Privacy Policy

Data Controller

openlines B.V. is the data controller responsible for your personal data. We are a company registered in the Netherlands under registration number 69041895, with our registered office at Parkweg 8, 1096 LM Amsterdam, North Holland, Netherlands.

Data Collection

The data we collect includes personal information that you voluntarily provide to us and information that is automatically collected when you visit our website. We collect this information to provide and improve our e-commerce platform services, respond to your inquiries, and comply with legal obligations.

Specifically, the data we collect includes:

• Contact Information: Name, email address, phone number, company name, and postal address
• Communication Data: Messages, inquiries, and correspondence you send to us
• Technical Data: IP address, browser type, device information, and website usage data
• Cookies and Tracking Data: Information collected through cookies and similar technologies
• Service Data: Information related to the services you request or receive from us

How We Use Your Information

We explain how we use your information in this section to ensure transparency about our data processing activities. The use of your data is always based on a lawful basis under GDPR, including legitimate interests, contract performance, or consent where required.

We use your personal information for the following purposes:

• To provide and deliver our e-commerce platform services and solutions
• To respond to your inquiries, requests, and provide customer support
• To communicate with you about our services, updates, and relevant information
• To improve our website, services, and user experience
• To comply with legal obligations and protect our legitimate business interests
• To prevent fraud, ensure security, and protect the rights of openlines and our clients
• To analyse website usage and performance for optimization purposes

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal bases:

• Legitimate Interests: To operate our business, improve our services, and communicate with potential clients
• Contract Performance: To fulfil our contractual obligations when providing services to you
• Consent: Where you have given specific consent for certain processing activities
• Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our business
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In connection with a merger, acquisition, or sale of business assets
• Consent: With your explicit consent for specific purposes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The retention period depends on the type of data and the purpose for processing:

• Contact Inquiries: 3 years from last contact
• Client Data: Duration of service relationship plus 7 years for legal compliance
• Website Analytics: 26 months (Google Analytics default)
• Marketing Communications: Until consent is withdrawn or 3 years of inactivity

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request access to your personal data and information about how it's processed
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of processing under certain conditions
• Right to Data Portability: Receive your personal data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions by the European Commission or standard contractual clauses.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us using the following contact information:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).