Privacy statement
This statement explains which personal data MAAS·studio processes via this website and during projects, for what purpose, and which rights you have under the General Data Protection Regulation (GDPR).
1. Who is responsible
The data controller is MAAS·studio, established at Rotterdam.
- Chamber of Commerce (KvK) no.: 92837465
- VAT no.: NL003691215B47
- Privacy contact: privacy@maas-studio.nl
2. Which data we process
Via the contact/audit form and email contact:
- Name and email address;
- (Optional) company name, phone number and the address of your current website;
- The content of your message.
Automatically on visiting the site: technical data such as IP address (truncated/anonymised where possible), browser type and pages visited, in server logs and functional cookies. See the cookie policy.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Responding to your request, preparing an audit/quote | Performance of a (pre-)contract, art. 6(1)(b) |
| Carrying out an assignment / project | Performance of a contract, art. 6(1)(b) |
| Security and proper functioning of the website | Legitimate interest, art. 6(1)(f) |
| Statutory administration (invoices) | Legal obligation, art. 6(1)(c) |
4. Cookies
This website uses only functional and (optionally) anonymised analytical cookies. No advertising cookies, no fingerprinting. Details are in the cookie policy.
5. Recipients and processors
Your data is not sold. We engage carefully selected processors under a data processing agreement (GDPR art. 28):
- Hosting provider (servers in Amsterdam, Netherlands/EU);
- Email and form handling;
- (Optional) a privacy-friendly, anonymised analytics service.
6. International transfers
We process within the EEA by preference. If a specific service nonetheless processes outside the EEA, this only happens on the basis of an adequacy decision or the European Commission's Standard Contractual Clauses (SCCs).
7. Retention periods
- Requests that don't lead to an assignment: up to 12 months, then deleted;
- Project data and correspondence: during the assignment and 24 months after;
- Invoices and administration: 7 years (statutory tax retention);
- Server logs: short-lived, usually a few weeks.
8. Your rights
You have the right to access, rectification, erasure, restriction, data portability and objection. Send your request to privacy@maas-studio.nl; you'll get a reply within 30 days. If you disagree, you can lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).
9. Security
We take appropriate technical and organisational measures: encryption via HTTPS/SSL, restricted access and regular updates. In the event of a data breach with risk, we report it within 72 hours to the Data Protection Authority and, where required, to you.
10. Changes and contact
We may update this statement; the current version is always at https://maas-studio.nl/en/privacy. Questions? Email privacy@maas-studio.nl.