Privacy Notice

Last updated: June 2026

Tekenpunt is committed to protecting your personal data. This privacy notice explains what data we collect, why we collect it and what rights you have. This notice applies to all services provided by Tekenpunt and the website tekenpunt.nl. PLEASE NOTE: this is a draft that we recommend having reviewed by a legal adviser before publication.

1. Who are we?

Tekenpunt is the controller within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data collected through our website and services.

Tekenpunt, Contactweg 131, 1014 BJ Amsterdam. Email: info@tekenpunt.nl. Phone/WhatsApp: 06-18762244. Chamber of Commerce: [KVK-NUMMER]. VAT: [BTW-NUMMER].

2. What personal data do we process?

We process personal data that you actively provide to us via contact forms, or that is automatically generated when you use our website.

• Quote request: name, email address, telephone number, place of residence, type of renovation, description and any attachments.
• Job application: name, email address, telephone number, CV and cover letter.
• Partner application (contractors): company name, name of contact person, email address, telephone number and optional Chamber of Commerce number.
• Website usage: IP address (anonymised where possible), browser type, page visits, referring URL and click behaviour, solely after your consent to analytical or marketing cookies.
• Advertisement attribution: Google click parameters (gclid, wbraid, gbraid) and Meta cookie values (_fbp, _fbc), solely after your consent.
• Client communications (future): messages via WhatsApp Business and email stored in our CRM system.
• Payment data (future): transaction data via Mollie, required for the performance of the agreement.

3. Purposes and legal bases

We process your data solely for the purposes set out below and on the basis of the corresponding legal basis.

• Processing your quote request and performing the agreement (legal basis: performance of a contract, Art. 6(1)(b) GDPR).
• Responding to enquiries and conducting correspondence (legal basis: legitimate interest, Art. 6(1)(f) GDPR).
• Processing job applications (legal basis: consent for retention beyond 4 weeks, Art. 6(1)(a) GDPR; performance of pre-contractual steps, Art. 6(1)(b) GDPR).
• Drawing up and retaining invoices and administrative records (legal basis: legal obligation, Art. 6(1)(c) GDPR).
• Displaying personalised advertisements and measuring campaign results via Google Ads and Meta (legal basis: consent, Art. 6(1)(a) GDPR).
• Insight into website usage via Google Analytics (legal basis: consent, Art. 6(1)(a) GDPR, or legitimate interest where processing is fully anonymised).
• Improving our services and website (legal basis: legitimate interest, Art. 6(1)(f) GDPR).

4. Disclosure to third parties and processors

We do not share your data with third parties for commercial purposes. We use the following processors (sub-processors) with whom we have entered into a data processing agreement:

• Hosting provider: for the storage of the website and form data on servers within the EU.
• Supabase (CRM/database): EU region Frankfurt (Germany), for the storage of client and project data.
• Resend: for sending email confirmations and communications.
• Google LLC (Google Ads, Google Analytics, Google Search Console): for advertisement measurement and website analytics, after your consent.
• Meta Platforms Ireland Ltd (Meta pixel): for advertisement attribution, solely after your consent.
• Mollie B.V.: for the processing of payments, in accordance with their own privacy notice.
• Yousign: for the digital signing of contracts.
• Government or regulatory authority: where we are legally obliged to do so.

5. Transfer outside the European Union

Some processors (such as Google and Meta) host their servers, in whole or in part, outside the European Economic Area (EEA). Such transfers are subject to additional safeguards under the GDPR, including Standard Contractual Clauses (SCCs) adopted by the European Commission. Please refer to the privacy notices of the relevant parties for further information about the safeguards they apply.

Supabase and Resend process data on servers within the EU (Frankfurt). No transfer outside the EEA applies to these processors.

6. Retention periods

We do not retain your personal data for longer than is necessary for the purpose for which it was collected, and in any event no longer than is permitted or required by law.

• Invoices and financial administration: 7 years (statutory retention obligation for tax purposes).
• Quotation and client data: for as long as necessary for the performance of the service and for a reasonable period thereafter for any after-sales service or warranty matters (maximum 5 years after project completion).
• Job applications: a maximum of 4 weeks after rejection, unless you expressly consent to retention for a maximum of 1 year for future vacancies.
• Partner applications: for as long as the cooperation relationship exists or is pending.
• Website statistics (cookies): see the cookie policy for specific retention periods per cookie.
• WhatsApp and email messages (future): for the duration of the client relationship and thereafter for a maximum of 2 years.

7. Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access or disclosure. Our website uses a secure connection (HTTPS/TLS). Access to client data is restricted to employees who require it for the performance of their duties.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the Dutch Data Protection Authority in accordance with our legal obligations.

8. Cookies

Our website uses cookies and similar technologies. Functional cookies are necessary for the proper functioning of the website and are placed without your consent. Analytical and marketing cookies are only placed after your explicit consent.

More information about the cookies we use, their purpose and retention periods can be found in our cookie policy.

9. Your rights

Under the GDPR and the Dutch GDPR Implementation Act (UAVG), you have the following rights with regard to your personal data:

• Right of access: you may request details of which data we process about you.
• Right to rectification: you may have inaccurate or incomplete data corrected.
• Right to erasure ('right to be forgotten'): you may request the erasure of your data, unless we have a legal obligation to retain it.
• Right to restriction of processing: you may request that processing be temporarily restricted, for example while an objection is being assessed.
• Right to object: you may object to processing based on legitimate interest or for direct marketing purposes.
• Right to data portability: you may request to receive your data in a structured, commonly used and machine-readable format.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of the processing carried out prior to withdrawal.

10. How can you exercise your rights?

You may submit your request by email to info@tekenpunt.nl or by post to Tekenpunt, Contactweg 131, 1014 BJ Amsterdam. We will respond to your request within 4 weeks. To verify your identity, we may ask for additional information.

If you disagree with the way in which we process your data, you may lodge a complaint with the Dutch Data Protection Authority at autoriteitpersoonsgegevens.nl.

11. Changes to this privacy notice

We may update this privacy notice from time to time, for example if our services change or if legislation changes. The most current version is always available at tekenpunt.nl/privacy. In the event of material changes, we will notify you proactively by email or via a notice on the website.