Privacy Policy

Last updated: 2026-04-14 

1. Who we are (Controller) 

The Impulse Factory B.V. ("we", "us") is the controller for the processing of personal data described in this Privacy Policy. 
 
Legal entity name: The Impulse Factory B.V. 
Registered address: Breda, The Netherlands 
Chamber of Commerce (KvK): 20169937 
VAT number: NL8087.74.490.B01 
Email: info@the-impulse-factory.com 
Phone: +31 (0) 76 531 77 95 
Data Protection Officer (DPO): We have not appointed a DPO. Privacy questions can be addressed to the email above. 

2. What this Privacy Policy covers 

This Privacy Policy explains how we collect and use personal data when you: 
• visit our websites and interact with our online content; 
• contact us via forms, email, phone, or social media; 
• receive newsletters, event invitations, or company updates; 
• meet us at trade shows or events and exchange business contact details; 
• work with us as a customer, supplier, prospect, or other business contact. 

3. Key principles 

We process personal data in accordance with the principles of lawfulness, fairness, and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability, as set out in the GDPR. 

4. Categories of personal data we process 

Depending on how you interact with us, we may process: 
• Identification and contact details (name, job title, company, business email, phone number, address); 
• Communication data (emails, messages, meeting notes, call summaries); 
• Website and device data (IP address, cookie identifiers, pages visited, timestamps, referrer URLs, browser/device information); 
• Marketing preference data (subscription status, consent records, opt-out records, engagement data); 
• Event and trade show data (attendance, badge scans, expressed interests); 
• B2B project information you voluntarily provide (e.g. requested product types, volumes, timing). 

5. Purposes and legal bases 

We process personal data only where a lawful basis under Article 6 GDPR applies, including contractual necessity, consent, and legitimate interests. 

5.1 Website operation, security and hosting 

Purpose: Ensure technical functionality, security, and availability of our website. 
Legal basis: Legitimate interests (Article 6(1)(f) GDPR). 
Retention: Server logs are retained only for as long as necessary for security and operational purposes and are deleted or anonymised thereafter. 

5.2 Web analytics (Google Analytics) 

Purpose: Analyse website usage to improve performance and content. 
Legal basis: Consent (Article 6(1)(a) GDPR and ePrivacy). 
Retention: 26 months, as configured in Google Analytics. 

5.3 B2B website visitor recognition (Leadinfo) 

Purpose: Understand which organisations show interest in our website. 
Legal basis: Consent for cookies; legitimate interest for B2B marketing. 
Retention: Data is retained for a maximum of 2 years, in line with Leadinfo settings. 

5.4 Contact requests 

Purpose: Respond to enquiries and provide requested information. 
Legal basis: Article 6(1)(b) GDPR (steps at the request of the data subject). 
Retention: Up to 24 months after last contact, unless a longer relationship follows. 

5.5 Email communication and lead nurturing (Sender.net) 

Purpose: Send company updates, event invitations, and insights where consent exists, and nurture early-stage B2B leads. 
Legal basis: Consent; and in some B2B contexts legitimate interest, where permitted by law. 
Retention: Inactive and unsubscribed email addresses are reviewed and automatically deleted at least once per year. 

6. International transfers 

Where service providers process data outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses. 

7. Your rights 

You have the right to access, rectify, erase, restrict, or object to processing of your personal data, and to withdraw consent at any time. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).