Privacy Policy
This Privacy Policy explains how Tidal Control B.V. ("we", "us", "our") collects, uses, shares and protects your personal data when you use our website at tidalcontrol.com (the "Website"). It also describes your rights under the General Data Protection Regulation (GDPR).
This Privacy Policy applies only to our Website and the forms and tools available on it (such as the Compliance Quickscan, contact forms, free trial requests and newsletter sign-ups). If you are a customer of our SaaS platform (portal.tidalcontrol.com), separate terms and a data processing agreement apply to that service.
Who we are
Tidal Control B.V. is the data controller for the personal data processed through this Website.
- Registered office: Sint Janssingel 92, 5211DA 's-Hertogenbosch, The Netherlands
- Chamber of Commerce (KvK): 90964101
- VAT: NL865510659B01
- Contact: info@tidalcontrol.com
What personal data we collect
Data you provide to us
When you fill in a form on our Website, we may collect:
- Contact details: first name, last name, business email address
- Quickscan answers: the answers you provide in our Compliance Quickscan, including company context, product type, team size, funding stage, sector, data types processed, and other compliance-related questions
- Messages: the content of messages you send via our contact form
- Preferences: language preference, framework interests, communication preferences
Data collected automatically
When you visit our Website, the following data may be collected automatically:
- Usage data: pages visited, time spent on pages, referring URL, browser type and version, operating system, device type
- IP address: collected by analytics and advertising services (see "Third-party services" below)
- Cookies: see the "Cookies" section below
Why we process your data and the legal basis
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Deliver Quickscan results by email | Email address, quickscan answers | Consent (Art. 6(1)(a)) — you submit the form voluntarily |
| Store quickscan answers and risk profile linked to your email in our CRM | Email address, quickscan answers, computed risk scores | Legitimate interest (Art. 6(1)(f)) — to follow up with relevant advice |
| Process free trial requests | Name, email address | Performance of a contract (Art. 6(1)(b)) |
| Respond to contact form submissions | Name, email address, message content | Legitimate interest (Art. 6(1)(f)) |
| Send newsletters and marketing communications | Email address | Consent (Art. 6(1)(a)) |
| Schedule demo meetings | Name, email address | Consent (Art. 6(1)(a)) |
| Analyse website usage and improve our service | Usage data, IP address (anonymised where possible) | Legitimate interest (Art. 6(1)(f)) |
| Display targeted advertising | Cookie identifiers, IP address | Consent (Art. 6(1)(a)) — via cookie banner |
| Detect and prevent errors and security issues | Error logs, IP address, browser information | Legitimate interest (Art. 6(1)(f)) |
Third-party services
We use the following third-party services that may process your personal data:
| Service | Provider | Purpose | Data processed | Location |
|---|---|---|---|---|
| Plausible Analytics | Plausible Insights OUe (EU) | Privacy-friendly website analytics | Page views, referrers (no personal data, no cookies) | EU |
| Google Analytics | Google LLC | Website analytics | Usage data, IP address, cookie identifiers | US (EU SCCs) |
| Google Ads | Google LLC | Advertising and conversion tracking | Cookie identifiers, conversion events | US (EU SCCs) |
| LinkedIn Insights | LinkedIn Corporation | Advertising analytics | Cookie identifiers, page views | US (EU SCCs) |
| Brevo | Brevo (formerly Sendinblue, EU) | Transactional and marketing emails, contact management | Email address, name, quickscan data, newsletter subscriptions | EU |
| HubSpot | HubSpot Inc. | CRM and contact management | Email address, name, quickscan results, form submissions | US (EU SCCs) |
| Cal.com | Cal.com Inc. | Meeting scheduling | Name, email address, meeting details | US (EU SCCs) |
| Sentry | Functional Software Inc. | Error monitoring | Error logs, browser information, IP address | US (EU SCCs) |
| Vercel | Vercel Inc. | Website hosting and serverless functions | Server logs, IP address | US (EU SCCs) |
For services located outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal safeguard for international data transfers.
Cookies
When you first visit our Website, a cookie banner allows you to accept or decline non-essential cookies. Non-essential cookies are only placed after you give your consent.
Essential cookies
These are necessary for the Website to function and cannot be disabled.
| Cookie | Purpose | Duration |
|---|---|---|
| CookieConsent | Stores your cookie consent preference | 1 year |
Analytics and advertising cookies (consent required)
These are only placed if you click "Accept" on the cookie banner.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga, ga* | Google Analytics | Distinguish unique visitors, track sessions | 2 years |
| _gcl_au | Google Ads | Conversion tracking | 90 days |
| li_sugr, AnalyticsSyncHistory, UserMatchHistory | LinkedIn Insights | Advertising analytics and ad targeting | 30–90 days |
Note: Plausible Analytics does not use cookies and does not collect personal data.
Managing your preferences
You can change your cookie preferences at any time by clearing your browser cookies and revisiting the Website, which will display the cookie banner again. You can also disable cookies in your browser settings, though this may affect Website functionality.
Data retention
We retain your personal data only for as long as necessary for the purposes described in this policy:
- Quickscan data and form submissions: retained for up to 3 years after your last interaction with us (e.g., email open, form submission, website visit linked to your contact record). After this period, your data is deleted or anonymised.
- Newsletter subscribers: retained until you unsubscribe. Every marketing email contains an unsubscribe link.
- Website analytics data: aggregated and anonymised; individual-level data is retained according to each provider's retention policy (typically 14–26 months).
- Error logs (Sentry): retained for 90 days.
If you request deletion of your data, we will process your request within 30 days (see "Your rights" below).
Your rights under GDPR
As a data subject in the EEA, you have the following rights:
- Access: request a copy of the personal data we hold about you
- Rectification: ask us to correct inaccurate or incomplete data
- Erasure ("right to be forgotten"): ask us to delete your data where there is no compelling reason to continue processing it
- Restriction: ask us to restrict processing of your data in certain circumstances
- Data portability: request your data in a machine-readable format
- Object: object to processing based on legitimate interest
- Withdraw consent: withdraw consent at any time for processing based on consent (this does not affect the lawfulness of processing before withdrawal)
To exercise any of these rights, contact us at info@tidalcontrol.com. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at https://autoriteitpersoonsgegevens.nl/.
Automated decision-making
The Compliance Quickscan uses an automated scoring algorithm to calculate risk scores and generate personalised recommendations based on your answers. This processing does not produce legal effects or similarly significant effects on you — it provides informational guidance only. You can always contact us to discuss your results with a human advisor.
Children's privacy
Our Website and services are intended for business professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
Links to other websites
Our Website may contain links to websites operated by third parties. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policy of every website you visit.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will post a notice on our Website and update the effective date at the top of this page.
We recommend reviewing this page periodically to stay informed about how we protect your data.
Contact us
If you have questions about this Privacy Policy or want to exercise your rights, contact us at:
Tidal Control B.V. Sint Janssingel 92, 5211DA 's-Hertogenbosch, The Netherlands info@tidalcontrol.com