1) Who is responsible for your data (Controller)
Controller: MUTLER / Mutlu Partners B.V
Registered address: Posthoornstraat 11, 3011WD Rotterdam
[o
Email: info@mutler.eu] If you appoint a Data Protection Officer (DPO), add:
DPO: [Name], [Email]2) Personal data we collectWe may collect the following categories of personal data:A) Data you provide to us
Contact details: name, email address, phone number (if provided)
Form content: message, project details, company name, role, any information you type into our forms
Marketing preferences: whether you opt in or opt out of newsletters/updatesB) Data we collect automatically (activity tracking)When you use the Website, we may automatically collect:
Device and usage data: IP address, browser type, device identifiers, operating system, pages viewed, clicks, referring pages, timestamps, approximate location (derived from IP)
Cookie and similar technology data: identifiers stored via cookies/local storage and comparable toolsC) Data from communicationsIf you email us or contact us, we may keep a record of the communication, including attachments you send.3) Why we use your data (Purposes)We use personal data to:
Respond to inquiries and requests (e.g., messages sent through forms or email)
Provide and improve the Website (performance, security, debugging, analytics)
Understand how visitors use our Website (activity tracking and analytics)
Send updates/marketing communications if you opt in (and manage opt-outs)
Comply with legal obligations (e.g., tax, accounting, or lawful requests)
Protect our rights and prevent misuse (fraud prevention, security monitoring)4) Legal bases (GDPR)We process personal data only when we have a legal basis, including:
Consent (Art. 6(1)(a))
For non-essential cookies/trackers and marketing where required.
Contract / pre-contract steps (Art. 6(1)(b))
When you contact us to request information, pricing, or services.
Legitimate interests (Art. 6(1)(f))
For website security, basic analytics to improve user experience, and maintaining our operations—balanced against your rights.Legal obligation (Art. 6(1)(c))
When we must retain certain records or respond to lawful requests.You can withdraw consent at any time (see “Your rights”).5) Cookies and tracking technologiesWe use cookies and similar technologies to operate the Website and understand usage.A) Types of cookies we may use
Strictly necessary cookies: required for the Website to function and for security. These do not require consent.Preference cookies: remember your choices (may require consent depending on jurisdiction and implementation).
Analytics cookies: help us understand traffic and usage (typically require consent in the EU).
Marketing cookies: used to measure campaigns or deliver relevant advertising (require consent).B) Managing cookiesWhen required, we show a cookie banner that lets you:accept or reject non-essential cookies, and/oradjust settings by category.You can also manage cookies through your browser settings. Note that disabling certain cookies may affect Website functionality.
Cookie list (optional but recommended):
Add a table or list of the cookies you use (name, provider, purpose, duration, type). If you want, tell me your tools (e.g., GA4, Meta Pixel, Hotjar, etc.) and I’ll generate the exact cookie table.6) Who we share data with (Processors and recipients)We may share personal data with trusted service providers who process data on our behalf, such as:Website hosting and infrastructure providersForm and email delivery toolsAnalytics providersCRM systemsSecurity and fraud-prevention servicesWe share only what is necessary, and we require appropriate contractual safeguards (including Data Processing Agreements where applicable).We may also disclose data:if required by law or legal process, orto protect our rights, users, and the security of our services.7) International transfersIf personal data is transferred outside the European Economic Area (“EEA”), we ensure appropriate safeguards, such as:an adequacy decision by the European Commission, orStandard Contractual Clauses (SCCs), and where needed, additional measures.You can request more information about transfer safeguards via [privacy@yourdomain.com].8) Data retentionWe keep personal data only as long as necessary for the purposes described above:
Contact and form requests: typically retained for [e.g., 12–24 months] after last contact, unless a longer period is needed for business or legal reasons.
Marketing subscriptions: retained until you unsubscribe or we clean inactive lists.
Analytics data: retained for [e.g., 14 months] or according to your analytics settings.
Security logs: retained for a limited period to ensure Website security.We may retain data longer where required by law or to establish, exercise, or defend legal claims.9) SecurityWe implement appropriate technical and organizational measures to protect your data, such as access controls, least-privilege access, encrypted connections (HTTPS), and monitoring for suspicious activity.No method of transmission or storage is 100% secure, but we work to protect your information with industry-standard safeguards.10) Your rights (EEA/UK users)Subject to applicable law, you have the right to:
Access your personal data
Rectify inaccurate or incomplete dataErase your data (“right to be forgotten”)
Restrict processing
Object to processing based on legitimate interests
Data portability (for data processed by contract/consent in automated ways)Withdraw consent at any time (this won’t affect processing already carried out)Lodge a complaint with your data protection authorityTo exercise your rights, email [privacy@yourdomain.com]. We may ask for information to verify your identity.11) ComplaintsIf you are in the EEA, you can lodge a complaint with your local data protection authority. If your company is based in the Netherlands, the competent authority is the Dutch DPA (Autoriteit Persoonsgegevens).12) ChildrenOur Website is not intended for children under [16] and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact us so we can delete it.13) Third-party linksOur Website may include links to third-party sites. We are not responsible for their privacy practices. Please review their policies separately.14) Changes to this policyWe may update this Privacy Policy from time to time. The “Last updated” date shows when it was revised. If changes are significant, we will provide a more prominent notice where required.