YHDS Wit Logo
YHDS Wit Logo

Privacy Policy

Request a quote
Working together as an agency

Helped over 100 businesses grow

We take your privacy very seriously. That is why we process your personal data in full compliance with the General Data Protection Regulation. You can read about how we do this and what rights you have in this privacy statement.

1. Contact details
YHDS B.V.
Duitslandstraat 55
4614 KD Bergen op Zoom
Chamber of Commerce: 98813404

Contact person: Youri van der Heijden
Email address: youri@yhds.nl


2. When do we process which personal data?

Contact
When we interact with one another, we process (depending on how we interact):

  • your first name and surname;
  • company name (if applicable);
  • email address; and/or
  • telephone number. 


Legal basis under the GDPR: legitimate interest
Retention period: for an indefinite period, but never longer than necessary

Quotation
In order to prepare and send you a quote, we process your:

  • first name and surname;
  • company name;
  • contact details;
  • email address (so we can send you the quote);
  • phone number (so we can call you about the quote).


Legal basis under the GDPR: performance of the contract
Retention period: for at least 7 years due to the legal requirement to retain financial records, and thereafter for no longer than is necessary

Appointments
When you book a telephone or video appointment with us, we will process your:

  • first name and surname (so that we can address you correctly and know who the appointment is for);
  • company name (if applicable, so that we know who the appointment is with);
  • email address (so we can send you a confirmation of the appointment);
  • phone number (if we have arranged a phone call);
  • Depending on the meeting: your website URL (so that we can better prepare for the content of the meeting).


Legal basis under the GDPR: performance of the contract
Retention period: indefinite, but never longer than necessary

Web design / Graphic design / Social media
When we create a website or graphic design for you, or manage your social media, we may need to process some personal data because it appears on your website. For example: 

  • your company name
  • your (business) address;
  • Chamber of Commerce number;
  • telephone number;
  • email address;
  • social media links; and/or 
  • photos.


In addition, we require the following for web design and social media management:

  • your login details (so that we can carry out our work).


Legal basis under the GDPR: performance of the contract
Retention period: indefinite, but never longer than necessary

Website maintenance
If you engage us to carry out website maintenance, we will need your login details so that we can carry out our work.
Legal basis under the GDPR: performance of the contract
Retention period: until our collaboration comes to an end

Email marketing services

If you engage us to provide email marketing services, we will need your login details in order to carry out our work.
Legal basis under the GDPR: performance of the contract
Retention period: until our collaboration comes to an end

Portfolio
When we have created something for you, it may be that personal data has been included in the designs. We would like to keep our designs for our portfolio. This allows us, amongst other things, to showcase our skills so that we can attract new clients.
Legal basis under the GDPR: consent / legitimate interest
Retention period: until we no longer wish to retain the works or use them in our portfolio

Invoicing / Financial administration
For invoicing purposes and for our financial records, we process your:

  • first name and surname (of the contact person);
  • company name (if applicable);
  • contact details;
  • customer number;
  • invoice number;
  • bank details;
  • Chamber of Commerce number;
  • email address (so we can email you the invoice). 


We collect this information directly from you, obtain it from the Chamber of Commerce register, and/or assign it to you automatically (customer number, invoice number).
Legal basis under the GDPR: legal obligation
Retention period: at least 7 years due to the legal obligation to retain financial records, and thereafter for no longer than is necessary

Free products/services
When we offer a free product or service, we process:

  • your name (as we are sending this to you);
  • your company name (so that we know which company has requested the product or service);
  • your email address (so we can keep you informed);
  • (Optional) your telephone number (so that we can contact you about the product or service).


Legal basis under the GDPR: performance of the contract
Retention period: indefinite, but not longer than necessary

Customer overview
We maintain a customer directory to help us keep track of our schedule and ensure we have contact details to hand. For this purpose, we process the following personal data:

  • company name;
  • email address;
  • telephone number.


Legal basis under the GDPR: legitimate interest
Retention period: indefinite, but not longer than necessary

Newsletter
We’d love to send you our newsletter. You can sign up for it on our website. You can unsubscribe at any time. We only process your:

  • first name (so we can address you);
  • email address. 


