IntraConnection Group B.V. ("IntraConnection Group", "we", "us", "our")
Last updated: 26 September 2025; Version: 1.0

1. Controller & Contact Details

Controller: IntraConnection Group B.V.
Registered address: Rhemenshuizenstraat 3, 8043 TV Zwolle, The Netherlands
Privacy contact / DPO contact: [email protected]

2. Scope of this Policy

This Policy applies to our website (the "Website") and to our newsletter and waiting-list sign-ups available on the Website. It addresses processing of personal data of individuals in the European Union (EU) and the United Kingdom (UK). This is a combined policy covering GDPR and (where relevant) UK GDPR requirements.

 

3. Categories of Personal Data We Process

We collect and process the following categories of personal data when you interact with the Website:

• Newsletter sign-up: name, email address, country.
• Waiting-list sign-up (mobile app): name, email address.
• Contact forms / enquiries: name, email address, and the content of your message.
• Website logs and telemetry (standard): IP address, date/time, URLs visited, referrer, user agent, device/OS/browser information; basic error/event logs.
• Email interaction data (standard): whether you open our emails and click links (open/click tracking).
• Cookies and similar technologies: strictly necessary cookies; non-essential cookies (analytics and marketing) only with your consent (see Section 8).
• Special categories of data: We do not intentionally collect special categories of personal data.
• Children's data: The Website and our services are not intended for children (see Section 13).
  
  

4. Sources of Personal Data

• Directly from you: when you submit forms (newsletter, waiting list, contact).
• Automatically: via your browser/device as you access the Website (see Section 8 on cookies and similar technologies).
  
  

5. Purposes and Legal Bases

We process personal data for the purposes and on the legal bases set out below:

Send newsletters and updates you requested
Data: Name, email, country; email interaction data
Legal basis: Consent (Art. 6(1)(a) GDPR / UK GDPR)

Manage and administer the waiting list for the mobile app (e.g., confirm receipt, provide status updates, send invitation when applicable)
Data: Name, email
Legal basis: Consent (Art. 6(1)(a))

Respond to contact/enquiry submissions
Data: Name, email, message content
Legal basis: Legitimate interests (Art. 6(1)(f)): efficiently handling inbound enquiries about our services

Operate and secure the Website (e.g., server logs, error logs, fraud/abuse prevention)
Data: IP address, user agent, event/error logs
Legal basis: Legitimate interests (Art. 6(1)(f)): ensuring the security and integrity of the Website

Understand audience and improve the Website (non-essential analytics, if enabled)
Data: Cookie IDs, usage metrics
Legal basis: Consent (Art. 6(1)(a))

Legitimate interest assessment (LIA): We rely on narrowly tailored interests such as (i) operating, securing, and debugging the Website, and (ii) responding to inbound requests. We consider the nature of data (primarily technical identifiers), implement proportionate safeguards, and provide an easy right to object (Section 11).

Marketing rules: For newsletters and other electronic direct marketing, we obtain explicit opt-in consent. You can withdraw consent at any time (Section 11).

6. No Contractual Necessity

We do not rely on contract as a legal basis for the Website activities described here.

7. Disclosures to Processors and Other Recipients

We use service providers acting as processors to help deliver the Website and communications. At the time of this Policy, we use EEA-based providers only and do not transfer personal data outside the EEA/UK.

Processor categories (examples; specific vendor names to be completed as applicable):

• Email service provider (ESP) for newsletter/waiting-list communications and consent records.
• Hosting / CDN for serving the Website and storing server logs.
• Analytics provider (if enabled) for aggregated site metrics.
• Error logging / observability (if enabled) for stability and debugging.

For each processor, we will have a written data processing agreement in place. We do not sell your personal data. There is no intra-group sharing. We do not provide third-party links requiring separate privacy warnings in this Policy.

8. Cookies & Similar Technologies

We use cookies and similar technologies on the Website.

