Privacy Statement of EZ Factory B.V.

EZ Factory B.V. processes personal data of customers, prospects, and visitors through its website and services (www.ezfactory.io). We attach great importance to the careful and transparent handling of personal data and process such data in accordance with the General Data Protection Regulation (GDPR) and other applicable laws and regulations.

In this privacy statement, we explain which personal data we process, for which purposes, on which legal bases, how long we retain such data, and which rights you have. This privacy statement applies to all processing of personal data via our website and in the context of our services.

This means that we:

  • clearly specify our purposes before processing personal data;
  • do not process more personal data than necessary;
  • process personal data exclusively on the basis of valid legal grounds;
  • implement appropriate technical and organisational security measures;
  • handle the rights of data subjects with due care.

EZ Factory B.V. is the data controller for the processing activities described in this privacy statement.

This privacy statement was last amended on 1 December 2025.

Use of Personal Data

We only process personal data that you actively provide to us or that are automatically obtained through the use of our website and services. This includes, among others:

  • Name
  • Company name
  • Job title
  • Telephone number
  • Email address
  • Country
  • IP address
  • Payment details
  • Customer number

These data are processed for the following purposes:

  • providing our services;
  • maintaining customer and relationship management;
  • performing and administering agreements;
  • improving our website and services;
  • complying with legal obligations.

Legal Bases for Processing

EZ Factory B.V. processes personal data only where a legal basis exists as referred to in Article 6 of the GDPR. Depending on the specific processing activity, we rely on one or more of the following legal bases:

  • Consent: for example, when you subscribe to the newsletter or consent to certain cookies or marketing activities;
  • Performance of a contract: where processing is necessary for entering into or performing an agreement;
  • Legal obligation: for example, in connection with fiscal and administrative obligations;
  • Legitimate interest: for example, for security, fraud prevention, business operations, website usage analysis, and improving our services, always subject to a careful balancing of interests.

Retention Periods

We do not retain personal data longer than necessary for the purposes for which they were collected, unless we are legally required to retain them for a longer period.

We apply the following guidelines:

  • Contact details: 12 months after the last contact;
  • Newsletter data: until unsubscription;
  • Invoices and administrative data: 7 years;
  • Analytical website data: 14 months;
  • Other data: depending on the applicable agreement and legal obligations.

After the retention period has expired, personal data are securely deleted or anonymised.

Contact Form and Newsletter

When you use the contact form on our website or contact us by email, we process the personal data you provide, such as your name, email address, telephone number, and the content of your message. These data are used exclusively to:

  • respond to your question or request;
  • contact you in response to your message;
  • further improve our services.

Data provided via the contact form are not used for marketing purposes without your explicit consent and are not shared with third parties, except for parties that provide technical support for our communication systems.

Newsletter subscriptions are based solely on active consent (opt-in). Each newsletter contains a clear unsubscribe option. After unsubscription, your data will no longer be used for newsletter purposes and will be deleted within a reasonable period.

Publication

EZ Factory B.V. handles personal data with care and restraint. We do not publish personal data, either on our website or through other public channels, unless:

  • you have given explicit prior consent;
  • publication is necessary for the performance of an agreement;
  • we are legally obliged to do so.

If, in exceptional cases, customer references, testimonials, or case studies are published, this will only take place with prior consent and clear agreements regarding content and scope. Such consent may be withdrawn at any time.

Disclosure of Data to Third Parties & (Sub-)Processors

We only disclose personal data to third parties where this is necessary for:

  • the performance of an agreement;
  • compliance with a legal obligation;
  • the support of our business operations (such as hosting, IT, communications, and customer service).

These third parties act exclusively as processors on behalf of EZ Factory B.V. and may process personal data only in accordance with our instructions. We enter into a written data processing agreement with each processor, setting out arrangements regarding confidentiality, security, sub-processors, audit rights, and assistance with the exercise of data subject rights.

Engagement of Sub-processors
Sub-processors are engaged only with the prior consent of EZ Factory B.V. Equivalent security and privacy obligations apply to sub-processors.

International Data Transfers
If personal data are processed outside the European Economic Area (EEA), we ensure appropriate legal safeguards, including the use of Standard Contractual Clauses (SCCs).

Purpose Limitation and Data Minimisation
We never disclose more personal data than strictly necessary and restrict access to what is functionally required.

