We use your contact details to reply when you write to us. Technical logs keep the site safe. Optional cookies for analytics or marketing load only if you agree in the cookie banner. We keep data only as long as needed for these purposes or as law requires, and you can ask questions or exercise GDPR rights using the contacts at the end.
1. Scope, activities, and material scope
This Privacy Policy applies to processing carried out in the context of operating the public website, handling inbound inquiries, maintaining security, complying with law, and—only where you consent—running aggregated analytics or marketing measurement. It does not describe processing inside purely offline meetings unless those meetings produce records we store digitally in the same systems referenced here.
The site’s editorial focus is general lifestyle information about morning and evening routines. We do not provide telehealth, diagnosis, treatment planning, or other regulated health services through the site, and we ask you not to submit detailed health records via the public contact form. If you voluntarily include sensitive information, we will restrict access and delete it when there is no substantial reason to retain it.
Where this Policy refers to “processing,” it has the meaning given in EU Regulation 2016/679 (GDPR). Where we quote articles, they refer to the GDPR unless otherwise stated.
2. Data controller and representative information
The controller responsible for personal data is:
- Trading name: Gholrinncrphapil
- Address: Leidsestraat 74-76, 1017 GM Amsterdam, Netherlands
- Email: touch@gholrinncrphapil.world
- Phone: +31 20 422 0210
We have not appointed a statutory Data Protection Officer under Article 37 GDPR because our core processing activities do not require it as currently operated. Privacy requests, questions about lawfulness, and correspondence with data subjects are handled by a designated internal privacy contact reachable at the email address above with “GDPR request” in the subject line so we can triage quickly.
3. Categories of personal data we process
3.1 Identity and contact data
When you use the contact form, you typically supply your name, email, and free-text message. If you call, we may log your telephone number, call time, and brief notes necessary to return the call. If you write by post, we retain address information that appears on the envelope and within the letter for as long as needed to respond and comply with archiving rules where applicable.
3.2 Technical and usage data
Servers and security tools generate records that may include truncated or full IP addresses, approximate location derived at regional level, user agent strings, referring URLs, timestamps, HTTP status codes, device category, and session identifiers when strictly necessary to maintain integrity.
3.3 Preference and consent records
We store your cookie preferences locally in the browser under the label described in the Cookie Policy, and we may keep server-side logs that evidence the fact and version of disclosures you saw where required to demonstrate valid consent or legitimate interest balancing tests.
3.4 Communication content and metadata
Email headers, delivery status notifications, attachments you choose to send, and thread history become part of our correspondence file for that issue. We discourage unnecessary attachments; scan them for malware when policy requires; and delete bulky files after extraction of the relevant information when feasible.
3.5 Online advertising and conversion tags
If we run campaigns through providers such as Google Ads or similar networks, we may use conversion, remarketing, or analytics technologies that process technical identifiers (for example, cookie IDs or device signals) strictly according to your cookie choices and platform requirements. Where consent is required under the ePrivacy framework and Dutch implementation, we only activate non-essential advertising measurement after you opt in via our cookie banner or settings. Providers may act as independent controllers for some processing; refer to their privacy notices for details beyond our control.
4. Purposes, legal bases, and legitimate interests
For each purpose below we identify the Article 6 GDPR basis and, where relevant, Article 9 considerations.
- Providing the website and forms (Article 6(1)(b) and (f)): We process technical data to display pages, route requests, and deliver functional JavaScript and stylesheets. Our legitimate interest is operating a reliable informational site; insofar as necessary for pre-contractual steps at your request, Article 6(1)(b) also applies.
- Security, abuse prevention, and debugging (Article 6(1)(f)): Short-term logs help detect intrusion attempts, spam submissions, and configuration errors. We minimize fields, restrict analyst access, and separate production from test environments.
- Responding to inquiries (Article 6(1)(b) and (f)): Contact processing is necessary to take steps prior to a contract when you initiate a commercial discussion, and otherwise pursues our legitimate interest in courteous stakeholder communication, always considering your rights and reasonable expectations.
- Optional analytics cookies (Article 6(1)(a)): Where available, aggregated analytics runs only after you opt in through the cookie layer. You may withdraw consent without affecting prior processing that was lawful at the time.
