Privacy Policy — Devidee B.V.

Version 2.0 — March 2026

1. Introduction

Devidee B.V. (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights in relation to it.

This Privacy Policy applies to all services provided by Devidee B.V., including our website(s), web applications, and mobile applications distributed via the Apple App Store and Google Play Store.

We operate under Dutch law and the European General Data Protection Regulation (GDPR / AVG). Our legal basis for processing is described per purpose in section 5 below.

2. Data Controller

Devidee B.V.
Kelvinstraat 34
6601 HE Wijchen
The Netherlands

Email: contact@devidee.nl
Phone: +31 (0)6 539 476 47
Website: https://devidee.nl

KvK (Chamber of Commerce): 89631323

BTW-ID (VAT): NL865047145B01

Devidee B.V. is the data controller for personal data processed through our websites and applications.

3. Scope

This Privacy Policy applies to:

  • Visitors of our website(s)
  • Users of our web applications
  • Users of our mobile applications on iOS (iPhone, iPad) and Android devices
  • Current, former, and prospective customers

4. Data We Collect

4.1 Website and Web Applications

  • Name, email address, phone number (via contact forms or user accounts)
  • Company name, registration number, VAT number (for business customers)
  • Invoice and payment data
  • IP address, browser type, operating system (via cookies and logs)
  • Page visits and click behavior (via analytics)

4.2 Mobile Applications (iOS & Android)

Depending on the specific application, we may collect:

  • Account data: name, email address, encrypted password
  • Device information: device model, operating system and version, unique device identifiers (IDFA/GAID — only with your explicit consent), screen resolution, language and region settings
  • Usage data: which features you use, session duration, interaction flows
  • Crash and performance data: error messages, app version, diagnostic logs
  • Push notification tokens: if you enable push notifications
  • Location data: only if the specific app requires it and only with your explicit permission
  • Media or files: only if the app explicitly needs this and only with your consent
  • Purchase data: for in-app purchases, transaction data is processed by the App Store (Apple) or Google Play; Devidee B.V. does not receive full payment card details

> Note: The exact data collected by each app is specified on the app’s store page under “App Privacy” (Apple App Store) or “Data Safety” (Google Play Store).

5. Legal Bases and Purposes of Processing

We process personal data only on the following legal grounds under the GDPR:

Purpose Legal Basis
Delivering the agreed service / app Performance of a contract (Art. 6(1)(b) GDPR)
Invoicing and accounting obligations Legal obligation (Art. 6(1)(c) GDPR)
Security of systems and fraud prevention Legitimate interest (Art. 6(1)(f) GDPR)
App improvement and usage analytics Legitimate interest or consent
Sending push notifications Consent (Art. 6(1)(a) GDPR)
Accessing location Consent (Art. 6(1)(a) GDPR)
Marketing communications Consent or legitimate interest (existing customers)
Complying with legal requests Legal obligation

6. Cookies and Similar Technologies

6.1 Website

We use the following cookies on our websites:

Cookie Purpose Retention
Matomo Analytics (self-hosted) Website visit analysis (anonymized, no external data sharing) 2 years
XSRF-TOKEN Form security protection Session
(app)_session Functional session cookie 2 years

We use Matomo Analytics, which is self-hosted on our own infrastructure. No data is shared with third parties. Matomo respects your browser’s Do Not Track (DNT) setting — if DNT is enabled, no analytics data is collected. Because no data leaves our servers and browser preferences are respected, no cookie consent banner is required.

6.2 Mobile Applications

Our mobile apps may use:

  • Firebase / Google Analytics for Firebase — for crash reporting and usage analytics (anonymized where possible)
  • Apple Push Notification Service (APNs) / Firebase Cloud Messaging (FCM) — to deliver push notifications
  • Advertising identifiers (IDFA on iOS, GAID on Android) are used only after you provide explicit consent via your platform’s permission dialog

7. Sharing Your Data

We do not sell your personal data. Data may be shared in the following circumstances:

  1. Processors (sub-processors): Third parties providing services on our behalf, including hosting providers, cloud services, and email providers. We have Data Processing Agreements (DPAs) in place with all processors per Art. 28 GDPR.
  1. App Store platforms: Apple Inc. and Google LLC receive technical and transactional data in connection with app distribution through their platforms. These companies act as independent controllers under their own privacy policies.
  1. Successors: In the event of a merger, acquisition, or insolvency, data may be transferred to a successor entity.
  1. Legal obligation: When required by law or court order.

International Transfers

Where personal data is transferred outside the European Economic Area (EEA), Devidee B.V. ensures appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the EU–US Data Privacy Framework where applicable.

8. Data Retention

Category Retention Period
Customer and contract data Duration of contract + 5 years
Invoice data 7 years (statutory accounting obligation)
App/web application account data Until deletion by user or 2 years after last activity
Analytics data (anonymized) Max. 26 months
Crash/log data Max. 90 days
Push notification tokens Until consent is withdrawn or account is deleted

9. Your Rights

Under the GDPR, you have the following rights:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can request correction of inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”) — you can request deletion of your personal data, subject to legal retention obligations
  • Right to restriction of processing — you can request that we limit how we process your data in certain circumstances
  • Right to data portability — you can request your data in a structured, commonly used, machine-readable format
  • Right to object — you can object to processing based on legitimate interest
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing

Deleting Your Account in Our App

You can delete your account and associated data through the app settings (Settings → Account → Delete Account) or by contacting us at contact@devidee.nl.

Submitting a Request

Send your request along with proof of identity to:

contact@devidee.nl

We will respond within one month. For complex or multiple requests, this period may be extended by up to two months; you will be notified in advance.

Filing a Complaint

You have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Website: [autoriteitpersoonsgegevens.nl](https://www.autoriteitpersoonsgegevens.nl)

Phone: +31 900 2001 201

You may also lodge a complaint with the supervisory authority in your country of residence within the EU.

10. Security

Devidee B.V. implements appropriate technical and organizational security measures, including:

  • Encrypted connections (TLS/HTTPS) for all data transmission
  • Encryption of sensitive data at rest
  • Access control systems and least-privilege principles
  • Regular security updates and patches
  • Confidentiality agreements for all employees with access to personal data

In the event of a data breach with adverse consequences for your personal data, you will be notified personally in the circumstances prescribed by law.

11. Children

Our services and applications are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a minor, please contact us so we can delete it promptly.

12. Changes to This Policy

We reserve the right to update this Privacy Policy. Material changes will be communicated at least 30 days before taking effect via our website and — where changes significantly affect you — via the app or email.

Devidee B.V. — Kelvinstraat 34, 6601 HE Wijchen, The Netherlands — contact@devidee.nl

icon-only icon-only icon-only icon-only