Close Icon

Sign up now for a Dutch course – secure your spot in the group!

Start learning now!
Edu-dutch Menu Toggler
Edu-Dutch Menu Toggler

Privacy Policy

Privacy Policy – Academy Edu-Dutch B.V.

Last updated: 15 July 2025

Protecting your privacy matters to our team. We implement procedures and policies to ensure the highest level of data protection. Academy Edu-Dutch B.V., registered at Tine van Dethstraat 81, 2331 CD Leiden, is the controller of personal data and is responsible for processing it in accordance with the GDPR (General Data Protection Regulation).

When you use our website, call us, email us, or complete a contact form, you entrust us with processing your personal data. Below you will find information about how we do this. Please read it carefully and remember that this document will evolve as our business develops—check back regularly. For your convenience, the date of the last update is shown above.

1. Data controller contact details

The controller of your personal data is Academy Edu-Dutch B.V. The person responsible for data protection and your point of contact is Kinga Fiebig. This Privacy Policy applies to the website: www.edu-dutch.com.
Address: Tine van Dethstraat 81, 2331 CD Leiden
Email: info@edu-dutch.com
Chamber of Commerce (KvK) number: 94710732

For any data protection matters, please contact us by email.

2. Social media

Because Academy Edu-Dutch B.V. maintains a presence on social media (such as Facebook, Instagram, YouTube, etc.), please note that—under the case law of the Court of Justice of the European Union—the provider of the social network acts as a joint controller together with the profile administrator (Academy Edu-Dutch B.V.). Details on how each provider processes personal data can be found in their own privacy policies, for example:

  • Facebook

  • LinkedIn

  • Instagram

  • YouTube

  • TikTok

3. For what purposes do we process personal data?

Below is a list of purposes with more detail. Each purpose includes the legal basis for processing:

Purpose of processing Description Legal basis
Fulfilling orders and/or course enrolments When you place an order or enrol in a course, you are asked to provide data necessary to fulfil it, as indicated in the form. Providing these data is required to submit the order. Our order system also automatically records the IP address of the device used when placing the order. Each order is stored in our database along with details such as the date and time, order ID, transaction ID, product/service description, price, selected payment method and due date, and for digital content, the date and time of download. We process these data to conclude and perform the contract; after fulfilment they are archived to establish, exercise or defend claims and are retained in accounting records as required by tax law. Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR
Completing orders that customers started but did not finish Some customers begin an order but do not complete it. We may remind you about the unfinished purchase and encourage completion (e.g., by email). For this we may process data provided during the initiated order, such as name, email address, basket contents, transaction start date, and other data submitted during the process. This aims at concluding the contract and is also based on our legitimate interest in increasing sales and supporting prospective customers. Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR
Handling complaints or withdrawal from the contract If you submit a complaint or withdraw from the contract, you provide personal data contained in your submission. These data are necessary to process your request. After completion, data are archived to establish, exercise or defend claims and are retained in accounting records as required by tax law. Art. 6(1)(c) GDPR together with applicable consumer law on withdrawal and conformity; Art. 6(1)(b) GDPR
Newsletter service When you subscribe to our newsletter, we ask for the data necessary to send it. Our mailing system (MailerLite) also records the IP address used for subscription, approximate location, email client type, and engagement data such as opens and link clicks. We may create audience segments to tailor content to your interests, activity, or preferences. You can unsubscribe at any time via the link in each email or by contacting us. Unsubscribing does not automatically delete your data from the mailing system; data may be archived to establish, exercise or defend claims and for legal compliance. Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR (legitimate interest in marketing). For automatically collected system data (e.g., location, clicks): Art. 6(1)(f) GDPR
Contact and correspondence handling When you contact us (email, social media, contact forms), you provide personal data contained in your message. Our systems may also record technical data such as the sender’s IP address. We process these data to handle correspondence, answer queries, and maintain further contact (our legitimate interest). After the correspondence ends, data may be archived to establish, exercise or defend claims. Art. 6(1)(f) GDPR
Fulfilling tax and accounting obligations In connection with contract performance, we must meet tax and accounting duties (issuing invoices, recording them in accounts, storing documentation for the statutory period). We process data such as name, company name, and business address. Art. 6(1)(c) GDPR with applicable tax law
Archiving For operational needs we may create paper and/or digital archives containing personal data we have processed about you, to the extent justified by archiving. This is based on our legitimate interest in organising and documenting resources. Art. 6(1)(f) GDPR
Establishing, exercising or defending legal claims Use of our website and entering into a contract may give rise to claims by either party. We process any data related to a given claim, depending on the matter. Art. 6(1)(f) GDPR
Creating advertising audiences Your email address stored in our database may be uploaded (in hashed form) to advertising systems (e.g., Facebook Ads, LinkedIn Ads) to create “custom audiences.” Platforms use it only for matching and then delete it; they do not share your email with third parties. Art. 6(1)(f) GDPR
Social media management If you follow or interact with our profiles (Facebook, Instagram, YouTube, LinkedIn), we can access data publicly available on your user profile and process them within the platform to manage our profile (legitimate interest). If you contact us by private message, we process data contained therein to communicate and, where relevant, explore cooperation. Messages are archived within the platform until you delete them. Use of the platform is governed by the provider’s terms and privacy policy (e.g., Meta/Facebook, Google/YouTube, LinkedIn). Art. 6(1)(f) GDPR
Analytics and statistics using Anonymous Information only We use third-party analytics tools that give us only aggregated, non-identifying statistics. We rely on our legitimate interest in analysing user activity to improve the site and optimise marketing and operations. Art. 6(1)(f) GDPR
Marketing using Anonymous Information only We run marketing activities via third-party tools based solely on Anonymous Information (aggregated, non-identifying data), e.g., clicks, traffic sources, interests, campaign performance. Art. 6(1)(f) GDPR
Providing additional features using Anonymous Information only Our website may embed video/audio players (e.g., YouTube, Bunny.net), social widgets, newsletter forms, comment modules, chats, and other third-party tools. These may process only Anonymous Information necessary for proper functionality. We do not see detailed data; they are used solely to enable features. Art. 6(1)(f) GDPR
Fulfilling data protection obligations As data controller, Ms. Kinga Fiebig, Director of Academy Edu-Dutch B.V., must fulfil GDPR obligations (e.g., handling requests to access, rectify, erase, restrict processing). We process data as needed to comply and to demonstrate compliance. Art. 6(1)(c) GDPR; Art. 6(1)(f) GDPR

