GDPR Compliance
How we comply with the General Data Protection Regulation
GDPR Compliance at Grippera
What is GDPR?
The General Data Protection Regulation (GDPR) is a European privacy law that came into effect on May 25, 2018. This regulation protects the personal data of EU citizens and gives you more control over how your data is collected, used, and stored.
At Grippera, we take your privacy and data protection very seriously. We fully comply with GDPR requirements and have implemented technical and organizational measures to protect your personal data.
Our GDPR Principles
We process your personal information in accordance with the six core principles of the GDPR:
1. Legitimacy, Integrity, and Transparency
We process your data only in a lawful and fair manner. You are always clearly informed about why and how we process your data. Our privacy statement details this further.
2. Objective Binding
We collect your data only for specific, explicit, and justified purposes (such as order processing, customer service, or compliance with legal obligations). We do not use your data for other purposes without your consent.
3. Data Minimization
We only request data that is actually needed for the purpose it is collected. For example, for a quotation request, we only ask for your name, company, and contact information—no more than necessary.
4. Accuracy
We ensure that your data is accurate and up-to-date. You can view and update your information at any time through your account settings or by contacting us.
5. Storage Limitation
We retain your personal information only as long as necessary. We keep order details for 7 years for fiscal purposes and then they are automatically deleted. Account data is retained while you have an active account.
6. Integrity and Confidentiality
We protect your data with appropriate technical and organizational measures against unauthorized access, loss, or destruction. This includes:
- End-to-end encryption of sensitive data
- HTTPS/SSL for all communication
- Strict access controls and authorization
- Regular secure backups
- Continuous monitoring and security audits
Your Rights Under GDPR
The GDPR gives you extensive rights regarding your personal data. At Grippera, you can easily exercise these rights:
📄 Right to Access
You have the right to know which personal data we process about you. You can request a copy of all your data by logging into your account or by contacting us.
✏️ Right of Rectification
If your information is incorrect or incomplete, you can have it corrected. You can do this yourself in your account settings or by contacting us.
🗑️ Right to Erasure
You can request us to delete your personal information. We will comply with this request unless we are legally obligated to retain the data (for example, for fiscal purposes).
⏸️ Right to Restrict Processing
You can ask us to temporarily restrict the processing of your data, for example, if you dispute the accuracy of the data or object to the processing.
📦 Right of Data Portability
You have the right to receive the personal data you provided us in a structured, commonly used, and machine-readable format, so that you can transfer this data to another service provider.
⛔ Right of Objection
You have the right to object to the processing of your personal data, particularly for direct marketing purposes. We will then cease the processing unless we have compelling legitimate grounds.
🤖 Right Regarding Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing. At Grippera, no fully automated decisions with legal consequences are made.
To exercise any of these rights, you may contact us at privacy@grippera.com. We will respond to your request within 30 days.
Data Processing Legal Basis
We process your personal data only if we have a valid legal basis for doing so:
Execution of an Agreement
For processing your orders, delivering products and services, and handling payments.
Permission
For marketing emails, newsletters, and the placement of non-essential cookies. You can withdraw your consent at any time.
Legal Requirement
For compliance with fiscal and accounting obligations (such as retaining invoices for 7 years).
Justified Interest
To improve our service delivery, prevent fraud, and ensure the security of our systems.
Our Technical and Organizational Measures
We have implemented extensive measures to protect your personal information:
Technical Measures
- Encryption: All sensitive data is encrypted at rest (AES-256) and in transit (TLS 1.3)
- Authentication: Multi-factor authentication option for user accounts
- Firewall: Web Application Firewall (WAF) protects against cyber attacks
- Updates: Regular security patches and system updates
- Backups: Daily encrypted backups with off-site storage
- Logging: Detailed audit logs of all access to personal data
Organizational Measures
- Access Control: Strict authorization rules - employees have access only to data necessary for their work
- Confidentiality: All employees have signed a nondisclosure agreement
- Training: Regular privacy and security awareness training
- Incident Response: Clear protocol for reporting and handling data breaches
- Privacy Impact Assessments: For all new processing activities that may pose risks
- Data Processing Agreements: With all external parties that process data on our behalf
Third Parties and Data Processors
We work with carefully selected third parties who assist us in delivering our services. All these parties are contractually obligated to process your data securely and comply with the GDPR:
Hosting & Infrastructure
- Hosting in EU data centers (ISO 27001 certified)
- All servers are located within the European Union
Analytics
- IP addresses are anonymized before they are stored
- Analytics cookies are placed only with your consent
Email Communication
- Secure email servers with TLS encryption
- GDPR-compliant email service providers
For a complete list of our processors, you can contact us at privacy@grippera.com
Data Leakage
Although we take every measure to protect your data, a data leak can never be entirely ruled out. In the event of a data leak:
- Report this to the Dutch Data Protection Authority (AP) within 72 hours
- Notify affected individuals if the leak poses a high risk to their rights and freedoms
- We will immediately take measures to minimize the damage and prevent recurrence
- Document the incident thoroughly for future prevention
Children's Privacy
Our services are intended for business customers and are not meant for individuals under the age of 16. We do not knowingly collect personal information from children under the age of 16 without parental consent.
International Data Transfer
We store all your data within the European Union. We do not transfer personal data to countries outside the EU/EEA unless it is strictly necessary and only with appropriate safeguards such as:
- EU adequacy decisions
- Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework for US Partners
Changes to this GDPR Policy
We may update this GDPR compliance document from time to time to reflect new developments in legislation, technology, or business processes. The most recent version is always available on this page.
Last updated: January 2, 2026
Data Protection Officer (DPO)
For questions regarding our GDPR compliance or exercising your rights, please contact our Data Protection Officer:
Email: privacy@grippera.com
We aim to respond to your inquiry within 5 business days and process your request within 30 days.
Supervisor
If you believe we are not processing your personal data correctly, you can contact us. You also always have the right to file a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
Phone: +31 (0)70 888 85 00
Website: autoriteitpersoonsgegevens.nl