Skip to main content

Legal

Privacy Policy

Last Updated: March 18, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how PSF B.V. (“PSF”, “we”, “us”) collects, uses, and protects your personal data when you visit this website and when you contact us about our online education programs, workshops, webinars, and downloadable learning resources. Our content and services are provided for educational and informational purposes.

Data Controller: PSF B.V., Löblaan 99, 5056 NR Berkel-Enschot, Netherlands. You can contact us about privacy matters at [email protected].

We do not appoint a Data Protection Officer (DPO) because we do not conduct large-scale processing of special categories of personal data. If this changes, we will update this Privacy Policy accordingly.

Effective Date: March 18, 2026.

2. Personal Data We Collect

The personal data we collect depends on how you use the website. We only collect what is reasonably necessary to provide the website, respond to inquiries, and support registration for education programs.

  • Identity and contact details: name, email address, phone number, and any details you choose to share about your learning interests.
  • Form content: messages, selected program, preferred workshop topic (optional), and other details included in a registration or contact submission.
  • Technical data: IP address, browser type and version, device type, operating system, language preferences, and approximate location derived from IP.
  • Usage data: pages viewed, time spent on pages, referring page, and interactions such as link clicks or form-start events (when analytics consent is provided).
  • Cookies and identifiers: first- and third-party cookies and similar identifiers described in Section 4 and in our Cookie Policy.
  • Conversion events: signals that help measure whether a page view or form submission occurred (when marketing consent is provided).

We do not intentionally collect special-category data (such as health information, religious or political beliefs), financial account details, or government identification numbers through this website. Please do not submit such data in the message fields.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

PSF B.V. processes personal data under the General Data Protection Regulation (GDPR) and applicable Dutch privacy law. We use the following legal bases depending on the purpose:

Contact and registration submissions

  • Purpose: respond to inquiries, confirm program selection, coordinate enrollment steps, and provide learner support information.
  • Legal basis: Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent) where required for specific communications.

Analytics (measurement and improvement)

  • Purpose: understand how visitors use the site, improve navigation, and evaluate which pages and resources are helpful.
  • Legal basis: Art. 6(1)(a) (consent).

Marketing and advertising measurement

  • Purpose: measure advertising performance, attribute conversions, and show relevant messages (for example, remarketing) where permitted.
  • Legal basis: Art. 6(1)(a) (consent).

Security and fraud prevention

  • Purpose: protect the website, prevent abuse, troubleshoot reliability issues, and maintain service continuity.
  • Legal basis: Art. 6(1)(f) (legitimate interests), balanced against user rights and expectations.

Legal compliance

  • Purpose: comply with applicable laws, respond to lawful requests, and maintain records where required.
  • Legal basis: Art. 6(1)(c) (legal obligation).

Automated Decision-Making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

This website uses cookies and similar technologies. Some are essential for basic site operation, while others are used only if you consent. For a fuller overview, see our Cookie Policy.

Essential (always active)

Essential cookies support site functionality, session continuity, and consent storage. Examples include _site_session and cookie_consent. Retention ranges from session-only to 12 months, depending on the cookie’s purpose.

Analytics (requires consent)

With your consent, we may use Google Analytics 4 (GA4) to measure usage patterns. Where configured, IP is anonymized. Example cookies include _ga and _ga_XXXXXXXXXX. Analytics data retention is typically 14 months.

Marketing (requires consent)

With your consent, we may use marketing and conversion measurement tools such as Google Ads and Meta technologies. Example cookies include _gcl_au, _fbp, and _fbc. These are used for remarketing, audience measurement, and conversion attribution.

Beyond cookies

Some measurement is performed using pixel tags or similar scripts, and may also be implemented via server-side setups (for example, Meta Conversion API or server-side tag management) where identifiers are minimized and may be hashed. Device and browser characteristics (such as IP address and User-Agent) may be used to support security, debugging, and attribution, depending on consent and configuration.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Consent is recorded in the cookie_consent cookie (12 months).

