Back to Home

Privacy Policy

Last updated: 9 March 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

99 Services

Amsterdam, Netherlands

KVK-nummer: 80222781

Email: hello@99.services

2. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

  • Contact form data: Name, company name, email address, phone number, and message content when you submit our contact form.
  • Email communications: Email address and correspondence content when you contact us via email.
  • Website usage data: IP address, browser type, device information, pages visited, and time spent on our website.
  • Cookies and tracking technologies: Information collected through cookies and similar technologies as described in our Cookie Policy.

3. Purposes of Data Processing

We process your personal data for the following purposes:

  • Responding to your inquiries and requests submitted through our contact form or email
  • Providing our business services and fulfilling contractual obligations
  • Improving our website and services through analytics
  • Ensuring the security and proper functioning of our website
  • Complying with legal obligations

4. Legal Bases for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

Consent (Art. 6(1)(a))

For processing activities where you have given explicit consent, such as receiving marketing communications or the use of non-essential cookies.

Contract Performance (Art. 6(1)(b))

When processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request.

Legal Obligation (Art. 6(1)(c))

When we need to process your data to comply with a legal obligation, such as tax or accounting requirements.

Legitimate Interest (Art. 6(1)(f))

For our legitimate business interests, such as improving our services, website security, and fraud prevention, provided these interests do not override your fundamental rights.

5. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: Up to 2 years after your last interaction with us, unless a business relationship is established.
  • Client data: For the duration of the business relationship plus 7 years for legal and accounting purposes.
  • Analytics data: Up to 26 months, in accordance with standard analytics retention policies.
  • Cookie consent records: Up to 12 months from the date consent was given.

6. Data Sharing with Third Parties

We may share your personal data with the following categories of third parties:

  • Hosting providers: Vercel Inc. for website hosting and infrastructure.
  • Form processing: Web3Forms for contact form submission handling.
  • Analytics providers: For website analytics and performance monitoring (only with your consent).
  • Professional advisors: Accountants, lawyers, and other professional advisors as necessary.

We ensure that all third parties are contractually bound to process your data securely and in accordance with applicable data protection laws.

7. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA), including in the United States. When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • EU-US Data Privacy Framework certification
  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (HTTPS/TLS), secure hosting infrastructure, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data under certain conditions.

Right to Restriction

Request limitation of processing of your personal data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

10. How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: hello@99.services

Please include "Privacy Request" in the subject line and provide sufficient information to verify your identity. We will respond to your request within one month as required by GDPR.

11. Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens

Bezuidenhoutseweg 30

2594 AV Den Haag

Website: autoriteitpersoonsgegevens.nl

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this page periodically.

Questions?

If you have any questions about this Privacy Policy or our data practices, please contact us at hello@99.services.