At Plugz B.V. (hereinafter: **Plugz**), we consider the careful handling of personal data to be extremely important. Personal data is therefore processed and secured with due care. In doing so, we comply with the requirements set out in the General Data Protection Regulation (GDPR).
Plugz B.V. (“Plugz”, “we”, “us”) processes personal data in a careful, secure, and transparent manner. In this Privacy Policy, we explain which personal data we process, for what purposes, on which legal bases, how long we retain the data, and which rights you have under the GDPR.
This Privacy Policy applies to:
1. Visitors to the website [www.plugz.dev](http://www.plugz.dev/)
2. Users of the Plugz Software (Clients and their employees)
3. Job applicants
4. Newsletter subscribers
1. Definitions
Data subject: Any natural person whose personal data is processed by Plugz.
Client: An organization that uses the Plugz Software.
Visitor: A person who visits the website.
Personal data: Any information relating to an identified or identifiable natural person.
Controller: Plugz, for website use, applications, marketing, and communications.
Processor: Plugz, when processing data on behalf of Clients within the Software.
Sub-processor: A third party engaged by Plugz to process personal data.
2. Controller
Plugz B.V.
Hertogstraat 131
6511 RZ Nijmegen
The Netherlands
Chamber of Commerce (KvK): 85674966
E-mail: hello@plugz.dev
Plugz has not appointed a Data Protection Officer (DPO).
3. Processing of Personal Data
3.1 Website Visitors
We process the following data:
– IP address
– Browser and device information
– Date and time of visit
– Usage data (analytics)
– Contact details provided via forms
Legal bases:
– Legitimate interest (security)
– Consent (analytics and marketing cookies)
– Consent or performance of a contract (contact requests)
Retention periods:
– Logs: 30 days
– Contact form data: 1 year
– Analytics data: 14 months
3.2 Users of the Plugz Software
Plugz acts as a processor on behalf of its Clients.
We process, among other things: name, email address, login credentials, technical logs, and session data.
Legal basis: Performance of a contract.
Retention period: Duration of the agreement plus 3 months.
3.3 Job Applicants
We process: name, contact details, CV, motivation letter, LinkedIn and/or Indeed profile information.
Legal basis: Legitimate interest and/or consent.
Retention period:
– 4 weeks after completion of the application process
– Up to 1 year with consent
3.4 Newsletter Subscribers
We process name and email address based on consent.
Retention period: Until unsubscription.
4. Disclosure to Third Parties
Plugz only shares personal data with:
– Sub-processors (such as hosting, analytics, and email services)
– Third parties if legally required
– Third parties when consent has been given
International data transfers may take place under:
– The EU–US Data Privacy Framework
– Standard Contractual Clauses (SCCs)
5. Security
Plugz implements appropriate technical and organizational security measures, including:
– TLS/HTTPS
– Encryption at rest where possible
– Least-privilege access control
– Two-factor authentication (2FA) for administrative systems
– Monitoring and logging
– Encrypted backups
– Hosting within the EU
6. Rights of Data Subjects
You have the following rights:
– Right of access
– Right to rectification
– Right to erasure
– Right to restriction of processing
– Right to object
– Right to data portability
– Right to withdraw consent
Requests can be submitted via: hello@plugz.dev
Response time: no later than 1 month.
7. Retention Periods
Plugz never retains personal data longer than necessary for the purposes for which it is processed.
See Appendix 1 for a complete overview of retention periods.
8. Changes to this Privacy Policy
Changes to this Privacy Policy will be published on the website.
In the event of material changes, data subjects will be informed by email.
Appendix 1 — Record of Processing Activities
1. Website Visits & Security
Category of data subjects: Website visitors
Data: IP address, browser information, device data
Purpose: Website security and functionality
Legal basis: Legitimate interest
Recipients: Hosting provider, CDN
Retention period: 30 days
Location: EU
2. Contact Form
Category of data subjects: Website visitors
Data: Name, email address, phone number, company name, message
Purpose: Handling contact requests
Legal basis: Consent / performance of a contract
Recipients: CRM system, email service
Retention period: 1 year
Location: EU
3. Analytics
Category of data subjects: Website visitors
Data: Anonymized analytics data
Purpose: Website optimization
Legal basis: Consent
Recipients: Analytics provider
Retention period: 14 months
Location: EU / US
4. Newsletter
Category of data subjects: Subscribers
Data: Name, email address
Purpose: Marketing communications
Legal basis: Consent
Recipients: Email platform
Retention period: Until unsubscription
Location: EU / US
5. Job Applications
Category of data subjects: Applicants
Data: CV, motivation letter, contact details
Purpose: Recruitment and selection
Legal basis: Legitimate interest / consent
Recipients: HR software
Retention period: 4 weeks / 1 year
Location: EU
6. Use of the Plugz Software
Category of data subjects: Users of Clients
Data: Identification data, login data, technical logs
Purpose: Provision of services
Legal basis: Contract
Recipients: Hosting, monitoring services
Retention period: Duration of the agreement plus 3 months
Location: EU
7. Support & Incident Logging
Category of data subjects: Users
Data: Contact details, technical logs
Purpose: Support services
Legal basis: Legitimate interest
Recipients: Support tools
Retention period: 1 year
Location: EU
Appendix 2 — List of Sub-processors
– TransIP — Hosting & infrastructure — EU
– Microsoft Office 365 — Email — EU / US
– HubSpot — CRM — EU / US
Appendix 3 — Cookie Statement
Functional cookies: No consent required.
Analytical cookies: Only with consent (unless anonymized).
Marketing cookies: Opt-in only.
Retention periods:
– Functional: session-based
– Analytics: maximum of 14 months
– Marketing: 30 days to 2 years
You can change your cookie preferences via the cookie settings on the website.
If you want, I can also:
– Align this with UK GDPR wording
– Make a short-form privacy notice
– Cross-check consistency with your DPA / processing agreement
