Prilk </>Get in Touch

Privacy Policy

How we collect, use, and protect your personal data under GDPR

1. Introduction

Prilk Consulting B.V. ("Prilk", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, process, store, and protect your personal data when you visit our website prilk.com or use our services.

This policy complies with:

  • General Data Protection Regulation (EU) 2016/679 (GDPR)
  • Dutch Implementation Act GDPR (Uitvoeringswet AVG - UAVG)
  • Dutch Telecommunications Act (Telecommunicatiewet) for cookies
  • ePrivacy Directive 2002/58/EC

Important: Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Prilk Consulting B.V.

Address:Reykjavikstraat 1, 3543 KH Utrecht, Netherlands
KvK Number:82066477
BTW Number:NL862323459B01
Email:privacy@prilk.com
Phone:+31 85 060 0702

For data protection inquiries, you can contact us directly at privacy@prilk.com.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Data You Provide Directly

  • Contact Information: Name, email address, phone number, company name when you fill out contact forms, request quotes, or subscribe to newsletters
  • Professional Information: Job title, company size, industry when provided for service inquiries
  • Communication Content: Messages, feedback, and any information you share in correspondence
  • Contract Data: Billing address, VAT number, payment information for clients

3.2 Data Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device type
  • Usage Data: Pages visited, time spent on pages, click patterns, referral source
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

3.3 Special Categories of Data

We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation). If you provide such data voluntarily, we will only process it with your explicit consent.

4. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data based on the following legal grounds:

Consent (Art. 6(1)(a) GDPR)

Newsletter subscriptions, marketing communications, non-essential cookies. You may withdraw consent at any time.

Contract Performance (Art. 6(1)(b) GDPR)

Processing necessary to provide our consulting services, respond to inquiries, prepare quotes, and fulfill contractual obligations.

Legitimate Interest (Art. 6(1)(f) GDPR)

Website security, fraud prevention, service improvement, anonymized analytics. We balance our interests against your rights and freedoms.

Legal Obligation (Art. 6(1)(c) GDPR)

Tax records, financial reporting, compliance with Dutch and EU legal requirements.

5. Purposes of Processing

We process your personal data for the following purposes:

  • Service Delivery: To provide ERP consulting, implementation, and support services
  • Communication: To respond to inquiries, provide quotes, and communicate about projects
  • Marketing: To send newsletters and service updates (with consent)
  • Website Operation: To maintain, secure, and improve our website
  • Analytics: To understand website usage and improve user experience
  • Legal Compliance: To fulfill tax, accounting, and regulatory obligations
  • Business Administration: To manage client relationships and contracts

6. Data Sharing and Recipients

We do not sell your personal data. We may share your data with:

6.1 Service Providers (Data Processors)

  • Hosting Provider: Frappe Cloud (servers in EU) - website and application hosting
  • Email Service: For transactional and marketing emails
  • Analytics: Privacy-focused analytics tools
  • Payment Processors: For invoice and payment handling (PCI-DSS compliant)

All processors are bound by Data Processing Agreements (DPAs) ensuring GDPR compliance.

6.2 Legal Disclosures

We may disclose data when required by:

  • Dutch or EU law enforcement or regulatory authorities
  • Court orders or legal proceedings
  • Tax authorities (Belastingdienst)

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change.

7. International Data Transfers

We primarily store and process data within the European Economic Area (EEA). When data is transferred outside the EEA, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Standard Contractual Clauses (SCCs): EU-approved contractual safeguards for transfers to other countries
  • Supplementary Measures: Additional technical and organizational measures where necessary

You can request information about specific transfer safeguards by contacting privacy@prilk.com.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Data Category Retention Period Basis
Contact form submissions 2 years after last contact Legitimate interest
Newsletter subscriptions Until unsubscribe + 30 days Consent
Client contract data 7 years after contract end Dutch fiscal law (AWR)
Invoices and financial records 7 years Dutch fiscal law (AWR)
Website analytics 26 months (anonymized) Legitimate interest
Server logs 90 days Security

After the retention period, data is securely deleted or anonymized.

9. Your Rights Under GDPR

Under the GDPR and Dutch UAVG, you have the following rights:

Right of Access (Art. 15)

Request a copy of your personal data and information about how it is processed.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten") under certain conditions.

Right to Restrict Processing (Art. 18)

Request limitation of processing in specific circumstances.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Art. 7)

Withdraw consent at any time without affecting the lawfulness of prior processing.

Right Not to be Subject to Automated Decisions (Art. 22)

Not be subject to decisions based solely on automated processing with legal effects.

How to Exercise Your Rights:

  • Email: privacy@prilk.com
  • We will respond within 30 days (extendable by 60 days for complex requests)
  • We may verify your identity before processing requests
  • These rights are generally free of charge

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: TLS/SSL encryption for data in transit; encrypted storage for sensitive data
  • Access Control: Role-based access, strong authentication, principle of least privilege
  • Infrastructure: Secure EU-based hosting with regular security updates
  • Monitoring: Security logging and monitoring for unauthorized access
  • Training: Staff training on data protection and security practices
  • Incident Response: Procedures for handling data breaches

11. Data Breach Notification

In accordance with GDPR Articles 33 and 34, in the event of a personal data breach:

  • We will notify the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) within 72 hours if the breach poses a risk to your rights and freedoms
  • We will inform affected individuals without undue delay if the breach is likely to result in a high risk
  • We maintain a breach register documenting all incidents and remedial actions

12. Cookies

We use cookies and similar technologies on our website. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

13. Children's Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@prilk.com.

14. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Autoriteit Persoonsgegevens

(Dutch Data Protection Authority)

Bezuidenhoutseweg 30
2594 AV Den Haag
Netherlands

Phone: +31 70 888 8500
Website: autoriteitpersoonsgegevens.nl

We encourage you to contact us first at privacy@prilk.com so we can address your concerns directly.

15. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date. For significant changes, we will provide prominent notice (such as email notification for clients).

Last updated: January 2025

Version: 2.0

16. Contact Us

For questions about this Privacy Policy or our data practices:

Prilk Consulting B.V.

Reykjavikstraat 1
3543 KH Utrecht
Netherlands

Privacy inquiries: privacy@prilk.com
General: info@prilk.com
Phone: +31 85 060 0702