Legal
Privacy policy
Proofen B.V. · KvK 42017752 · proofen.nl
Last updated: 1 June 2026
This Privacy Policy explains how Proofen B.V. collects, uses, and protects personal data when you visit proofen.nl, submit an enquiry, or use the Proofen dashboard. It applies to website visitors, prospective customers, and dashboard users.
1. Who we are
The data controller is Proofen B.V., registered at the Dutch Chamber of Commerce under number 42017752, with its registered office at Dahliastraat 238, 3333 GN Zwijndrecht, The Netherlands.
For data-protection matters, contact us at [email protected].
We have not appointed a Data Protection Officer, as we do not meet the thresholds under Article 37 GDPR that make appointment mandatory. If that changes, we will update this policy accordingly.
2. Data we collect
2.1 Contact form
When you submit an enquiry via our contact form or email, we collect:
- First and last name
- Company name and job title
- Business email address
- The content of your message
We use this data solely to respond to your enquiry and, if relevant, to follow up in connection with a potential commercial relationship.
2.2 Dashboard account registration
When you register for a Proofen dashboard account, we collect:
- First and last name
- Business email address
- Company name and country
- Password (stored as a one-way cryptographic hash; we never store your plain-text password)
- Role within your organisation (e.g. operator, administrator)
2.3 Dashboard usage data
When you use the dashboard, we automatically collect limited technical data, including:
- IP address (used for access control and fraud prevention; not used for tracking)
- Browser type and version
- Session timestamps and duration
- Pages and features accessed within the dashboard
- Error and diagnostic logs
This data is collected to ensure the security, stability, and performance of the service.
2.4 Machine grading data
When your organisation uses a Proofen grading machine, the machine generates cosmetic grade records (device model, grade, timestamp, machine identifier). This data is processed under the Data Processing Agreement between Proofen and your organisation and is not covered by this Privacy Policy.
3. How we use your data
| Purpose | Legal basis |
|---|---|
| Responding to enquiries and pre-sales communication | Legitimate interests (Art. 6(1)(f) GDPR) |
| Providing and managing your dashboard account | Performance of a contract (Art. 6(1)(b) GDPR) |
| Sending transactional emails (account confirmation, password reset, service notifications) | Performance of a contract (Art. 6(1)(b) GDPR) |
| Monitoring and improving the security and performance of our services | Legitimate interests (Art. 6(1)(f) GDPR) |
| Complying with legal obligations (e.g. tax records, responding to lawful requests) | Legal obligation (Art. 6(1)(c) GDPR) |
| Sending marketing communications about Proofen products and services | Consent (Art. 6(1)(a) GDPR). You may opt out at any time |
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
4. How long we keep your data
| Data type | Retention period |
|---|---|
| Contact form enquiries | 2 years from the date of the enquiry |
| Dashboard account data | For the duration of the commercial relationship, plus 1 year after account closure |
| Usage and diagnostic logs | 90 days on a rolling basis |
| Financial and invoicing records | 7 years (Dutch tax law, Art. 52 AWR) |
When a retention period expires, data is deleted or irreversibly anonymised.
5. Who we share your data with
We do not sell your personal data. We share it only with the following categories of recipients:
5.1 Service providers (sub-processors)
| Provider | Role | Location |
|---|---|---|
| Supabase, Inc. | Database hosting, authentication | EU region (Frankfurt) |
| Vercel, Inc. | Web hosting and content delivery | EU region |
| Resend, Inc. | Transactional email delivery | EU West (eu-west-1) |
Each provider is bound by a data processing agreement and may not use your data for their own purposes.
5.2 Legal and regulatory
We may disclose personal data to courts, regulators, or law enforcement where required by law, or to protect the rights, property, or safety of Proofen, our customers, or the public.
5.3 Business transfers
In the event of a merger, acquisition, or sale of substantially all of our assets, personal data may be transferred to the acquiring entity. We will notify affected users in advance where required by law.
6. International transfers
Proofen B.V. is based in the Netherlands, which is an EEA member state. Data processed in the EU/EEA does not require a transfer mechanism.
For UK visitors: the UK Government has adopted adequacy regulations covering EEA countries under the UK GDPR. Data transferred from the UK to Proofen in the Netherlands is therefore covered by UK adequacy and requires no additional safeguards.
For transfers to sub-processors outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent UK International Data Transfer Agreements (IDTAs) where required.
7. Your rights
Under the GDPR (and the UK GDPR for UK visitors), you have the following rights in relation to your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may ask us to correct inaccurate or incomplete data.
- Right to erasure: You may ask us to delete your data where we no longer have a lawful basis to hold it.
- Right to restriction: You may ask us to restrict processing in certain circumstances.
- Right to data portability: You may ask for your data in a structured, machine-readable format where processing is based on consent or contract.
- Right to object: You may object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email [email protected]. We will respond within one calendar month. We may need to verify your identity before processing your request.
8. Complaints
If you believe we have not handled your data lawfully, you have the right to lodge a complaint with:
Netherlands: Autoriteit Persoonsgegevens (AP), autoriteitpersoonsgegevens.nl
United Kingdom:Information Commissioner's Office (ICO), ico.org.uk
We would appreciate the opportunity to resolve any concern directly before you contact a regulator.
9. Cookies
We use cookies and similar technologies on proofen.nl. For full details of what cookies we set, how long they last, and how to control them, see our Cookie Policy.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include encrypted data in transit (TLS), encrypted data at rest, access controls limited to authorised personnel, and regular security reviews.
No transmission over the internet is completely secure. If you have concerns about a specific security issue, contact [email protected].
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and will notify affected individuals without undue delay where required by law.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify registered dashboard users by email at least 14 days before the change takes effect.
Continued use of our website or dashboard after a change takes effect constitutes acceptance of the updated policy.
12. Contact
Proofen B.V.
Dahliastraat 238, 3333 GN Zwijndrecht, The Netherlands
[email protected]
proofen.nl