Our privacy in brief
At And AI B.V., we take your privacy seriously. Below you can read the key points of our policy in plain language:
What data do we collect?
- Contact details (such as name, e-mail, phone number)
- Company data (such as job title, billing details)
- Data you share with us during consultations, training sessions or workshops
- Website visit data (via cookies)
Why do we use that data?
- To deliver our services and send invoices
- For training sessions and workshops
- To inform you about new services and AI developments (only with your consent)
- For analysis and improvement of our services and website
AI & data
- Your data is only used for your own project.
- We do not use your data to train general AI models, unless you give explicit consent.
- Data remains within the European Economic Area (EEA), unless we agree otherwise together.
Sharing of data
- Only with partners who assist us (for example, IT and accounting systems).
- Always with a clear data processing agreement.
- We never sell your data.
Your rights
- You may always view, correct or delete your data.
- You may object to the use of your data.
- Do you have a complaint? You can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Cookies
- Functional cookies to keep the site running properly
- Analytical cookies (Google Analytics, configured in a privacy-friendly manner)
- Marketing cookies only after your consent
Questions? E-mail us at [email protected], we are happy to help.
General
In this privacy statement, And AI B.V., registered at Zernikepark 12, 9747 AN, with KvK number: 97899356 (hereinafter "And AI B.V."), explains which personal data are collected and processed, for which purposes these data are processed and what our cookie policy is.
And AI B.V. respects the privacy of all visitors to our website, our (potential) clients and other (potential) relations. We therefore handle your personal data with care. These data are not sold, traded or shared with parties unrelated to the services of And AI B.V., unless otherwise stated in this privacy statement. And AI B.V. complies at all times with the requirements of the General Data Protection Regulation (GDPR) and other applicable laws and regulations.
Data controller
And AI B.V. is the data controller for the processing of personal data as described in this privacy statement.
Personal data we process
What data do we collect?
In the context of our services or when you otherwise contact And AI B.V. (for example, via e-mail, the contact form on our website, or participation in workshops), And AI B.V. records the data you provide. We process the following personal data, among others:
- Name, address, city of residence
- Contact details (e-mail address, telephone number)
- Job title and company data
- Data about your use of our website and services
- Data you provide during consultations, workshops or training sessions
- Correspondence and contents of communications
- Financial company data for invoicing
Purposes and legal bases for processing
And AI B.V. uses your data for the following purposes:
Performance of our services
- Providing advice on AI opportunities and implementation
- Delivering training sessions, workshops and services
- Informing you about our services and relevant AI developments
- Processing payments
Improvement of our services
- Analysing client experiences for product improvement
- Developing new products and services
- Website optimisation
Marketing and communication
- Sending newsletters (with your consent)
- Informing you about relevant services, events and developments (with your consent)
- Analysing your behaviour on our website to improve our services
The processing of your personal data is based on the following legal bases:
- Performance of a contract with you
- Your consent (for example, for newsletters)
- Legitimate interest of And AI B.V. (such as client acquisition and marketing purposes)
- Legal obligation
Specific considerations for AI services
As And AI B.V. specialises in AI implementation and consultancy, it is important to address a number of specific privacy aspects:
Access to client data during implementations
During the implementation of AI solutions in your business processes, we may potentially gain access to your client data or business data. This data is used exclusively for the purpose for which it was provided, namely the implementation and optimisation of AI solutions for your business.
Use of data for training AI models
Data you provide will not be used for training general AI models without your explicit consent. Where this is desirable for your specific implementation, we will make clear arrangements.
Data minimisation and security
We apply strict principles of data minimisation and ensure that we only have access to data that is strictly necessary for our services.
Data processing
We always process data within the European Economic Area (EEA).
Retention periods
Your personal data are retained for as long as And AI B.V. deems necessary given the nature of the contact. These data are never retained longer than necessary for the purposes for which they were collected, unless we are legally required to retain data for a longer period.
Specific retention periods:
- Client data: 7 years after last contact (fiscal retention obligation)
- Marketing data: 2 years after last contact
- Recruitment data: 4 weeks after completion of the procedure, or 1 year with consent
- Website visitor data: maximum 2 years
Sharing personal data with third parties
And AI B.V. never sells your data to third parties and only provides them if this is necessary for the performance of our agreement with you or to comply with a legal obligation. With companies that process your data on our behalf, we enter into a data processing agreement to ensure the same level of security and confidentiality of your data.
Categories of recipients may include:
- IT service providers and software suppliers
- Accountants and financial service providers
- Training institutes (in the case of joint training programmes)
- Partners within the And AI B.V. network (only with your consent)
Specific processors
- Supabase Inc.: database hosting and authentication (EU Frankfurt, Germany)
- Mollie B.V.: payment processing
Workshop registration
When booking a workshop, we process the following personal data: name, email address, company name, address, phone number, and optionally VAT number.
- Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
- Retention period: 7 years (statutory bookkeeping retention obligation)
Cookies and similar technologies
And AI B.V. uses functional, analytical and tracking cookies. A cookie is a small text file that is stored in the browser of your computer, tablet or smartphone upon your first visit to this website.
We use the following types of cookies:
Functional cookies: These are necessary for the functioning of the website. They ensure that the website operates properly and, for example, remember your preferences.
Analytical cookies: We use Google Tag Manager and Google Analytics to track how visitors use our website. Google Tag Manager helps us manage various tracking and analytical tools. We have a data processing agreement with Google, your IP address is anonymised and we do not share data with Google for advertising purposes.
Marketing/tracking cookies: These are only placed after your consent and are used to track your browsing behaviour so that we can offer tailored content and advertisements.
You can opt out of cookies by configuring your internet browser so that it no longer stores cookies. Additionally, you can delete all previously stored information via your browser settings.
Security of personal data
And AI B.V. takes the protection of your data seriously and implements appropriate technical and organisational measures to prevent misuse, loss, unauthorised access, unwanted disclosure and unauthorised modification. These measures include, among others:
- Encrypted connections (SSL/TLS)
- Restricted access to personal data (role-based access)
- Multi-factor authentication for system access
- Regular security audits and updates
- Periodic training of employees in the area of information security
- Entering into data processing agreements with third parties
- Physical security measures for our office premises and servers
If you have the impression that your data are not adequately secured or if there are indications of misuse, please contact us at [email protected].
Your rights
You have the following rights regarding your personal data:
- Right of access to your personal data
- Right to rectification or supplementation of your personal data
- Right to erasure of your personal data
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
To exercise your rights, you can contact us at [email protected]. To ensure that the request has been made by you, we ask you to include a copy of your identity document with the request. In this copy, please black out your passport photo, MRZ (Machine Readable Zone, the strip with numbers at the bottom of the passport), passport number and BSN (citizen service number). This is to protect your privacy.
We will respond to your request as soon as possible, but within 5 business days.
Changes to this privacy statement
And AI B.V. reserves the right to make changes to this privacy statement. Changes will be published on this website. We recommend that you consult this privacy statement regularly so that you are aware of any changes.
Contact
For questions about this privacy statement or about the processing of your personal data, please contact:
And AI B.V.
Zernikepark 12
9747 AN
Groningen
[email protected]