Privacy & Cookie Policy
Last updated: January 2026 · Version 1.1
At BrandArchway we take the protection of your privacy and personal data seriously. This policy explains what data we collect, why, how we use it, who we share it with, and the rights you have. We are committed to compliance with the General Data Protection Regulation (GDPR/AVG) and other applicable data-protection laws.
1. Who we are (data controller)
BrandArchway is the controller responsible for the processing of your personal data.
BrandArchway
Olga de Haasstraat 513, Amsterdam, The Netherlands
Chamber of Commerce (KvK): 97096768
Email: info@brandarchway.com
2. Scope
This policy applies to all processing of personal data by BrandArchway, including data collected through:
- Our website at brandarchway.com and its subdomains
- Email, phone and other correspondence
- Forms, audits, bookings and newsletter sign-ups
- Our work with clients, prospects, partners and suppliers
- Meetings, events and networking
3. The personal data we collect
Depending on how you interact with us, we may process:
Identity & contact data
- Name, email address, phone number
- Company name, job title and role
- Postal, billing or business address (where relevant)
Professional & business data
- Employer, industry, company size and website
- LinkedIn profile and other professional details you share
- Records of our relationship: correspondence, project notes, requirements, preferences and feedback
Financial & transaction data (clients)
- Invoicing and payment records, contract and order details
- Card and bank payments are handled by our payment provider; we do not store full card numbers
Technical & usage data
- IP address, device and browser type, operating system, language settings
- Pages viewed, clicks, referring source, and engagement metrics, collected via cookies and analytics
Marketing & communications data
- Subscription status and preferences, email opens/clicks, campaign responses and form submissions
We generally do not collect special categories of data (such as health or biometric data) and we do not knowingly collect data from anyone under 16. If we learn we have, we will delete it.
4. How we collect your data
- Directly from you — when you fill in a form, request an audit, book a call, subscribe, email or call us, or become a client.
- Automatically — through cookies, analytics and server logs when you use our website (see section 7).
- From third parties — B2B data providers (e.g. Leadinfo/Dealfront), LinkedIn, advertising partners, and publicly available sources such as company websites and public registries.
5. Legal bases for processing (Article 6 GDPR)
We only process personal data where we have a valid legal basis:
- Consent — for marketing emails, non-essential cookies and any optional processing. You can withdraw consent at any time.
- Performance of a contract — to deliver our services, manage your account and provide support.
- Legal obligation — to meet tax, accounting and other legal requirements.
- Legitimate interests — for B2B direct marketing, lead generation, analytics, security and running our business, balanced against your rights and freedoms.
6. How we use your data
- To deliver, manage and improve our services and respond to your requests
- To send transactional messages and — with consent — newsletters and marketing
- For analytics, to understand and improve how our site and campaigns perform
- For advertising and lead generation (where you have consented)
- For security, fraud prevention and protecting our rights
- To comply with legal and regulatory obligations
7. Cookies & tracking technologies
Cookies are small files stored on your device. We also use similar technologies such as pixels, local storage and tags. We use the following categories:
- Strictly necessary — required for the site to function (sessions, security, your cookie choices). Always active.
- Performance / analytics — help us understand how the site is used. Disabling them does not break the site.
- Functional — remember preferences such as language. Disabling may limit convenience.
- Marketing / advertising — measure campaigns and show relevant ads. Disabling means ads become less relevant.
The main providers we use are listed below. The full, always-current list is available in our cookie preference centre (the cookie banner on our site), where you can change your choices at any time.
| Provider | Purpose | Category |
|---|---|---|
| BrandArchway (first-party) | Session, security and storing your cookie consent & language | Strictly necessary |
| Google Analytics 4 / Google Tag Manager | Website analytics and tag management | Analytics |
| Google Ads | Conversion tracking and remarketing | Marketing |
| Meta (Facebook/Instagram) Pixel | Conversion tracking and advertising | Marketing |
| LinkedIn Insight Tag | Conversion tracking and B2B advertising | Marketing |
| Leadinfo / Dealfront | B2B company-level website visitor identification | Analytics |
You can also manage cookies through your browser settings and via industry opt-out tools such as Your Online Choices, the DAA and NAI, plus the ad-settings pages of Google, Meta and LinkedIn.
