Privacy and Cookie Policy

The Appeal Company B.V. Fred. Roeskestraat 115 1076 EE Amsterdam Netherlands KVK: 54053315 Questions or requests about privacy? Email welcome@br-ndpeople.com.

- We never sell personal data. - We only process what we need. - We only share data with parties that help deliver our website and services, or when we are legally required to do so. - We take security seriously, but no online service is 100% secure.

Below is what data we may process when you use our website or contact us. A. Contact and inquiry data (if you fill it in) Examples: name, email address, phone number, company name, and the content of your message. - *Purpose:* to contact you, answer questions, prepare quotes and appointments. - *Why are we allowed to do this?* Usually because you contact us and we want to help you. Sometimes it's necessary to make appointments or provide a service. B. Communication Examples: emails, conversation notes, and follow-up correspondence. - *Purpose:* handle your question, record appointments, improve quality. - *Why are we allowed to do this?* Because we want to handle your question properly and keep track of appointments. C. Website usage and statistics (analytics) Examples: pages visited, session duration, technical characteristics (device, browser), rough location data. - *Purpose:* gain insight into site usage and make improvements. - *When do we do this?* Only if you give consent via the cookie banner. - *Tooling:* we use Google Analytics 4 (GA4). We only measure in the way you have given consent for. D. Security and abuse prevention Examples: server logs, IP address (in log files), error messages. - *Purpose:* secure the website, resolve issues, prevent abuse. - *Why are we allowed to do this?* Because we want to keep the website secure and resolve problems.

We only share personal data with: - processors that are necessary to run and improve the website and our services (for example hosting, email, analytics, forms); - professional advisors (such as accountants or lawyers) if necessary; - government agencies if we are legally required to do so. We make agreements (processor agreements) with processors to protect your data. - Our suppliers (processors) We work with the following parties to run our website and communication: - Hosting: BIT (NL) and Vercel (deployment/hosting). - Email / newsletters: Flodesk. - Analytics: Google Analytics. - Embedded content: YouTube and Vimeo. Note: embedded videos may place cookies or similar technologies (for example to play the video, remember preferences, or measure statistics). Where this is non-essential, we ask for consent via the cookie banner. - Webfonts: self-hosted (we don't load fonts via Google servers). Links to the privacy information of these parties will be added to the website or upon request.

Some parties we work with may process data outside Europe (for example in the United States). This may apply to: - Google (Analytics), - Vercel, - Flodesk, - YouTube and Vimeo. If this happens, we ensure this is done according to the rules and we make agreements about this with those parties.

We do not retain personal data longer than necessary for the purposes in this policy, unless we are legally required to retain data longer. As a guideline, we use: - Contact requests and quotes: maximum 24 months after the last contact moment. - Email correspondence: maximum 24 months after the last contact moment, unless longer retention is necessary (for example for appointments, ongoing assignments, or legal obligations). - Server logs (security): as short as possible and in principle maximum 90 days, unless incident investigation requires a longer retention period.

Cookies are small text files that are stored on your device. Similar techniques (such as local storage) can do the same. 7.1 Types of cookies We may use the following categories: - Functional cookies (essential): necessary for the website to work properly. - Preference cookies: remember your settings. - Statistics cookies (analytics): help us understand how the site is used. We do not use third-party marketing cookies for targeted advertising, unless we explicitly mention this and ask for consent. 7.2 Consent and settings For non-essential cookies, we ask for consent via the cookie banner. - Currently, the cookie banner runs via Squarespace. - On the new website ("vibe coding"), we ensure the cookie banner does the same: clearly ask for consent, save choices, and always make them adjustable. You can always adjust your preferences later via the cookie settings on the website (via the link "change cookie settings").

You may always ask what we have about you and what we do with it. You can also request: - access, - correction, - deletion, - objection, - withdrawal of your consent (for example for analytics cookies), - to take your data to another party. Send your request to welcome@br-ndpeople.com. Sometimes we ask for additional information to verify that it's really you. Complaint Can't work it out with us? Then you can file a complaint with the Dutch Data Protection Authority: autoriteitpersoonsgegevens.nl.

We take appropriate technical and organizational measures to secure personal data. We limit access to data and work with parties that have appropriate security measures.

We may adjust this privacy and cookie policy. The most recent version is always on our website.