Privacy Policy
Last updated: January 1, 2025 — GDPR Compliant
Contents
Effective Date: January 1, 2025 · Last Reviewed: January 1, 2025
⚖️ GDPR Notice: CP Digitals is based in the Netherlands and fully complies with the General Data Protection Regulation (EU) 2016/679. This policy explains how we collect, use, and protect your personal data.
1. Who We Are
CP Digitals is a full-service digital agency providing web design, web development, e-commerce, mobile app, branding, SEO, and custom software services.
Data Controller:
CP Digitals
Ekselerbrink 46, 7812VM Emmen, Netherlands
Email: hello@cpdigitals.eu
Phone: +31 (0)00 000 0000
2. Data We Collect
2.1 Information You Provide
- Contact forms: name, email address, phone number, project description
- Account registration: name, email, password (hashed)
- Shop purchases: billing name, address, email, payment details (processed by Stripe — we do not store card data)
- Communications: emails, chat messages, and support requests you send us
2.2 Information Collected Automatically
- IP address and approximate location
- Browser type, device type, and operating system
- Pages visited, time on site, and referral source (via Google Analytics)
- Cookies and similar tracking technologies
3. How We Use Your Data
We use your personal data for the following purposes:
- To respond to enquiries and provide the services you request
- To process and fulfil orders placed in our shop
- To manage your account on our platform
- To send project updates, invoices, and service communications
- To improve our website, services, and user experience
- To comply with legal obligations under EU and Dutch law
- To send marketing communications (only with your explicit consent)
4. Legal Basis for Processing (GDPR Art. 6)
We process your personal data under the following legal bases:
- Contract (Art. 6.1.b): Processing necessary to deliver services or process orders
- Legitimate Interests (Art. 6.1.f): Improving our services, preventing fraud, and securing our systems
- Consent (Art. 6.1.a): Marketing emails and non-essential cookies — you may withdraw consent at any time
- Legal Obligation (Art. 6.1.c): Compliance with tax, accounting, and legal requirements
5. Data Sharing & Third Parties
We do not sell your personal data. We may share data with trusted third-party service providers solely to operate our business:
- Stripe — Payment processing (PCI DSS compliant)
- Google Analytics — Website analytics (anonymized IP)
- WooCommerce / WordPress — E-commerce and CMS platform
- Hosting provider — Secure server infrastructure in the EU
- Email providers — Transactional and communication emails
All third-party processors are bound by data processing agreements (DPAs) in accordance with GDPR Article 28.
6. Cookies
Our website uses the following categories of cookies:
- Strictly Necessary: Session cookies required for website functionality (no consent needed)
- Analytics: Google Analytics cookies to understand traffic patterns (consent required)
- Functional: Remember your preferences and settings (consent required)
- Marketing: Retargeting and advertising cookies (consent required)
You can manage your cookie preferences via our cookie banner or your browser settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
7. Data Retention
- Contact enquiries: 2 years from last contact
- Customer & order data: 7 years (Dutch tax law requirement)
- Account data: Duration of account + 1 year after deletion request
- Analytics data: 14 months (Google Analytics default)
- Marketing consent records: Until consent is withdrawn + 1 year
8. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights regarding your personal data:
- Right of Access (Art. 15): Request a copy of your personal data
- Right to Rectification (Art. 16): Correct inaccurate or incomplete data
- Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
- Right to Restriction (Art. 18): Restrict how we process your data
- Right to Portability (Art. 20): Receive your data in a machine-readable format
- Right to Object (Art. 21): Object to processing based on legitimate interests or for marketing
- Right to withdraw consent: At any time, without affecting prior processing
To exercise any right, contact us at hello@cpdigitals.eu. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens (AP) at autoriteitpersoonsgegevens.nl.
9. Security
We implement appropriate technical and organisational measures to protect your data, including:
- SSL/TLS encryption for all data in transit
- Encrypted storage of sensitive data
- Access controls and role-based permissions
- Regular security audits and vulnerability assessments
- Staff training on data protection
In the event of a data breach affecting your rights, we will notify you and the Autoriteit Persoonsgegevens within 72 hours as required by GDPR Article 33.
10. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., to Google servers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by prominently posting a notice on our website. The "Last Updated" date at the top of this page will always reflect the most recent revision.
13. Contact Us
For any privacy-related questions, requests, or concerns, please contact us:
CP Digitals — Data Controller
Ekselerbrink 46, 7812VM Emmen, Netherlands
📧 hello@cpdigitals.eu
We aim to respond to all privacy requests within 30 days.
