Where data is transferred outside the EU/EEA, safeguards such as Standard Contractual Clauses or adequacy decisions are in place.
Data Breach Notification
In the event of a data breach, affected individuals will be informed as required by GDPR.