Habby B.V., trading as ThePolder News Magazine (“ThePolder”, “we”, “our”, “us”), is the controller of your personal data. Habby Stichting ITECA, trading as ThePolder News Magazine (“ThePolder”, “we”, “our”, “us”), is the controller of your personal data. Stichting ITECA is a foundation established under Dutch law, with its statutory seat in Amersfoort, the Netherlands, registered office at:
De Stuwdam 33–35
3815 KM Amersfoort
The Netherlands
Telephone: +31 (0)85 4019 174
This privacy statement informs you about the way in which we handle your personal data in the context of ThePolder News Magazine.
1) How to contact us
GDPR contact person: Linda Pavan
Email: privacy@iteca.nl
Telephone: +31 (0)85 4019 174
Postal address (for data-subject requests):
Stichting ITECA (ThePolder News Magazine)
De Stuwdam 33–35
3815 KM Amersfoort
The Netherlands
2) What personal data do we collect and how do we use it?
The type of personal data we collect and use is limited to the information you provide to us. This is the case, among other things, if you:
Contact us in any way
Subscribe to our newsletter or updates (if available)
Fill in a contact form
Submit editorial tips, feedback, or press materials
Enter into a contract with us (e.g., contributors, advertisers, partners)
Visit our website
This Privacy Statement only applies to the platforms and parts of the websites we manage, which are owned or operated by us under the name ThePolder News Magazine, and all personal data that we process of website visitors, subscribers, prospects, contributors, customers and business relations.
We will never share or sell your personal data to anyone without your knowledge or approval. We will only share authorized information with third parties if they have been hired by us to facilitate the provision of our services to you, or if we are required by law to hand over information to a government agency.
3) Categories of personal data and purpose
Processing activities, data categories, purposes and legal basis
When you visit our website
Category of personal data: IP address, browser/device information, actions on our website, cookie preferences, information provided in forms.
Purpose:
To measure and improve interest in our content
To improve your user experience and tailor it to your behaviour and interests
To administer and diagnose our website
To protect our business, troubleshoot problems, prevent prohibited or illegal activities
To respond to your question if you contacted us via a form
Legal basis: Consent (Article 6(1)(a) GDPR) and Legitimate interest (Article 6(1)(f) GDPR)
When you contact us as a subscriber, contributor, customer, business partner, or advertiser
Category of personal data: Full name, email address, telephone number, billing and contract-related details (if applicable), and other data you provide.
Purpose:
To respond to requests and deliver services
To manage subscriptions (if applicable)
To manage editorial collaboration and contributor agreements
To comply with our own laws and regulations, such as record-keeping obligations
Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and Legal obligation (Article 6(1)(c) GDPR)
When filling in forms (contact, newsletter, tips, editorial submissions)
Category of personal data: Full name, email address, telephone number, and any information you provide in your message or attachments.
Purpose: To respond to your request and provide the information or services you requested.
Legal basis: Consent (Article 6(1)(a) GDPR) and Legitimate interest (Article 6(1)(f) GDPR)
4) Clarification on legal bases
Where we rely on consent, this means we will not process the relevant personal data (e.g., through non-essential cookies, newsletter subscriptions, or marketing communications) unless you have given us your express consent. You may withdraw this consent at any time.
Where we rely on legitimate interest, this means the processing is necessary to pursue our interest in operating, securing, and improving our website and editorial services, provided these interests are not overridden by your fundamental rights and freedoms. You have the right to object to such processing at any time.
5) Permission and withdrawal of consent
Where consent is the legal basis for processing your personal data, you may withdraw your consent at any time. You can do this by contacting us at privacy@iteca.nl, by calling +31 (0)85 4019 174, or by writing to:
Stichting ITECA (ThePolder News Magazine)
GDPR Contact Person
De Stuwdam 33–35
3815 KM Amersfoort
The Netherlands
Once you withdraw consent, we will no longer process the relevant personal data unless there is another lawful basis for doing so (e.g., compliance with legal obligations or the performance of a contract).
6) Retention periods
We retain your information to enable you to continue using our services for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
Contact form / tips / editorial messages: retained for up to 12 months after your inquiry has been resolved
Subscription-related data (if applicable): retained for the duration of the subscription, and up to 12 months after termination unless a longer retention is legally required
Contract-related data (contributors, suppliers, advertisers, partners): 7 years after termination of the relationship, in accordance with Dutch tax and administrative law
Website technical data (IP address, logs): up to 6 months, unless longer retention is required for security or fraud prevention
7) Automated decision-making
Automated decision-making refers to decisions made by computers or systems without human intervention. We ensure that no personal data is processed in automated decision-making.
8) Sharing of personal data
We use third parties to operate our platforms and services. It is possible that these third parties have access to your personal data. If that is the case, we will take appropriate measures to ensure that your data is adequately secured and only used for its intended purposes.
We may share your data with an organization or entity located outside the European Economic Area (EEA). We will then ensure that your personal data will only be transferred in accordance with applicable privacy legislation. This means, among other things, that transfers will only take place where:
An adequacy decision of the European Commission determines that there is an adequate level of protection; or
Standard Contractual Clauses (SCCs) adopted by the European Commission are in place, together with a documented Transfer Impact Assessment (TIA) and, where necessary, additional safeguards such as encryption, pseudonymisation, or contractual commitments to ensure essentially equivalent protection in line with the Schrems II judgment.
