Trust & Legal
NLEN
Draft. These texts are a first, well-founded version and must be legally reviewed before final use. Fields highlighted in yellow still need to be completed or verified.

Privacy Statement

Prophys Last updated: 29 June 2026 · Version 2026.06

What personal data we process, why, and the rights you have.

1. Who is responsible

This privacy statement applies to the processing of personal data by Prophys (Prophys B.V.), established at Europalaan 6D, 5232 BC 's-Hertogenbosch. Under the General Data Protection Regulation (GDPR), Prophys is the controller for the data processed through this website and our services.

  • Chamber of Commerce no.: 72475218
  • VAT no.: VAT no. ‹to complete›
  • Privacy contact: info@prophys.nl
  • Data protection officer / privacy contact: name, or "not required" ‹to complete›

2. What data we process

Depending on your contact with us, we process:

  • Contact and account data — name, email address, organisation, role and credentials when you use an account.
  • Engagement and correspondence data — information you provide to us as part of an advisory or research engagement.
  • Technical data — IP address, browser type and time of access, recorded in server logs for security and availability.
  • Usage data — actions within our applications, to the extent needed to operate and improve the service.

We do not process special categories of personal data unless this is necessary for a specific engagement and a valid legal basis exists.

3. Purposes and legal bases

PurposeLegal basis (GDPR art. 6)
Performing an engagement or contractPerformance of a contract
Account and access managementPerformance of a contract / legitimate interest
Security, fraud prevention and loggingLegitimate interest
Answering questions and contactLegitimate interest / consent
NewsletterConsent (withdrawable)
Complying with legal obligations (e.g. accounting)Legal obligation

4. How long we keep data

We keep personal data no longer than necessary for the purposes above. Specific retention periods: engagement files e.g. 7 years for tax retention ‹to complete›, account data period after account closure ‹to complete›, server logs e.g. 30–90 days ‹to complete›. After that, data is deleted or anonymised.

5. Sharing with third parties and subprocessors

We do not sell your data. To deliver our services we engage carefully selected subprocessors (such as hosting, authentication and email), with whom we conclude data processing agreements. The current overview is on our subprocessors page.

6. Transfers outside the EEA

Our data is primarily hosted within the European Economic Area (Hetzner, EU). A number of subprocessors are established in the United States. For those transfers we rely on the EU-US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses, with additional measures where needed.

7. Your rights

You have the right to access, rectification, erasure, restriction, objection and portability of your personal data, and the right to withdraw consent you have given. Submit a request via info@prophys.nl; we respond within the statutory period of one month. You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Cookies

Our services use only functional and strictly necessary cookies, plus optional cookies for which we ask consent in advance. See the cookie statement.

9. Security

We take appropriate technical and organisational measures to protect your data. An explanation is on our security page.

10. Changes

We may amend this privacy statement. The current version is always on this page, with the date of last change shown at the top.