Our Processors

Amazon Web Services EMEA SARL
Processing locations: EU-West-1 (Ireland) and EU-Central-1 (Frankfurt, Germany)
Activities: Infrastructure-as-a-Service (IaaS)
Transfer mechanism: Standard Contractual Clauses (Module 2)

Microsoft Ireland Operations Limited
Processing locations: West Europe (Netherlands) and North Europe (Ireland)
Activities: Platform-as-a-Service (PaaS) for storage, databases, and hosting
Transfer mechanism: Standard Contractual Clauses (Module 2)

Uptic B.V.
Processing locations: Amsterdam (Netherlands) and Ireland
Activities: Managed Service Provider (MSP) services
Transfer mechanism: Standard Contractual Clauses (Module 2)

Mailchimp (The Rocket Science Group LLC)
Processing location: United States
Activities: Email marketing and newsletter distribution
Transfer mechanism: Standard Contractual Clauses (Module 2)

Google LLC / Google Ireland Limited
Processing location: EU
Activities: Analytics and usage monitoring
Transfer mechanism: Standard Contractual Clauses (Module 2)

Freshdesk (Freshworks Inc. / Freshworks Ireland Ltd.)
Processing location: EU
Activities: Customer service and ticketing system
Transfer mechanism: Standard Contractual Clauses (Module 2)

Pipedrive OÜ
Processing location: Estonia (EU)
Activities: CRM services
Transfer mechanism: Standard Contractual Clauses (Module 2)

Teamleader NV
Processing location: Belgium (EU)
Activities: CRM, sales management, and invoicing
Transfer mechanism: Standard Contractual Clauses (Module 2)

Drata, Inc.
Processing locations: EU-West-1 (Ireland) and EU-Central-1 (Frankfurt, Germany)
Activities: Compliance automation, auditing, device compliance monitoring, onboarding/offboarding, and policy management
Transfer mechanism: Standard Contractual Clauses (Module 2)

Website Analytics, Marketing & Leadinfo

We use analytics and marketing tools to gain insight into the use of our website and to improve our services.

Google Analytics
We use Google Analytics for website analysis. IP addresses are anonymised. Data processing by Google is governed by Google’s standard Data Processing Terms, which have been accepted by EZ Factory B.V. The information obtained is not used by Google for its own purposes.

Leadinfo
We use Leadinfo for B2B lead recognition. Leadinfo identifies business visitors based on IP addresses and links these to publicly available company data. No personal data of natural persons are provided. Processing takes place within the EU.

Marketing Tools
Marketing tools are used exclusively on the basis of consent where legally required.

Cookies
For non-essential cookies, we request prior consent via the cookie banner. You may change your preferences at any time.

Security

EZ Factory B.V. implements appropriate technical and organisational security measures to protect personal data against loss, misuse, unauthorised access, unwanted disclosure, and unauthorised modification, in accordance with Article 32 of the GDPR.

These measures are based on risk analyses and are periodically evaluated and adjusted where necessary.

EZ Factory B.V. is certified in accordance with ISO/IEC 27001:2022 for information security. This means we operate under an internationally recognised management system addressing, among other things, access control, supplier management, incident management, and continuous improvement.

We continuously take measures to maintain an appropriate and up-to-date level of security for our systems and processes, aligned with the risks of the processing activities.

Data Breaches

A data breach is defined as a security incident that may result in the destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data.

We have established procedures for the timely identification, assessment, and handling of data breaches. If a data breach poses a risk to data subjects, we report it to the Dutch Data Protection Authority. If there is a high risk, the affected data subjects will also be informed.

Any data breaches are internally recorded and evaluated in accordance with our procedures in order to take appropriate measures.

Automated Decision-Making and Profiling

EZ Factory B.V. uses profiling but does not engage in automated decision-making with legal effects as referred to in Article 22 of the GDPR.

Profiling is applied for the analysis of website usage, marketing purposes, improvement of services, and optimisation of commercial processes. Decisions with potential impact are always taken by employees.

You have the right at all times to object to profiling, to express your point of view, and to request human intervention.

Third-Party Websites

This privacy statement does not apply to external websites to which links are provided via our website. We advise you to consult the privacy policies of those parties.

Changes to This Privacy Statement

EZ Factory B.V. reserves the right to amend this privacy statement. The most current version is always available on our website and applies from the moment of publication.

Your Rights

You have the right to access, rectification, erasure, restriction of processing, objection, data portability, and withdrawal of consent. When submitting requests, we may ask for proof of identity to protect your privacy. You may also lodge a complaint with the Dutch Data Protection Authority.

Contact Details

EZ Factory B.V.
Mahatma Gandhilaan 6
5653 ML Eindhoven
Email: info@ezfactory.nl

Privacy Office
Email: privacy@ezfactory.nl
Telephone: +31 (0)88 99 04 200