Your data, our responsibility

​

As a data controller located in the Netherlands, we uphold your data privacy responsibly. This means full transparency in the collection, management, and protection of your personal data, along with guidance on exercising your rights.

​

You’re welcome to request us to stop processing or erase your data at any time, if possible because of on going assignments. Discover more about your rights in the sections below.

​

The kind of personal data we process

​

Personal data pertains to any information about a living individual who can be identified. We only process (potential) client data. Here are the types we may collect from you:

​

• Contact information (such as names, email addresses, phone numbers, and business addresses);

• Contractual and financial details (such as agreements, invoices, and payment information);

• Communication information (such as emails, meeting notes, or phone call records).

​

We process this data for our legitimate interest to maintain and perform our agreements with clients, to provide our consultancy services, and to comply with our legal (including fiscal) obligations.

 

Our single-minded use of your data

​

We believe in “sharing is caring,” but not when it comes to your personal data. We only rely on trusted software suppliers and a hosting party to provide us with services essential for delivering our own. They may, as our processors, receive personal data from you. These typically include:

​

• IT- and hosting services (for secure data storage, cloud solutions, and email);

• Communication and collaboration tools (such as project management platforms, videoconferencing, and document sharing software);

• Administrative and accounting services (for invoicing, bookkeeping, and compliance with financial regulations).

 

All subprocessors act on our instructions and we conclude appropriate arrangements in Data Processing Agreements.

​

When our suppliers transfer data to third countries, for instance, due to their data centres’ locations, we always enter into Standard Contractual Clauses (SCCs) with them.

​

Secure handling and retention of your data

​

Data security is paramount to us. We employ robust technical and organisational safeguards, such as limited access rights, clean desk policies, clear screen protocols, and our suppliers’ robust technical measures.

We also adhere to the principle of data minimisation, retaining your information only as long as necessary, typically six months after your request has been addressed or a year post our client relationship. Some data is retained for seven years due to financial and/or fiscal obligations.

​

​

That’s how the cookie crumbles

 

Currently, this website doesn’t use cookies. A cookie is a small file that is stored on your device to, for example, make using the website easier for you. In case we start using cookies in the future, we will inform you by updating this Privacy Statement.

 

Your rights regarding personal data

​

It goes without saying that you have rights regarding the personal data we process from you. These are the following:

​

• the right of access to your personal data;

• the right to rectify your data;

• the right to erase your personal data (“right to be forgotten”);

• the right to restrict the processing of personal data;

• the right to object to the processing of personal data;

• the right of data portability;

• the right not to be subject to automated decision-making;

• and the right to withdraw your consent where processing is based on consent.

​

Want to exercise your rights? Contact us via kedekokdigitalethicsinstitute.com.

 

In case of complaints

​

Should you ever have concerns about our data processing, feel free to email us. You also have the right to approach the Autoriteit Persoonsgegevens with your complaints.

​

Children’s data

​

We understand that (and are strong advocates for) children deserve special protection when it comes to the processing of their personal data in a digital environment. We do not intentionally process data of children under 16. If such data is inadvertently collected, it will be promptly deleted.

 

Updates

​

We may revise this Privacy Statement occasionally. Stay informed by checking it regularly.

​

Questions​

​

Any questions regarding this privacy statement or related to how we handle personal data? Reach out to us via kedekok@digitalethicsinstitute.com.

​

 

Version: December 2025