- Optional marketing cookies (Article 6(1)(a)): Conversion pixels or audience measurement partners activate only with consent and can be switched off in the same modal.
- Legal obligations and claims (Article 6(1)(c) and (f)): Tax, corporate, and civil procedure rules may oblige retention or disclosure. We may also preserve records where necessary to establish, exercise, or defend legal claims.
When we rely on legitimate interests, you may object under Article 21 GDPR. We will stop processing unless we demonstrate compelling grounds overriding your interests or need the data for legal claims.
5. Sources of personal data
Data originates from you directly, from your device when our infrastructure automatically logs interactions, from third-party analytics or advertising partners only after consent, and from public registers or professional directories only if you point us to them during a conversation and we need to verify details you supplied.
6. Recipients, processors, and disclosure categories
Depending on the interaction, accessible personal data may be visible to:
- Hosting providers and content delivery networks that store or transport static assets
- Email and productivity suites we use for internal collaboration
- Customer support ticketing tools if we introduce them with notice
- Analytics or advertising vendors you explicitly enable
- Legal advisers, insurers, auditors, or accountants subject to confidentiality duties
- Competent regulators, courts, or law enforcement with lawful demands
We do not sell personal data as defined in Article 4(2) GDPR, nor do we share information for independent third-party marketing unrelated to services you requested.
7. International transfers outside the EEA
Our primary operations sit in the European Economic Area. If a subprocessor processes data in a country without an adequacy decision, we implement safeguards listed in Chapter V GDPR—typically EU Commission Standard Contractual Clauses (2021/914) with supplemental technical measures such as transport encryption and access logging, plus transfer impact assessments where appropriate.
You may request a redacted summary of the clauses we rely on for a named service category without receiving commercially confidential schedules not essential to your understanding.
8. Retention periods and review cycle
| Record type | Default retention | Deletion or anonymization |
|---|---|---|
| Website form submissions | Up to 24 months after last substantive reply | Mailbox deletion or archival box with restricted ACL |
| Security and WAF logs | 30–90 rolling days unless incident holds apply | Automated purge jobs with spot audits |
| Cookie consent evidence | 12–24 months depending on vendor | Pseudonymized where feasible |
| Accounting and tax | Up to 7 years under Dutch obligations | Secure destruction after statutory end |
We review retention categories annually and earlier if we change vendors, suffer a security incident, or materially alter site functionality.
9. Security measures
We maintain HTTPS for browser connections, patch baseline software promptly, enforce least privilege for administrative accounts, employ multi-factor authentication on critical consoles, segregate logs, and prefer European data regions when procuring SaaS. Physical access to Amsterdam premises containing archival hardware is restricted to authorized personnel.
Despite these measures, no internet transmission is perfectly secure. Report suspected misuse to us immediately using the privacy inbox so we can investigate and, where required, notify supervisory authorities within statutory windows.
10. Your rights and how to exercise them
You may have the following GDPR rights:
- Access (Article 15) including information about transfers and sources where available
- Rectification (Article 16)
- Erasure (Article 17) subject to overriding lawful grounds
- Restriction (Article 18)
- Data portability (Article 20) for data you provided processed by automated means under consent or contract
- Objection to processing based on legitimate interests (Article 21)
- Withdrawal of consent at any time (Article 7(3))
- Lodge a complaint with the Autoriteit Persoonsgegevens (AP) or another EU supervisory authority
Submit requests with enough information to confirm identity—typically your email and a description of the concern. We respond within one month, extendable by two further months when complex, and inform you of the reason for any extension under Article 12.
11. Children’s data
The site is not directed at children under 16. If we learn we collected data from a child without appropriate authority, we delete it unless a narrow legal exception applies and parents or guardians request otherwise in writing.
12. Policy updates and prior versions
We archive previous versions internally with change logs. Major revisions appear on this page with an updated effective date. Continued use after reasonable notice where consent is not the sole basis constitutes acknowledgment of practical changes that do not reduce your statutory rights.
13. Contact channels
Privacy questions, regulator correspondence, and data subject requests: touch@gholrinncrphapil.world or post to Leidsestraat 74-76, 1017 GM Amsterdam, Netherlands, attn. Privacy.