4. What personal data do we process?

We process personal data you voluntarily provide when:

  • enrolling in a language course,

  • using the Academie Edu-Dutch e-learning platform,

  • participating in online lessons,

  • contacting us via form or email.

Data we may process include:

  • First and last name

  • Email address

  • Telephone number

  • Residential address (for invoicing and book shipment)

  • Payment data (for accounting purposes)

  • Date of birth (required for registration and issuing certificates)

  • Audio/video recordings (e.g., language exercises)

  • Activity data on the e-learning platform (Academie Edu-Dutch)

  • IP address and browser data (cookies)

  • Order details

  • Data stored in the mailing system

  • Data related to posted comments

  • Information visible on social media profiles

  • Information contained in user-content reports

  • Information contained in correspondence

  • Anonymous Information

5. What is “Anonymous Information”?

We use tools that collect various information about user activity on our site that does not allow us to directly identify any person. We refer to this as Anonymous Information. It may include, for example:

  • operating system and browser details;

  • pages viewed;

  • time spent on the site;

  • navigation between pages;

  • link clicks;

  • mouse movements and scrolling;

  • traffic source;

  • approximate location (city-level);

  • age range and gender;

  • interests or preferences inferred from online activity;

  • session recordings;

  • heatmaps of on-site behaviour.

From our perspective, Anonymous Information is not personal data because we do not combine it with other data that could identify you. However, in line with a cautious approach consistent with CJEU case law, we include rules for processing this information in this Policy.

We cannot attribute Anonymous Information to specific individuals or provide access to it, as the tools present only aggregated statistics and datasets not tied to particular users.

Purposes of processing Anonymous Information:

  • ensuring the proper functioning of on-site features (players, forms, interactive modules);

  • analytics and statistics to optimise the site;

  • marketing activities such as ad targeting.

Anonymous Information may also be processed by tool providers under their terms and privacy policies—to provide and improve services, measure campaigns, protect against abuse, and personalise content and ads across services, sites, and apps. See Third-Party Technologies in the Annex for details.

6. Where do we obtain your personal data?

In most cases, you provide it yourself—e.g., when placing an order, enrolling in a course, submitting a complaint, withdrawing from a contract, emailing us, or using functionalities on our site and external services (such as social media). Some information may also be collected automatically by the tools used on our site (see Third-Party Technologies).

7. Is your data secure?

Yes. We assess processing risks, implement appropriate technical and organisational measures, and continuously monitor their effectiveness. We keep our technical infrastructure up-to-date, train our team, review data-protection procedures, and implement improvements to ensure the highest possible level of GDPR-compliant protection.

