1. Scope and Applicable Law
This Privacy Policy applies to personal data processed through the OnModus website and through direct business enquiries sent to us by email or other professional communication channels.
OnModus is based in the Netherlands. Where applicable, we process personal data in line with the General Data Protection Regulation (EU) 2016/679, the Dutch GDPR Implementation Act, and European rules on cookies and electronic communications.
This website is intended for business audiences. It is not directed at children and we do not knowingly collect personal data from children.
2. Personal Data We Process
The personal data we process depends on how you interact with us, including through the website, email, or the contact page.
When you contact us
- Name, business email address, phone number, company, role, and country where you choose to provide them.
- The content of your enquiry, including project context, meeting notes, attachments, or other information you decide to share.
- Communication metadata, such as the date, time, and delivery details of our correspondence.
When you visit the website
- Basic technical information that may be recorded by hosting and security systems, such as IP address, browser type, device information, requested pages, referring page, timestamps, and error logs.
- Information processed when your browser requests locally hosted font and icon files from this website.
- Google Analytics usage data after consent, such as pages viewed, visit timing, approximate geography, browser and device information, and interaction events.
The website may include a contact page or enquiry form. We process the details you choose to submit through that form for responding to your enquiry and related business communication. The current website uses Google Analytics after consent and does not intentionally use advertising pixels.
3. Purposes and Legal Bases
European data protection law requires us to explain why we process personal data and the legal basis we rely on.
| Purpose | Examples of data | Legal basis |
|---|---|---|
| Responding to enquiries and managing professional communications. | Name, business contact details, company, role, message content. | Legitimate interests in responding to business enquiries, or steps prior to entering into a contract. |
| Discussing, preparing, delivering, and administering potential or active client work. | Business contact details, project information, correspondence, meeting records. | Contract performance, steps prior to entering into a contract, and legitimate interests in managing client relationships. |
| Maintaining security, availability, and reliability of the website. | IP address, logs, browser and device information, security events. | Legitimate interests in protecting the website and our business systems. |
| Understanding aggregate website usage through Google Analytics. | Anonymized usage data, pages viewed, approximate geography, browser and device information, and interaction events. | Consent where required by cookie and data protection rules. |
| Meeting legal, tax, accounting, and regulatory obligations. | Invoices, business records, correspondence, transaction records. | Compliance with legal obligations and legitimate interests in keeping appropriate business records. |
| Sending direct business communications where permitted. | Business contact details and communication preferences. | Consent where required, or legitimate interests where business-to-business communications are permitted by law. You can object at any time. |
5. International Transfers
Some service providers may process personal data outside the European Economic Area. Where this happens, we use safeguards required by European data protection law, such as an adequacy decision, the European Commission's Standard Contractual Clauses, transfer impact assessments where appropriate, or another lawful transfer mechanism.
6. Retention
We keep personal data only for as long as needed for the purpose for which it was collected, including any legal, accounting, reporting, dispute-resolution, or security requirements.
- General enquiries are usually retained for as long as needed to respond and manage follow-up, then removed or archived if there is no continuing business purpose.
- Client, contract, invoice, and accounting records may be retained for the period required by applicable law.
- Website security and server logs are retained for a limited period unless they are needed to investigate security, misuse, or legal issues.
7. Your European Privacy Rights
Depending on your location and the circumstances of the processing, you may have the following rights under European data protection law:
- The right to be informed about how your personal data is processed.
- The right to access a copy of your personal data.
- The right to correct inaccurate or incomplete personal data.
- The right to request deletion of personal data where the legal conditions are met.
- The right to restrict processing in certain circumstances.
- The right to object to processing based on legitimate interests, including direct marketing.
- The right to data portability where processing is based on consent or contract and carried out by automated means.
- The right to withdraw consent at any time where we rely on consent. Withdrawal does not affect processing that happened before withdrawal.
- The right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use such automated decision-making on this website.
To exercise your rights, use our contact page or email us at flow@onmodus.com. We may ask for information needed to verify your identity and respond to your request. We aim to respond within one month, unless the request is complex or we receive multiple requests, in which case the response period may be extended as permitted by law.
You also have the right to lodge a complaint with a data protection supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. You may also contact the authority in the EU or EEA country where you live or work, or where you believe an infringement has occurred.
9. Security
We use organisational and technical measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include appropriate access controls, transport security where available, security headers, provider due diligence, and limiting personal data to what is necessary for the relevant purpose.
No website or email system can be guaranteed to be completely secure. Please avoid sending highly confidential or sensitive information by email unless we have agreed a suitable method with you.
10. Updates to This Policy
We may update this Privacy Policy to reflect changes to our website, services, technology providers, or legal requirements. The latest version will always be published on this page with the date shown at the top.
11. Contact
For privacy questions, data subject requests, or concerns about how we process personal data, contact:
OnModus
World Trade Center, Nieuwe Stationsstraat 10, 7th Floor
Arnhem, The Netherlands
Contact page
flow@onmodus.com