Privacy Policy

1. Who We Are (Data Controller)

The data controller responsible for processing your personal data is:

2. What Data We Collect

We collect personal data in the following situations:

Contact form submissions

When you fill out our contact form, we collect:

• First and last name
• Business name
• Email address
• Phone number (optional)
• Current website URL (optional)
• Package interest (optional)
• Message content

Website usage data

When you visit our website, the following data may be collected automatically:

• IP address (anonymized where possible)
• Browser type and version
• Device type and operating system
• Pages visited and time spent
• Referral source (how you found us)
• Session recordings and heatmaps (only with your consent — see Section 5)

Client and billing data

When you become a client, we additionally collect:

• Billing name and address
• Payment records (we do not store payment card data)
• Project-related communications (email)
• Content and assets you supply for your website

3. How We Use Your Data and Legal Bases

Under GDPR, every processing activity requires a legal basis. The table below explains our purposes and the legal basis for each.

We will never sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Retention Periods

• Inquiries that did not result in a project: deleted after 1 year from last contact.
• Client project files and communications: retained for 2 years after project completion.
• Financial and billing records: retained for 7 years in accordance with Dutch tax law (Wet op de Rijksbelastingen).
• Analytics data (GA4): retained for 14 months within Google Analytics, after which it is automatically deleted.
• Clarity session recordings: retained for 30 days within Microsoft Clarity.
• Cookie consent records: stored in your browser's localStorage for 13 months, then expired automatically.

5. Cookies and Tracking Technologies

We use a cookie consent banner that gives you control over which cookies are set. You can change your preferences at any time via the "Cookie Settings" link in the footer.

Essential cookies (always active)

• Cloudflare Turnstile — bot protection for our contact form. No personal data is stored beyond what is needed for security verification. Cloudflare Privacy Policy
• Cookie consent preference — stores your cookie choice in localStorage (key: valara-cookie-consent). Not transmitted to any server.

Analytics cookies (only with consent)

• Google Analytics 4 (Measurement ID: G-30HYZ1HFT2) — collects anonymized usage statistics including pages visited, session duration, and traffic source. We have enabled IP anonymization. Data is processed by Google LLC and stored on servers in the United States under Standard Contractual Clauses. Google Privacy Policy
• Microsoft Clarity — records anonymized session replays and generates heatmaps to help us understand how visitors use our site. Clarity does not collect payment information or passwords. Data is processed by Microsoft Corporation (US) under Standard Contractual Clauses. Microsoft Privacy Statement

Marketing cookies (only with consent)

• Google Ads — if enabled, used for conversion tracking and remarketing. Not active unless you have accepted marketing cookies.

We use Google Consent Mode V2, which means all analytics and advertising tools respect your cookie preference and are blocked or limited accordingly until consent is given.

6. Third-Party Processors

We share data with the following sub-processors only to the extent necessary to deliver our services:

We do not use any email marketing platforms. We do not share your data with any other third parties unless required to do so by law.

7. International Data Transfers

JBr WebSolutions is established in the Netherlands (EU). Some of our sub-processors are located outside the European Economic Area (EEA), specifically in the United States. Transfers to the US are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, entered into with each processor.

AWS SES processes email delivery within the EU (Frankfurt region) and no cross-border transfer occurs for that service.

8. Your Rights under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format where processing is based on consent or contract.
• Right to object (Art. 21): Object to processing based on legitimate interest, including use of your completed project in our portfolio.
• Right to withdraw consent (Art. 7(3)): Withdraw cookie consent at any time via the Cookie Settings link in the footer. Withdrawal does not affect the lawfulness of prior processing.

We will respond to all requests within 30 days. Complex requests may be extended by a further 60 days with notice. We may ask you to verify your identity before fulfilling a request.

9. How to Exercise Your Rights

To submit a data subject request, contact us by email at [email protected] with the subject line "Privacy Request." Please include your full name and, if applicable, the email address you used when contacting us, so we can locate your records.

To manage cookie preferences, use the Cookie Settings link in the footer of any page on this website.

10. Complaints

If you believe we are not handling your personal data in accordance with the GDPR, you have the right to lodge a complaint with the Dutch supervisory authority:

We encourage you to contact us first so we can try to resolve your concern directly.

11. Security

We take appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:

• HTTPS / TLS encryption on all pages (via Cloudflare SSL)
• Contact form bot protection (Cloudflare Turnstile)
• Rate limiting on form submissions (5 per hour per IP)
• Email transmission via encrypted SMTP (AWS SES, TLS)
• Access to client data limited to the project owner (Jasper van den Brandt)

No method of transmission or storage is 100% secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay as required by GDPR Art. 34.

12. Children's Privacy

Our services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, tools, or legal requirements. The most current version is always available on this page. For material changes, we will update the "Last updated" date at the top and, where appropriate, notify active clients by email.

14. Governing Law

This Privacy Policy is governed by Dutch law and the General Data Protection Regulation (EU) 2016/679 (GDPR). Any disputes arising from this policy shall be submitted to the competent court in 's-Hertogenbosch, the Netherlands.