Privacy Policy

Last Updated: 20.02.2026

Who this policy is for
This Privacy Policy explains how personal data is processed when you visit Annette’s personal website (the “Website”), read content, subscribe to updates, or contact us. We process personal data in line with the GDPR and Dutch privacy law (AVG).

Controller (who is responsible for your data)
The data controller is the party that determines why and how your personal data is processed.

Controller: Rhizome Connects B.V.
Address: Berkenlaan 1, 2243HX  Wassenaar
Chamber of Commerce (KvK): 92090559
VAT: NL827555209B01
Email: annette@henegouwen.com
Phone: +31 653948871

If the Website is operated on Annette’s behalf by a service provider or agency, list them as a processor (see section 7), not as the controller, unless they are the legal operator.

What personal data we collect
Depending on how you use the Website, we may process:
a) Contact data: name, email address, phone number (if provided), and the content of your message.
b) Newsletter/subscription data: email address and subscription preferences.
c) Technical and usage data: IP address, device information, browser type, referring page, pages visited, date/time stamps, and similar diagnostic data.
d) Cookie data: information collected via cookies or similar technologies (see section 9).

You are not required to provide personal data, but some features (like subscribing or contacting us) won’t work without it.

How we collect data
We collect data when you:
a) subscribe to a newsletter or updates,
b) submit a form (contact, application, inquiry),
c) email or call us,
d) use the Website (cookies and server logs).

Why we use your data and legal bases
We process personal data only when we have a lawful basis. Typical purposes and legal bases are:

a) Responding to inquiries (contact requests)
Purpose: replying to messages and handling requests.
Legal basis: legitimate interest (GDPR Art. 6(1)(f)) or pre-contractual steps (Art. 6(1)(b)) when relevant.

b) Sending newsletters or updates
Purpose: sending content, updates, and announcements you requested.
Legal basis: consent (Art. 6(1)(a)). You can withdraw consent at any time via the unsubscribe link or by contacting us.

c) Website analytics and improvements
Purpose: understanding how the Website is used, improving performance and content.
Legal basis: consent for non-essential cookies (Art. 6(1)(a)) and/or legitimate interest where permitted and configured accordingly (Art. 6(1)(f)), depending on the tool and settings.

d) Security and fraud prevention
Purpose: protecting the Website, preventing abuse, maintaining system security.
Legal basis: legitimate interest (Art. 6(1)(f)).

e) Legal and administrative obligations
Purpose: compliance with legal requirements (e.g., tax or accounting obligations if applicable).
Legal basis: legal obligation (Art. 6(1)(c)).

How long we keep your data (retention)
We keep personal data no longer than necessary for the purpose it was collected for:
a) Newsletter data: until you unsubscribe (and a short period afterward to document compliance).
b) Contact requests: typically up to 12 months after the last interaction, unless a longer period is needed (e.g., for a contractual matter).
c) Analytics/cookie data: according to the retention settings of the analytics tool and your cookie choices (typically 14–26 months; configure to your chosen standard).
d) Legal records: as required by applicable Dutch law.

Sharing data with third parties
We do not sell your personal data.

We may share data with trusted service providers who help operate the Website, such as:
a) website hosting and infrastructure providers,
b) newsletter/email distribution providers,
c) analytics providers,
d) security and spam-prevention services.

These providers act as “processors” and may process data only on documented instructions, under a data processing agreement where required.

We may also disclose data if required by law, regulation, or a binding request from a competent authority.

International data transfers
We aim to process data within the European Economic Area (EEA). If a provider processes data outside the EEA, we ensure appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs) and supplementary measures where necessary.

Cookies and similar technologies
We use cookies and similar technologies to make the Website work, measure usage, and (only if you choose) support marketing activities.

a) Types of cookies
Essential cookies: required for core functionality and security. These cannot be switched off via the banner (but can often be blocked in your browser, which may break the site).
Analytics cookies: help us understand usage and improve the Website.
Marketing cookies (if used): help measure campaigns and show relevant content/ads.

b) Consent and cookie banner
Non-essential cookies are placed only after you give consent through the cookie banner. You can change your preferences at any time via the cookie settings link (if implemented) or by clearing cookies in your browser.

c) Managing cookies in your browser
You can block or delete cookies using your browser settings. The Website may not function properly without certain cookies.

Security
We take appropriate technical and organizational measures to protect personal data. This may include access controls, encryption in transit where applicable (TLS/HTTPS), least-privilege access, and the use of reputable service providers. No system is 100% secure, but we work to prevent unauthorized access, alteration, or disclosure.

Your GDPR rights
You have the right to:
a) access your data,
b) rectify incorrect data,
c) delete your data (in certain cases),
d) restrict processing (in certain cases),
e) object to processing based on legitimate interest,
f) data portability (when processing is based on consent or contract and carried out by automated means),
g) withdraw consent at any time (without affecting prior lawful processing).

How to exercise your rights:
Email us at [insert email] with the subject “GDPR Data Request”. We may ask for information to verify your identity. We aim to respond within one month.

Children
The Website is not intended for children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can delete it.

Complaints
If you have concerns, please contact us first so we can try to resolve them. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Changes to this policy
We may update this Privacy Policy to reflect changes in the Website, tools, or legal requirements. The “Last Updated” date will be revised and the latest version will be posted on this page.