Privacybeleid

*18-12-2025

This Privacy Policy explains how Brain Based Safety (“we,” “us”) processes personal data when you visit www.brainbasedsafety.com (the “Website”). It has been drafted to comply with the transparency requirements of the GDPR (AVG).

The Website is informational and intended to enable contact. You cannot create an account, make online payments, or access a customer portal via the Website.

1. Who is responsible for your data?

Brain Based Safety

Oosterweg 23, 6229 XV Maastricht
+31 651 80 20 45
post@brainbasedsafety.com

2. What personal data do we process?

We process only the personal data necessary to operate the Website and communicate with you.

A) Data you provide via forms (contact)

If you use our contact form, we may process:

  • Name
  • Email address
  • Phone number (only if you provide it)
  • Organization and job title (only if you provide them)
  • The content of your message (and any data you choose to include)

Technical process: The form is sent to us via email (SMTP). As a result, your data may also appear in (log files of) our email environment for delivery or technical diagnostics.

B) Newsletter subscription (Mailchimp)

If you subscribe to the newsletter, we process:

  • Email address

The newsletter is managed and sent via Mailchimp.

C) Anti-spam/security for forms (Cloudflare Turnstile)

To prevent spam and abuse via forms, we use Cloudflare Turnstile. Turnstile processes “signals” such as IP address, TLS fingerprint, user agent, and site key/origin to detect abuse.

D) Technical data (server logs)

As with most websites, our hosting environment may process technical data such as:

  • IP address
  • Date/time of visit
  • Requested page/file
  • Basic information about browser/device

This is generally done for security, stability, and troubleshooting.

E) Embedded content (YouTube)

Some pages contain embedded YouTube videos. If you choose to load/play these (depending on your cookie choices), Google/YouTube may process data about your device and interaction with the video. Details about cookies and consent are described in the Cookie Policy.

3. Purposes and legal bases for processing

We process personal data only for the purposes listed below:

A) Handling contact requests

Purpose: Respond to your message, follow up, and provide information about our services.
Legal basis: Legitimate interest (communication with (potential) clients) and/or taking steps at your request.

B) Sending newsletters

Purpose: Send news and updates that you explicitly request.
Legal basis: Consent. You can unsubscribe at any time via the link in each newsletter.

C) Security and spam prevention

Purpose: Prevent abuse, spam, and attacks and keep the Website secure.
Legal basis: Legitimate interest (security and abuse prevention). Turnstile processes technical signals for this purpose.

D) Quotes and performance of services (also via email)

Purpose: If you contact us (e.g., by email following information on the Website), we use your personal data to answer questions, prepare a quote, and—if an assignment is agreed—perform the agreement (planning, execution, communication, and administration).
Legal basis: Necessary for the performance of a contract and/or to take steps at your request prior to entering into a contract (GDPR Art. 6(1)(b)).

4. With whom do we share data?

We do not sell your personal data. We share it only where necessary to operate the Website and our communications:

  • Mailchimp (newsletter management and delivery)
  • Cloudflare (Turnstile: spam/abuse prevention)
  • Hosting provider / IT service providers (hosting, technical management, security)
  • Third parties as independent controllers: YouTube/Google when you load/play embedded videos (in accordance with your cookie choices)

5. Retention periods

We do not retain personal data longer than necessary. As a practical guideline:

  • Contact messages: Retained as long as needed to handle your inquiry and any follow-up, then deleted/archived within a reasonable period, unless longer retention is required (e.g., for administration or to document agreements). Your data will not be retained for more than one year if no agreement is concluded.
  • Newsletter data (Mailchimp): Retained while you are subscribed. After unsubscribing, your email address may remain on a suppression/opt-out list to prevent unintended future mailings.
  • Server/security logs: Typically retained for a short period (days/weeks), unless longer retention is required for security investigations.

6. Backups

To technically restore the Website in case of disruptions, errors, or incidents, we create periodic site backups in two ways:

A) Backups via WP Vivid (storage in OneDrive)

We use WP Vivid to create backups and store them in Microsoft OneDrive. These backups include:

  • The WordPress database (e.g., page content, settings, technical configuration), and
  • Website files (e.g., themes, plugins, media files).

As these are copies of the database and files, a backup may incidentally contain limited personal data present in WordPress at that time (e.g., admin accounts, technical logs/settings, and possibly form content if stored on the site).

B) Backups by our hosting provider

Our hosting provider may also create (automated) backups of the Website (files and database) for continuity, security, and recovery. These backups are managed by the hosting provider and used for restoration purposes.

Purpose and legal basis
The purpose of backups is security and business continuity (incident recovery). The legal basis is our legitimate interest in managing the Website securely and reliably.

Retention
We retain backups no longer than necessary and according to a rotating schedule (older backups are overwritten/deleted). We aim to keep retention periods limited in line with the storage limitation principle.

7. Security measures

Brain Based Safety takes the protection of your data seriously and implements appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification, including:

  • Reliable SSL certificate
  • Access control (only those who need access)
  • Two-factor authentication for administrators (WP2FA)
  • Updates and maintenance of WordPress and plugins
  • Security measures against spam/abuse (Cloudflare Turnstile)

If you believe that your data is not properly secured, if there are indications of misuse, or if you would like more information about the security of the personal data we collect, please contact us via post@brainbasedsafety.com

8. International data transfers (outside the EEA)

Because we operate internationally, data may be processed outside the European Economic Area.

  • Mailchimp (US): Mailchimp indicates that data may be processed in the United States and globally, using legal mechanisms such as Standard Contractual Clauses (SCCs) (and references the EU–US Data Privacy Framework).
  • Cloudflare (Turnstile): Cloudflare is a global service provider; Turnstile processes technical signals for security/anti-abuse purposes.

9. Your rights under the GDPR

If the GDPR applies to you, you have, among others, the right to:
  • Access your personal data
  • Rectification (correction)
  • Erasure (in certain cases)
  • Restriction of processing
  • Object to processing based on legitimate interests
  • Data portability (where applicable)
  • Withdraw consent (e.g., for newsletters)
You can submit a request for access, correction, or deletion to post@brainbasedsafety.com. Response time: We generally respond within one month, in accordance with the GDPR (subject to lawful exceptions).

10. Links to other websites

Our Website may contain links to external websites (e.g., social media). This Privacy Policy does not apply to those websites. Please review the privacy policies of the relevant third parties.
*We may update this Privacy Policy if the Website or applicable legislation changes. The date at the top indicates when it was last updated.
Scroll to Top