Legal
Privacy Policy
Last Updated: March 12, 2026
This Privacy Policy explains how Nooit in Paniek B.V. ("we", "us", or "our") collects, uses, and protects personal data when you visit our website and when you contact us about our online professional education programmes delivered across Canada. This policy is written to meet the requirements of the EU General Data Protection Regulation (GDPR) and applicable Dutch privacy rules.
1. Introduction & Controller Identity
The data controller for personal data processed via this website is:
- Legal entity: Nooit in Paniek B.V.
- Registered address: Zeedahliaweg 42, 4325 CV Renesse, Netherlands
- Email: [email protected]
- Phone: +31 111 462 915
We do not appoint a Data Protection Officer (DPO) because we do not carry out large-scale processing of special-category data or systematic monitoring as a core activity. If you have questions, you can contact us using the details above.
2. Personal Data We Collect
The personal data we may collect depends on how you interact with the site. We collect the following categories where relevant:
- Identity and contact details: name, email address, phone number, and any organisation name you include.
- Form content: programme selection, workshop preferences, and any message text you submit (for example, timing constraints or training topics).
- Technical data: IP address, browser type, device/OS, language settings, and approximate location derived from IP (country/region level).
- Usage data: pages viewed, time on page, referrer, and click paths. This is typically collected through analytics technologies if you consent.
- Cookies and identifiers: cookie identifiers and consent signals described in Section 4.
- Conversion events: records that a form submission occurred or that a key page was visited, used for measurement if you consent to marketing cookies.
We do not intentionally collect special-category data (such as health information, biometric data, religious or political views), financial account details, or government-issued identification numbers through this website. Please avoid including sensitive personal information in free-text fields.
3. Why We Process Your Data & Our Legal Bases (GDPR Art. 6)
We process personal data only where we have a lawful basis. The main purposes and legal bases are:
- Responding to enquiries and coordinating enrolment: when you submit our contact/enrolment form, we use your details to reply and to provide requested information. Legal basis: Art. 6(1)(b) (steps prior to entering into a contract) and Art. 6(1)(a) (consent for being contacted where required).
- Analytics and site improvement: understanding which pages are useful, where visitors come from, and how the site performs. Legal basis: Art. 6(1)(a) (consent).
- Marketing, remarketing, and measurement: attributing conversions and building audiences for advertising platforms. Legal basis: Art. 6(1)(a) (consent).
- Security and fraud prevention: protecting the site, preventing abuse of forms, and maintaining service integrity. Legal basis: Art. 6(1)(f) (legitimate interests).
- Legal compliance: meeting obligations under applicable laws and responding to lawful requests. Legal basis: Art. 6(1)(c) (legal obligation).
Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals.
4. Cookies & Tracking Technologies
We use cookies and similar technologies to operate the site, understand usage, and (with consent) support advertising measurement. Cookies are small text files stored on your device. Some cookies are first-party (set by us) and some are third-party (set by service providers).
We group technologies into three categories. These categories match our Cookie Policy.
Essential (always active)
These are necessary for core site functionality and security. They do not require consent under EU rules.
- _site_session (first-party): supports session continuity. Retention: session to up to 7 days depending on configuration.
- cookie_consent (first-party): stores your consent choice. Retention: up to 12 months.
Analytics (consent required)
If you opt in, we may use Google Analytics 4 (GA4) with IP anonymisation where supported. Typical cookies include _ga (2 years) and _ga_XXXXXXXXXX (2 years). Analytics retention is configured to 14 months.
Marketing (consent required)
If you opt in, marketing technologies may be used for conversion attribution and audience building (for example, remarketing and lookalike audiences). Typical cookies include _gcl_au (Google Ads, 90 days), _fbp (Meta, 90 days), and _fbc (Meta, 90 days when a click identifier is present).
In addition to cookies, advertising measurement may use pixel tags (for example, scripts that record page views) and, where implemented, server-side measurement (such as Meta Conversion API or server-side tag management). Where server-side measurement is used, identifiers may be transmitted in hashed form. In all cases, activation depends on your consent choices.
5. Consent (EEA/UK Users)
Users in the European Economic Area (EEA) and the United Kingdom receive a consent notice for analytics and marketing technologies. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)).