8. How long do we keep your personal data?

We retain personal data only as long as necessary for the stated purposes. Retention periods vary by purpose. Ending processing for one purpose does not mean automatic deletion if the data are still needed for other legitimate purposes. Data are deleted when all purposes are fulfilled or when the legal retention obligation ends.

Retention periods include:

  • Order and contract data – for the time needed to conclude and perform the contract.

  • Incomplete orders – up to 6 months from initiation.

  • Complaint and withdrawal data – for the duration of handling and archiving.

  • Newsletter data – for as long as you subscribe.

  • Correspondence data – for the duration of the contact.

  • Tax and accounting data – for the statutory period (generally 5 years from the end of the fiscal year).

  • Archived data – until the archived information is no longer useful.

  • Claims-related data – until claims expire (typically 3 years for businesses, 6 years for consumers).

  • Advertising audience data – until no longer useful or upon a valid objection.

  • Social media data – according to the platform’s privacy policy; we do not control those retention periods.

  • Analytics/statistics data – until no longer useful or upon a valid objection.

  • Own-marketing data – until no longer useful or upon a valid objection.

  • Additional feature data (players, widgets) – until no longer useful or upon a valid objection.

  • Data processed to meet data-protection obligations – until no longer necessary, upon valid objection, or upon expiry of our accountability period.

  • Data processed under the Digital Services Act (DSA) – until the limitation period for intermediary-service provider liability expires.

If we process your data based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

9. Who are the recipients of personal data?

We rely on trusted third parties to support our business, some of which involves processing your personal data. Recipients may include:

  • hosting provider (server storage);

  • mailing system provider (newsletter delivery);

  • invoicing system provider (issuing invoices);

  • cloud provider (file storage/management);

  • accounting office (bookkeeping);

  • website technical support (technical tasks on systems processing data);

  • marketing and advertising specialists;

  • other subcontractors and IT tool providers who may access data if necessary to deliver their services.

Where legal services are required, data may be shared with an attorney or legal counsel bound by professional secrecy.

We may also share data with tax authorities as necessary for tax and accounting obligations (e.g., returns, reports, invoices).

Where required by law, data may be disclosed to public authorities (e.g., courts, prosecutors, police, or other services).

Regarding Anonymous Information, access is held by the providers of the tools or plugins that collect it (e.g., Google, Meta, Bunny.net). They act as separate controllers and process data under their own privacy policies, which we do not control.

10. Do we transfer data to third countries or international organisations?

Yes. In some cases, your personal data may be transferred to third countries outside the EEA, e.g., because certain providers process data on servers in the United States. We ensure such transfers comply with the GDPR, including the use of Standard Contractual Clauses (SCCs) or other appropriate safeguards.

Currently, data may be transferred in connection with the tools below:

  • Google (USA) – Google Workspace, Google Analytics, Google Ads.

Anonymous Information collected by other tools listed in the Annex may also be transferred to third countries (in particular the USA).

11. Do we use profiling?

We do not make decisions about you based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect you.

We do use certain wools that may involve automated processing—especially data collected via cookies and tracking mechanisms—to deliver personalised marketing, e.g.:

  • showing interest-based ads (behavioural advertising);

  • reminding you about unfinished purchases;

  • suggesting products or content that may interest you.

We believe these activities do not significantly affect your rights and freedoms, do not differentiate you as a customer, do not change contractual terms, and do not restrict service access.

You can manage behavioural advertising preferences via the providers’ documentation listed later in this Policy.

12. What are your rights?

Under the GDPR, you have the following rights regarding your personal data:

  • Access – to your data and to receive a copy;

  • Rectification – to correct your data;

  • Erasure (“right to be forgotten”) – if you believe there is no basis for further processing;

  • Restriction – to limit processing to storage or agreed actions, e.g., while we verify accuracy;

  • Objection – to processing based on our legitimate interests (you must state your particular situation; we will stop unless we demonstrate compelling legitimate grounds);

  • Portability – to receive data you provided in a machine-readable format or have us transmit it to another controller;

  • Withdraw consent – at any time, where processing is based on consent (without affecting prior lawful processing);

  • Lodge a complaint – with a supervisory authority if you believe we process data unlawfully. In the Netherlands, the competent authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP), or another competent authority.

These rights are described in Articles 16–21 GDPR. Please note that they are not absolute; in some cases we may lawfully refuse if required by law. You always retain the right to lodge a complaint with a supervisory authority if you believe we are not compliant.

