Privacy Policy

How we collect, use, and protect your personal data.

Last updated: March 20, 2026

1. Data Controller

Brightgrid Solutions & Installaties is the data controller responsible for your personal data. We are registered with the Dutch Chamber of Commerce (KVK) and operate in accordance with the General Data Protection Regulation (GDPR) and the Dutch implementation law (UAVG).

Company: Brightgrid Solutions & Installaties
Address: Vlierstraat 31, 7544 GE, Netherlands
Email: contact@BrightGrid-installaties.nl
KVK: 42012887

2. Data We Collect

We collect the following categories of personal data:

Identity data: name, email address, phone number
Account data: password (hashed), two-factor authentication settings, profile preferences
Contact form data: name, email, phone, property type, message content
Usage data: IP address (encrypted), browser user agent, cookie consent preferences
Financial data: invoices, project details, payment records
Communications: messages sent through the client portal

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract performance: to provide our electrical installation and maintenance services
Consent: for marketing communications and non-essential cookies
Legitimate interest: for improving our services and ensuring platform security
Legal obligation: for financial record-keeping as required by Dutch fiscal law (7-year retention)

4. How We Use Your Data

We use your personal data for the following purposes:

Providing and managing our electrical installation services
Communicating with you about projects, requests, and invoices
Operating the client portal and dashboard
Ensuring the security of your account and our platform
Complying with legal and regulatory obligations
Improving our services based on usage patterns (with consent)

5. Data Sharing

We do not sell your personal data. We may share your data with:

Service providers: email delivery (Resend), hosting infrastructure, and payment processors who process data on our behalf under data processing agreements
Legal authorities: when required by law, regulation, or court order
With your consent: when you explicitly authorize us to share your data

6. Data Retention

We retain your personal data for the following periods:

Account data: until you delete your account or request deletion
Financial records (invoices): 7 years after creation, as required by Dutch fiscal law (Article 52 AWR)
Contact form submissions: 2 years after submission
Cookie consent logs: 3 years (GDPR compliance documentation)
Security logs: 1 year

7. Your Rights Under GDPR

Under the GDPR, you have the following rights:

Right of access: request a copy of your personal data
Right to rectification: correct inaccurate personal data
Right to erasure: request deletion of your personal data (subject to legal retention obligations)
Right to restriction: limit processing of your data in certain circumstances
Right to data portability: receive your data in a structured, machine-readable format
Right to object: object to processing based on legitimate interest
Right to withdraw consent: withdraw consent at any time for consent-based processing

8. Exercising Your Rights

You can exercise your rights through the following methods:

Data export: use the "Export Data" feature in your account settings to download your personal data
Data deletion request: submit a formal deletion request through your account settings
Self-service deletion: immediately delete and anonymize your account through account settings
Email: send a request to contact@BrightGrid-installaties.nl with the subject "GDPR Request"

We will respond to your request within 30 days, as required by the GDPR.

9. Cookies

We use cookies to enhance your browsing experience. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

AES-256-GCM encryption for sensitive data at rest (email addresses, IP addresses)
HMAC-SHA256 hashing for email lookups and bcrypt for passwords
Two-factor authentication support for account access
Session management with secure, HTTP-only cookies
Role-based access control limiting data access to authorized personnel

11. International Data Transfers

Your data may be processed by service providers located outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child under 16, please contact us immediately so we can take appropriate action.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. The date at the top of this policy indicates when it was last updated.

14. Contact & Dutch Data Protection Authority

If you have questions about this privacy policy or our data practices, please contact us at:

Email: contact@BrightGrid-installaties.nl
Address: Vlierstraat 31, 7544 GE, Netherlands

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens
P.O. Box 93374, 2509 AJ The Hague
Phone: +31 70 888 8500
Website: autoriteitpersoonsgegevens.nl