Privacy Policy

1. Who We Are and How to Contact Us

The data controller responsible for your personal data is:

Furnace-Cleaning.org
Herengracht 287
1016 BJ Amsterdam
Netherlands
Email: [email protected]
Telephone: +31 20 794 5621

For data protection enquiries, you may contact our designated Data Protection Contact directly at the address above. We aim to respond to all data-related enquiries within 30 calendar days.

2. What Personal Data We Collect

2.1 Data You Provide Directly

We may collect the following categories of personal data when you voluntarily provide them through our contact form or newsletter subscription:

• Contact form submissions: First name, last name, email address, optional organisation or affiliation, subject category, and message content.
• Newsletter subscriptions: Email address and, where provided, first name for personalised salutation.
• Quiz interactions: Quiz responses are processed entirely client-side in your browser. No quiz answers or results are transmitted to our servers.

2.2 Data Collected Automatically

When you visit our website, our hosting infrastructure and analytics tools may automatically collect the following technical data:

• IP address (anonymised to the last octet before storage where technically possible)
• Browser type, version, and language
• Operating system
• Referring URL (the page you visited before arriving at our site)
• Pages visited, time on page, and scroll depth
• Date and time of visit
• Device type (desktop, tablet, mobile)

This technical data is used exclusively for aggregated audience analytics (to understand which topics attract readers, how pages perform technically) and for security monitoring. It is not used to build individual profiles or for targeted advertising.

3. Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

• Consent (Art. 6(1)(a)): Newsletter subscriptions, non-essential cookies, and analytics tracking where you have given explicit consent via our cookie consent mechanism.
• Legitimate interests (Art. 6(1)(f)): Processing contact form submissions to respond to your enquiry; basic server logging for security and fraud prevention purposes. We have conducted a Legitimate Interests Assessment (LIA) and concluded that our interests in maintaining website security and responding to correspondence do not override your fundamental rights.
• Legal obligation (Art. 6(1)(c)): Where applicable Dutch or EU law requires us to retain certain records.

4. How We Use Your Data

We use personal data for the following specific, documented purposes only:

• To respond to contact form enquiries and correspondence
• To send editorial newsletters to subscribers who have given explicit consent, with a clearly displayed unsubscribe option in every issue
• To monitor and improve the technical performance of the website
• To detect and prevent security threats, fraud, or abuse
• To comply with applicable legal obligations under Dutch and EU law

We do not use your personal data for automated decision-making, profiling, or targeted advertising. We do not sell, rent, or exchange personal data with third parties for their own marketing purposes.

5. Cookies and Tracking Technologies

We use cookies and similar technologies on this website. Please see our separate Cookie Policy for a complete list of cookies, their purposes, duration, and the consent options available to you. In summary:

• Strictly necessary cookies: Required for the website to function. Cannot be disabled.
• Analytical/performance cookies: Used to understand audience behaviour in aggregate. Activated only with your consent.
• Third-party advertising cookies: May be set by advertising partners (where advertising is displayed). Activated only with your explicit consent.

6. Third-Party Services and Data Sharing

We may share technical data with the following categories of service providers, each operating under a data processing agreement (DPA) with us:

• Web hosting and CDN: Our hosting provider stores website files and logs in data centres within the European Economic Area (EEA).
• Analytics: We use privacy-focused analytics software configured to anonymise IP addresses and not share data with third parties. No individual-level data leaves our analytics environment.
• Email delivery: Newsletter and contact-form reply emails are sent via a processor operating within the EEA, bound by a DPA.
• Advertising networks: Where third-party display advertising is served on this site, those networks may set cookies subject to your consent. Please refer to each network's own privacy policy for details of their processing.

We do not share personal data with any third party for their own marketing, profiling, or commercial purposes, except as described above or where required by law.

7. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

• Contact form submissions: Retained for 24 months from the date of last contact, then securely deleted.
• Newsletter subscriber data: Retained until you unsubscribe. Upon unsubscription, your email address is removed from the active list within 10 working days and permanently deleted after a 30-day suppression period to prevent accidental re-addition.
• Server access logs: Retained for 90 days for security purposes, then automatically purged.
• Anonymised analytics data: Aggregated, anonymised statistics may be retained indefinitely as they contain no personal data.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights, which you may exercise free of charge:

• Right of access (Art. 15): You may request a copy of all personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data where the legal basis for processing no longer applies.
• Right to restriction of processing (Art. 18): You may request that we restrict how we use your data in certain circumstances.
• Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you may request your data in a machine-readable format.
• Right to object (Art. 21): You may object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 calendar days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), Postbus 93374, 2509 AJ Den Haag, or via autoriteitpersoonsgegevens.nl.

9. Data Security

We implement appropriate technical and organisational security measures to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include: TLS encryption for all data in transit; access controls limiting data access to authorised personnel only; regular security reviews; and secure deletion procedures. However, no method of internet transmission is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and you within a reasonable time, as required by GDPR Article 33–34.

10. Children's Privacy

This website is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data without appropriate parental consent, please contact us at [email protected] and we will promptly delete the relevant data.

11. International Data Transfers

Where data is transferred outside the EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent transfer mechanisms. Our primary hosting and processing infrastructure is located within the EEA.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page indicates when the most recent revision was made. For material changes, we will provide prominent notice on our website or, where applicable, by direct notification to newsletter subscribers. Continued use of the site after a policy update constitutes acceptance of the revised terms.