Privacy Policy

Introduction

2552.nl (“we”, “us”, “our”) is a custom software development company registered in the Netherlands. We are committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains what data we collect, why we collect it, and how we use it when you visit our website at https://2552.nl or engage our services.

Data Controller

2552.nl is the data controller responsible for your personal data. If you have questions about this policy or your data, you can reach us via our contact page.

What Data We Collect

Information you provide directly

  • Contact form submissions: name, email address, subject, and message content.
  • Chat widget messages: name, email address, and message content.
  • Account registration: username, email address, and password (for shop accounts).
  • Orders and purchases: billing name, address, email, phone number, and payment details processed by third-party payment providers.

Information collected automatically

  • Server logs: IP address, browser type, operating system, referring URL, pages visited, and timestamps.
  • Cookies: functional cookies required for site operation (session management, cart functionality). See our Cookie Policy for details.

We do not use analytics tracking, advertising cookies, or third-party tracking scripts.

Why We Collect Your Data

We process your personal data for the following purposes:

  • To respond to your inquiries — when you contact us via the contact form or chat widget.
  • To fulfill orders — processing purchases made through our shop.
  • To provide and improve our services — ensuring our website functions correctly and securely.
  • To comply with legal obligations — tax records, fraud prevention, and regulatory requirements.

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

  • Contractual necessity — to fulfill orders and provide requested services.
  • Legitimate interest — to operate and secure our website, respond to inquiries, and improve our services.
  • Legal obligation — to comply with Dutch and EU tax and business regulations.
  • Consent — where you voluntarily submit information through our contact form or chat widget.

How We Handle Your Data

  • Contact form and chat messages are delivered to our internal team communication platform, hosted on our own infrastructure.
  • We do not sell, rent, or share your personal data with third parties for marketing purposes.
  • Payment processing is handled by third-party payment providers who operate under their own privacy policies.
  • We do not transfer your data outside the European Economic Area (EEA).

Data Retention

  • Contact and chat messages: retained for up to 12 months, then deleted.
  • Order data: retained for 7 years to comply with Dutch tax obligations.
  • Server logs: retained for up to 90 days for security purposes.
  • Account data: retained until you request deletion of your account.

Your Rights

Under the GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Restriction — request that we limit how we use your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, please contact us via our contact page. We will respond within 30 days.

Security

We take the security of your data seriously. Our website is served over HTTPS with TLS encryption. Our infrastructure is self-hosted and maintained by our engineering team. We implement access controls, regular updates, and monitoring to protect against unauthorized access.

Third-Party Services

Our website uses the following external services:

  • Google Fonts — for typography. Google may collect your IP address when fonts are loaded. See Google Privacy Policy.
  • Let’s Encrypt — for SSL/TLS certificates. No personal data is shared.

Children’s Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us via our contact page.

Effective date: April 12, 2026