13. Do we use cookies—and what are they?

Yes. Our website uses cookies. Cookies are small text files stored on your device (computer, tablet, smartphone) that can be read by our IT system (first-party cookies) or by third-party systems (third-party cookies). They store certain information that can later be retrieved by these systems.

We use both session cookies (deleted when you close your browser) and persistent cookies (which remain to recognise your browser on your next visit).

14. On what basis do we use cookies?

We use cookies based on your consent, except for cookies that are strictly necessary to provide electronic services properly (e.g., enabling the course enrolment form, account login, or shopping cart).

Non-essential cookies remain blocked until you consent. On your first visit, we display a cookie banner where you can:

  • learn about the cookies we use;

  • consent to their use;

  • manage your cookie preferences.

You can change your cookie settings at any time—on our site or in your browser settings.

15. Can you disable cookies?

Yes. In your browser you can:

  • block all or selected cookies;

  • block cookies from specific sites;

  • delete previously stored cookies and other site/plugin data.

Most browsers also offer private/incognito mode, which deletes cookies when you close all windows. There are extensions (e.g., Ghostery) and some antivirus suites that help manage cookies. There are also tools for managing behavioural-advertising cookies.

On our site we provide a cookie-management mechanism that lets you:

  • choose which categories of cookies you accept;

  • block selected cookies without changing browser settings;

  • change your decision at any time.

Note: Disabling or limiting cookies may cause some features (social buttons, forms, cart, login) to be unavailable or work improperly.

16. For what purposes do we use first-party cookies?

Primarily to:

  • ensure proper functioning of site features (e.g., cart contents, forms, logins, newsletter);

  • remember your settings (e.g., cookie choices, site language);

  • improve user experience and site performance.

We do not use first-party cookies for off-site marketing or tracking.

17. Which third-party cookies are used?

Our site may use third-party cookies associated with tools that support site functionality, traffic analytics, marketing activities, or integrations (e.g., video, forms, newsletter). A detailed list is provided in the Annex.

18. Do we track on-site behaviour?

Yes. We use third-party tools to monitor and analyse on-site behaviour, including:

  • pages viewed;

  • time on site;

  • clicks;

  • mouse movements;

  • navigation paths;

  • demographic and interest data (where available).

We use this for statistics and site optimisation. Details are in the Annex.

19. Do we deliver targeted advertising?

Yes. We use advertising tools (e.g., Meta Ads, Google Ads, LinkedIn Ads, TikTok Ads) to target ads to specific audiences based on criteria such as:

  • age;

  • gender;

  • location;

  • interests;

  • occupation;

  • activity on our site (e.g., viewing a page, an unfinished order).

See the Annex for details of the tools we use.

20. How can you manage your privacy?

You have multiple options to control how your data are processed:

21. Anything else you should know?

Data protection, cookies, and privacy settings can be complex. We have aimed to make this Policy clear and complete regarding data processing on our sites and within our educational activities. If you have questions, something is unclear, or you wish to exercise your rights, please contact us at info@edu-dutch.com.

22. Can this Privacy Policy change?

Yes. We may update this Policy, especially in response to legal changes, supervisory guidance, technological developments, or new site features. If you are a registered user or newsletter subscriber, we will notify you of material changes by email. The current version is always available at www.edu-dutch.com.

Annex to the Privacy Policy

LIST OF TOOLS USING COOKIES

Below is a list of tools used on the site, including what they do and the cookies they use:

  • Google Tag Manager
    Tag management and script loading. Does not collect data by itself but loads other scripts.

  • Google Analytics
    Google’s analytics tool for tracking user activity. Uses cookies. Data provided to us are aggregated/anonymous.

  • Meta Pixel
    Enables advertising on Meta (Facebook, Instagram). Collects activity data. Data are anonymous to us, though Meta may combine them with other information.

  • Google Ads
    Uses cookies for remarketing and ad targeting across Google’s network. Data provided to us are aggregated/anonymous.

  • TikTok For Business
    Advertising tool for TikTok. Collects user activity for marketing purposes. Data provided to us are aggregated/anonymous.

  • MailerLite
    Mailing system with signup forms. Uses cookies for form operation and pop-up control. Data provided to us are aggregated/anonymous.

  • Bunny (Bunny.net)
    Embedded video players. Uses cookies for player functionality, analytics, and personalisation. The site administrator does not have access to these underlying data.

  • Hotjar
    Behaviour analytics (heatmaps, session recordings). Uses cookies. Data are pseudonymous and do not allow user identification by us.

Kinga

Language Selection

You are viewing the English version of our website.
Would you like to continue or switch to the Polish version?