Privacy Policy
Your data. Your rules. (Also, the EU's rules.)
Last updated: December 23, 2025
1 Introduction and Scope
This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal data by PeaceWeb B.V., a company registered in the Netherlands at Saffierborch 18, 5241 LN Rosmalen, Noord-Brabant, Netherlands, registered with the Dutch Chamber of Commerce (Kamer van Koophandel) under number 88526461 ("PeaceWeb," "Provider," "we," "us," or "our").
This Privacy Policy forms an integral part of our Terms & Conditions and should be read in conjunction with that document. In the event of any conflict between this Privacy Policy and the Terms & Conditions, the Terms & Conditions shall prevail.
This Policy applies to all personal data collected from:
- β’ Clients using PeaceWeb Services
- β’ Visitors to our website
- β’ Users accessing the PeaceWeb Portal
- β’ Subscribers to marketing communications
- β’ Individuals engaging with PeaceWeb for inquiries or support
By accessing or using our services, you acknowledge and consent to the collection, processing, and storage of your personal data as set forth in this Policy, in accordance with Dutch law and the General Data Protection Regulation (GDPR).
2 Categories of Personal Data Collected
2.1 Data Provided by You
We collect personal data directly provided by you, including:
Contact Information
Name, email, phone, postal address
Business Information
Company name, KvK number, VAT ID
Account Information
Username, password, authentication credentials
Payment Information
Billing details, payment method, transaction records
2.2 Data Collected Automatically
We automatically collect certain data when you interact with our website or services:
- β’ Log Data: IP address, browser type, operating system, access timestamps
- β’ Usage Data: Pages accessed, session duration, actions performed
- β’ Cookies: Data collected via cookies (see Cookie Policy)
2.3 Data from Third-Party Sources
We may acquire personal data from publicly accessible registries (e.g., KvK) for business verification or from third-party service providers for payment processing and fraud prevention.
3 Purposes and Legal Bases for Processing
We process your personal data for the following purposes, each grounded in a legal basis under GDPR:
Service Provision
Administering and delivering services, including hosting, account management, billing, and support.
Security and Fraud Prevention
Ensuring infrastructure security by detecting and preventing fraud, unauthorized access, or abuse.
Compliance and Verification
Verifying identities and ensuring compliance with Dutch and EU laws.
Marketing and Communications
Sending updates, newsletters, or promotional content (with your explicit consent).
4 Disclosure of Personal Data
We may disclose your personal data to the following recipients:
- β’ Service Providers: Third parties providing payment processing, cloud hosting, or fraud prevention
- β’ Regulatory Authorities: Dutch or EU authorities to comply with legal obligations
- β’ Business Transfers: Successor entities in mergers, acquisitions, or asset sales
We will not sell, rent, or commercially exploit your personal data to third parties for purposes unrelated to our services.
5 Data Retention and Security
5.1 Retention Periods
We retain your personal data only for as long as necessary to achieve the purposes outlined in this Policy or to comply with Dutch legal obligations. Specific retention periods include:
Account Data
Duration of active service agreement plus 24 months after termination or closure (for dispute resolution, fraud prevention, and legal compliance)
Financial Records
7 years (as required by Dutch tax law and Article 2:10 of the Dutch Civil Code)
Technical Logs
90 days (for security monitoring, troubleshooting, and abuse prevention)
Support Tickets
3 years (for quality assurance and training purposes)
Marketing Data
Until consent is withdrawn or 2 years of inactivity
Important Distinction
Account data (name, email, billing information) is retained for 24 months after termination for business and legal purposes, while Your Content (data stored in services such as virtual instances, storage volumes, and backups) will be permanently deleted within 30 calendar days following termination in accordance with Section 14.7 of our Terms & Conditions.
These retention periods are based on our legitimate interests in handling disputes, preventing fraud, meeting legal obligations, and maintaining business records. You may request earlier deletion of your account data by contacting us at legal@peaceweb.com, subject to our legal retention obligations.
5.2 Security Measures
Personal data is stored and transmitted using encryption and industry-standard security measures. Access is restricted to authorized personnel under strict controls.
6 Your Data Protection Rights
As an individual within the EEA, you have the following rights under GDPR:
Right to Access
Request confirmation and a copy of your personal data
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data (subject to legal retention obligations)
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests or for direct marketing
To exercise these rights, submit a written request to legal@peaceweb.com. We will respond within one month.
7 Data Location and International Transfers
7.1 Data Storage Location
All personal data and Your Content is stored exclusively in datacenters located within the European Union (specifically in the Netherlands and Germany) and is not transferred outside the EU/EEA without appropriate safeguards, as specified in Section 7.3 of our Terms & Conditions.
