1. Contact Information

2. Personal Data We Process

CarbonLeap B.V. processes your personal data because you use our services and/or because you provide this data to us yourself.

Via Contact Forms:

• First and last name
• Email address
• Company name (optional)
• Message/inquiry content
• Selected team member for contact
• Service interest

Via One-Pager Downloads:

• First and last name
• Email address
• Company name (optional)
• Downloaded document type

Automatically Collected Technical Data:

• IP address (anonymized after 24 hours)
• Browser type and version
• Operating system
• Time of visit
• Pages visited
• Referrer URL (previous website)

With Your Consent (Analytics Cookies):

Google Analytics 4:

• Pages visited and navigation paths
• Time spent on website
• Device type, browser, and operating system (anonymized)
• Traffic source (how you found our website)
• Geographic location (country/city level only)

Supabase Behavioral Analytics:

• Page visit sequences (which pages you view in order)
• Scroll depth (how far you scroll on each page)
• Time spent on each page
• Session identifiers (anonymized)
• Interaction patterns (clicks, form views)

With Your Consent (Marketing & Personalization - Tier 3):

• Google Ads conversion tracking
• Remarketing audience lists
• Ad campaign performance data
• Contact form data for marketing follow-up

3. Legal Basis for Processing

We process your personal data based on the following legal grounds in accordance with Article 6 GDPR:

Legitimate Interest (Article 6(1)(f))

• Processing contact forms: To answer your questions and provide services
• Technical website operation: For security, debugging, and performance
• Essential cookies: For basic website functionality
• Fraud prevention: For protection against abuse and cybercrime

Consent (Article 6(1)(a))

• Analytics cookies: For website optimization and usage statistics via Google Analytics 4
• Marketing cookies: Google Ads conversion tracking and remarketing
• Newsletter: For sending updates (if you subscribe)

Contractual Necessity (Article 6(1)(b))

• Document delivery: For sending requested one-pagers and documents

4. Processing Purposes

CarbonLeap B.V. processes your personal data for the following purposes:

1. Communication and Customer Service

• Answering your questions via contact forms
• Routing messages to appropriate team members
• Following up on business inquiries

2. Document and Service Delivery

• Sending requested one-pagers and whitepapers
• Providing information about our services
• Facilitating downloads and resources

3. Website Optimization (with consent)

• Analyzing website usage and performance
• Improving user experience
• Identifying popular content

4. Marketing & Advertising

• Google Ads conversion tracking
• Measuring advertising campaign effectiveness
• Following up on business inquiries

5. Technical Operation and Security

• Ensuring website functionality
• Protecting against cyberattacks and fraud
• Troubleshooting and technical support

5. Retention Periods

CarbonLeap B.V. does not retain your personal data longer than strictly necessary to achieve the purposes for which your data is collected:

Automatic Deletion: All data is automatically deleted after the retention period expires, unless legal obligations require longer retention.

6. Sharing Personal Data with Third Parties

CarbonLeap B.V. only shares your personal data with external service providers that are necessary for our service delivery.

No Sale or Commercial Sharing

We never sell, rent, or share your personal data with third parties for commercial purposes without your explicit consent.

7. Cookies and Similar Technologies

CarbonLeap B.V. uses cookies and similar technologies to make the website function and improve your experience.

Cookie Categories:

Necessary Cookies (no consent required)

• CSRF protection tokens
• Session identifiers
• Cookie preference storage
• Technical functionality

Analytical Cookies (consent required)

• Google Analytics tracking
• Website performance measurements
• Usage statistics

Cookie Management:

• Change consent: Via the cookie banner or browser settings
• Delete cookies: Via your browser settings
• Opt-out: Disable analytics via our cookie preferences

8. Security of Personal Data

CarbonLeap B.V. takes the protection of your data very seriously and implements appropriate technical and organizational measures:

Technical Security Measures:

• Encryption: All data is encrypted during storage and transport (AES-256, TLS 1.3)
• Access controls: Strict access restriction on a need-to-know basis
• CSRF protection: Prevention of cross-site request forgery attacks
• Input validation: All user input is validated and sanitized
• Security headers: Implementation of modern web security standards
• Regular updates: Automatic security patches and updates

Organizational Measures:

• Privacy by design: Privacy considerations in all new developments
• Staff training: Regular privacy and security awareness training
• Incident response: Procedures for rapid response to security incidents
• Regular audits: Periodic review of security and privacy measures

Data Breach Procedures:

In case of a data breach, we inform the Dutch Data Protection Authority within 72 hours and, if applicable, the data subjects in accordance with Articles 33-34 GDPR.

9. Your Rights Under the GDPR

As a data subject, you have the following rights regarding your personal data:

Your Rights:

Exercising Your Rights:

How to exercise your rights?

1. Send an email to: info@carbonleap.nl
2. Clearly state which right you wish to exercise
3. Describe your request as specifically as possible

Response Time: We respond to your request within 30 days

Verification: For your own protection, we may request additional identification

10. Special Categories of Personal Data

Minimal Processing: CarbonLeap B.V. does not process special categories of personal data (such as health data, biometric data, or data about race or ethnic origin) unless strictly necessary and legally permitted.

Child Protection: Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you suspect that we have inadvertently collected data from a child under 16, please contact us at info@carbonleap.nl.

11. Complaints and Supervision

Filing a Complaint with CarbonLeap:

If you are not satisfied with how we handle your personal data, please first contact us at info@carbonleap.nl. We take your complaint seriously and try to resolve it within 30 days.

Complaint to Supervisory Authority:

You always have the right to file a complaint with the Dutch supervisory authority:

12. Changes to This Privacy Statement

Updates: We may update this privacy statement from time to time to reflect changes in our practices or for legal reasons.

Notification: For important changes, we will inform you via:

• Notice on our website
• Email to known contact addresses (for substantial changes)
• Update of the 'last updated' date at the top of this document

Advice: We advise you to regularly consult this privacy statement to stay informed of any changes.

13. Contact for Privacy Questions

For questions about this privacy statement or about how we handle your personal data, you can contact us: