Privacy
Privacy Policy
01Data controller
| Field | Information |
|---|---|
| Controller | Neamane Gelaas - GK Tech Studio |
| hello@gktechstudio.nl | |
| City | Rotterdam, Netherlands |
| Legal framework | GDPR (EU) 2016/679 / AVG (Netherlands) |
02Data we collect and why
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name and email | Reply to contact requests | Consent | 12 months |
| Phone / WhatsApp | Direct communication | Consent | 12 months |
| Navigation data | Traffic analysis | Consent | 14 months |
| Project data | Prepare proposals and budgets | Contract execution | Relationship duration + 5 years |
| Billing data | Tax and accounting obligations | Legal obligation | 7 years |
GK Tech Studio does not intentionally collect data from children under the age of 16.
03Your GDPR rights
You can exercise the following rights regarding your personal data:
Access
Know what personal data is being processed.
Rectification
Correct inaccurate or incomplete data.
Erasure
Request deletion of your personal data.
Restriction
Restrict how your data is processed.
Portability
Receive your data in a structured format.
Objection
Object to certain processing activities.
To exercise these rights, write to hello@gktechstudio.nl. GK Tech Studio will respond within 30 days.
You may also lodge a complaint with the Autoriteit Persoonsgegevens in the Netherlands or the AEPD in Spain.
04Data transfers to third parties
GK Tech Studio does not sell personal data. Data may be processed by:
| Provider | Service | Country | Safeguard |
|---|---|---|---|
| Resend | Transactional email | United States | EU standard clauses |
| Vercel | Website hosting | United States | DPA + EU clauses |
| Sanity.io | CMS | United States | DPA + EU clauses |
| Google Analytics | Traffic analysis | United States | Explicit consent |
05Data security
GK Tech Studio applies technical and organisational security measures to protect personal data, including:
- HTTPS / TLS encrypted communications.
- Restricted access to personal data.
- Periodic review of security measures.
- Data breach notification according to GDPR requirements.