Skip to main content

Legal

Privacy Policy

Last updated: 03 April 2026

1. Who we are

This website is operated by Crescode Group BV, a private limited company registered in the Netherlands. When this policy refers to "we", "us", or "our", it refers to Crescode Group BV.

For questions about how your personal data is handled, contact us via the contact form.

2. What data we collect

We collect personal data only when you voluntarily submit it through the contact form on this website. The fields collected are:

  • Name – to address you in correspondence.
  • Email address – to respond to your enquiry.
  • Company name – optional; used to understand the context of your enquiry.
  • Message – the content of your enquiry.
  • Budget range and timeline – optional; used to scope a potential engagement.

We do not use tracking pixels, advertising cookies, or any third-party analytics services on this website. No cookies are set except those strictly necessary for the operation of the contact form (CSRF protection).

3. Legal basis for processing

We process your personal data on the basis of legitimate interest (Article 6(1)(f) GDPR): responding to a business enquiry you have initiated. You are not required to provide any information; the contact form is entirely voluntary.

4. How we use your data

Data submitted via the contact form is used solely to:

  • Respond to your enquiry.
  • Follow up on a potential business engagement, if you have expressed interest.

We do not use your data for marketing without your explicit consent. We do not sell, rent, or share your data with third parties for their own purposes.

5. Data storage and retention

Contact form submissions are stored in a database hosted on our server infrastructure. Email notifications of new submissions are sent to the site operator.

We retain contact form data for a maximum of 24 months from the date of submission, or until you request deletion, whichever is sooner. Data is deleted sooner if the enquiry does not result in an engagement and there is no legitimate reason to retain it.

6. Data transfers

Our server infrastructure is located within the European Economic Area (EEA). We do not transfer your personal data outside the EEA.

7. Your rights under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access – request a copy of the personal data we hold about you.
  • Right to rectification – request correction of inaccurate data.
  • Right to erasure – request deletion of your personal data ("right to be forgotten").
  • Right to restriction – request that we limit processing of your data.
  • Right to object – object to processing based on legitimate interest.
  • Right to data portability – receive your data in a structured, machine-readable format.

To exercise any of these rights, contact us via the contact form. We will respond within 30 days.

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. Access to stored contact form submissions is restricted to the site operator and protected by authentication.

9. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the website after an update constitutes acceptance of the revised policy.