Privacy Policy

Last Updated: December 2024

Sevrin B.V. ("Sevrin," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website sevrin.top or use our risk advisory services.

As a company established in the Netherlands, we comply with the General Data Protection Regulation (GDPR) and applicable Dutch data protection laws. Sevrin acts as the Data Controller for the personal data we process.

Data Collection

The data we collect includes personal information that you provide directly to us, information collected automatically when you use our website, and information from third-party sources when relevant to our business relationship.

Information You Provide

We collect personal data when you:

• Contact us through our contact form or email
• Request information about our services
• Subscribe to our communications
• Engage our services as a client
• Attend our events or webinars

This may include:

• Name and contact details (email, phone, address)
• Company information and job title
• Communication preferences
• Information about your business and risk management needs
• Any other information you choose to provide

Automatically Collected Information

When you visit our website, we automatically collect:

• IP address and location data
• Browser type and version
• Pages visited and time spent on our site
• Referring website information
• Device information

How We Use Your Information

We explain how we use your information for various legitimate business purposes. The use of your data is always based on a valid legal basis under GDPR.

Primary Purposes

• Service Delivery: To provide our risk advisory services and respond to your inquiries
• Client Communication: To communicate with you about our services and your projects
• Business Operations: To manage our client relationships and improve our services
• Legal Compliance: To comply with legal obligations and regulatory requirements
• Marketing: To send you relevant information about our services (with your consent)
• Website Improvement: To analyse website usage and improve user experience

Legal Basis for Processing

Under GDPR, we process your personal data based on:

• Consent: When you provide explicit consent for marketing communications
• Contract: When necessary to perform our services or respond to your requests
• Legitimate Interest: For business operations, security, and website analytics
• Legal Obligation: When required by law or regulation

Data Sharing and Disclosure

Sevrin does not sell, rent, or trade your personal information. We only share your data in limited circumstances:

• Service Providers: With trusted third parties who assist in delivering our services (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Protection: To protect our rights, property, or safety, or that of our clients
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with appropriate safeguards)

All data sharing is conducted in compliance with GDPR requirements, including appropriate safeguards for international transfers where applicable.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes.

Retention Periods

• Client Data: For the duration of our business relationship plus 7 years for legal and tax purposes
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months from collection
• Contact Inquiries: 2 years from last communication

After the retention period expires, we securely delete or anonymise your personal data in accordance with our data retention schedule.

Your Rights

Under GDPR, you have several rights regarding your personal data:

To exercise any of these rights, please contact us using the details provided in the Contact section below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

Security Measures

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection
• Incident response procedures

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We encourage you to take steps to protect your own information.

Cookies and Tracking

Our website uses cookies and similar technologies to improve your browsing experience and analyse website traffic. For detailed information about our use of cookies, please see our Cookie Policy.

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect the functionality of our website.

International Data Transfers

Sevrin primarily processes personal data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses
• Binding Corporate Rules
• Your explicit consent

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.