Privacy Policy

1. Introduction

This Privacy Policy describes how Solaq International B.V. ("we", "us", or "our") collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable European data protection laws.

This policy applies to all personal data we process, including data collected through our website, contact forms, social media platforms, and third-party tools.

2. Data Controller

Solaq International B.V. acts as the Data Controller for the personal data described in this policy.

3. What Personal Data We Collect

3.1 Data you provide directly

When you contact us through our website forms or by email, we may collect your name, job title, company name, email address, phone number, and any other information you voluntarily provide.

3.2 Data collected through third-party platforms

We use tools such as LinkedIn and Google Analytics to analyse our online presence and engagement. Through these platforms we may process aggregated engagement data (likes, shares, impressions), anonymised visitor demographics, and page performance metrics. We only access data made available through these platforms' APIs in accordance with their terms of use.

3.3 Data collected automatically

When you visit our website and accept analytics or marketing cookies, we may collect your IP address, browser type and operating system, pages visited and time spent, and referring URLs. This data is only collected after you provide consent through our cookie banner.

4. Legal Bases for Processing

We process personal data only where we have a valid legal basis under Article 6 of the GDPR:

• Consent (Art. 6(1)(a)): For analytics and marketing cookies, which are only activated after you provide explicit consent through our cookie banner.
• Contract Performance (Art. 6(1)(b)): Where processing is necessary to respond to your enquiry or take steps prior to entering into a contract.
• Legal Obligation (Art. 6(1)(c)): Where processing is necessary for compliance with a legal obligation.
• Legitimate Interests (Art. 6(1)(f)): For internal analytics, service improvement, and managing our online presence, where our interests do not override your rights.

5. How We Use Your Personal Data

We use the personal data we collect to respond to enquiries and provide information about our products and services, analyse website performance and engagement metrics for internal reporting, manage our online presence and marketing activities, ensure the security and integrity of our systems, and comply with legal and regulatory obligations.

We do not use personal data for automated decision-making or profiling.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share personal data with third parties only in the following circumstances:

• Service providers: Trusted vendors who assist us in operating our business, including HubSpot (CRM and forms) and Google (analytics). These parties are bound by Data Processing Agreements in line with GDPR requirements.
• Third-party platforms: Tools such as LinkedIn and Google Analytics collect data directly from users through your interaction with those platforms. They operate as data controllers in their own right under their own privacy policies.
• Legal compliance: Where required by law, court order, or regulatory authority.
• Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction.

7. International Data Transfers

Solaq International B.V. is established in the Netherlands and operates within the European Economic Area (EEA). We process data within our EEA environment. Where third-party platforms we use are based outside the EEA (such as Google or LinkedIn), those providers are responsible for their own GDPR-compliant data transfer mechanisms, including Standard Contractual Clauses and adequacy decisions.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Contact form submissions are retained in our CRM for the duration of our business relationship and any subsequent legal retention period. Analytics data is retained in aggregated form. When personal data is no longer required, we securely delete or anonymise it.

9. Your Rights Under the GDPR

As a data subject, you have the following rights which you can exercise free of charge:

• Access (Art. 15): Obtain confirmation of whether we process your data, and receive a copy.
• Rectification (Art. 16): Have inaccurate data corrected or incomplete data completed.
• Erasure (Art. 17): Request deletion of your data in certain circumstances.
• Restriction (Art. 18): Request that we restrict the processing of your data.
• Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Object (Art. 21): Object to processing based on legitimate interests.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. You can withdraw cookie consent at any time via our cookie preferences on this website.

To exercise any of these rights, contact us at info@solaq.nl. We will respond within one calendar month, extendable by two further months for complex requests.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our website. When you first visit, a cookie banner allows you to choose which categories to accept. No analytics or marketing cookies are set until you provide consent.

• Essential: Required for the website to function, including contact form operation. These cannot be switched off.
• Analytics: Google Analytics cookies used to measure site performance. Only activated with your consent.
• Marketing: HubSpot tracking cookies used to understand visitor engagement and follow up on enquiries. Only activated with your consent.

You can change your cookie preferences at any time using the cookie settings link in the footer of our website, or by adjusting your browser settings.

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. These include encryption in transit (TLS/SSL), access controls, and regular security reviews.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours in accordance with Article 33 of the GDPR, and affected individuals where required under Article 34.

12. Children's Data

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

14. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first so we can address them. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

For residents of the Netherlands, the relevant authority is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). A list of all EU supervisory authorities is available at edpb.europa.eu.

15. Contact Us