Legal basis under the GDPR: permission
Retention period: as long as you are registered

Sending a corporate gift
As we value you as a customer or business contact, we may send you a promotional gift. To do so, we will process your:

  • first name and surname;
  • company name (if applicable);
  • email address (for a digital gift)
  • delivery address (for a physical gift). 


We already had this personal data from our previous collaboration, or we obtain some of it from the Chamber of Commerce register.
Legal basis under the GDPR: legitimate interest
Retention period: indefinite, but not longer than necessary

Tagging on social media
We may tag you on social media. We do this because, for example, we have entered into a partnership with you. To do this, we use your social media username, which may consist of your first name and surname.
Legal basis under the GDPR: legitimate interest
Retention period: as long as the social media post is online

Legitimate interest
For certain purposes, we process personal data on the basis of “legitimate interest”. In doing so, our interest in processing your personal data is balanced against your interest (the right to privacy). We only process personal data if our legitimate interest outweighs your interest. 

3. Recipients of your personal data

Your data will not be disclosed to third parties unless this is necessary for business operations or required by law. The third parties to whom we may have disclosed your data are:

  • WPMUDEV
  • Shopify
  • WordPress
  • Google (Calendar, Gmail, Analytics, etc.)
  • Calendly
  • Cookiebot
  • Elementor
  • Moneybird
  • MailerLite
  • Mailchimp
  • Asana
  • Meta
  • LeadInfo
  • Stripe
  • Social media
  • OpenAI
  • ProductHero
  • Channable
  • xCore
  • RoadLot

We do not sell your personal data to third parties.

4. Transfer to third countries

We endeavour to process personal data within the European Economic Area (EEA) wherever possible. However, we may still use services based outside the EEA. We only do so if an adequate level of protection for the processing of personal data is ensured. 

5. Security of your personal data

We have implemented appropriate technical and organisational measures to protect personal data against loss or any form of unlawful processing. Examples of such measures include:

  • the use of an SSL certificate on our website;
  • taking backups;
  • updating software, plugins, etc.;
  • the use of strong passwords;
  • do not log in on an unsecured network;
  • the use of screen savers on devices;
  • entering into data processing agreements.

6. Automated decision-making

Automated decision-making occurs when decisions are made automatically on the basis of processed personal data, without any human intervention. We do not use automated decision-making.

7. Cookies

Cookies are small files that are stored on your device when you visit a website, such as on your laptop or mobile phone. These cookies store information and are retrieved when you visit the website again. You can read more about our use of cookies here.

8. Your rights

When your personal data is processed, you have a certain degree of control over it. Under the General Data Protection Regulation, you have the following rights:

Right of access, rectification and erasure
You have the right to know what personal data we process about you. If any of this information is incorrect, you can ask us to correct it. We can also delete your personal data at your request.

Right to restriction of processing
This is the right to have the processing of your data (temporarily) stopped. For example, the data we hold about you may be incorrect. In that case, we are not permitted to use this data until we have the correct information. We must also (temporarily) stop processing your data if the processing is unlawful, if we no longer need the data, or if you have objected to the processing of your data.

Right to object
If we process your data on the basis of a “legitimate interest” and you do not agree with this, you may object. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If you object to the processing for direct marketing purposes, we will no longer process this personal data.

Right to data portability
You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to transmit this data to another controller where you have given us consent to process your personal data and/or where the processing is carried out by automated means.

Right to withdraw your consent
Where we have obtained your consent to process your personal data, you have the right to withdraw that consent at any time. This does not affect the lawfulness of the processing of your personal data prior to your withdrawal of consent.

Right to make a complaint
Do you have a complaint about how we handle your personal data? If so, you have the right to lodge a complaint with the Data Protection Authority.

If you wish to exercise any of these rights, please email youri@yhds.nl. If you wish to exercise your right to make a complaint, please contact the Data Protection Authority.

9. Changes

We may amend this privacy statement from time to time. Reasons for this may include changes within the company or new developments in legislation or regulations. The latest version will always be published online. If the changes apply to you, we will inform you accordingly. If you continue to use our services after the changes have been made, you agree to these changes.

Version: 9 December 2025