Privacy statement

1. Who we are

The controller responsible for processing your personal data is:
Joinalyse (part of SkyWise International B.V.)
Address: Bartelsweg, 7311DJ, Apeldoorn, The Netherlands
Chamber of Commerce (KvK): 98259636
Email: [email protected]
Website: https://joinalyse.com

If you have any questions about this statement or our handling of your personal data, please contact us at the email above.

2. What data we collect

We collect the following categories of personal data:
2.1 Information you give us directly
Newsletter and contact forms: name, email address, and any other information you choose to share when you submit a form.
Account information: if you create an account, the credentials and profile details you provide.
Communication: the content of messages you send to us by email or via forms.
2.2 Information we collect automatically
When you visit joinalyse.com, the following information is recorded automatically:
Technical data: IP address (truncated where possible), browser type and version, device type, operating system, referring URL, language, and timestamps.
Usage data: pages visited, time spent, navigation paths, clicks, and similar telemetry.
Error data: in the rare event of a software error, a stack trace and contextual information may be sent to our error-tracking system. This may incidentally include personally identifiable information (“PII”) such as your IP address, email address, or content you submitted in a form. We treat such data as confidential and minimise it where technically feasible.
2.3 Cookies and similar technologies
Cookies and comparable technologies are used both by us and by third-party services. See our Cookie policy for the full list.

3. Why we use your data and on what legal basis

We process personal data only when there is a clear purpose and a valid legal ground under Article 6 of the GDPR. The main reasons we hold and use your data are:

Providing the Service. We need to host the website, process form submissions, and send you the newsletter you subscribed to. The legal basis is the performance of a contract (where you have asked us to deliver something) or our legitimate interest in operating joinalyse.com.

Communicating with you. We reply to questions you send us and send transactional emails such as confirmations or notifications. The legal basis is again the performance of a contract or our legitimate interest in maintaining a useful conversation with you.

Analytics. We measure how visitors use the site so we can understand which content performs well and improve the Service over time. We rely on your consent where the law requires it; aggregated analysis without identifying individuals falls under our legitimate interest.

Advertising. We measure the effectiveness of our ads and retarget visitors on Meta, Google, Bing, and LinkedIn. This always happens on the basis of your consent, given through the cookie banner.

Security and fraud prevention. We keep server logs, detect abuse, and track errors to keep the Service running and protected. The legal basis is our legitimate interest in a stable, secure platform.

Legal compliance. Some processing is required by law — for example bookkeeping or responding to lawful requests from authorities. The legal basis is our legal obligation to comply.

4. Who we share your data with

We do not sell your personal data. We share data only with:
4.1 Processors acting on our behalf
Hosting provider: Hetzner — provides the EU-based servers on which joinalyse.com runs. All data is stored within the European Economic Area.
Email service provider for the newsletter: Mailchimp — handles delivery of newsletter emails sent through Gravity Forms.
Error tracking: GlitchTip, self-hosted on errors.joinalyse.com. Error events may include PII as described in §2.2.
Analytics: SSTr.nl (server-side, first-party tracking) and Google Analytics 4 (where you have consented).
Advertising platforms: Meta (Facebook/Instagram), Google Ads, Microsoft (Bing) Ads, and LinkedIn Insight Tag — only where you have given consent through our cookie banner.
We have a data processing agreement (DPA) in place with each processor, as required by GDPR Art. 28.
4.2 Other recipients
Authorities: if required by law or by a binding order from a competent authority.
Successors: in the unlikely event of a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity, subject to the same protections.

5. International data transfers

Our hosting and primary infrastructure are located in the European Economic Area. Some of the advertising and analytics providers listed above (e.g. Google, Meta, Microsoft, LinkedIn) may transfer data to the United States. Where this happens, we rely on the EU–US Data Privacy Framework or, where applicable, the Standard Contractual Clauses approved by the European Commission, supplemented by additional safeguards.

6. How long we keep your data

We do not keep your data longer than necessary for the purposes set out above. Concretely:
Form submissions:
6 months.
Newsletter list: until you unsubscribe; unsubscribe requests are honoured immediately and a suppression record is kept to prevent re-subscription mistakes.
Account data:
1 month after deletion for legal and security purposes.
Server and error logs:
60 days, after which they are automatically rotated.
Analytics:
36 months.

7. Your rights

Under the GDPR you have the right to:
Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your data (“right to be forgotten”) in cases prescribed by law.
Restrict processing in certain circumstances.
Data portability: receive your data in a structured, machine-readable format.
Object to processing based on legitimate interest, including profiling for direct marketing.
Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, https://autoriteitpersoonsgegevens.nl/).
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (TLS), access controls, regular updates of the software stack, and minimisation of personal data in logs. No system can be guaranteed 100% secure; if we ever experience a data breach that puts you at risk, we will notify you and the Dutch Data Protection Authority as required by GDPR Art. 33–34.

9. Children

joinalyse.com is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have done so, please contact us and we will delete it.

10. Changes to this statement

We may update this statement from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be announced on the site or by email.

11. Contact

Questions, requests, or complaints about this statement?
Email: [email protected]
Postal: Joinalyse (SkyWise International B.V. (98259636)), Bartelsweg, 7311DJ, Apeldoorn, The Netherlands, [email protected].