Your choice is stored in the cookie_consent cookie for up to 12 months. You can withdraw or change consent at any time by selecting “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before withdrawal (GDPR Art. 7(3)).
6. Sharing With Advertising & Service Partners
We use carefully selected service providers to operate and measure the site. Depending on your consent settings, we may share certain data (such as cookie identifiers, usage events, and conversion signals) with:
- Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): https://policies.google.com/privacy
- Meta Platforms (Meta Pixel, Custom/Lookalike Audiences, Conversion API): https://www.facebook.com/privacy/policy
- Cloudflare (CDN and security): https://www.cloudflare.com/privacypolicy/
We do not sell personal data. Where third-party providers process data on our behalf, we aim to use appropriate contractual protections (for example, data processing agreements) and limit processing to the purposes described in this policy.
We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us and operating their platforms under their own terms.
7. International Transfers
Nooit in Paniek B.V. is established in the Netherlands. Some service providers (such as Google and Meta) may process data outside the EEA/UK, including in the United States. Where applicable, transfers may rely on:
- EU–US Data Privacy Framework (DPF) (primary, where available)
- UK Extension to the EU–US DPF (where available)
- Swiss–US DPF (where relevant)
- Standard Contractual Clauses (EU 2021/914) as a fallback
- UK International Data Transfer Addendum / UK IDTA as a fallback
We take reasonable steps to ensure that personal data receives an adequate level of protection when transferred internationally.
8. Retention
We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required by law. Typical retention periods are:
- Contact and enrolment submissions: up to 2 years from the last interaction.
- Email correspondence: for the duration of the relationship, then typically up to 1 additional year.
- Server security logs: typically up to 90 days, unless needed for investigating abuse.
- Analytics data: 14 months (configuration target), subject to platform settings.
- Marketing cookies: according to cookie lifetimes (commonly 90 days).
- Cookie consent record: up to 3 years for audit and accountability.
- Legal/tax records: where applicable, retained for the period required by Dutch law (often 7 years for certain business records).
9. Your Rights (GDPR & UK GDPR)
If the GDPR applies to you, you may have the following rights, subject to legal limitations:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent at any time (Art. 7(3))
- Right to lodge a complaint with a supervisory authority (Art. 77)
To exercise your rights, email [email protected]. We aim to respond within 30 days. For complex requests, this period may be extended by up to 60 days as permitted by law.
As we are established in the Netherlands, our lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can also find general information on supervisory authorities via the European Data Protection Board: https://edpb.europa.eu.
10. Children
This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without appropriate consent, we will delete it promptly.
11. Do Not Track
This website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may offer their own DNT or opt-out mechanisms.
12. Data Deletion Requests
You may request deletion of personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable information to verify your identity. Where deletion is not possible due to legal obligations, we will explain the limitation and restrict processing where appropriate.
13. Business Transfers
If Nooit in Paniek B.V. is involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide a notice on the website.
14. California (CCPA / CPRA)
If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the CPRA. Over the past 12 months, we may have disclosed the following categories of personal information to service providers and, where you consent to marketing cookies, to advertising partners:
- Identifiers (name, email, IP address, cookie IDs) for communication and measurement.
- Internet or network activity (pages viewed, interactions) for analytics and advertising measurement.
- Inferences (interests or preferences) that may be created by advertising platforms for targeted advertising.
We do not sell personal information as defined by the CCPA. We may share data for cross-context behavioural advertising when marketing cookies are enabled; you may opt out by using our cookie preferences panel.
Requests may be submitted by emailing [email protected] with the subject line “California Privacy Request”. We will verify your request as required. Authorised agents must provide proof of authorisation.
15. Virginia (VCDPA)
If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, portability, and the right to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.
Requests may be submitted by emailing [email protected] with the subject line “Virginia Privacy Request”. If you wish to appeal a decision regarding your request, email with the subject line “Appeal of Refusal — Privacy Request”. We aim to respond to appeals within 60 days.
16. Nevada
Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.
17. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide a notice on the website at least 14 days before changes take effect. The “Last Updated” date at the top of this page reflects the most recent revision.
18. Contact
For privacy questions or to exercise your rights, contact:
- Nooit in Paniek B.V.
- Zeedahliaweg 42, 4325 CV Renesse, Netherlands
- Email: [email protected]
- Phone: +31 111 462 915