Prilk Consulting B.V. is fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch Implementation Act GDPR (Uitvoeringswet AVG - "UAVG").
As a Netherlands-based company serving clients across the European Union, we take data protection seriously. This page provides comprehensive information about how we ensure GDPR compliance and protect your rights as a data subject.
This page supplements our Privacy Policy with detailed information about our GDPR compliance measures and your rights.
The data controller for personal data processed through this website and our services is:
Prilk Consulting B.V.
| Registered Address: | Reykjavikstraat 1, 3543 KH Utrecht, Netherlands |
| KvK Number: | 82066477 |
| BTW Number: | NL862323459B01 |
| Data Protection Contact: | privacy@prilk.com |
| Phone: | +31 85 060 0702 |
We process personal data only when we have a valid legal basis under Article 6 of the GDPR:
Consent (Art. 6(1)(a) GDPR)
Used for: Newsletter subscriptions, marketing communications, non-essential cookies
You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Contract Performance (Art. 6(1)(b) GDPR)
Used for: Service delivery, responding to inquiries, preparing quotations, fulfilling contractual obligations
Processing necessary to perform a contract with you or to take steps at your request before entering a contract.
Legitimate Interest (Art. 6(1)(f) GDPR)
Used for: Website security, fraud prevention, service improvement, business analytics
We conduct a balancing test to ensure our interests do not override your rights and freedoms.
Legal Obligation (Art. 6(1)(c) GDPR)
Used for: Tax records, financial reporting, regulatory compliance
Processing required to comply with Dutch and EU legal requirements.
As a data subject, you have the following rights under GDPR:
Right of Access (Article 15)
You have the right to obtain confirmation whether we process your personal data and, if so, access to that data along with information about how it is processed.
Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete data completed.
Right to Erasure (Article 17)
You have the right to request deletion of your personal data ("right to be forgotten") when the data is no longer necessary, you withdraw consent, you object to processing, or the data was unlawfully processed.
Right to Restrict Processing (Article 18)
You have the right to request restriction of processing when you contest accuracy, processing is unlawful, we no longer need the data, or you have objected to processing.
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time.
Right to Withdraw Consent (Article 7)
Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
Right Not to be Subject to Automated Decisions (Article 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you.
To exercise any of your GDPR rights:
Submit a Request
Processing Your Request:
6.1 Data Processors: We use carefully selected third-party processors who process data on our behalf under Data Processing Agreements (DPAs) that meet GDPR requirements.
6.2 International Transfers: When data is transferred outside the EEA, we ensure compliance through:
You can request details about specific processors and transfer safeguards by contacting privacy@prilk.com.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk:
Technical Measures
Organizational Measures
In the event of a personal data breach:
Notification to Supervisory Authority (Art. 33)
We will notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware of a breach that poses a risk to your rights and freedoms.
Notification to Data Subjects (Art. 34)
If the breach is likely to result in high risk to your rights and freedoms, we will inform you without undue delay, describing the breach, likely consequences, and measures taken.
We maintain a breach register documenting all incidents, their effects, and remedial actions taken.
In accordance with Article 35 GDPR, we conduct Data Protection Impact Assessments (DPIAs) before processing that is likely to result in high risk to individuals' rights and freedoms, including:
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority:
Autoriteit Persoonsgegevens
(Dutch Data Protection Authority)
Bezuidenhoutseweg 30
2594 AV Den Haag
Netherlands
Phone: +31 70 888 8500
Website: autoriteitpersoonsgegevens.nl
Complaint form: Online Complaint Form
We strongly encourage you to contact us first at privacy@prilk.com. We take all complaints seriously and will work to resolve your concerns.
This GDPR information page was last updated in January 2025. We may update this page periodically to reflect changes in our practices or legal requirements.
Last updated: January 2025
Version: 2.0