.svg)
Privacy Policy
Effective Date: 8 May 2026
Version: 1.0 Eradix ("we", "our", or "us") is committed to protecting the privacy and personal data of our users ("you", "your") in compliance with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our services.
Version: 1.0 Eradix ("we", "our", or "us") is committed to protecting the privacy and personal data of our users ("you", "your") in compliance with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our services.
1. Scope and applicability
This Privacy Policy applies to all personal data processed by Eradix through:
- Our websites, applications, and digital services (collectively, the "services").
- Any offline interactions related to our business operations.
By using our services, you consent to the practices described in this policy.
2. Data Controller
Eradix (formal name: WB-Sec B.V.). Chamber of Commerce (KvK): 82615586. For questions about this policy or your data rights, contact our Data Protection Officer at info@eradix.nl.
3. Categories of personal data we process and legal basis
We may collect and process the following categories of personal data:
Identification data such as your name, email address, phone number, job title, and company name. We process this data on the basis of contract performance (Art. 6(1)(b) GDPR) in order to provide services, respond to inquiries, and manage contracts.
Technical data such as your IP address, browser type, device information, and logs (non-personalized). We process this data on the basis of legitimate interest (Art. 6(1)(f) GDPR) to ensure security, monitor system performance, and debug technical issues.
Communication data such as emails, chat logs, or other correspondence. We process this data on the basis of contract performance (Art. 6(1)(b) GDPR) to communicate with you and provide support.
Usage data such as pages visited and session duration (non-personalized). We process this data on the basis of legitimate interest (Art. 6(1)(f) GDPR) to improve our services and analyze trends (aggregated, anonymized).
Note: We do not use personalized cookies or tracking technologies that identify individuals. Any cookies used are strictly necessary for functionality (e.g., session management) and do not store personal data.
Identification data such as your name, email address, phone number, job title, and company name. We process this data on the basis of contract performance (Art. 6(1)(b) GDPR) in order to provide services, respond to inquiries, and manage contracts.
Technical data such as your IP address, browser type, device information, and logs (non-personalized). We process this data on the basis of legitimate interest (Art. 6(1)(f) GDPR) to ensure security, monitor system performance, and debug technical issues.
Communication data such as emails, chat logs, or other correspondence. We process this data on the basis of contract performance (Art. 6(1)(b) GDPR) to communicate with you and provide support.
Usage data such as pages visited and session duration (non-personalized). We process this data on the basis of legitimate interest (Art. 6(1)(f) GDPR) to improve our services and analyze trends (aggregated, anonymized).
Note: We do not use personalized cookies or tracking technologies that identify individuals. Any cookies used are strictly necessary for functionality (e.g., session management) and do not store personal data.
4. Purposes of processing
We process your personal data only for the following lawful purposes:
- Service delivery: To fulfill contractual obligations (e.g., providing security assessments, support, or other requested services).
- Communication: To respond to your inquiries, provide updates, or send administrative messages (e.g., invoices, service alerts).
- Legal compliance: To comply with EU/EEA laws, court orders, or regulatory requests.
- Security and fraud prevention: To protect our systems, detect misuse, and ensure the integrity of our services.
- Improvement of our services: To analyze aggregated, anonymized usage data to enhance functionality and user experience.
5. Data Retention
We store your data only as long as necessary for the purpose it was collected, unless a longer retention period is required by law.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
Contract-related data is retained for the duration of the contract plus 6 years for legal and tax obligations.
Communication data is retained for 2 years after the last interaction, unless a longer period is required by law.
Technical and usage data is retained for 90 days, aggregated and anonymized where possible.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
Contract-related data is retained for the duration of the contract plus 6 years for legal and tax obligations.
Communication data is retained for 2 years after the last interaction, unless a longer period is required by law.
Technical and usage data is retained for 90 days, aggregated and anonymized where possible.
