This Privacy Policy explains how Dutch Renovation Company collects, uses, stores, and protects personal data in the course of its business activities. It applies to website visitors, prospective clients, existing clients, business contacts, and others whose personal data may be processed in connection with renovation services, project guidance, inspections, permit support, and related communications. The purpose of this page is to provide clear and transparent information about how personal data is handled, on what legal grounds it may be processed, and what rights individuals have under applicable privacy legislation, including the General Data Protection Regulation.
1.1 Dutch Renovation Company, hereinafter referred to as DRC, respects the privacy of all website visitors, clients, prospective clients, business contacts, and other individuals whose personal data may be processed in the course of its business activities.
1.2 This Privacy Policy explains how DRC collects, uses, stores, protects, and shares personal data.
1.3 DRC aims to process personal data in a lawful, fair, and transparent manner, in line with applicable privacy and data protection legislation, including the General Data Protection Regulation (GDPR). The GDPR applies broadly to personal data processing, regardless of the technology used, and requires organisations to identify an appropriate legal basis for processing.
1.4 By using the website, contacting DRC, requesting information, or engaging DRC’s services, individuals acknowledge that their personal data may be processed in accordance with this Privacy Policy.
2.1 DRC is the data controller for the personal data it collects and processes for its own business purposes.
2.2 A data controller determines the purposes and means of the processing of personal data. Where external parties process data on behalf of DRC, those parties may act as processors and must be subject to appropriate contractual arrangements where required.
2.3 Contact details of DRC should be listed on the website’s contact page or in the legal footer, including at minimum the relevant company contact email address and any other available business contact details.
3.1 This Privacy Policy applies to all personal data processed by DRC in connection with:
3.1.1 website visits
3.1.2 contact requests
3.1.3 quotation requests
3.1.4 service inquiries
3.1.5 client communication
3.1.6 renovation projects
3.1.7 inspections and surveys
3.1.8 project management and advisory services
3.1.9 permit support and related coordination
3.1.10 expat renovation support
3.1.11 technical guidance for property purchase
3.1.12 fire and emergency prevention guidance
3.1.13 supplier or partner communication
3.1.14 newsletter or marketing communication, where applicable
3.1.15 legal, contractual, and administrative obligations
4.1 DRC may collect and process the following categories of personal data, depending on the nature of the contact or assignment:
4.1.1 name and surname
4.1.2 company name
4.1.3 billing details
4.1.4 property address
4.1.5 postal address
4.1.6 email address
4.1.7 telephone number
4.1.8 project-related preferences and requirements
4.1.9 correspondence content
4.1.10 quotation and agreement details
4.1.11 payment and invoicing information
4.1.12 identification of the type of property involved
4.1.13 technical or planning documents supplied by the client
4.1.14 inspection notes and project records
4.1.15 website usage data, IP address, browser information, and device-related information
4.1.16 any other personal data voluntarily provided by the individual
4.2 DRC does not intend to collect more personal data than is reasonably necessary for the relevant purpose.
4.3 Individuals are requested not to submit unnecessary sensitive personal data to DRC unless clearly required and specifically requested for a lawful and legitimate purpose.
5.1 Personal data may be collected directly from the individual when:
5.1.1 a contact form is completed
5.1.2 an email is sent
5.1.3 a telephone call is made
5.1.4 a consultation is requested
5.1.5 a quotation is requested
5.1.6 an assignment is accepted
5.1.7 project documents are shared
5.1.8 a property is inspected
5.1.9 invoices are issued or payments are processed
5.2 Personal data may also be obtained indirectly, for example through:
5.2.1 estate agents or advisors involved in a transaction
5.2.2 contractors, consultants, or specialists involved in a project
5.2.3 public registers or public authority information where relevant to a project
5.2.4 website analytics and technical website logs
5.2.5 third-party software systems used for communication, planning, invoicing, or customer relationship management
5.3 Where personal data is not collected directly from the individual, DRC will process such data only where there is an appropriate legal basis to do so. The GDPR requires transparency around the purposes of processing, categories of data, recipients where relevant, and the rights of the individual.
