DeltaSpan Privacy Statement 

1. Who we are (Data Controller)

DeltaSpan, based in The Netherlands, reachable through Email: info@deltaspan.nl

DeltaSpan (“we”, “us”) is responsible (the “data controller”) for the personal data collected and processed via this website and in the course of our services. Under EU and Dutch data protection law, including the General Data Protection Regulation (GDPR), we determine why and how your personal data is processed. 

At this time we do not appoint a dedicated Data Protection Officer (DPO). You can contact us via the details above for any privacy-related question.

2. What personal data we collect

We may collect and process the following categories of personal data:

  • Contact details: Name, company name, job title, email address, phone number, and any information you include when you ask us to contact you or book an intro meeting.
  • Engagement information: Information you share about your company situation (for example: leadership gap, operational challenges, urgency, geography). This may include limited operational or commercial context so we understand your request.
  • Website technical data: Basic technical information such as IP address, browser type, pages visited and timestamps. We currently do not use tracking cookies for marketing without consent. If we introduce analytics cookies or third-party tools, we will request consent where required.

We do not intend to collect special categories of personal data (for example health data) or data about children. Please do not send that type of information via our contact forms.

3. How we obtain your data

  • We receive personal data in three main ways:
  • You provide it directly: For example when you fill in a booking form, request a call, email us, or call us.
  • We generate it while working with you: For example internal notes from introductory discussions or assessments.
  • Website visit: Technical data from your browser / device when you access our website (see “Website technical data” above). This is standard for operating a website. 

We do not buy contact lists.

4. Why we use your data (purpose and legal basis)

We process personal data only for clear and lawful purposes:

  • Responding to your request / pre-contract discussions: To schedule an intro meeting, answer questions about interim COO/MD support, stabilization work or due diligence, and determine fit.
  • Performing our services: If you engage us, we process data needed to deliver the agreed interim leadership / advisory work, communicate with you, and report to you.
  • Business operations and compliance: Basic invoicing, accounting, record keeping, and compliance with legal obligations (for example tax law, regulatory requests).
  • Website security and performance: Monitoring basic traffic patterns and attempted misuse to keep the site secure and functioning.

We do not sell personal data and we do not use personal data for automated decision-making or profiling that produces legal effects for you.

5. How long we keep your data (retention)

We keep personal data only as long as needed for the purpose it was collected, and then delete or anonymise it:

  • Contact / inquiry data: normally 12 months after last contact if no engagement follows, so we can respond to follow-up discussions.
  • Client engagement data: for the duration of the engagement and then for the standard statutory retention period under Dutch/EU law (for example, fiscal documentation requirements).
  • Technical logs: short-term operational logs are kept for security and troubleshooting, then rotated.

If you ask us to delete your personal data sooner and we have no legal need to keep it, we will do so (see “Your rights” below). 

6. Who receives your data

We may share personal data with:

  • Our own internal team / partners: Senior consultants or interim leaders working under the DeltaSpan brand, where needed to respond to your request or carry out the engagement.
  • Service providers / processors: For example secure email, cloud storage, calendar/booking tools, accounting tools. We only use providers who offer appropriate data protection safeguards under GDPR, including (where relevant) EU Standard Contractual Clauses for transfers outside the EEA. 
  • Authorities or regulators: Only if we are legally required to do so.

We do not give your details to third parties for their own marketing.

7. International transfers

We operate internationally and may work with clients and partners outside the EU/EEA. When personal data is transferred outside the EU/EEA, we use safeguards recognised under GDPR (for example, EU Standard Contractual Clauses) to protect that data. If these safeguards are not available for a specific transfer, we will inform you and request explicit consent where required.

8. Your rights

Under EU and Dutch data protection law, you have the following rights regarding your personal data: 

  • Right of access: You can ask us to confirm whether we process your data, and to receive a copy.
  • Right to rectification: You can ask us to correct or complete inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): You can ask us to delete your data where the legal basis no longer applies (for example, you withdraw consent and we have no other legal ground to keep it, or the data is no longer needed). Some data must still be kept if we are legally required to keep it. 
  • Right to restrict processing: You can ask us to limit how we use your data in certain situations (for example while a correction request is being checked).
  • Right to object: You can object to certain processing based on our legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
  • Right to data portability: Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format, or ask us to transfer it to another controller. 

To exercise any of these rights, contact us at: info@deltaspan.nl. We may need to verify your identity before acting on your request. This prevents unauthorised access to data. We aim to respond within 15 days of receiving your request. If your request is complex or you have made several requests, we may extend this period by up to two further months, and we will inform you. 

9. Complaints

You also have the right to lodge a complaint with your local supervisory authority for data protection. For the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). If you are located in another EU/EEA country, you may also contact your local supervisory authority. We would appreciate the chance to handle your concern first, so please feel free to contact us directly.

10. Security

We take reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction. This includes access controls, role-based access to engagement data, and limiting who can see confidential client information. 

However, no method of transmission over the internet or method of storage is fully risk-free. If we become aware of a personal data breach that may pose a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required by law, we will inform you as well.

11. Updates to this Privacy Statement

We may update this Privacy Statement from time to time, for example if we start using additional analytics tools, change our booking or document systems, or change our legal entity details. When we make material changes, we will update the “last updated” date below and, where appropriate, notify you on the website.

Last updated: 1 October 2025

We hebben je toestemming nodig om de vertalingen te laden

Om de inhoud van de website te vertalen gebruiken we een externe dienstverlener, die mogelijk gegevens over je activiteiten verzamelt. Lees het privacybeleid van de dienst en accepteer dit, om de vertalingen te bekijken.