Privacy and cookie statement

Stichting ECCBT
Version 1.0  |  13 mrt 2026

The data controller responsible for the processing of your personal data is:

Stichting ECCBT
Jan Campertstraat 5 (B5 R32)
6416SG Heerlen, The Netherlands
Chamber of Commerce (KvK): 94159858
Email: backoffice@eccbt.nl
Telephone: +31 6 49612721

5. Statistics

1. Introduction and Data Controller

Your privacy is of great importance to Stichting ECCBT. We comply with the General
Data Protection Regulation (GDPR) and all other applicable privacy legislation. This
means that we:

  • clearly document our purposes before processing your personal data, through
    this Privacy Policy;
  • store as little personal data as possible  only what is necessary for our
    purposes;
  • explicitly request your consent where consent is legally required;
  • implement appropriate security measures to protect your personal data, and
    impose the same obligations on parties that process data on our behalf;
  • respect your rights, including the right of access, rectification, and erasure of
    your personal data.

We process personal data on the basis of the following legal grounds (Art. 6 GDPR):

  • Performance of a contract (Art. 6(1)(b) GDPR)
  • Legal obligation (Art. 6(1)(c) GDPR)
  • Legitimate interests (Art. 6(1)(f) GDPR)
  • Consent (Art. 6(1)(a) GDPR) which you may withdraw at any time

2. Contact form

You may use our contact form to ask questions or submit requests. For this purpose
we process the following data:

  • IP address
  • First and last name
  • Email address
  • Telephone number
  • Organisation name / educational institution
  • Location, field of study, number of employees (if provided)Legal basis: performance of a contract or, where applicable, your consent.
    Retention period: a maximum of 6 months after your request has been handled.

3. Your Account

Certain parts of our platform require registration. When you create an account, we
process the following data:

  • Name and address details (NAW)
  • Gender and date of birth
  • Email address
  • Profile photo (optional)
  • Telephone number
  • Invoice addressLegal basis: performance of a contract.
    Retention period: up to 6 months after you close your account, unless a statutory
    retention obligation requires longer retention.
    You may update your account details at any time via your account settings.

4. Newsletter

We periodically send a newsletter containing news, tips, and information about our
products and services. For this we process your email address and name.

Legal basis: explicit, prior consent (opt-in). You will not be added automatically;
subscription requires an active choice on your part.
Retention period: until one month after you unsubscribe.
You may unsubscribe at any time via the unsubscribe link included in every
newsletter.

5. Statistics

We collect anonymised usage statistics to improve our services. No personal data is
used for statistical analyses. Profiling does not take place without your explicit
consent.

Where we use your name or email address for personalised analyses, this is done
exclusively on the basis of your consent or a documented legitimate interest.
Retention period: anonymised statistics are retained indefinitely; personal profile data
for a maximum of 6 weeks.

6. Portal Access
Our portal gives you access to a management environment. We log your actions and
their timestamps as evidence of the performance of the service.

Legal basis: consent and/or legitimate interest (integrity assurance).
Retention period: up to 3 months after the end of the service relationship.

7. Membership
As a paid member of Stichting ECCBT, we process the following personal data to
administer your membership and handle payments:
•       Name and address details (NAW)
•       Gender and date of birth
•       Email address

•       Profile photo (optional)
•       Telephone number
•       Invoice address

Legal basis: performance of a contract.
Retention period: up to one year after termination of your membership. Financial data
is retained for 7 years in compliance with the statutory fiscal retention obligation.
The general terms and conditions of delivery and membership are available in the
portal after login and can also be requested from us directly.

8. Direct Marketing
We may send you promotional communications about offers and new products or
services, by email or via social media.

Legal basis: legitimate interest (existing relationship) or consent.
You may object to receiving such communications at any time via:
•       the unsubscribe link in every email
•       your account or portal settings
•       an email to our contact address

9. Disclosure to Third Parties
We disclose personal data to third parties only where strictly necessary for the
delivery of our services, or where we are legally obliged to do so. We conclude data
processing agreements with all processors in accordance with Art. 28 GDPR.