6.1 DRC may process personal data for the following purposes:
6.1.1 responding to inquiries
6.1.2 preparing quotations and service proposals
6.1.3 entering into and performing agreements
6.1.4 planning, coordinating, and delivering renovation-related services
6.1.5 carrying out technical inspections, surveys, and project guidance
6.1.6 communicating with clients, suppliers, contractors, consultants, and authorities
6.1.7 supporting permit and application processes
6.1.8 providing expat-specific communication and project support
6.1.9 issuing invoices and administering payments
6.1.10 maintaining internal records and project files
6.1.11 improving service quality and website performance
6.1.12 complying with legal and administrative obligations
6.1.13 protecting DRC’s legal position and handling disputes or claims
6.1.14 sending service-related updates or relevant business communication
6.1.15 marketing communications, where permitted or consented to
7.1 DRC only processes personal data where a lawful basis exists.
7.2 Depending on the situation, DRC may rely on one or more of the following legal bases:
7.2.1 performance of a contract, where processing is necessary to prepare for or carry out a service agreement
7.2.2 legal obligation, where processing is necessary to comply with applicable legal or administrative duties
7.2.3 legitimate interests, where processing is reasonably necessary for business operations, communication, website security, service improvement, or protection of legal interests, provided such interests are not overridden by the individual’s rights
7.2.4 consent, where required or appropriate, for example in relation to certain marketing communications, certain cookies, or the publication of personal data online
7.3 Under the GDPR, each processing activity must have a valid legal basis, and the chosen basis may affect which rights apply in a particular case.
8.1 DRC does not generally seek to process special categories of personal data.
8.2 Individuals should avoid sending sensitive information such as health data, religious beliefs, political opinions, biometric data, or other protected categories unless strictly necessary and explicitly requested for a legitimate and lawful purpose.
8.3 If such data is provided unexpectedly or without need, DRC may delete it or restrict its use unless there is a lawful reason to retain it.
9.1 DRC may share personal data with third parties where necessary for the purposes set out in this Privacy Policy.
9.2 Such third parties may include:
9.2.1 contractors and subcontractors
9.2.2 architects, engineers, inspectors, and specialist consultants
9.2.3 permit advisors and local authorities
9.2.4 IT service providers and cloud hosting providers
9.2.5 website, email, and communication providers
9.2.6 accounting, invoicing, and payment service providers
9.2.7 legal and professional advisors
9.2.8 insurance providers
9.2.9 other service providers reasonably involved in delivering the agreed services
9.3 Where a third party processes personal data on behalf of DRC, that party may act as a processor and should be bound by appropriate obligations regarding confidentiality, security, and lawful processing. The GDPR requires controllers to choose suitable processors and regulate that relationship contractually.
9.4 DRC does not sell personal data to advertisers or unrelated third parties.
10.1 DRC may use service providers or systems that process or store data in countries outside the European Economic Area.
10.2 Where personal data is transferred internationally, DRC aims to ensure that appropriate safeguards are in place, as required by applicable law.
10.3 Such safeguards may include contractual protections, adequacy decisions, or other lawful transfer mechanisms where relevant.
10.4 Because DRC may work with international clients and projects across Europe, limited cross-border communication or project administration may occur where necessary for service delivery.
11.1 DRC will not retain personal data for longer than necessary for the purposes for which it was collected, unless a longer retention period is required or justified by law, taxation, accounting rules, contractual obligations, dispute management, or legitimate business needs.
11.2 Retention periods may vary depending on the type of data and the context in which it was collected.
11.3 In general, DRC may retain:
11.3.1 contact inquiries for a reasonable follow-up period
11.3.2 quotation and project records for administrative and legal purposes
11.3.3 invoices and financial records for the legally required retention period
11.3.4 project files for as long as reasonably necessary in view of service history, liability considerations, and future reference.
11.3.5 marketing preferences until consent is withdrawn or the data is no longer relevant.
12.1 DRC takes appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
12.2 Such measures may include restricted access, password protection, secure devices, controlled software environments, encrypted communications where appropriate, and careful management of project documentation.
12.3 The GDPR requires organisations to implement security measures appropriate to the risks involved in their processing activities.
12.4 Although DRC aims to protect personal data carefully, no system can be guaranteed to be completely secure.
13.1 When individuals visit the website, certain technical and usage data may be collected automatically.
13.2 This may include:
13.2.1 IP address
13.2.2 browser type
13.2.3 device information
13.2.4 operating system
13.2.5 pages viewed
13.2.6 referral source
13.2.7 visit date and time
13.2.8 general website interaction data
13.3 This information may be used for website security, troubleshooting, analytics, usability improvement, and performance monitoring.