This may include:
IT service providers
Hosting, maintenance and support providers
Cloud providers
Email and communication tools
CRM and business management systems
Newsletter distribution systems (if applicable)
Other systems used for file exchange or project management
Where we use third-party service providers, they act as our processors under our instructions. We have entered into data processing agreements (DPAs) with these providers in accordance with Article 28 GDPR to ensure that your data is processed securely and lawfully.
In certain cases, where a third party determines its own purposes (for example payment providers or regulators), that party acts as an independent controller under the GDPR.
In addition, we may share your data with competent regulators, authorities, judicial bodies, or other parties where we are required to do so by law, or if it is necessary in the context of legal proceedings or to establish or exercise our legal rights (for example, to deal with complaints or proceedings).
Only the personal data that is necessary for the performance of the work will be shared.
9) International transfers of personal data
We may share your data with an organization or entity located outside the European Economic Area (EEA). We will then ensure that your personal data will only be passed on if these parties guarantee that the transfer takes place in accordance with the applicable privacy legislation.
This means, among other things, that the personal data will only be transferred outside the EEA in the event that:
An adequacy decision of the European Commission determines that there is an adequate level of protection; or
Additional appropriate safeguards have been implemented, such as the Standard Contractual Clauses.
We ensure compliance with all additional requirements and guidance from the European Court of Justice, data protection legislation and supervisory authorities regarding the transfer of personal data.
10) Protection of personal data
We take the protection of your personal data very seriously. We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, accessed, or disclosed in an unauthorized way.
We limit access to your personal data to strictly necessary employees, contractors, and other third parties. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
We train our employees on the importance of confidentiality and ensuring the privacy and information security of your personal data.
11) Rights of the data subject and their implementation
In accordance with applicable law, you have various rights in relation to the processing of your personal data:
Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object
Right not to be subject to automated decision-making
Right to be informed about corrections, erasures, and restrictions
If you have questions or would like to exercise any of these rights, please contact us at:
Stichting ITECA (ThePolder News Magazine)
GDPR contact person: Linda Pavan
Email: privacy@iteca.nl
Telephone: +31 (0)85 4019 174
Postal address: De Stuwdam 33–35, 3815 KM Amersfoort, The Netherlands
Reasonable access to your personal data will be granted free of charge after submission of the request. We will respond within one month of confirming your request. If we are unable to comply within one month, we will inform you of the expected date. We may require additional information to verify your identity before fulfilling your request.
You also have the right to lodge a complaint with the supervisory authority. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
https://autoriteitpersoonsgegevens.nl
If you are established in another EU/EEA Member State, you may also lodge a complaint with your local supervisory authority.
12) Amendments
We reserve the right to amend this Privacy Statement at any time and for any reason. We will publish the amended Privacy Statement on our website. If required by law, you will be notified of important changes to our Privacy Statement.
Data Governance and Relationship Table (ThePolder News Magazine)
| Category | Subcategory | Detail |
|---|---|---|
| Controller | Entity | Stichting ITECA, trading as ThePolder News Magazine |
| Controller | Legal form | Foundation under Dutch law |
| Controller | Statutory seat | Amersfoort, the Netherlands |
| Controller | Registered office | De Stuwdam 33–35, 3815 KM Amersfoort, the Netherlands |
| Controller | Telephone | +31 (0)85 4019 174 |
| Scope | Covered platforms | Websites, platforms and services owned and managed by Stichting ITECA under the name ThePolder News Magazine |
| Contacts | GDPR contact person | Linda Pavan |
| Contacts | privacy@iteca.nl | |
| Contacts | Telephone | +31 (0)85 4019 174 |
| Contacts | Postal address (DSARs) | Stichting ITECA (ThePolder News Magazine), De Stuwdam 33–35, 3815 KM Amersfoort, The Netherlands |
| Processing activity | Website visit: Data | IP address; browsing actions; device info; cookie preferences; form data |
| Processing activity | Website visit: Purpose | Measure interest; improve UX; administer and secure website; prevent illegal activity; respond to requests |
| Processing activity | Website visit: Legal basis | Consent (Art. 6(1)(a)); Legitimate interest (Art. 6(1)(f)) |
| Processing activity | Subscriber/partner contact: Data | Name; email; phone; billing/contract data; other data provided |
| Processing activity | Subscriber/partner contact: Purpose | Deliver services; manage subscriptions; manage collaborations; comply with legal obligations |
| Processing activity | Subscriber/partner contact: Legal basis | Contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c)) |
| Processing activity | Forms: Data | Name; email; phone; message content; attachments (if provided) |
| Processing activity | Forms: Purpose | Respond; provide requested information or services |
| Processing activity | Forms: Legal basis | Consent (Art. 6(1)(a)); Legitimate interest (Art. 6(1)(f)) |
| Retention | Contact/messages | Up to 12 months after inquiry is resolved |
| Retention | Contract-related data | 7 years after termination (Dutch tax/admin law) |
| Retention | Website technical data | Up to 6 months unless needed longer for security/fraud |
| Automated decision-making | Use | Not used |
| Recipients | Processors | IT; hosting; cloud; email tools; CRM; newsletter systems; project/file exchange systems |
| Recipients | Independent controllers | Payment providers; regulators where relevant |
| International transfers | Mechanisms | Adequacy decision or SCCs + TIA + safeguards (Schrems II) |
| Security | TOMs | Technical and organisational measures; access control; training |
| Rights | Data subject rights | Access; rectification; erasure; restriction; portability; objection; human oversight |