Categories:

• Strictly necessary (functional, security; do not require consent).
• Analytics (to understand use and improve the Website; consent-based, disabled by default).
• Marketing (e.g., to measure campaign performance; consent-based, disabled by default).

Before consent: No non-essential (analytics/marketing) cookies are set until you provide consent via our banner or settings.

Granular choices & withdrawal: You can accept or refuse by category and may withdraw or change your choices at any time by re-opening the banner/settings link available in the Website footer.

Durations & providers:

• First-party strictly necessary cookies: session or up to 12 months.
• Analytics/Marketing (if enabled): set by us or our providers; typical lifetimes range from session to 24 months. Specific names, providers, and lifetimes will be shown in the cookie settings interface and updated as needed.

Email tracking: Our ESP may use privacy-safe tracking to register opens/clicks to maintain list health and measure interest, based on your consent to receive marketing.

Google Analytics (GA4), if enabled: Configured with IP-anonymization; data retention window typically 14 months; no signals/ads features unless you expressly consent to marketing cookies.

We do not operate a third-party CMP at this time; cookie choices are provided via our own banner/settings.

9. International Data Transfers

We do not transfer personal data outside the EEA/UK. If this changes, we will implement an appropriate transfer mechanism (e.g., EU SCCs and UK Addendum) and update this Policy.

10. Data Retention

We retain personal data only for as long as necessary for the purposes set out below, after which data are deleted or irreversibly anonymized. Suppression lists are maintained as required to respect withdrawals.

Newsletter contacts
Until you withdraw consent, then moved to a suppression list to prevent re-contact; suppression records retained for 24 months (or longer if legally required)

Waiting-list data
Until an invitation decision has been sent and for 24 months thereafter (administrative record-keeping), or earlier upon withdrawal of consent

Contact-form enquiries
24 months after last correspondence, unless legal holds apply

Analytics data (if enabled)
GA4 default 14 months (or shorter, if configured)

Server and security logs
90 days (security/debugging), unless a longer period is required for investigating incidents

11. Your Rights

Subject to conditions and exemptions under GDPR/UK GDPR, you have the right to:

• Access your personal data;
• Rectify inaccurate or incomplete data;
• Erase your data ("right to be forgotten");
• Restrict processing;
• Data portability (for data you provided to us on the basis of consent);
• Object to processing based on legitimate interests; and
• Withdraw consent at any time (without affecting lawfulness of processing before withdrawal).

How to exercise your rights: Email [email protected]. We may request reasonable information to verify your identity and your request. We respond within one month of receipt; we may extend by up to two additional months for complex or numerous requests (we will notify you if we need more time). You also have the right to lodge a complaint with a supervisory authority (see Section 12).

Marketing opt-out: Every marketing email includes an unsubscribe link. You may also contact us at the above address.

12. Supervisory Authority

Our lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Website: https://autoriteitpersoonsgegevens.nl
Telephone (NL): +31 (0)70 888 85 00
Postal address: Postbus 93374, 2509 AJ DEN HAAG, The Netherlands

13. Children's Privacy

The Website and our services are not intended for children. We do not knowingly collect personal data from:

• Children under 16 in the Netherlands/EU Member States applying 16 as the consent age; and
• Children under 13 in the UK.

If you believe a child has provided us personal data, please contact [email protected] and we will take appropriate steps to delete such data.

14. Data Security

We implement appropriate technical and organizational measures proportionate to risks, and we assess vendors accordingly.

15. Data Sharing Outside the Above

We may disclose personal data if required to comply with applicable law or lawful requests (e.g., from regulators or courts), to establish or exercise legal claims, or to defend legal rights.

16. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top indicates the effective date of the current version. If we make material changes, we will take appropriate steps to inform you (for example, by a notice on the Website). Please review this Policy periodically.

17. How to Contact Us

Questions or requests about this Policy or your personal data may be sent to:

Email: [email protected]

Postal: IntraConnection Group B.V., Rhemenshuizenstraat 3, 8043 TV Zwolle, The Netherlands