1. Introduction

Regrain respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how We collect, use, disclose, and safeguard your information when you visit Our website or use Our services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Controller Information

Data Controller: Regrain Aquamarijn 5 5629 HC Eindhoven Email: Thijs@regrain.nl Phone: (+31) 6 136 796 64

3. What Information We Collect

3.1 Information You Provide Directly

Contact Forms and Inquiries:

• Name and surname

• Email address

• Phone number

• Company name and position

• Project details and requirements

• Any other information you choose to provide

Newsletter Subscriptions:

• Email address

• Name (optional)

• Communication preferences

Job Applications:

• Personal details (name, contact information)

• CV and portfolio materials

• Cover letters and motivation

• Professional experience and qualifications

3.2 Information We Collect Automatically

Website Usage Data:

• IP address

• Browser type and version

• Device information (type, operating system)

• Pages visited and time spent

• Referring website

• Date and time of visits

• Click patterns and navigation paths

Cookies and Tracking Technologies:

• Essential cookies for website functionality

• Analytics cookies for website performance

• Marketing cookies (with your consent)

• Preference cookies for user experience

3.3 Information from Third Parties

Social Media:

• Public profile information when you interact with Our social media

• Information shared when you use social media login features

Business Partners:

• Contact information from legitimate business referrals

• Information from industry events and networking

4. How We Use Your Information

4.1 Legal Basis for Processing

We process your personal data based on:

• Consent: When you explicitly agree (e.g., newsletter subscriptions, marketing)

• Contract: To fulfill Our services or respond to your inquiries

• Legitimate Interest: For business operations, security, and improvements

• Legal Obligation: To comply with applicable laws

4.2 Purposes of Processing

Service Delivery:

• Respond to your inquiries and requests

• Provide quotes and proposals

• Execute agreed projects and services

• Manage client relationships

• Process payments and invoicing

Communication:

• Send newsletters and updates (with consent)

• Provide customer support

• Send service-related notifications

• Share relevant industry insights

Website Improvement:

• Analyze website usage and performance

• Improve user experience and functionality

• Troubleshoot technical issues

• Develop new features and services

Business Operations:

• Maintain security and prevent fraud

• Comply with legal requirements

• Conduct internal research and analytics

• Manage job applications and recruitment

Marketing (with your consent):

• Send promotional materials about Our services

• Personalize marketing communications

• Measure marketing campaign effectiveness

5. How We Share Your Information

5.1 We May Share Information With:

Service Providers:

• Website hosting and maintenance providers

• Email marketing services

• Analytics and tracking services

• Payment processors

• Cloud storage providers

Business Partners:

• Freelancers and contractors working on your projects

• Equipment rental companies

• Location and venue providers

• Post-production partners

Legal Requirements:

• Law enforcement when legally required

• Government agencies as mandated by law

• Legal advisors and auditors

5.2 We Do Not:

• Sell your personal data to third parties

• Share data for third-party marketing without consent

• Transfer data outside the EU without adequate protections

6. International Data Transfers

6.1 Within the EU/EEA

We primarily process data within the European Union and European Economic Area.

6.2 Outside the EU/EEA

If We transfer data outside the EU/EEA, We ensure:

• Adequate protection through adequacy decisions

• Standard Contractual Clauses (SCCs)

• Other appropriate safeguards as required by GDPR

6.3 Third-Party Services

Some services We use may process data internationally:

• Google Analytics (with appropriate safeguards)

• Email marketing platforms

• Cloud storage services

7. Data Retention

7.1 Retention Periods

Client Data:

• Active projects: Duration of project + 7 years (legal requirement)

• Inactive inquiries: 2 years from last contact

• Contracts and invoices: 7 years (legal requirement)

Marketing Data:

• Newsletter subscribers: Until unsubscription + 1 month

• Marketing consent: Until withdrawn + proof of withdrawal

Website Data:

• Analytics data: 26 months (Google Analytics default)

• Cookie data: According to cookie settings

• Log files: 12 months for security purposes

Job Applications:

• Successful candidates: As per employment records

• Unsuccessful candidates: 4 weeks after recruitment process

7.2 Deletion Process

We automatically delete data after retention periods expire, unless legal obligations require longer retention.

8. Your Rights Under GDPR

8.1 You Have the Right To:

Access: Request a copy of your personal data We hold

Rectification: Correct inaccurate or incomplete information

Erasure: Request deletion of your data (subject to legal obligations)

Restrict Processing: Limit how We use your data in certain circumstances

Data Portability: Receive your data in a machine-readable format

Object: Opt out of processing based on legitimate interests or marketing

Withdraw Consent: Remove consent for processing (doesn't affect past processing)

Complain: File a complaint with supervisory authorities

8.2 How to Exercise Your Rights

Contact Us using the details in Section 12. We will:

• Respond within 30 days (extendable to 60 days for complex requests)

• Verify your identity before processing requests

• Provide information free of charge (except for excessive requests)

9. Cookies and Tracking

9.1 Types of Cookies We Use

Essential Cookies (Always Active):

• Website functionality and security

• Session management

• Load balancing

Analytics Cookies (With Consent):

• Google Analytics for website performance

• User behavior analysis

• Conversion tracking

Marketing Cookies (With Consent):

• Social media integration

• Advertising campaign tracking

• Personalized content delivery

9.2 Managing Cookies

• Use Our cookie banner to manage preferences

• Adjust browser settings to block cookies

• Visit Our Cookie Policy for detailed information

10. Data Security

10.1 Security Measures

Technical Safeguards:

• SSL encryption for data transmission

• Secure hosting environments

• Regular security updates and patches

• Access controls and authentication

Organizational Measures:

• Staff training on data protection

• Regular security assessments

• Data breach response procedures

• Privacy by design principles

10.2 Data Breach Response

In case of a data breach, We will:

• Assess and contain the breach within 72 hours

• Notify supervisory authorities if required

• Inform affected individuals when necessary

• Implement measures to prevent future breaches

11. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe We have collected such information, please contact Us immediately.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy to reflect:

• Changes in Our practices

• Legal or regulatory requirements

• New features or services

12.2 Notification

We will notify you of significant changes through:

• Website banner or notification

• Email notification (if We have your email)

• Updated "Last Modified" date

12.3 Continued Use

Continued use of Our services after changes constitutes acceptance of the updated policy.

13. Contact Information

13.1 Data Protection Inquiries

Email: Thijs@regrain.nl Phone: (+31) 6 136 796 64 Adress: Aquamarijn 5 5629 HC Eindhoven

13.2 Supervisory Authority

If you're not satisfied with Our response, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Website: autoriteitpersoonsgegevens.nl Phone: 0900-2001201 Mail: Autoriteit Persoonsgegevens Postbus 93374 2509 AJ Den Haag

14. Definitions

Personal Data: Any information relating to an identified or identifiable person.

Processing: Any operation performed on personal data, including collection, storage, use, and deletion.

Controller: The entity that determines the purposes and means of processing personal data.

Processor: The entity that processes personal data on behalf of the controller.