Privacy Policy
How Docomply B.V. handles personal data of website visitors, in compliance with GDPR.
Last updated: 14 April 2026
Introduction
Docomply B.V. ("we", "us") processes personal data of visitors to this website in accordance with the General Data Protection Regulation (GDPR) and its national implementing legislation. This policy describes what data we collect, for what purpose, on what legal basis, and what rights you have as a data subject.
Data Controller
The data controller for the processing of personal data through this website is:
Docomply B.V.
Chamber of Commerce (KvK): 42020657
Data Processors and Service Providers
We use the following service providers. Where required, a Data Processing Agreement (DPA) has been concluded.
| Processor | Role | Data processed | Legal basis | Location | Retention |
|---|---|---|---|---|---|
| Cloudflare (Pages + CDN) | Hosting, CDN, form processing | IP addresses, access logs, form submissions | Legitimate interest (essential) | Global (US company; CLOUD Act exposure) | 30 days |
| PostHog | Web analytics | Page views, session data, device information | Consent (analytics cookies) | EU Cloud, Frankfurt (Germany) | 13 months |
| Zeeg | Appointment scheduling widget | Name, email address, chosen time slot (on booking) | Consent (third-party services) | Germany (GDPR-compliant) | Booking data: 6 months |
| Lettermint | Transactional email (contact form) | Name, email address, organisation name, message content | Legitimate interest (user-initiated) | Netherlands, Zwolle (fully EU) | 6 months |
Cookies and Local Storage
We use cookies and localStorage. Below is an overview of the items used, storage location, retention period, and purpose.
| Item | Storage | Retention | Purpose |
|---|---|---|---|
| Cookie consent (accepted) | localStorage (docomply-consent) | 365 days | Stores consent preferences; re-prompted after 12 months |
| Cookie consent (declined) | localStorage (docomply-consent) | 180 days | Re-prompted after 6 months |
| PostHog analytics cookie | Cookie (ph_<key>_posthog) | 365 days | Unique visitor identification for analytics (only after consent) |
| PostHog session data | localStorage | Session duration | Temporary session tracking (only after consent) |
Essential cookies are always active and do not require consent. Analytics cookies and third-party services (PostHog, Zeeg) are only loaded after your explicit consent via the cookie banner.
Your Rights
As a data subject, you have the following rights under the GDPR:
- Access (Art. 15): request details of the data we process about you.
- Rectification (Art. 16): have inaccurate data corrected.
- Erasure (Art. 17): request deletion of your data.
- Portability (Art. 20): receive your data in a machine-readable format.
- Object (Art. 21): object to processing based on legitimate interest.
- Complaint: lodge a complaint with your national supervisory authority. In the Netherlands: Autoriteit Persoonsgegevens.
To exercise your rights, contact us at [email protected]. We respond within 30 days.
Security
We take appropriate technical and organisational measures to protect personal data against loss, unauthorised access, and unlawful processing. All connections are secured with TLS/HTTPS.
Changes
We may update this policy periodically. The date at the top of the page indicates when the policy was last modified. We recommend checking this policy from time to time.