PRIVACY POLICY

1. INTRODUCTION

Marketing Upgrade ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This policy is compliant with the General Data Protection Regulation (GDPR), the Dutch Data Protection Act (Autoriteit Persoonsgegevens), and applicable Dutch law. Please read this policy carefully. If you do not agree with our practices, please do not use our services.

2. DATA CONTROLLER

Data Controller: Marketing Upgrade
Location: Netherlands (CET)
Email: [email protected]
Responsibility: We are the data controller for personal data collected through our website and services.

3. INFORMATION WE COLLECT

A. Information You Provide Directly:

  • Name, email address, phone number (when booking a consultation)
  • Company information and business details
  • Payment information (processed securely; we do not store credit card details)
  • Messages and communications with our team
  • Information provided during consultations or audits

B. Information Collected Automatically:

  • IP address and device information
  • Browser type and operating system
  • Pages visited and time spent on site
  • Referral source and clickstream data
  • Analytics data (via Umami analytics, privacy-focused and GDPR-compliant)
  • Visitor enrichment data: Company name, domain, location, and size identified from your IP address using IP2Location and Hunter.io APIs

Visitor Tracking & Company Identification: We use IP enrichment services (IP2Location and Hunter.io) to identify your company from your IP address. When confidence is ≥60%, we sync this data to our Notion CRM for lead qualification. This includes: company name, domain, industry, size, location, visit count, and form completion status. This processing is based on our legitimate interest in B2B lead generation.

C. Cookies and Tracking: We use cookies to enhance user experience. See our Cookie Policy for details.

4. LEGAL BASIS FOR PROCESSING (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide services you've requested
  • Legitimate Interest: Marketing, analytics, service improvement, and B2B lead generation (visitor tracking and company identification)
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: Compliance with Dutch tax and accounting laws

5. HOW WE USE YOUR DATA

We use collected information for:

  • Providing and improving our services
  • Processing payments and sending invoices
  • Communicating with you about bookings and services
  • Sending marketing communications (with your consent)
  • Analyzing website performance and user behavior
  • Complying with legal obligations
  • Detecting and preventing fraud or abuse

6. DATA SHARING & THIRD PARTIES

We do not sell your personal data. We may share data with:

  • Service Providers: Payment processors, email services, analytics platforms (all GDPR-compliant)
  • Enrichment APIs: IP2Location (IP geolocation) and Hunter.io (email domain enrichment) for visitor identification
  • CRM Platform: Notion (for storing enriched company data and lead qualification)
  • Legal Requirements: When required by Dutch law or court order
  • Business Transfers: In case of merger or acquisition

All third parties are bound by confidentiality agreements and process data only as instructed.

7. DATA RETENTION

We retain personal data for as long as necessary:

  • Service Data: Duration of engagement + 7 years (Dutch tax law requirement)
  • Marketing Contacts: Until you unsubscribe
  • Analytics Data: 26 months (Umami analytics default)
  • Visitor Enrichment Data: 24 months or until you request deletion (stored in Notion CRM)
  • Cookies: As specified in Cookie Policy

8. YOUR GDPR RIGHTS

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restrict Processing: Limit how we use your data
  • Data Portability: Receive your data in a portable format
  • Object: Opt-out of marketing communications
  • Withdraw Consent: Revoke consent for non-essential processing

To exercise these rights, contact us at [email protected]. We will respond within 30 days (GDPR requirement).

9. DATA SECURITY

We implement industry-standard security measures:

  • SSL/TLS encryption for data in transit
  • Secure password storage and authentication
  • Regular security audits and updates
  • Limited access to personal data (need-to-know basis)
  • Incident response procedures

While we strive to protect your data, no system is 100% secure. We will notify you of any data breaches as required by GDPR (within 72 hours).

10. INTERNATIONAL DATA TRANSFERS

Your data is primarily processed in the Netherlands. If we transfer data outside the EU/EEA, we ensure adequate safeguards (Standard Contractual Clauses or adequacy decisions) as required by GDPR.

11. CONTACT & COMPLAINTS

Data Protection Officer / Contact:
Email: [email protected]
Location: Netherlands

Complaints: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl if you believe we've violated your privacy rights.

12. POLICY UPDATES

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or website notice. Continued use of our services constitutes acceptance of the updated policy.
Last Updated: December 21, 2025