Brandnest

Legal

Privacy
Policy.

Last updated: March 2026 · In accordance with the AVG (GDPR)

1. Who we are

This privacy policy applies to Brandnest, a design studio registered in the Netherlands. Brandnest acts as the data controller (verwerkingsverantwoordelijke) within the meaning of the General Data Protection Regulation (AVG/GDPR).

2. What personal data we collect

We collect personal data only when you actively provide it to us, for example when:

  • You fill in the contact form on our website
  • You place an order or enter into an agreement with us
  • You communicate with us by email

The data we may collect includes:

  • First and last name
  • Email address
  • Company name
  • Phone number (if voluntarily provided)
  • Project information and correspondence
  • Payment details (processed via third-party payment providers)

3. Purpose and legal basis

We process your personal data for the following purposes:

Execution of an agreement (Art. 6(1)(b) AVG)

To communicate with you about your project, deliver our design services, send invoices, and fulfil our contractual obligations.

Legitimate interest (Art. 6(1)(f) AVG)

To respond to inquiries submitted through our contact form and to maintain our business relationship with you.

Legal obligation (Art. 6(1)(c) AVG)

To comply with Dutch tax and bookkeeping obligations (e.g. retaining invoices for 7 years under Dutch fiscal law).

4. Retention periods

  • Client and project data: up to 2 years after the end of the business relationship
  • Financial and invoice records: 7 years, as required by Dutch tax law (Belastingdienst)
  • Contact form submissions (no order placed): deleted within 6 months

5. Sharing with third parties

We do not sell or rent your personal data to third parties. We may share your data with:

  • Payment processors (e.g. Stripe, PayPal) solely to process payments
  • Cloud storage providers (e.g. Google Drive) for project file storage — bound by data processing agreements
  • Accountant or bookkeeper for our financial administration, under a confidentiality obligation

6. Cookies and website analytics

Our website may use functional cookies necessary for the site to operate. We do not use tracking cookies or advertising cookies without your consent. If we use analytics tools, we ensure they are configured in a privacy-friendly manner or obtain your prior consent in accordance with the Dutch Telecommunications Act (Telecommunicatiewet).

7. Your rights

  • Right of access — you may request an overview of the data we hold about you
  • Right to rectification — you may have inaccurate data corrected
  • Right to erasure — you may request deletion of your data, subject to our legal obligations
  • Right to restriction — you may request that we temporarily stop processing your data
  • Right to data portability — you may request your data in a structured, commonly used format
  • Right to object — you may object to processing based on our legitimate interests

8. Security

We take appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, or misuse. These measures include secure HTTPS connections, access restrictions, and use of reputable cloud providers.

9. Complaints

If you believe we are not handling your personal data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Postbus 93374, 2509 AJ Den Haag · autoriteitpersoonsgegevens.nl

10. Changes to this policy

We reserve the right to update this privacy policy. The most recent version is always published on this page.

← Home
Privacy PolicyTerms of Service