Privacy Policy

Last updated: 5 February 2026

1. Introduction

Crimson Owl Technologies ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services.

We process personal data in accordance with the General Data Protection Regulation (GDPR), the Dutch Implementation Act of the GDPR (Uitvoeringswet AVG), and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Crimson Owl Technologies

KVK (Chamber of Commerce): 99457377

BTW (VAT): NL869000172B01

Email: hello@crimsonowl.nl

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide

  • Contact information: Name, email address, company name when you contact us or fill out forms
  • Communication data: Content of messages you send us via contact forms or email
  • Account data: Login credentials and profile information if you use our Platform Architecture Authority (PAA) service

3.2 Information Collected Automatically

  • Technical data: IP address, browser type, operating system, device information
  • Usage data: Pages visited, time spent on pages, referral source
  • Cookie data: Information collected through cookies and similar technologies (see Section 8)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 GDPR:

  • Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for marketing communications
  • Contract (Art. 6(1)(b)): Where processing is necessary to perform a contract with you or take pre-contractual steps at your request
  • Legal obligation (Art. 6(1)(c)): Where we must comply with legal requirements
  • Legitimate interests (Art. 6(1)(f)): Where we have a legitimate business interest that does not override your rights, such as improving our services and website security

5. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your inquiries and provide customer support
  • To provide and maintain our services, including the PAA platform
  • To process transactions and send related information
  • To send administrative information, such as service updates
  • To improve our website, products, and services
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations
  • To send marketing communications (only with your consent)

6. Data Sharing and Transfers

We do not sell your personal data. We may share your data with:

  • Service providers: Third parties who provide services on our behalf (hosting, analytics, email delivery), bound by data processing agreements
  • Legal requirements: When required by law, regulation, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets

International Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • EU adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other valid transfer mechanisms under GDPR

7. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law. Specific retention periods:

  • Contact form submissions: 2 years after last contact, unless a business relationship is established
  • Customer account data: Duration of the business relationship plus 7 years (Dutch fiscal retention requirement)
  • Website analytics: 26 months
  • Marketing consent records: Until consent is withdrawn, plus 3 years for documentation purposes

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that help us provide and improve our services.

Types of Cookies We Use

  • Strictly necessary cookies: Essential for the website to function properly. These do not require consent.
  • Functional cookies: Remember your preferences (e.g., theme settings)
  • Analytics cookies: Help us understand how visitors interact with our website

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of your personal data
  • Right to rectification (Art. 16): Request correction of inaccurate data
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to restriction (Art. 18): Request limitation of processing
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent (Art. 7): Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise these rights, please contact us at hello@crimsonowl.nl. We will respond to your request within one month.

10. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens

Postbus 93374

2509 AJ Den Haag

Website: autoriteitpersoonsgegevens.nl

We encourage you to contact us first so we can try to resolve your concerns directly.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit (TLS) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments
  • Employee training on data protection

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Crimson Owl Technologies

Email: hello@crimsonowl.nl