7.2 International Data Transfers
We may transfer your personal data to countries outside the EEA only where:
Adequacy Decision
The European Commission has determined that the country ensures an adequate level of protection
Appropriate Safeguards
We have implemented appropriate safeguards, including EU Standard Contractual Clauses (SCCs)
Explicit Consent
You have provided explicit consent for the specific transfer
Contractual Necessity
The transfer is necessary for the performance of our contract with you
7.3 Data Processing Agreement
Where PeaceWeb acts as a data processor on your behalf, a separate Data Processing Agreement (DPA) is available upon request and forms part of the Agreement, as specified in Section 7.3 of our Terms & Conditions.
8 Cookies and Tracking Technologies
We use cookies and similar tracking technologies to improve your experience and analyze website usage. For detailed information about the cookies we use, their purposes, and your control options, please refer to our Cookie Banner and cookie management settings.
You can manage your cookie preferences at any time by accessing the cookie settings in the footer of our website or by configuring your browser settings.
9 Data Breach Notification and Liability Limitations
9.1 Breach Notification Obligations
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34. We will also notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
9.2 Limitation of Liability for Data Breaches
While PeaceWeb implements industry-standard security measures, PeaceWeb cannot guarantee absolute security of personal data against all possible security threats, including sophisticated cyber-attacks, zero-day vulnerabilities, or breaches caused by factors outside PeaceWeb's control.
PeaceWeb's liability for any data breach, unauthorized access, or loss of personal data is subject to and limited by the comprehensive liability limitations set forth in Section 12 (Limitation of Liability) of our Terms & Conditions, including but not limited to:
- β’ The monetary caps on liability specified in Section 12.1 and 12.2
- β’ The exclusion of indirect and consequential damages in Section 12.3
- β’ The strict notice requirements and shortened limitation periods in Section 12.4
- β’ The mandatory duty to mitigate damages in Section 12.6
Client Responsibilities: The Client acknowledges that data security is a shared responsibility. The Client is solely responsible for: (a) implementing appropriate security measures at the application level; (b) maintaining secure account credentials; (c) configuring proper access controls; (d) maintaining independent backups of all critical data; and (e) promptly reporting any suspected security incidents.
Exclusions: PeaceWeb shall have no liability for data breaches, unauthorized access, or data loss caused by: (i) the Client's failure to implement adequate security measures; (ii) compromise of the Client's account credentials; (iii) actions of the Client's employees, contractors, or end-users; (iv) third-party attacks or breaches beyond PeaceWeb's control; (v) the Client's failure to apply security updates or follow security recommendations; or (vi) any force majeure events.
10 Amendments to this Policy
We reserve the right to amend this Policy at any time. We will provide at least 30 calendar days' notice of material changes via email to your registered account email address or through your account dashboard. Continued use of services after changes take effect constitutes acceptance of the updated Policy.
This approach is consistent with Section 16 (Changes to These Terms) of our Terms & Conditions.
11 Supervisory Authority
You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately:
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30, 2594 AV Den Haag, Netherlands
Website: autoriteitpersoonsgegevens.nl
12 Limitation of Liability and Disclaimers
Comprehensive Liability Limitations: All limitations of liability, exclusions of damages, indemnification obligations, and other protective provisions set forth in our Terms & Conditions apply in full to any claims arising out of or related to this Privacy Policy, including but not limited to claims for:
- β’ Data breaches, unauthorized access, or loss of personal data
- β’ Violations of GDPR or other data protection laws
- β’ Improper processing, disclosure, or retention of personal data
- β’ Failure to comply with data subject rights requests
- β’ Any other privacy-related claims or damages
Disclaimer of Warranties: To the maximum extent permitted by law, PeaceWeb makes no warranties or representations regarding: (a) the absolute security of personal data; (b) the prevention of all unauthorized access or data breaches; (c) the accuracy or completeness of personal data; or (d) compliance with all data protection laws in all jurisdictions.
Monetary Caps Apply: Any liability arising from privacy or data protection matters is subject to the same monetary caps, time limitations, and procedural requirements as specified in the Terms & Conditions, including the lifetime absolute cap of β¬10,000 and the requirement to submit claims within 14 days.
13 Contact Information
For inquiries, complaints, or to exercise your data protection rights, contact:
PeaceWeb B.V.
Saffierborch 18
5241 LN Rosmalen
Noord-Brabant, Netherlands
Email: legal@peaceweb.com
Chamber of Commerce (KVK): 88526461
VAT Number (BTW): NL864668788B01
By using PeaceWeb services, you acknowledge that you have read and understood this Privacy Policy, consent to the processing of your personal data as described herein, and agree to the liability limitations and disclaimers set forth in this Policy and the Terms & Conditions.