Privacy Policy
1. Introduction
Welcome to Consent Studio, a product of Vallonic B.V. This Privacy Policy outlines how we collect, use, share, and protect your personal data when you use our services.
2. Data Collection
Types of Data Collected: We collect the following personal data from our customers:
Name
Email address
Company information
Methods of Data Collection: This information is collected through account registration and during payment processing.
3. Data Usage
We use your personal data for the following purposes:
To deliver and maintain our services
To process payments
To send invoices
To provide customer support and communicate service-related updates
4. Legal Bases for Processing
We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):
Contractual necessity – to provide our services, process payments, and send invoices.
Legal obligation – to comply with tax and financial regulations.
Legitimate interests – to improve our services, prevent fraud or abuse, and support customer service.
Consent – for sending promotional emails and using analytics tools where applicable. You may withdraw your consent at any time.
5. Data Sharing
We share your data with trusted third parties as necessary to operate our services effectively. These include:
Stripe, Inc. – Used for processing online payments. The data shared is limited to contractual information, such as company details and payment information.
Scaleway – Our hosting provider, which stores the application database, consent logs, and handles CDN and security infrastructure.
Intercom – Used for customer service, in-app messaging, and email communications. Shared data may include your name, email address, and company information.
Through Intercom, we may send service notifications and product updates essential to service delivery. These cannot be unsubscribed from while you are an active customer.
You can unsubscribe from promotional emails at any time via the link in those emails.
All third parties are contractually obligated to process your data only as necessary and in accordance with GDPR standards.
6. International Data Transfers
Some of our service providers (e.g., Stripe, Intercom) are located outside the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure an adequate level of protection for your data.
7. Data Protection
We implement the following measures to protect your personal data:
Collecting only the minimum necessary personal details
Using secure software, encrypted connections, and protected servers
Partnering with third parties that meet high standards of security and compliance
8. Data Retention
We retain different categories of data for different periods, depending on their purpose and applicable legal obligations:
Account Data (such as name, email address, company information, and billing records): Due to tax regulations, Account Data will be retained for up to five full fiscal years after the cancellation of your Consent Studio account.
Configuration Data (such as your service settings and preferences) and System Generated Data (such as logs and metadata related to account activity): These types of data are erased immediately upon cancellationof your Consent Studio account.
End User Data (e.g., data collected through the use of our consent management features, such as user consents and preferences): End User Data is erased on an ongoing basis after 12 months from the date of registration and is deleted immediately if your Consent Studio account is cancelled.
We only retain personal data for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, including for compliance with legal, regulatory, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymized.
9. Your Rights Under GDPR
You have the following rights under the General Data Protection Regulation (GDPR):
Right to access – Request a copy of your personal data.
Right to rectification – Request correction of inaccurate or incomplete data.
Right to erasure – Request deletion of your data in certain circumstances.
Right to restrict processing – Request that we limit how your data is used.
Right to data portability – Request a copy of your data in a structured, machine-readable format.
Right to object – Object to processing based on legitimate interest or for direct marketing.
Right to withdraw consent – Withdraw consent where processing is based on it.
To exercise any of these rights, contact us at support@consent.studio.
If you believe your rights under data protection law have been violated, you have the right to file a complaint with your local Data Protection Authority. In the Netherlands, this is the Autoriteit Persoonsgegevens(https://autoriteitpersoonsgegevens.nl/).
10. Cookies and Tracking Technologies
We use cookies and similar technologies for functionality, analytics, and improvement of our services. We use tools such as Google Analytics to collect anonymized usage data.
Non-essential cookies (e.g., analytics) are only activated with your prior consent. You can manage your preferences through our cookie banner or settings.
A detailed overview of the cookies we use and their purposes is available on our Cookie Overview Page.
11. Third-Party Links
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. Therefore, we have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these websites.
12. Children's Privacy
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from anyone under 13. If you are under the age limit, please do not use our services or provide any personal information.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@consent.studio to exercise your rights of access, correction, deletion, or objection.
If you are a California resident under the age of 18 and wish to request removal of publicly available content, please contact us at support@consent.studio.
13. Communication Preferences
As part of your use of our services, you may receive essential service updates and product-related messages through Intercom. These communications are considered necessary for delivering our services and cannot be unsubscribed from while you are an active customer.
You may, however, unsubscribe from promotional emails at any time using the unsubscribe link in those communications or by contacting us.
14. Contact Information
If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at: Email: support@consent.studio
15. Log Files and Security Monitoring
To maintain the security, stability, and performance of our services, we automatically collect and store technical data in log files. This may include:
IP address
Browser type and version
Device and operating system information
Referring URLs
Pages visited and time spent
Date and time of access
Error messages or crash logs
This data is used to:
Detect and prevent fraud, abuse, and DDoS attacks
Implement rate-limiting and other security measures
Monitor system health and performance
Diagnose and resolve technical issues
This processing is based on our legitimate interest in ensuring the secure and reliable operation of our services (GDPR Article 6(1)(f)). Log data is stored securely and only accessible to authorized personnel, and retained only as long as necessary for these purposes.
16. California Privacy Rights (CCPA/CPRA)
If you are a resident of California, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to:
Know the categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell personal data).
Request access to your personal information and how it has been used or shared.
Request deletion of your personal information, subject to certain exceptions.
Opt-out of the sale or sharing of personal information (Note: We do not sell personal information).
Correct inaccurate personal information.
Limit the use and disclosure of sensitive personal information, if applicable.
To exercise any of these rights, please contact us at support@consent.studiowith the subject line “CCPA Request”. We will verify your identity and respond within the timeframes required by law.
We do not sell or share your personal information for cross-context behavioral advertising. We also do not discriminate against users for exercising their privacy rights.
For more information about your rights as a California resident, please visit the official website of the California Privacy Protection Agency (CPPA).