Privacy

You're reading a privacy policy. Voluntarily. That already says a lot about you. Here's the short version: I respect your data, I don't do anything shady with it, and I'll always be upfront about how I use it. The longer version is below.

What data I collect and why

Client data

When we work together, I may process the following personal data:

  • Your name, email address, phone number, and company details to communicate with you and send invoices.

  • Project-related information to execute the assignment.

  • Financial data (invoicing details, VAT number) for accounting and tax obligations.

The legal basis for this processing is the performance of a contract (Art. 6(1)(b) GDPR) and legal obligations such as tax retention requirements (Art. 6(1)(c) GDPR).

Website analytics

This website is built with Framer, which collects anonymous usage data such as page views and referral sources. No personally identifiable information is collected through analytics. No cookies are placed for tracking purposes.

For more information on how Framer handles data, see Framer's privacy policy.

This website is built with Framer, which collects anonymous usage data such as page views and referral sources. No personally identifiable information is collected through analytics. No cookies are placed for tracking purposes.

For more information on how Framer handles data, see Framer's privacy policy.

How I communicate with you

Depending on the project, I may communicate with you through email, WhatsApp, or your internal communication tools such as Slack or Microsoft Teams (though I'd rather not use that last one). I do not use these channels to collect personal data beyond what is necessary for our collaboration.

AI tools

I use AI tools such as Claude (Anthropic) and ChatGPT (OpenAI) to support my work. This may include brainstorming, writing, analysis, and design-related tasks. In some cases, client-related content may be shared with these tools to deliver better results.

I take care to minimise the sharing of personally identifiable information and do not input sensitive personal data into AI tools unless necessary. Both Anthropic and OpenAI offer data processing terms that include safeguards for the handling of input data.

Additionally, many of the tools I use (such as Figma, Notion, and Google Workspace) now include built-in AI features that may process content within those platforms. I stay informed about how these features handle data and disable them where appropriate.

User research and usability testing

As part of my design work, I may conduct user research, usability tests, or interviews. This can involve collecting personal data from participants, such as names, screen recordings, audio recordings, and behavioural observations.

Participation is always voluntary. Before any test or interview, participants will be informed about what data is collected, how it is used, and how long it is retained. Recordings are only made with explicit consent and are deleted after the insights have been documented, unless agreed otherwise.

Research data is never shared publicly or with third parties without the participant's consent.

Where I store your data

I use the following tools to store project files and client data:

  • Figma: design files and collaboration.

  • Google Workspace: (Google Drive, Gmail) cloud storage and email, hosted in the EU/EEA.

  • Notion: project documentation and notes.

  • Moneybird: invoicing and financial administration.

  • Tack: my own build client and project management tool.

All tools are selected with data security in mind. Where possible, data is stored within the EU/EEA.

How long I keep your data

  • Project files and communication: retained for the duration of the project and up to 2 years after completion, unless you request earlier deletion.

  • Financial records (invoices, payment data): retained for 7 years, as required by Dutch tax law.

  • Website analytics: anonymous data only, no personal data is retained.

Who I share your data with

I do not sell or share your personal data with third parties for marketing purposes. Your data may be shared with:

  • My accountant: for financial and tax obligations.

  • Tool providers: listed above, as data processors acting on my instructions.

Your rights

Under the GDPR, you have the right to:

  • Access the personal data I hold about you.

  • Correct inaccurate data.

  • Delete your data (where legally permitted).

  • Restrict processing of your data.

  • Data portability — receive your data in a structured format.

  • Object to processing based on legitimate interest.

To exercise any of these rights, contact me at pieter@pieterdekroon.com. I will respond within 30 days. In some cases, I may need to consult a third party (such as a legal advisor) to properly handle your request, or depend on third-party services to process data modifications, which is why this timeframe may be needed.

If you believe I have not handled your data correctly, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Data breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, I will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours. If the breach is likely to result in a high risk to you personally, I will inform you directly as soon as possible.

Changes to this policy

I may update this privacy policy from time to time. The latest version will always be available on this page.