Quexylansyjrizax

Data protection

Privacy Policy

Last updated: 31 March 2026. This extended policy explains, in layered detail, how Quexylansyjrizax collects and processes personal data when you use https://quexylansyjrizax.world, email us, call us, or interact with content that references our studio in Gilze.

We drafted this document to align with the GDPR, the Dutch GDPR implementation framework (Uitvoeringswet Algemene verordening gegevensbescherming), and ePrivacy expectations for transparency. It complements our Cookie Policy, which focuses specifically on device storage technologies.

Summary in one sentence. We process personal data to operate a secure website, answer your questions honestly, maintain proof of cookie choices, and—only if you consent—study traffic patterns or deliver lightweight marketing measurement. We do not sell your data as a line of business, and we keep retention disciplined so archives do not grow without purpose.

1. Overview and material scope

This Privacy Policy applies to personal data processed in connection with the public marketing and educational presence of Quexylansyjrizax. The scope includes the homepage, informational subpages (including this policy), downloadable illustrative assets, contact channels we publish, and measurement technologies we may run on this domain after valid consent (for example when evaluating advertising effectiveness in aggregate). It does not govern every hypothetical future product unless we notify you separately and, where required, obtain consent or contract terms.

When we run online advertising directed at users in the Netherlands or wider EU, we aim to send traffic to this official host with consistent identification of our business and contact details, in line with platform destination requirements and our Terms of Service on landing-page accuracy.

“Personal data” means information relating to an identified or identifiable natural person within the meaning of Article 4(1) GDPR. Anonymous or aggregated statistics that cannot be linked back to an individual fall outside that definition, provided the anonymization is robust.

If you are reading this policy because you interacted with a vendor that mentions our brand, confirm you are on the official host name quexylansyjrizax.world before sending sensitive information. Phishing domains sometimes mimic authentic layouts.

2. Identity of the controller and role boundaries

The controller is Quexylansyjrizax, legally reachable at Broekakkerweg 1C, 5126 BD Gilze, Netherlands. The same address supports postal access and statutory communications. Where we appoint processors (for example managed hosting), those vendors process personal data strictly under Article 28 GDPR instructions. They do not become independent controllers unless explicitly stated in a separate agreement.

We currently do not appoint a statutory Data Protection Officer under Article 37 GDPR because our core processing activities, while transparent, do not meet the specific Dutch DPO trigger thresholds on a large scale special category monitoring basis. Should that change, we will publish the DPO contact channel here and with the Autoriteit Persoonsgegevens as required.

General privacy inbox
touch@quexylansyjrizax.world — preferred channel for rights requests.
Telephone
+31 85 808 5317 — for verification questions tied to written requests.
Supervisory authority
Autoriteit Persoonsgegevens (AP), Postbus 93374, 2509 AJ Den Haag, Netherlands — autoriteitpersoonsgegevens.nl.

3. Categories of personal data we process

The categories below may overlap in practice; we list them distinctly to assist your mental model and to support data mapping exercises required by accountability principles (Article 5(2) GDPR).

3.1 Identity and contact identifiers

Examples include your name, email address, optional phone number, company name, job title, or a short biography snippet you provide in free text. We collect these only when you voluntarily submit them via our contact form, direct email, business card exchange at an in-person workshop, or similar consensual channel.

3.2 Communication content and metadata

Message bodies, subject lines, attachment filenames (not necessarily attachment content if blocked by policy), thread timestamps, delivery diagnostics, and read receipts if your mail client sends them. Technical logs may record the IP address from which a form submission originated as a fraud prevention measure, even if we later discard that IP under short retention rules.

3.3 Technical connection data

HTTP requests often include user-agent strings, language preferences, referrer headers, TLS protocol versions, and session identifiers required for security. Mobile browsers may disclose coarse device classes. This data supports debugging, rate limiting, and abuse detection. Unless you have opted into analytics cookies, we avoid building longitudinal browsing histories.

3.4 Cookie and local storage identifiers

Strictly necessary artifacts can include anti-forgery tokens, load-balancer affinity cookies, and a local storage record summarizing your cookie choices. Optional analytics or marketing IDs appear only after affirmative consent via the banner or modal described in the Cookie Policy.

3.5 Aggregated or pseudonymised analytics

If you consent to analytics, event parameters may be pseudonymised at collection (for example hashed device identifiers). We still treat such datasets as personal data where re-identification is reasonably possible with auxiliary information, until retention expiry or irreversible aggregation.

4. How data reaches us

Sources include: (a) data you actively submit; (b) data your browser or device automatically emits; (c) data from processors we engage (for example hosting log shipping); and (d) in limited cases, referrals if another person copies you on a thread with your identifier visible. We do not purchase marketing lists that append private emails without verifiable opt-in.

5. Purposes of processing

  • Operate, secure, and improve the website infrastructure.
  • Respond to inquiries and document legitimate business correspondence.
  • Store and evidence cookie preferences to meet accountability obligations.
  • Conduct optional analytics to understand navigation success and content resonance.
  • Conduct optional marketing measurement where you have consented and partners require minimal telemetry.
  • Comply with legal obligations (for example responding to lawful authority requests when properly validated).
  • Establish, exercise, or defend legal claims if a dispute arises.