Transfers outside the European Economic Area (EEA): if we use service providers
located outside the EEA, any transfer takes place exclusively on the basis of an
adequacy decision, or subject to Standard Contractual Clauses (SCCs) approved by
the European Commission.

10. Social Media

Our website contains social media buttons and links. The operators of these
platforms may collect your personal data through these buttons. We refer you to the
privacy policies of the relevant platforms for further information.

11.1 What are cookies?
Cookies are small text files stored on your device when you visit our website. We use
cookies to improve the functioning of our website and to analyse visits.

11.2 Types of cookies
We distinguish between the following categories:
•       Functional cookies: necessary for the website to operate correctly. No consent
is required for these cookies.
•       Analytical cookies: used to collect visitor statistics (anonymised or with limited
impact). We request your consent for these cookies upon your first visit.
•       Third-party cookies: placed by external parties (e.g. social media platforms).
Prior consent is required for these cookies.

ACTION REQUIRED: Insert a cookie table here listing: cookie name, provider,
purpose, retention period, and type, please check-in with Rik / Sjokking

11.3 Managing cookies
You can disable or delete cookies via your browser settings. Please note that some
features of our website may not function correctly if cookies are disabled.

12. Security
We implement appropriate technical and organisational security measures to protect
your personal data, including:
•       Access protection using username, password, and login token
•       Storage in a separate, secured system
•       Physical access controls (locks, safes)
•       Encrypted connections (SSL/TLS)

In the event of a personal data breach that may give rise to high risks for data
subjects, we will fulfil our notification obligation to the competent supervisory authority
within 72 hours (Art. 33 GDPR), and will inform affected individuals where required by
law (Art. 34 GDPR).

13. Your Rights
Under the GDPR, you have the following rights:
•       Right of access (Art. 15 GDPR): you may request an overview of the personal
data we hold about you.
•       Right to rectification (Art. 16 GDPR): you may have inaccurate data corrected.
•       Right to erasure (Art. 17 GDPR): you may request the deletion of your personal
data.
•       Right to restriction of processing (Art. 18 GDPR): you may request that
processing be temporarily restricted.
•       Right to data portability (Art. 20 GDPR): applies to automated processing based
on consent or a contract.
•       Right to object (Art. 21 GDPR): you may object to processing based on
legitimate interests.
•       Right to withdraw consent (Art. 7(3) GDPR): withdrawal does not affect the
lawfulness of prior processing.

Please submit your request to backoffice@eccbt.nl. Please clearly identify yourself so
that we can be certain we are acting on the correct person's data. We will respond
within one month; this period may be extended by up to two months for complex
requests.

14. Complaints
If you have a complaint about the way we handle your personal data, please contact
us first at backoffice@eccbt.nl. We will investigate every complaint internally and
keep you informed of the outcome.

You also have the right to lodge a complaint directly with the competent supervisory
authority.

Supervisory authority — Netherlands (lead authority, Art. 56 GDPR):
Autoriteit Persoonsgegevens (AP)
P.O. Box 93374  |  2509 AJ The Hague, the Netherlands
www.autoriteitpersoonsgegevens.nl  |  Tel: +31 (0)70 888 85 00

Supervisory authority — Belgium (concerned authority):
Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)
Rue de la Presse 35  |  1000 Brussels, Belgium
www.gegevensbeschermingsautoriteit.be

Supervisory authority — Germany (concerned authority):
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153  |  53117 Bonn, Germany
www.bfdi.bund.de

Note: data subjects in Germany may alternatively contact the supervisory authority of
the relevant German federal state (Landesbeauftragte für Datenschutz).

15. Changes to this Policy
We reserve the right to amend this policy. Any amendments will be published on our
website with a stated effective date. We recommend that you review this policy
periodically.