Privacy Policy

This Privacy Policy was last updated on: 1 June 2023


We are Outfox. We respect your privacy and private life, but sometimes we need your Personal Data. We consider Personal Data to be any information relating to an identified or identifiable person, in conformity with the General Data Protection Regulation (the GDPR).


This policy explains which Personal Data we use and why (the Privacy Policy). Furthermore, you will read how we process, store and protect your Personal Data. Finally, we outline what rights you have when we process your Personal Data.


This Privacy Policy applies to our Website (the Website), our online application (the App) and the services or products we provide (the Services). We process your Personal Data in accordance with the GDPR and all other relevant legislation and regulations in the field of protection of Personal Data, like Dutch Telecommunications Act (Telecommunicatiewet) regarding the use of cookies (the Relevant Legislation).


Are you under the age of 16?

If you are younger than 16 years old, you need permission from your parents or legal guardian to use our Website, App and Services.


Processing of Personal Data

In order to provide you with our Website, App and Services, we process your Personal Data.


How do we receive your Personal Data?

Personal data we receive from you:

We receive Personal Data directly from you when you contact us, sign-up or log in via our website.


Who is the controller of your Personal Data?

We are the controller of your Personal Data within the meaning of the Relevant Legislation. At the end of this Policy, you can find our contact details and the contact details of our Data Protection Officer.


What Personal Data do we process, for which specified purpose(s), and on which legal basis?

We need some of your Personal Data in order for you to use our Website, Apps and Services.


We are allowed to process your Personal Data, because we comply with the Relevant Legislation. We lawfully process your Personal Data because we:


  • Have legal bases for processing your Personal Data;
  • Inform you about the processing; and
  • Only process data for specific purposes, and no more than is necessary for that.

In the table below you will read (1) which Personal Data we process (2) for which purpose(s) and (3) on which legal basis.


We shall only use your Personal Data for the following purposes or for compatible purposes. By doing so, we will not use your Personal Data in an unexpected manner.


(Personal) Data


Legal basis

Contact Data:
– Company name
– First and/or last name
– Email address
– Address
– Phone number
– IP-address
– Chamber of Commerce number
– VAT number

We use these Data:
– To contact you
– To correspond with you
– For the delivery or performance of our Services to you

We process these Data on the basis of:
– A necessity to perform the contract
– Consent
– A legal obligation

Payment Data:
– Payment Data of the paying party
– Invoices
– An overview of the purcases of our Services

We use these Data:
– To send invoices
– To update our financial administration

– A necessity to perform the contract
– Legitimate interests
– A legal obligation

Partner and/or supplier Data:
– Company name

We use these Data:
– To contact you
– To correspond with you


– A necessity to perform the contract
– Legitimate interests

Content Data related to the Services:
– Correspondence or chat messages
– Your questions about our Services
– Results
– IP address

We use these Data:
– To provide you with an optimal service
– To execute our agreement

– A necessity to perform the contract
– Consent
– Legitimate interests
– A legal obligation

Legitimate interest

To invoke the legitimate interest basis, we balance our interests against your interests, fundamental rights and freedoms. In this way, we assess whether our interest, in processing the Personal Data, outweighs your privacy interest. These Personal Data are valuable to us because it allows us to get in touch with you, which enables us to provide and possibly improve our Services.


Based on careful consideration of the interests and risks involved, we have concluded that your privacy interest does not outweigh our interest. Therefore, we believe we can invoke our legitimate interest in processing these Personal Data.


However, this assessment is subjective. Do you disagree with the processing of your Personal Data based on our legitimate interest? If so, you can always object to this. We will then reassess, and possibly discontinue the processing of your Personal Data.


Are you obliged to share your Personal Data with us?

In some cases, the processing of your Personal Data is necessary. This is relevant, for example, when we have to process your Personal Data in order to oblige to a contract with you or to provide a service to you. Without your Personal Data, we cannot provide our Service to you.


How do we secure your Personal Data?

We make every effort to protect your Personal Data from loss, destruction, use, alteration or dissemination of your Personal Data by unauthorized persons. We ensure that those who have nothing to do with your Personal Data cannot access it. We do this through the following measures:


  • Encryption (encoding) of digital files containing Personal Data
  • Secure network connections with Transport Layer Security (TLS), Secure Socket Layer (SSL), or a comparable technology
  • Security of Personal Data in accordance with the ISO 27001 standard
  • Security of Personal Data in accordance with the NEN-ISO / IEC 27701 standard
  • The access to the Personal Data is strictly limited to the employees on a ‘need to know’ basis
  • The access to the Personal Data is secured by two-step authentication
  • The access to the Personal Data is secured by confidentiality agreements (NDA’s)
  • making regular backups as protection against ransomware or loss.