6. Legal bases reference table

Article 6 GDPR requires a legal basis for each distinct purpose. The table below is illustrative, not a substitute for the narrative sections above, but helps teams integrating future modules align engineering decisions.

Website delivery & fraud prevention
Legitimate interests (Article 6(1)(f)) — balanced against your rights; we use minimal logging.
Contractual preparatory steps
Performance of steps at data subject request (Article 6(1)(b)) — when you ask for a scoped proposal.
Optional analytics & marketing telemetry
Consent (Article 6(1)(a)) — revocable; no adverse conditioning of core site access on accepting optional cookies.
Regulatory compliance
Legal obligation (Article 6(1)(c)) — where statute mandates retention or disclosure.
Assertion of legal claims
Legitimate interests or legal claims path depending on context (Article 6(1)(f) / 9(2)(f) not invoked for special data).

7. Categories of recipients

We share personal data only with categories of recipients that need it under confidentiality terms:

  • Infrastructure hosts storing static assets, TLS certificates, and environment variables.
  • Email transport providers delivering messages you send to us or replies we compose.
  • Analytics or tag managers operating only upon stored consent signals.
  • Professional advisers (lawyers, accountants) under professional secrecy when engaged.
  • Authorities when a valid legal order compels disclosure and we have verified procedural legitimacy to the extent feasible without risking contempt.

We do not allow recipients to use your inquiry emails for unrelated third-party campaign spam.

8. Transfers outside the European Economic Area

Our design preference is EU-centric hosting. However, some infrastructure or font delivery nodes may transiently process connection metadata in the United States or United Kingdom. Where such transfers occur, we implement Article 46 safeguards such as the European Commission Standard Contractual Clauses (2021 versions), supplemented by technical measures (HTTPS, access logging) and organizational measures (vendor due diligence questionnaires).

You may request a summary of the mechanisms relied upon for a specific processing activity; we will respond within statutory timelines subject to confidentiality constraints that favor redacted exhibit copies over raw vendor contracts.

9. Retention schedule philosophy and concrete periods

We keep data no longer than necessary for the purpose. Unless a competing legal duty or litigation hold applies, the following defaults guide automatic purge workflows:

  • Contact correspondence: typically 24 months after the last substantive inbound or outbound message, then review for archival value.
  • Security logs: 30–90 days rolling rotation unless an active incident extends a targeted subset.
  • Consent logs: up to 24 months from the latest consent change to prove compliance.
  • Backup snapshots: encrypted backups may persist up to additional 60 days beyond active system deletion due to incremental restore architecture; purge catches up automatically.

10. Security measures

Measures are proportionate to risk and include: TLS 1.2+ for data in transit; segregated deployment environments; least-privilege administrative accounts; periodic credential rotation; patch management for CMS or static generator dependencies; anti-automation controls on forms; monitoring for anomalous POST volumes; and staff confidentiality expectations.

No control eliminates risk. If you discover a vulnerability, email us with proof-of-concept discipline; we appreciate coordinated disclosure and will credit researchers unless anonymity is requested.

11. Rights of data subjects

Subject to applicable law, you may exercise access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Automated decision-making producing legal effects does not occur on this website. To exercise rights, email our privacy inbox from an address you control; we may request a light-weight identity check (for example confirming a phone snippet you previously supplied) to prevent fraudulent erasure demands.

If you disagree with our response, you may escalate to the AP or, if you reside elsewhere in the EU, sometimes to your local supervisory authority under the GDPR cooperation framework.

12. Children and teen audiences

This website targets adults organizing professional and personal time. We do not knowingly collect data from children under 16 without parental authority. If you are a guardian and believe a minor submitted personal data, contact us—we will delete non-essential records promptly unless retention is legally compelled.

13. Profiling and automated decisions

We do not score individuals for credit, employment, or health outcomes. Optional analytics may compute segment-level engagement metrics (for example percentage of visitors scrolling past a heading) without creating individualized lifestyle scores about you.

14. Personal data breaches

We maintain an internal incident playbook. If a breach risks your rights, we will notify the AP within 72 hours where feasible and communicate with affected individuals when the GDPR mandates direct notice. Training emphasizes early escalation rather than concealment.

15. Data minimization in practice

Forms avoid collecting fields we do not need. We discourage uploading confidential attachments through the public form; if you must, we may direct you to encrypted channels. Developers are instructed to log error events without embedding full user messages whenever possible.

16. Policy evolution and versioning

Material changes will update the “Last updated” date and, where appropriate, surface a concise notice on the homepage. Historical copies may be retrievable on request for transparency researchers comparing regulatory evolution, unless retention strain warrants omission—if so, we will state that limitation openly.

17. Closing contact details

For any privacy matter—including questions before you exercise formal rights—write to touch@quexylansyjrizax.world or mail us at Broekakkerweg 1C, 5126 BD Gilze, Netherlands. We aim to acknowledge substantive requests within a few business days even if full resolution takes longer under Article 12(3) GDPR.

Return to homepage Cookie Policy