Impact of disabling cookies: strictly necessary cookies cannot be switched off; disabling analytics, functional or marketing cookies will not stop you using the site but may reduce personalisation and the relevance of advertising.
8. How we share and disclose your data
We never sell your personal data. We share it only with appropriate safeguards in place:
- Service providers (processors) — hosting, email, CRM, analytics, scheduling, support and security providers, bound by data-processing agreements and acting only on our instructions.
- Advertising & analytics partners — Google, Meta, LinkedIn and Microsoft, where you have consented.
- Professional advisors — lawyers, accountants and auditors, under confidentiality.
- Authorities — where required by law, court order, or to prevent fraud and protect rights and safety.
- Business transfers — to a successor entity in a merger, acquisition, financing or sale of assets, subject to this policy.
- With your consent — for any other sharing.
- Aggregated / anonymised data — which cannot identify you.
9. International data transfers
We are based in the Netherlands (EEA). Some of our providers process data outside the EEA (for example, in the United States). Where we transfer personal data internationally, we rely on appropriate safeguards such as EU adequacy decisions and EU Standard Contractual Clauses (SCCs) with supplementary measures. Copies are available on request.
10. Data retention
We keep personal data only as long as necessary for the purposes described, or as required by law. As a guide:
- Customer records — for the duration of the relationship and up to 7 years afterwards
- Financial & tax records — 7 years (Dutch law)
- Marketing data — until you withdraw consent or object
- Website & analytics data — typically up to ~14–26 months
- Job applicants — up to 4 weeks after the process, or 1 year with consent
After these periods we delete or anonymise your data.
11. How we keep your data secure
We apply appropriate technical and organisational measures, including encryption in transit (TLS), access controls and least-privilege, multi-factor authentication, monitoring and logging, backups, vendor due diligence, staff confidentiality and training, and an incident-response process. No method of transmission or storage is completely secure, but where a breach legally requires it we will notify you and the Dutch Data Protection Authority within 72 hours.
12. Your privacy rights
Under the GDPR/AVG you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (the "right to be forgotten")
- Restrict or object to processing — including direct marketing, at any time
- Data portability
- Withdraw consent at any time
- Not be subject to a decision based solely on automated processing with legal or similarly significant effects
If you are a California resident, you also have rights to know, delete and correct your data, to opt out of "sale"/"sharing" (we do not sell personal data), and to non-discrimination.
To exercise any right, email info@brandarchway.com. We may need to verify your identity. We respond within one month (extendable for complex requests) and free of charge, unless a request is manifestly unfounded or excessive.
13. Automated decision-making & profiling
We may use profiling for lead scoring and personalisation, but we do not make decisions producing legal or similarly significant effects based solely on automated processing without a lawful basis and appropriate safeguards. You can object to profiling for direct marketing at any time.
14. Third-party websites
Our site may link to third-party websites and services we do not control. This policy does not apply to them; please review their own privacy policies.
15. Children's privacy
Our services are aimed at businesses and are not directed to children under 16. We do not knowingly collect their data.
16. Changes to this policy
We may update this policy from time to time. Material changes will be posted here with a new "Last updated" date and, where appropriate, notified to you. Your continued use of our services after changes take effect constitutes acceptance.
17. Complaints
If you have a concern, please contact us first at info@brandarchway.com so we can help. You also have the right to lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens, or your local supervisory authority.
18. Contact us
For any question about this policy or your personal data, contact the data controller:
BrandArchway · Olga de Haasstraat 513, Amsterdam, The Netherlands
KvK 97096768 · info@brandarchway.com