This Privacy Policy explains how Joey de Laat ("we", "us", "I") collects, uses, and protects your personal data when you visit joeydelaat.nl or contact us through this website. It is provided in compliance with the EU General Data Protection Regulation (GDPR) and applicable Dutch privacy law.
1. Who is responsible for your data?
The data controller for this website is:
Joey de Laat
Eindhoven, The Netherlands
E-mail: contact@joeydelaat.nl
Website: joeydelaat.nl
As a sole practitioner, Joey de Laat is not required to appoint a Data Protection Officer (DPO) under GDPR Article 37. For any privacy-related questions, contact us directly at the address above.
2. What personal data we collect and why
We only collect personal data that is necessary for the purposes described below. We do not sell your data to third parties.
| Data collected | Purpose | Legal basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Name, email address, company, message (contact form) | To respond to your enquiry | Art. 6(1)(b) — pre-contractual steps; or Art. 6(1)(f) — legitimate interest | Up to 2 years after last contact |
| Name, email address, phone number, company (booking) | To schedule and confirm a consultation call | Art. 6(1)(b) — performance of a contract or pre-contractual steps | Up to 2 years after the booking date |
| Cookie consent preference | To remember whether you accepted or declined cookies | Art. 6(1)(c) — legal obligation (ePrivacy Directive) | 12 months (stored locally in your browser) |
| Website usage data (analytics) | To understand how visitors use the site and improve it | Art. 6(1)(a) — consent (only if accepted via cookie banner) | Up to 13 months |
3. Third-party processors
We use a small number of trusted third-party services that may process your personal data on our behalf. Each acts as a data processor under a data processing agreement:
3.1 Hostinger
Our website is hosted by Hostinger International Ltd. Hostinger stores website files and processes email sent through this website. Data is processed within the EU/EEA. For more information, see Hostinger's Privacy Policy.
3.2 Calendly
Our booking page embeds Calendly, operated by Calendly LLC (USA). When you book a consultation, Calendly collects your name, email address, phone number, and timezone. Calendly transfers data to the United States under Standard Contractual Clauses (SCCs). For more information, see Calendly's Privacy Policy. You are not required to use the Calendly widget — you may also contact us directly by email.
3.3 Analytics (if enabled)
We may use an analytics service (such as Google Analytics or Plausible Analytics) to collect anonymised usage data. Analytics cookies are only activated when you explicitly accept cookies via our cookie banner. See our Cookie Policy for full details.
4. International data transfers
Where personal data is transferred outside the European Economic Area (EEA) — for example, by Calendly to the United States — we ensure that appropriate safeguards are in place in accordance with GDPR Chapter V, specifically Standard Contractual Clauses (SCCs) approved by the European Commission.
5. How we protect your data
We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include secure HTTPS connections, restricted access to data, and using reputable hosting and communication providers.
6. Your rights under GDPR
As a data subject under the GDPR, you have the following rights. To exercise any of these rights, contact us at contact@joeydelaat.nl. We will respond within 30 days.
- Right of access (Art. 15) — you may request a copy of the personal data we hold about you and information about how it is used.
- Right to rectification (Art. 16) — you may ask us to correct inaccurate or incomplete personal data.
- Right to erasure (Art. 17) — you may request deletion of your personal data where we have no lawful basis to retain it ("right to be forgotten").
- Right to restriction of processing (Art. 18) — you may ask us to pause processing of your data in certain circumstances, for example while accuracy is disputed.
- Right to data portability (Art. 20) — where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21) — you may object at any time to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent (Art. 7(3)) — where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
7. Right to lodge a complaint
If you believe your rights under GDPR have been infringed, you have the right to lodge a complaint with the Dutch supervisory authority:
Autoriteit Persoonsgegevens (AP)
Website: www.autoriteitpersoonsgegevens.nl
Telephone: +31 (0)70 888 8500
We encourage you to contact us first so that we can address your concern directly.
8. Cookies
This website uses cookies. For a full explanation of which cookies we use, why, and how to manage your preferences, please read our Cookie Policy.
9. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. The "Last updated" date at the top of this page indicates when it was last revised. We encourage you to review this page periodically. Continued use of this website after a change is posted constitutes your acknowledgement of the updated policy.