Privacy Policy

DCT BV, located at Mercuriusweg 28, 6971GV Brummen, Chamber of Commerce number 69378843, is the data controller within the meaning of the General Data Protection Regulation (GDPR). Contact: info@dctbv.nl — 06 - 10 86 16 16

DCT BV supplies exclusively to business customers (B2B). This privacy policy relates to contact persons and representatives of our business relations. We do not target consumers and do not conduct marketing activities directed at private individuals.

We process only the business contact data necessary for the performance of agreements: — Name and job title of contact person — Company name, invoice and delivery address — Email address and phone number — VAT number and Chamber of Commerce number — Quotation, order and invoice data — Payment information (processed via Mollie — we do not store full payment details) — Website visit data (anonymised statistics, see Article 6)

We process personal data on the following legal bases: — Performance of contract: processing and handling quotations, orders, deliveries and invoices — Legal obligation: retaining financial records in accordance with statutory retention requirements (7 years) — Legitimate interest: maintaining our own website statistics and securing our systems We do not process personal data for marketing purposes and do not send newsletters or promotional emails.

DCT BV engages the following processors to perform its services. A data processing agreement has been concluded with each of these parties: — Mollie B.V. (Amsterdam): processing of online payments. Mollie handles payment data in accordance with PCI-DSS standards. Privacy policy: mollie.com/privacy — Resend Inc. (US): delivery of transactional emails (order confirmations, quotations, invoices, shipping notifications). No marketing emails are sent. Transfer to the US is based on the European Commission's Standard Contractual Clauses (SCCs). Privacy policy: resend.com/legal/privacy-policy — Supabase Inc. (US): hosting provider for our database and application. Data is stored on servers in the EU (Frankfurt). Transfer to the US is based on the European Commission's Standard Contractual Clauses (SCCs). Privacy policy: supabase.com/privacy — Google LLC (US): analytics and advertising services (Google Analytics 4 and Google Ads), only after your consent. Transfer to the US is based on the Standard Contractual Clauses (SCCs). Privacy policy: policies.google.com/privacy — Carriers (DHL, PostNL and others): for delivery we share name, delivery address and contact details with the relevant carrier. We do not share personal data with other third parties, unless required to do so by law.

We measure website visits through two systems: — Own statistics (Supabase): we collect anonymised visit statistics through our own infrastructure. No personal profiles, no sharing with third parties. Legal basis: legitimate interest. — Google Analytics 4 and Google Ads (Google LLC, US): we use Google Analytics for visitor analysis and Google Ads for conversion tracking. Google processes data on servers in Ireland and potentially the US. Transfer to the US is based on the Standard Contractual Clauses (SCCs). These services are loaded only after your explicit consent via the cookie banner — analytics cookies for GA4, marketing cookies for Google Ads. Functional cookies (session, shopping cart, language preference) are strictly necessary for website operation and are placed without consent. Other cookies are placed only after your explicit consent via our cookie banner.

We send only transactional emails: order confirmations, quotations, invoices, payment reminders and shipping notifications. We do not send commercial newsletters or promotional mailings. Transactional emails are sent via Resend Inc. Your email address is not used by Resend for any purpose other than delivery on behalf of DCT BV.

We do not retain personal data longer than necessary for the purpose for which it was collected: — Financial records (invoices, payments): 7 years in accordance with statutory fiscal retention obligations — Quotations and customer files: 5 years after the end of the business relationship — Email correspondence: 2 years, unless longer retention is necessary for dispute resolution — Website statistics: maximum 12 months in anonymised form

Under the GDPR, you have the following rights: — Access: you may request which personal data we process about you — Rectification: you may have inaccurate data corrected — Erasure: you may request deletion of your data, unless a statutory retention obligation applies — Restriction of processing: you may request temporary restriction of processing — Data portability: you may request your data in a structured format — Objection: you may object to processing based on legitimate interest Requests can be submitted via info@dctbv.nl. We will respond within 4 weeks. We may ask you to verify your identity.

DCT BV takes appropriate technical and organisational measures to protect personal data: — All connections use HTTPS/TLS encryption — Access to customer data is restricted to authorised staff — Passwords are never stored in readable form — Our database is hosted at Supabase on ISO 27001-certified server infrastructure in the EU — Payment processing is handled entirely by Mollie (PCI-DSS certified)

Do you have a question or complaint about how we process your personal data? Please contact us at info@dctbv.nl. You also have the right to file a complaint with the Dutch Data Protection Authority, the supervisory authority in the Netherlands: autoriteitpersoonsgegevens.nl — Telephone: +31 88 - 18 05 250