You may withdraw consent at any time via the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

6. Sharing With Advertising & Service Partners

We use service providers to operate and improve the website and to support analytics and marketing (when you consent). These partners may process data as independent controllers or processors depending on the service and configuration.

  • Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie identifiers, usage data, and conversions. policies.google.com/privacy
  • Meta Platforms (Pixel, custom/lookalike audiences, Conversion API): page views, conversions, audience membership, and hashed identifiers where configured. facebook.com/privacy/policy
  • Cloudflare (CDN and security): IP-based threat detection and performance delivery. cloudflare.com/privacypolicy

We do not sell personal data. These providers may not use site data for their own independent commercial purposes.

7. International Transfers

Some of our partners may process data outside the European Economic Area (EEA) and the United Kingdom, including in the United States. Where international transfers occur, we rely on appropriate safeguards such as:

  • EU–US Data Privacy Framework (DPF) where applicable (primary safeguard since July 2023)
  • UK Extension to the EU–US DPF where applicable
  • Swiss–US DPF where applicable
  • Standard Contractual Clauses (EU 2021/914) as a fallback
  • UK International Data Transfer Addendum / IDTA as a fallback

We also apply practical measures such as limiting data shared, using consent controls, and deleting cookies where consent is not provided.

8. Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer period is required by law. Typical retention periods are:

  • Contact and registration submissions: up to 2 years from the last interaction.
  • Analytics data: 14 months (where enabled with consent).
  • Marketing cookies: per cookie lifetime (for example, 90 days) where enabled with consent.
  • Email correspondence: duration of the relationship plus 1 year.
  • Server logs: up to 90 days (security and troubleshooting).
  • Cookie consent record: up to 3 years for audit and compliance.
  • Legal and tax records: as required by applicable law (commonly 6–10 years for certain records, where relevant).

9. Your Rights (GDPR & UK GDPR)

If you are located in the EEA or UK, you may have the following rights: Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Data Portability (Art. 20), Objection (Art. 21), and the right to withdraw consent (Art. 7(3)). You also have the right to lodge a complaint (Art. 77).

To exercise your rights, email [email protected]. We aim to respond within 30 days. For complex requests, this may be extended by up to 60 additional days, with notice.

Supervisory authority information:

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT-related handling. You can control cookie behavior through our cookie preferences panel and your browser settings.

12. Data Deletion Requests

To request deletion of personal data associated with a contact or registration submission, email us with the subject line “Data Deletion Request” at [email protected].

We may need to verify identity before acting on a deletion request. We aim to complete requests within 30 days, unless we must retain certain data to comply with a legal obligation or to establish, exercise, or defend legal claims.

13. Business Transfers

In a merger, acquisition, asset sale, financing, restructuring, or insolvency, personal data may be transferred to a successor entity. If a transfer materially changes how data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

If you are a California resident, the CCPA/CPRA may provide additional rights regarding personal information. In the past 12 months, we may have disclosed the following categories of personal information to service providers and advertising partners (where consent is provided for analytics/marketing):

  • Identifiers (such as name, email, IP address, cookie identifiers) for site operations, analytics, and advertising measurement.
  • Internet or network activity (such as pages viewed and interactions) for analytics and advertising measurement.
  • Inferences (such as interests derived from browsing behavior) for advertising measurement and audience configuration.

We do not sell personal information as defined by CCPA. We do share personal information for cross-context behavioral advertising when marketing cookies are enabled; California residents may opt out through our cookie preferences panel.

Requests may be submitted by emailing [email protected] with the subject “California Privacy Request”. We will verify your request. Authorized agents must provide proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. To appeal a refusal, email with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service providers. Material changes will be announced on the website at least 14 days before they take effect. The “Last Updated” date at the top indicates when this policy was last revised.

18. Contact

For privacy questions or requests, contact: