Privacy policy
Last updated: 06-11-2025
Introduction
We value your privacy and want to inform you how we collect, use, and protect personal data. This privacy policy explains what personal data we process, why, and how you can exercise your rights. The latest version is always available at https://elnino.tech/privacy-policy
Who manages your data
El Niño B.V. is the controller responsible for processing your personal data.
Registered offices:
- Kuipersdijk 6C, 7521 CH Enschede, The Netherlands
- Waldorpstraat 17Q, 2521 CA The Hague, The Netherlands
Phone: (053) 820 02 85 | (070) 820 98 28
Chamber of Commerce (KvK): 08140115
Email (privacy inquiries): [email protected]
What personal data we collect
We collect the following categories of data:
- Identity & contact details (name, company, address, email, phone).
- Financial details (tax or payment information).
- Technical and website usage data (IP address, browser type, pages visited, cookies).
- Communication data (messages via contact forms or email).
We collect these data directly from you or automatically through cookies and analytics tools.
Purpose and Legal Basis for Processing
We process your data for these purposes and legal bases:
| Purpose | Example | Legal Basis |
|---|---|---|
| Customer administration & invoicing | Managing projects, billing | Performance of a contract |
| Responding to contact requests | Contact forms, inquiries | Legitimate interest |
| Improving website | Analytics, cookies | Consent (for non-essential cookies) |
| Legal obligations | Tax, accounting, compliance | Legal obligation |
Use of Cookies
We use cookies and similar technologies to ensure proper site function, analyze usage, and improve our services. We only use essential cookies, which are required for operation and cannot be disabled.
Sharing of Personal Data
We do not sell your data. We only share data with trusted parties when necessary:
- Service providers / sub-processors (hosting, analytics, accounting, CRM).
- Public authorities when required by law.
- International transfers: If data is transferred outside the EEA, we use EU Standard Contractual Clauses or rely on adequacy decisions to ensure appropriate safeguards.
A current list of processors is available upon request.
Retention periods
We keep personal data only as long as necessary for the purposes described above:
- Customer / administrative data: 7 years (Dutch tax law).
- Website analytics data: up to 26 months.
After retention expires, data are securely deleted or anonymized.
Your rights
You have the right to:
- Access your data and obtain a copy
- Rectify inaccurate data
- Erase data (“right to be forgotten”)
- Restrict or object to processing
- Withdraw consent at any time
- Data portability (receive your data in a structured format)
To exercise these rights, email [email protected]
We will respond within one month. You may also file a complaint with the Autoriteit Persoonsgegevens, the Dutch supervisory authority: www.autoriteitpersoonsgegevens.nl
Data security
We apply technical and organizational measures to protect personal data against unauthorized access, alteration, or loss, consistent with our ISO 27001-certified Information Security Management System (ISMS).
Measures include encryption, access controls, backups, and staff awareness training.
Data breaches
If a personal data breach occurs, we will:
- Notify the Dutch DPA within 72 hours (where legally required).
- Notify the data owner immediately.
- Inform affected individuals without undue delay when there is a high risk to their privacy.
- Take corrective and preventive actions to minimize future incidents.
Updates to this policy
We may update this privacy policy from time to time.
Changes will be published on our website with the “Last updated” date.
If changes significantly affect you, we will notify you by email or website notice.
Management Commitment (ISO 27001 Alignment)
This policy forms part of El Niño B.V.’s Information Security Management System (ISMS) and is approved by senior management.
All employees are required to comply with this policy and supporting privacy procedures.