We constantly check our security measures for effectiveness, and if necessary adjust our process. That way, your Personal Data is always protected and accessible in the event of a failure.


How long do we store your Personal Data?

We shall not store your Personal Data longer than the period in which we need them for the aforementioned purposes. We delete the Personal Data after we no longer need them for the purpose we process them for. The following is a list of the categories of Personal Data and the (functionally defined) retention periods:


Category of Personal Data

Retention period

Contact Data

We retain your contact information for as long as necessary to provide our Services.

Payment Data

We retain your payment data for as long as necessary to meet our financial and tax requirements and obligations.

Partner and/or supplier Data

We retain partner or supplier data for as long as it is needed to provide our Services.

Content data related to our Services

We retain content data for as long as necessary to provide you with our Services in an integral and continuous manner.

With whom do we share your Personal Data?



We may share your Personal Data with data ‘processors’ within the meaning of the Relevant Legislation. We conclude a Data processing agreement with these parties, which entails that they shall process your Data carefully and that they shall only receive the Personal Data they need to provide their service. These parties shall only use your Personal Data in accordance with our instructions and not for their own purposes. 


Third parties

Sometimes we share your Personal Data with other parties, who are not processors. With these parties, we agree that they shall use your Personal Data carefully. They shall only process your Personal Data for purposes compatible or in line with the purpose for which we received the Personal Data from you.

If we have a legal obligation to share your Personal Data, we will do so. This is the case, for example, if a public authority legally requires us to share your Personal Data.


Categories of data processors


  • Companies we have engaged for marketing purposes.
  • Companies that we have engaged for ICT technical support, database management, software integration and hosting purposes (e.g. hosting partners, cloud partners, data centers, software suppliers, external IT consultants, etc.);
  • Companies that we have engaged for communication purposes (e.g. live chat on our website and support ticketing system);
  • Companies that we have engaged for analytical purposes;
  • Companies that we have engaged for recruitment purposes (e.g. an Applicant Tracking System or an external recruitment agency);
  • Companies we have engaged for payment purposes.

Furthermore, your personal data will never be sold, passed on or communicated to third parties who want to use them for their own purposes. Of course unless if this is necessary for the execution of the contract or if you have given us your explicit permission beforehand. 


In addition, we would like to draw your attention to the fact that personal data may be collected by social networks when you use a social plug-in on our websites (e.g. a like button from Facebook).


Finally, we can disclose your personal data:


  • To the competent authorities (i) when we are obliged to do so by law or in the context of judicial or future legal proceedings and (ii) to safeguard and defend our rights;
  • When (nearly) all of our assets are acquired by a third party, in which case your personal data – which Outfox has collected – will be one of the transferred assets.


A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.


We use cookies to improve the user experience on our Website. Moreover, cookies ensure that the Website works faster, that you can visit our Website safely and that we can track and solve errors on our Website.


You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our Website. However, please note that without cookies, our Website may not function as well as it should. For more information you can read our cookie statement:


Other provisions



We process your Personal Data only within the European Economic Area (EEA).


We shall never transfer your Personal Data to other countries or to other parties than those mentioned above without your permission.


Websites of third parties

Our website and our App may contain links to other websites. We are not responsible for the content or the privacy protection on these websites. Therefore, we advise you to always read the privacy policy of those websites.


Your rights

You have the following rights:


  • The right of access
    You can request access to your Personal Data;
  • The right to rectification
    You can request us to correct, limit or delete your Personal Data. In the event of fraud, non-payment or other wrongful acts, we can store some of your Personal Data in a register or on a blacklist;
  • The right to data portability
    You can request a copy of your Personal Data. We can provide this copy to third parties at your request, so you do not have to do so yourself;
  • The right to object
    You can object to the processing of your Personal Data;
  • The right to file a complaint
    You can file a complaint at the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you are of the opinion that we wrongfully process your data;
  • The right to withdraw consent
    You can always withdraw your permission to process your Personal Data. From the moment of your withdrawal, we cannot process your Personal Data anymore.

Modifications to the Privacy Policy

We may modify this Privacy Policy. If we substantially modify the Privacy Policy, we shall place a notification on our Website and in our App together with the new Privacy Policy. We shall notify registered users in case of a substantial modification. If you are not a registered user, we advise you to consult the Website and this Policy regularly.



In the event that you wish to exercise these rights, or in the event of other questions or remarks regarding our Privacy Policy, you can contact us via the following contact details.


Outfox B.V.
Torenallee 28-10
5617 BD Eindhoven
The Netherlands

CoC 54729181


Data Protection Officer

M. Oostdijk