English
Nederlands English Deutsch Français
Legal

Privacy statement

This privacy statement explains which personal data Secrotec B.V. processes through this website and our services, for what purpose, on what legal basis, and the rights you have under the General Data Protection Regulation (GDPR).

1. Who are we?

Secrotec B.V. is the data controller for the processing of personal data described in this statement.

  • Secrotec B.V., Stationsplein 49, 1703 WD Heerhugowaard, the Netherlands
  • Email: [email protected] · Phone: +31 6 19529370

2. Which data do we process?

We only process data that you provide yourself or that is needed for the website to function:

  • Contact form: your name, email address, phone number (optional) and the content of your message.
  • Email and phone: the data you include when you contact us directly.
  • Website usage (analytics): only with your consent do we collect anonymised usage statistics (see our cookie policy).
  • Technical data: server log files (such as IP address and browser type) needed for the security and operation of the website.

3. Purposes and legal bases

  • Responding to your request or message — basis: performance of or steps prior to a contract, or our legitimate interest.
  • Delivering our services (audits, consultancy, web) — basis: performance of the contract.
  • Security and proper operation of the website — basis: legitimate interest.
  • Anonymised statistics — basis: your consent.

4. Cookies

By default this website places no analytics cookies. Only after your explicit consent do we measure site usage anonymously via Google Analytics 4 (Google Consent Mode v2). Read the details in our cookie policy.

5. Sharing with third parties (processors)

We do not sell your data. We do engage service providers that process data on our behalf, solely under a data processing agreement, including:

  • Google Ireland Ltd. — Google Analytics/Tag Manager (only after consent, anonymised).
  • Our hosting and email provider — for hosting the website and handling email.

Processing may take place outside the EEA, with appropriate safeguards in place (EU Standard Contractual Clauses / EU-US Data Privacy Framework).

6. Retention periods

We do not keep personal data longer than necessary. Messages and requests are kept as long as needed to handle them and thereafter in line with statutory retention obligations (for example the 7-year tax retention obligation). Anonymised analytics in Google Analytics 4 are kept for a maximum of 14 months by default.

7. How do we secure your data?

As an ISO 27001 Lead Auditor we take information security seriously. The website operates exclusively over an encrypted connection (HTTPS) and we apply appropriate technical and organisational measures to protect your data against loss or unlawful processing.

8. Your rights

Under the GDPR you have the right of access, rectification, erasure, restriction, objection and data portability. You may also withdraw consent at any time. Send your request to [email protected]; we will respond within the statutory period.

9. Filing a complaint

If you disagree with how we handle your data, you have the right to lodge a complaint with the Dutch supervisory authority, the Dutch Data Protection Authority.

10. Changes

We may update this privacy statement. The most current version is always available on this page.

Last updated: June 2026.

Trusted by organisations

Certe Groep Certe Assuradeuren Chatbot Soluck Wattse Nextech Muast