Privacy Policy
Last updated: 24 June 2026
This Privacy Policy (Privacyverklaring) explains how Sprouteuwipe.ddd (“we”, “us”, “our”) collects, uses, stores, and protects personal data (persoonsgegevens) when you visit our website or contact us. We process data in accordance with:
- the EU General Data Protection Regulation (GDPR / AVG);
- the Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming — UAVG);
- the Dutch Telecommunications Act (Telecommunicatiewet) regarding cookies and similar technologies (see our Cookie Policy);
- other applicable Dutch and EU legislation.
1. Data Controller
The data controller responsible for processing is:
Sprouteuwipe.ddd
Blasiusstraat 144, 1091 CZ Amsterdam, Netherlands
Email: message@sprouteuwipe.world
Phone: +31 651 905 823
KvK and BTW/VAT identifiers are available upon written request for legitimate business correspondence.
We have not appointed a Data Protection Officer (DPO). For all privacy matters, contact us using the details above.
2. Personal Data We Collect
We collect only data that is adequate, relevant, and limited to what is necessary (dataminimalisatie, Art. 5(1)(c) GDPR).
- Contact form: name, email address, message content, age confirmation (18+), GDPR consent, and Terms acceptance.
- Cookie consent: your category choices and timestamp, stored in
localStorage(key:tdde_cookie_consent). - Technical data: IP address, browser type, device information, referring URL, pages visited, and timestamps — processed via server logs for security; analytics-related data only if you consent to analytics cookies.
- Communications: information you voluntarily provide by email or telephone.
- Embedded content: when you choose to load our Google Maps embed on the contact page, Google may process technical data under its own policy. Until you click “Load embedded map”, no map is loaded. See Google’s Privacy Policy.
We do not intentionally collect special categories of personal data (Art. 9 GDPR) such as health data. Please do not include medical information in contact messages.
3. Purposes and Legal Bases (Art. 6 GDPR)
| Processing activity | Purpose | Legal basis |
|---|---|---|
| Contact form & email replies | Respond to inquiries and event registration requests | Art. 6(1)(b) — pre-contractual steps / Art. 6(1)(f) — legitimate interest in communication |
| GDPR consent & Terms acceptance | Document permission to process contact data and your agreement to site rules | Art. 6(1)(a) — consent / Art. 6(1)(b) — pre-contractual steps |
| Website security & logs | Fraud prevention, abuse detection, uptime | Art. 6(1)(f) — legitimate interest (balanced against your rights) |
| Cookie consent storage | Remember your cookie choice | Art. 6(1)(f) — legitimate interest / Telecommunicatiewet necessity |
| Analytics cookies | Understand site usage and improve content | Art. 6(1)(a) — consent (only after opt-in) |
| Marketing cookies | Campaign measurement and relevant messaging | Art. 6(1)(a) — consent (only after opt-in) |
| Legal obligations | Tax, accounting, or authority requests | Art. 6(1)(c) — legal obligation |
Where we rely on legitimate interest (Art. 6(1)(f)), you may object at any time (see Section 9). We do not use automated decision-making or profiling with legal or similarly significant effects (Art. 22 GDPR).
4. Retention Periods
We retain personal data no longer than necessary for the purposes stated:
- Contact form & correspondence: up to 24 months after the last message, unless a longer period is required for legal claims or statutory retention (e.g. Dutch tax records: 7 years where applicable under Algemene wet inzake rijksbelastingen).
- Cookie consent records: up to 12 months, after which we ask for renewed consent.
- Server/security logs: up to 90 days, unless needed for incident investigation.
- Analytics data: per the analytics provider’s configuration (typically 14–26 months), only with valid consent.
After expiry, data is deleted or irreversibly anonymised.
5. Recipients, Processors, and Transfers
We do not sell personal data. We may share data with:
- Processors (Art. 28 GDPR): hosting providers, email services, and — if you consent — analytics/marketing providers. Processors act only on our documented instructions and under data processing agreements.
- Google Ireland Limited (Maps embed; optional analytics/marketing tags subject to consent).
- Public authorities when required by Dutch or EU law.
Transfers outside the European Economic Area (EEA) occur only with appropriate safeguards: European Commission adequacy decisions, Standard Contractual Clauses (SCCs), or other mechanisms under Chapter V GDPR. You may request a copy of relevant safeguards by contacting us.
6. Online Advertising and Analytics
If you consent to analytics or marketing cookies, we may use services such as Google Analytics and Google Ads (including conversion measurement and remarketing). These services may process online identifiers, pages viewed, and interactions with our ads. Processing is based on your consent (Art. 6(1)(a) GDPR) and managed through our cookie banner with Google Consent Mode v2. You may refuse or withdraw consent without affecting access to our free content. For details, see our Cookie Policy.
We do not use sensitive health categories for ad targeting. Our advertising, if enabled, promotes general lifestyle content only.
7. Security Measures
We implement appropriate technical and organisational measures (Art. 32 GDPR), including:
- HTTPS/TLS encryption for website traffic;
- access controls and least-privilege principles for systems holding personal data;
- data minimisation in forms and logs;
- periodic review of processing activities and vendor compliance.
In the event of a personal data breach likely to pose a risk to your rights, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours where required, and inform affected individuals when legally necessary.
8. Provision of Data
Contact form fields marked as required are necessary to respond to your message. Without them, we cannot process your request. Analytics and marketing processing are optional and depend entirely on your cookie consent.
9. Your Rights Under GDPR and UAVG
Under the GDPR and UAVG, you have the following rights (subject to conditions and exceptions in law):
- Right of access (Art. 15) — obtain confirmation and a copy of your data;
- Right to rectification (Art. 16) — correct inaccurate data;
- Right to erasure (Art. 17) — “right to be forgotten” where applicable;
- Right to restriction (Art. 18) — limit processing in certain cases;
- Right to data portability (Art. 20) — receive data in a structured, machine-readable format where processing is automated and based on consent or contract;
- Right to object (Art. 21) — object to processing based on legitimate interest, including direct marketing;
- Right to withdraw consent (Art. 7(3)) — at any time, without affecting lawfulness of prior processing; withdraw cookie consent via “Cookie preferences” in the footer or browser settings;
- Right regarding automated decisions (Art. 22) — not applicable as we do not conduct such processing.
To exercise your rights, email message@sprouteuwipe.world with sufficient information to identify you. We respond within one month (extendable by two further months for complex requests, with notice). We may request reasonable identity verification to prevent unauthorised disclosure.
If you believe we process your data unlawfully, you may lodge a complaint with:
Autoriteit Persoonsgegevens (AP)
Postbus 93374, 2509 AJ Den Haag, Netherlands
Website: autoriteitpersoonsgegevens.nl
You may also seek a judicial remedy before a Dutch court.
10. Dispute Resolution (ODR)
EU consumers may use the European Commission’s Online Dispute Resolution (ODR) platform. Our email for ODR correspondence: message@sprouteuwipe.world.
11. Children
Our website is intended for adults (18+). We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe a child has provided data, contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy to reflect legal, technical, or operational changes. The “Last updated” date at the top will change accordingly. Material changes will be communicated on this page. We encourage you to review this policy periodically.