Privacy Policy

Last updated: April 2024

This Privacy Policy explains how Lotte Bos collects, processes, and safeguards your personal information when you interact with this website and use our services. We are fully committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and all relevant European privacy legislation.

1. Data Controller Information

The entity responsible for processing your personal data is:

Lotte Bos
Prinsengracht 795, 1017 JV Amsterdam, Netherlands
Email: hello@lottebos.nl
Phone: +31 20 987 6543

2. Categories of Personal Data Collected

We may collect and process the following types of personal data depending on your interaction with our services:

• Identity Information: Your full name and any other identifiers you voluntarily provide when contacting us or booking services.
• Contact Details: Email address, telephone number, and postal address used for communication and service coordination.
• Service Preferences: Information about your interests, goals, and preferences related to movement coaching and lifestyle programs.
• Technical Information: Internet protocol (IP) address, browser type and version, device identifiers, operating system, and platform information.
• Usage Information: Data regarding how you navigate and interact with our website, including pages visited, time spent, and click patterns.

3. Methods of Data Collection

We gather personal data through the following channels:

• Direct Collection: Information you provide when completing contact forms, sending emails, or communicating with us through any channel.
• Automated Collection: Technical and usage data collected automatically through cookies, server logs, and analytics tools as you browse our website.
• Third-Party Sources: We do not obtain personal data about you from external sources. All information comes directly from your voluntary interactions with us.

4. Legal Basis for Processing

Under the GDPR, we rely on the following legal grounds for processing your personal data:

• Consent: When you voluntarily submit information through our contact form or explicitly agree to receive communications from us.
• Contractual Necessity: Processing required to fulfill our obligations under a service agreement or to take pre-contractual steps at your request.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving service quality and website security, provided your fundamental rights do not override these interests.
• Legal Compliance: Processing necessary to comply with applicable laws, regulations, or legal processes.

5. Purposes of Data Processing

Your personal data is processed for the following specific purposes:

• To respond to your inquiries and provide information about our services.
• To coordinate and deliver booked services, including scheduling and follow-up communications.
• To maintain accurate records of our professional relationship and service history.
• To analyze website usage and improve user experience, content relevance, and service offerings.
• To send occasional updates, newsletters, or event invitations where you have provided explicit consent.
• To fulfill legal, regulatory, or professional obligations.

6. Data Sharing and Transfers

We maintain strict confidentiality regarding your personal data. We do not sell, rent, or trade your information. Limited sharing may occur in these circumstances:

• Service Providers: Trusted third parties who assist with website hosting, email delivery, and analytics, bound by contractual confidentiality obligations.
• Legal Obligations: Disclosure required by law, court order, or governmental authority.
• Business Transitions: In the event of a merger, acquisition, or asset sale, your data may be transferred subject to equivalent privacy protections.

7. Security Measures

We implement comprehensive technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

• Industry-standard SSL/TLS encryption for all data transmission.
• Regular security audits and vulnerability assessments of our systems.
• Strict access controls limiting data access to authorized personnel only.
• Ongoing staff training on data protection best practices and confidentiality.

While we employ robust security measures, no internet-based system can guarantee absolute security. We encourage you to use strong passwords and protect your own devices.

8. Data Retention Periods

We retain personal data only as long as necessary for the purposes outlined in this policy:

• General inquiries and contact form submissions: up to 24 months from last interaction.
• Client service records and coaching documentation: 7 years to comply with Dutch tax and professional regulations.
• Technical logs and anonymized usage data: 12 months, after which data is aggregated and de-identified.
• Marketing consent records: retained until consent is withdrawn or for a maximum of 36 months.

9. Cookies and Similar Technologies

Our website uses cookies and related technologies to enhance functionality and understand user behavior. Cookies are small data files stored on your device that help us recognize returning visitors and personalize your experience.

Categories of cookies we utilize:

• Essential Cookies: Required for basic website functionality and cannot be disabled.
• Performance Cookies: Collect anonymous information about how visitors use our website to help us improve performance.
• Functional Cookies: Remember your preferences and settings to provide enhanced, personalized features.

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit website functionality.

10. Your Rights Under GDPR

As a data subject, you possess the following rights regarding your personal information:

• Right of Access: You may request confirmation of whether we process your data and obtain a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate personal data or completion of incomplete data.
• Right to Erasure: You may request deletion of your personal data in certain circumstances, such as when data is no longer necessary for its original purpose.
• Right to Restrict Processing: You may request limitation of processing activities under specific conditions.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Data Portability: You may request transfer of your data in a structured, machine-readable format to another controller.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the information in Section 1. We will respond within one month of receiving your request.

11. Children's Privacy Protection

Our services are intended for individuals aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal information without parental consent, please contact us immediately so we can take appropriate action to delete such data.

12. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If data transfer outside the EEA becomes necessary, we ensure adequate protection through standard contractual clauses, adequacy decisions, or other legally recognized transfer mechanisms approved by the European Commission.

13. Policy Updates

We may revise this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. Material changes will be announced on this page with an updated effective date. We recommend reviewing this policy regularly to stay informed about how we protect your information.

14. Contact and Complaints

For questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please reach out to:

Lotte Bos
Prinsengracht 795, 1017 JV Amsterdam, Netherlands
Email: hello@lottebos.nl
Phone: +31 20 987 6543

If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your country of residence.