Skip to main content

Privacy Policy

The Consent Studio privacy policy

Thierry Maasdam avatar
Written by Thierry Maasdam
Updated over 2 months ago

Privacy Policy

1. Introduction

Welcome to Consent Studio, a product of Vallonic B.V. This Privacy Policy outlines how we collect, use, share, and protect your personal data when you use our services.

2. Data Collection

Types of Data Collected: We collect the following personal data from our customers:

  • Name

  • Email address

  • Company information

Methods of Data Collection: This information is collected through account registration and during payment processing.

3. Data Usage

We use your personal data for the following purposes:

  • To deliver and maintain our services

  • To process payments

  • To send invoices

  • To provide customer support and communicate service-related updates

4. Legal Bases for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contractual necessity – to provide our services, process payments, and send invoices.

  • Legal obligation – to comply with tax and financial regulations.

  • Legitimate interests – to improve our services, prevent fraud or abuse, and support customer service.

  • Consent – for sending promotional emails and using analytics tools where applicable. You may withdraw your consent at any time.

5. Data Sharing

We share your data with trusted third parties as necessary to operate our services effectively. These include:

  • Stripe, Inc. – Used for processing online payments. The data shared is limited to contractual information, such as company details and payment information.

  • Scaleway – Our hosting provider, which stores the application database, consent logs, and handles CDN and security infrastructure.

  • Intercom – Used for customer service, in-app messaging, and email communications. Shared data may include your name, email address, and company information.

    • Through Intercom, we may send service notifications and product updates essential to service delivery. These cannot be unsubscribed from while you are an active customer.

    • You can unsubscribe from promotional emails at any time via the link in those emails.

All third parties are contractually obligated to process your data only as necessary and in accordance with GDPR standards.

6. International Data Transfers

Some of our service providers (e.g., Stripe, Intercom) are located outside the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure an adequate level of protection for your data.

7. Data Protection

We implement the following measures to protect your personal data:

  • Collecting only the minimum necessary personal details

  • Using secure software, encrypted connections, and protected servers

  • Partnering with third parties that meet high standards of security and compliance

8. Data Retention

We retain different categories of data for different periods, depending on their purpose and applicable legal obligations:

  • Account Data (such as name, email address, company information, and billing records): Due to tax regulations, Account Data will be retained for up to five full fiscal years after the cancellation of your Consent Studio account.

  • Configuration Data (such as your service settings and preferences) and System Generated Data (such as logs and metadata related to account activity): These types of data are erased immediately upon cancellationof your Consent Studio account.

  • End User Data (e.g., data collected through the use of our consent management features, such as user consents and preferences): End User Data is erased on an ongoing basis after 12 months from the date of registration and is deleted immediately if your Consent Studio account is cancelled.

We only retain personal data for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, including for compliance with legal, regulatory, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymized.

9. Your Rights Under GDPR

You have the following rights under the General Data Protection Regulation (GDPR):

  • Right to access – Request a copy of your personal data.

  • Right to rectification – Request correction of inaccurate or incomplete data.

  • Right to erasure – Request deletion of your data in certain circumstances.

  • Right to restrict processing – Request that we limit how your data is used.

  • Right to data portability – Request a copy of your data in a structured, machine-readable format.

  • Right to object – Object to processing based on legitimate interest or for direct marketing.

  • Right to withdraw consent – Withdraw consent where processing is based on it.

To exercise any of these rights, contact us at support@consent.studio.

If you believe your rights under data protection law have been violated, you have the right to file a complaint with your local Data Protection Authority. In the Netherlands, this is the Autoriteit Persoonsgegevens(https://autoriteitpersoonsgegevens.nl/).

10. Cookies and Tracking Technologies

We use cookies and similar technologies for functionality, analytics, and improvement of our services. We use tools such as Google Analytics to collect anonymized usage data.

Non-essential cookies (e.g., analytics) are only activated with your prior consent. You can manage your preferences through our cookie banner or settings.

A detailed overview of the cookies we use and their purposes is available on our Cookie Overview Page.

11. Third-Party Links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. Therefore, we have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these websites.

12. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from anyone under 13. If you are under the age limit, please do not use our services or provide any personal information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@consent.studio to exercise your rights of access, correction, deletion, or objection.

If you are a California resident under the age of 18 and wish to request removal of publicly available content, please contact us at support@consent.studio.

13. Communication Preferences

As part of your use of our services, you may receive essential service updates and product-related messages through Intercom. These communications are considered necessary for delivering our services and cannot be unsubscribed from while you are an active customer.

You may, however, unsubscribe from promotional emails at any time using the unsubscribe link in those communications or by contacting us.

14. Contact Information

If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at: Email: support@consent.studio

15. Log Files and Security Monitoring

To maintain the security, stability, and performance of our services, we automatically collect and store technical data in log files. This may include:

  • IP address

  • Browser type and version

  • Device and operating system information

  • Referring URLs

  • Pages visited and time spent

  • Date and time of access

  • Error messages or crash logs

This data is used to:

  • Detect and prevent fraud, abuse, and DDoS attacks

  • Implement rate-limiting and other security measures

  • Monitor system health and performance

  • Diagnose and resolve technical issues

This processing is based on our legitimate interest in ensuring the secure and reliable operation of our services (GDPR Article 6(1)(f)). Log data is stored securely and only accessible to authorized personnel, and retained only as long as necessary for these purposes.

16. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to:

  • Know the categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell personal data).

  • Request access to your personal information and how it has been used or shared.

  • Request deletion of your personal information, subject to certain exceptions.

  • Opt-out of the sale or sharing of personal information (Note: We do not sell personal information).

  • Correct inaccurate personal information.

  • Limit the use and disclosure of sensitive personal information, if applicable.

To exercise any of these rights, please contact us at support@consent.studiowith the subject line “CCPA Request”. We will verify your identity and respond within the timeframes required by law.

We do not sell or share your personal information for cross-context behavioral advertising. We also do not discriminate against users for exercising their privacy rights.

For more information about your rights as a California resident, please visit the official website of the California Privacy Protection Agency (CPPA).

Related Articles
How to install Consent Studio on your website without GTM or gtag.js
Enable or disable sources based on granted consent
Shopify Customer Privacy API x Consent Studio CMP
How to place the Consent Studio cookie declaration on your website
Consent Studio Essential
Did this answer your question?