Privacy statement
DeSnipperaar processes personal data carefully and only as far as needed to deliver our services. This statement describes which data we process, why, how long and which rights you have under the General Data Protection Regulation (GDPR).
1. Who is the data controller?
DeSnipperaar (hereafter "we" or "us"), based in the Netherlands, registered with the Chamber of Commerce under number NL34354900. Contact details are at the bottom of this page.
2. Which personal data do we process?
Quote requests and contact
- Name, company name, role
- Email address and phone number
- Address or postcode of the location where destruction takes place
- Job description (volume, type of material, preferred date)
- Messages you send via the contact form or by email
Executing jobs
- Date, time and location of the destruction
- Type and weight of the destroyed material
- Name of the on-site contact and the signature on the Certificate of Destruction
- Invoice details and payment information
Website and cookies
Our website uses a minimal number of technical cookies strictly necessary for forms to work, plus one cookie that stores your language preference (NL or EN). We set no tracking or advertising cookies and use no tools like Google Analytics or Meta Pixel. The server temporarily logs technical data (IP address, User-Agent, time, requested URL) for security and error handling. These logs are automatically deleted after 30 days.
3. Why do we process your data?
| Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Drafting and answering a quote | Necessary for performance of a contract (1b) or pre-contractual step at your request |
| Executing the job and issuing a certificate | Performance of contract (1b) |
| Invoicing and bookkeeping | Legal obligation (1c), art. 52 AWR (7 years) |
| Customer contact and follow-up | Legitimate interest (1f) |
| Website security and logging | Legitimate interest (1f) |
4. How long do we keep your data?
- Quote requests without a job: 12 months, then deleted.
- Job files, certificates and invoices: 7 years after completion (tax retention obligation, art. 52 AWR).
- Contact-form messages without follow-up: 6 months.
- Web server logs: 30 days.
5. With whom do we share data?
We share data only where necessary for our service or legally required. Sub-processors we engage:
- A Dutch hosting party for the website and email
- A bookkeeping package for invoicing
- A payment service provider for collection and payment processing
With each of these parties we have a processor agreement. We do not pass your data to third parties for commercial purposes and never sell data.
6. Data outside the EEA
We host the website and all customer data within the European Economic Area. If a service provider incidentally processes outside the EEA, that happens only on the basis of an adequacy decision or the EU standard contractual clauses.
7. Processor agreement for clients
When you instruct us to destroy personal data, we act as a processor within the meaning of GDPR article 28. Before the first job we sign a processor agreement. A standard model is available on request.
8. Your rights
Under the GDPR you have the right to:
- Access the personal data we process about you (art. 15)
- Have data rectified if it is incorrect (art. 16)
- Have data erased when processing is no longer necessary (art. 17)
- Have processing restricted (art. 18)
- Object to processing on the basis of legitimate interest (art. 21)
- Receive your data in a structured format (data portability, art. 20)
- Lodge a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl
You can submit a request to exercise these rights via the contact address at the bottom of this page. We reply within one month.
9. Security
We take appropriate technical and organisational measures (GDPR art. 32) to protect your data: TLS encryption for all connections, separate storage of sensitive fields, access only for staff with a Certificate of Conduct (VOG), and periodic security reviews.
10. Data breaches
In the event of a data breach likely to result in a risk to data subjects, we notify the Dutch Data Protection Authority within 72 hours. If the breach poses a high risk, we also inform the data subjects directly.
11. Changes
We may amend this statement, for example for new services or changed legislation. The date at the top of this page reflects the most recent change.
12. Contact
For privacy questions or to exercise your rights:
- Email: privacy@desnipperaar.nl
- KvK: NL34354900
- VAT: NL131691600B03