6. Data sharing and third parties
We do not sell or transfer your personal data. We share it with a trusted processor (e.g. our hosting provider). If data is transferred outside the EU/EEA, we’ve ensured adequate safeguards (Data Protection Agreements). We are obliged to share it with legal authorities, if required by EU/EEA law, in a court order, or to protect our rights (e.g., in case of a security incident).
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
You have the right to access your personal data (Art. 15 GDPR), which means you may request a copy of the personal data we hold about you. To exercise this right, you can submit a request to info@eradix.nl. We respond within 30 days.You have the right to rectification (Art. 16 GDPR), which allows you to correct inaccurate or incomplete data. To exercise this right, contact us at info@eradix.nl.
You have the right to erasure (Art. 17 GDPR), meaning you may request deletion of your data if it is no longer necessary or if you withdraw consent. To exercise this right, submit a request to us. We will comply unless retention is required by law.
You have the right to restrict processing (Art. 18 GDPR), which allows you to limit how we process your data, for example during a dispute. To exercise this right, contact info@eradix.nl.
You have the right to data portability (Art. 20 GDPR), meaning you may receive your data in a structured, machine-readable format. Requests can be submitted via info@eradix.nl.
You have the right to object (Art. 21 GDPR) to processing based on legitimate interest, such as direct marketing. You may exercise this right by emailing info@eradix.nl. We will cease processing unless we demonstrate compelling grounds.
Where applicable, you also have the right to withdraw consent for processing. Withdrawal does not affect processing carried out prior to the withdrawal. To exercise this right, contact info@eradix.nl.
You also have the right to lodge a complaint with a supervisory authority, such as the Dutch Data Protection Authority (AP) or your local DPA.Please note that we may request proof of identity to verify your request.
You have the right to access your personal data (Art. 15 GDPR), which means you may request a copy of the personal data we hold about you. To exercise this right, you can submit a request to info@eradix.nl. We respond within 30 days.You have the right to rectification (Art. 16 GDPR), which allows you to correct inaccurate or incomplete data. To exercise this right, contact us at info@eradix.nl.
You have the right to erasure (Art. 17 GDPR), meaning you may request deletion of your data if it is no longer necessary or if you withdraw consent. To exercise this right, submit a request to us. We will comply unless retention is required by law.
You have the right to restrict processing (Art. 18 GDPR), which allows you to limit how we process your data, for example during a dispute. To exercise this right, contact info@eradix.nl.
You have the right to data portability (Art. 20 GDPR), meaning you may receive your data in a structured, machine-readable format. Requests can be submitted via info@eradix.nl.
You have the right to object (Art. 21 GDPR) to processing based on legitimate interest, such as direct marketing. You may exercise this right by emailing info@eradix.nl. We will cease processing unless we demonstrate compelling grounds.
Where applicable, you also have the right to withdraw consent for processing. Withdrawal does not affect processing carried out prior to the withdrawal. To exercise this right, contact info@eradix.nl.
You also have the right to lodge a complaint with a supervisory authority, such as the Dutch Data Protection Authority (AP) or your local DPA.Please note that we may request proof of identity to verify your request.
8. Security measures
We implement technical and organizational measures to protect your data, including:
- Encryption (in transit and at rest).
- Access controls (role-based permissions, multi-factor authentication).
- Regular audits and vulnerability assessments.
- Data minimization (collecting only what is necessary).
- Pseudonymization/anonymization where possible.
9. Cookies
We do not use personalized cookies or tracking technologies that identify individuals. Strictly necessary cookies (e.g., for session management) may be used without consent under Article 5(3) of the ePrivacy Directive. These cookies: do not store personal data; are essential for the functionality of our services; expire when your session ends.
10. Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. If we make material changes, we will: post the updated policy on our website.
Last updated: May 8, 2026
Last updated: May 8, 2026
11. Contact us
For questions, requests, or complaints regarding this policy or your data, contact: Eradix Data Protection Officer, info@eradix.nl.