13.4 Website content may contain links to external websites. DRC is not responsible for the privacy practices of third-party websites.
14.1 The website may use cookies or similar technologies to ensure functionality, analyse website performance, improve user experience, and support communication or marketing features where applicable.
14.2 Cookies may include:
14.2.1 necessary cookies
14.2.2 preference cookies
14.2.3 analytics cookies
14.2.4 marketing or tracking cookies, where used
14.3 Where consent is legally required for non-essential cookies or similar technologies, DRC should request such consent through an appropriate cookie banner or preference tool before placing them.
14.4 Individuals may also manage cookie preferences through browser settings or applicable website controls.
15.1 DRC may wish to present completed projects, portfolio references, testimonials, or project imagery on its website or in marketing materials.
15.2 Where such publication includes personal data, identifiable persons, or other information that reasonably relates to an individual, DRC will aim to ensure there is an appropriate lawful basis for such publication.
15.3 The Dutch data protection authority notes that in most cases, consent is required to publish personal data on the internet.
15.4 DRC may therefore request consent before publishing client names, testimonials linked to individuals, identifiable interior details tied to a person, or images that include recognisable persons.
15.5 DRC may use anonymised project descriptions, non-identifiable images, or general references where appropriate.
16.1 Under the GDPR, individuals may have a number of rights regarding their personal data, depending on the circumstances and legal basis used.
16.2 These rights may include the right to:
16.2.1 request access to personal data
16.2.2 request rectification of inaccurate data
16.2.3 request erasure of data
16.2.4 request restriction of processing
16.2.5 object to certain processing
16.2.6 request data portability in applicable cases
16.2.7 withdraw consent where processing is based on consent
16.2.8 lodge a complaint with a supervisory authority
16.3 The GDPR expressly provides for rights such as access, rectification, erasure, restriction, objection, portability where applicable, withdrawal of consent where consent is the basis, and the right to complain to a supervisory authority. Controllers must facilitate the exercise of these rights.
16.4 Not all rights apply in every situation, and DRC may need to assess requests in light of the legal basis, contractual necessity, legal obligations, and other relevant factors.
17.1 Individuals who wish to exercise one or more privacy rights may contact DRC using the contact details provided on the website.
17.2 To protect personal data, DRC may request reasonable proof of identity before responding to certain requests.
17.3 DRC will aim to respond within the applicable legal timeframe.
17.4 Where a request is manifestly unfounded, excessive, or conflicts with legal or contractual obligations, DRC may refuse or limit the request to the extent permitted by law.
18.1 Individuals who have concerns about the way DRC handles personal data are encouraged to contact DRC first so that the matter can be reviewed and, where possible, resolved.
18.2 Individuals also have the right to lodge a complaint with a competent supervisory authority.
18.3 In the Netherlands, the relevant supervisory authority is the Autoriteit Persoonsgegevens, which supervises compliance with the GDPR and related privacy legislation.
19.1 DRC’s website and services are not primarily directed at children.
19.2 DRC does not knowingly collect personal data from children without an appropriate lawful basis and, where required, valid parental or guardian involvement.
20.1 DRC reserves the right to amend this Privacy Policy at any time.
20.2 The most recent version published on the website shall apply unless mandatory law requires otherwise.
20.3 Individuals are encouraged to review this Privacy Policy periodically to stay informed about how personal data is handled.
21.1 Questions, requests, or concerns regarding this Privacy Policy or the handling of personal data may be directed to DRC through the contact details published on the website.
21.2 Where relevant, DRC may specify a dedicated privacy contact email address for data protection-related inquiries.
Dutch Renovation Company considers privacy and careful data handling an important part of a professional working relationship. This Privacy Policy is intended to give clients and website visitors a clear understanding of how personal data is processed, safeguarded, and respected throughout the company’s activities. Individuals who have questions about this policy, wish to exercise their privacy rights, or would like clarification about the processing of their personal data are encouraged to contact Dutch Renovation Company directly. For general inquiries or project-related communication, visitors can also use the contact page to get in touch with the company in a straightforward and practical way.
