1. Who We Are
D.BAKEN CONSULTANCY is an Data and technology consultancy operated as a private limited company (BV) registered in the Netherlands.
D.BAKEN CONSULTANCY B.V.
Weerschijnvlinder 15, 3544 DT Utrecht
KvK: 97029890
Email: diko@dbaken.nl
As data controller, we determine how and why your personal data is processed. This policy explains what data we collect via our website, why, and what rights you have under the General Data Protection Regulation (GDPR / AVG).
2. Data We Collect
We collect only what is necessary. Via the website, this is limited to:
- Name — first and last name provided through contact forms or direct email.
- Email address — to respond to your enquiry or maintain project communication.
- Phone number — if voluntarily provided in a contact form.
- Message content — the content of any enquiry you submit.
We do not collect payment data, sensitive personal data, or data from children under 16 through this website.
3. How and Why We Use Your Data
We process your personal data for the following purposes and legal bases:
- Responding to enquiries — to answer questions you submit via the contact form or email. Legal basis: Article 6(1)(b) GDPR — necessary to take steps prior to entering a contract.
- Client communication — to manage the working relationship during and after an engagement. Legal basis: Article 6(1)(b) GDPR — performance of a contract.
- Legal compliance — to comply with Dutch accounting and tax obligations (e.g. retaining invoices). Legal basis: Article 6(1)(c) GDPR — compliance with a legal obligation.
We do not use your data for automated decision-making or profiling.
4. Data Retention
We retain personal data only as long as necessary:
- Enquiries that do not lead to an engagement — deleted within 12 months of the last contact.
- Client contact data — retained for the duration of the engagement plus 7 years (statutory Dutch administration retention period under Article 52 AWR).
5. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We may share it with:
- Email and productivity service providers (e.g. Google Workspace or Microsoft 365) — used to send and receive communications. These providers act as data processors under a Data Processing Agreement.
- Accountant or tax advisor — only to the extent required by law and limited to billing data.
- Legal or regulatory authorities — if required by Dutch law or a court order.
Any processor we engage is bound contractually to process your data only on our instructions and to maintain appropriate security measures.
6. International Transfers
If your data is processed outside the European Economic Area (EEA) — for example, via cloud services — this will only occur in countries with an adequacy decision from the European Commission, or under Standard Contractual Clauses (SCCs) approved by the European Commission (Article 46 GDPR).
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access — obtain a copy of the data we hold about you (Article 15).
- Right to rectification — correct inaccurate or incomplete data (Article 16).
- Right to erasure — request deletion of your data where there is no legal ground to retain it (Article 17).
- Right to restriction — limit how we process your data in certain circumstances (Article 18).
- Right to data portability — receive your data in a structured, machine-readable format (Article 20).
- Right to object — object to processing based on legitimate interests (Article 21).
To exercise any of these rights, email us at diko@dbaken.nl. We will respond within 30 days. We may need to verify your identity before acting on a request.
8. Complaints
If you believe we are handling your personal data unlawfully, you have the right to lodge a complaint with the Dutch data protection authority:
We encourage you to contact us first so we can resolve any issue directly.
9. Security
We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. This includes encrypted email transmission, access controls, and regular review of our data handling practices.
10. Snowflake Marketplace
D.BAKEN CONSULTANCY is a registered provider on the Snowflake Marketplace. When you access, request, or purchase a listing published by D.BAKEN CONSULTANCY on that platform, Snowflake Inc. shares certain data about you with us as the provider.
This data may include:
- First and last name
- Email address
- Snowflake account locator and organisation name
- Snowflake region
We use this data solely to fulfil your listing request, manage the commercial relationship, and follow up on enquiries related to our Marketplace products. We do not use it for unrelated marketing purposes without your explicit consent.
Legal basis: Article 6(1)(b) GDPR — processing is necessary to perform or prepare the contract for access to our Marketplace listing; and Article 6(1)(f) GDPR — legitimate interest in managing our provider relationship with consumers.
Snowflake acts as an independent data controller in respect of your account data. Their processing of your data is governed by the Snowflake Privacy Policy. D.BAKEN CONSULTANCY is not responsible for Snowflake's data processing practices.
Consumer data received via Snowflake is retained for the duration of the commercial relationship and up to 7 years thereafter in accordance with Dutch statutory record-keeping obligations (Article 52 AWR), unless a shorter period applies.
11. Changes to This Policy
We may update this policy when our practices change or when required by law. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via the website.