Privacy Policy

This Privacy Policy explains how Patrick van der Pijl (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit this website, place an order, book training, submit a speaking enquiry, or subscribe to our newsletter. We are committed to protecting your privacy and to handling your personal data in accordance with the EU General Data Protection Regulation (GDPR), known in the Netherlands as the Algemene Verordening Gegevensbescherming (AVG), and the Dutch GDPR Implementation Act (Uitvoeringswet AVG).

Please read this policy carefully. If you do not agree with it, please do not use this website.

1. Data controller

The data controller responsible for the processing of your personal data is:

  • Patrick van der Pijl
  • Olympisch Stadion 24-28, Unit 2.02, 1076 DE Amsterdam, Netherlands
  • Email: patrick.van.der.pijl@businessmodelsinc.com

For any question about this policy or about how your personal data is handled, you can contact us using the email address above.

2. What personal data we collect

Depending on how you interact with the website, we may collect the following categories of personal data:

2.1 Information you provide to us

  • Identity and contact data, such as your name, email address, telephone number, billing address, and shipping address.
  • Order data, such as the products you purchase, order numbers, and order history.
  • Training and speaking enquiry data, such as your organisation name, role, preferred dates, group size, location, and any details you include in your message.
  • Communications, such as the content of emails and contact form messages you send to us.
  • Newsletter data, such as the email address you provide and your subscription preferences.

2.2 Information collected automatically

  • Technical data, such as your IP address, browser type and version, device type, operating system, and language settings.
  • Usage data, such as the pages you visit, the time and duration of your visit, referring pages, and the links you click.
  • Cookie data, as described in the Cookie Policy in Part 3 of this document.

2.3 Payment data

When you make a purchase, payment is processed by our payment service providers. We do not store your full card number or other complete payment credentials on our own systems. We receive only limited information needed to confirm and fulfil your order, such as confirmation of payment and the last digits of the card or the payment method used.

3. How we collect your personal data

We collect personal data when you: place an order or complete a purchase; create an account, if account creation is available; book or enquire about training; submit a speaking enquiry; subscribe to our newsletter; contact us by email or through a contact form; or browse the website, through cookies and similar technologies.

4. Purposes and legal bases for processing

We only process your personal data where we have a valid legal basis under Article 6 of the GDPR. The table below sets out each purpose and the corresponding legal basis.

Purpose

Legal basis

To process and deliver your orders, including the physical book and digital editions

Performance of a contract

To process payments and prevent fraudulent transactions

Performance of a contract; legal obligation; legitimate interests

To handle training bookings and speaking enquiries and to communicate with you about them

Performance of a contract; taking steps at your request before entering into a contract

To provide customer support and respond to your messages

Performance of a contract; legitimate interests

To send our newsletter and marketing communications

Consent; for existing customers, legitimate interests where permitted by law

To comply with legal and tax obligations, including invoicing and record keeping

Legal obligation

To operate, secure, and improve the website, and to produce aggregated statistics

Legitimate interests; consent for non-essential cookies

To handle complaints and to establish, exercise, or defend legal claims

Legitimate interests; legal obligation

 

Where we rely on consent, you may withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms, and you have the right to object as described in Section 8.

5. Sharing your personal data with third parties

We do not sell your personal data. We share personal data only with trusted third parties who help us operate the website and deliver our products and services, and only to the extent necessary. These third parties act as processors on our behalf and are bound by data processing agreements. They include:

  • Our e-commerce platform provider, which hosts the online store and processes orders (Shopify).
  • Payment service providers, who process payments securely.
  • Shipping and fulfilment partners, who deliver physical orders to you.
  • Email and newsletter service providers, who help us send transactional emails and newsletters.
  • Analytics providers, who help us understand how the website is used, as described in the Cookie Policy.
  • Professional advisers, such as accountants and lawyers, where necessary.

We may also disclose personal data where required to do so by law, by a court order, or by a competent public authority, or where necessary to protect our rights, property, or safety, or those of others.

6. International data transfers

Some of our service providers, including our e-commerce platform and analytics providers, may process personal data outside the European Economic Area (EEA). Where this happens, we ensure that an appropriate safeguard recognised under the GDPR is in place, such as an adequacy decision of the European Commission or the European Commission’s Standard Contractual Clauses, so that your personal data continues to receive an equivalent level of protection.

7. How long we keep your personal data

We keep your personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

  • Order, invoice, and payment records are kept for 7 years, in line with the retention obligation under Dutch tax law (fiscale bewaarplicht).
  • Account and customer contact data is kept for the duration of the customer relationship and for a reasonable period afterwards.
  • Training and speaking enquiry data is kept for as long as needed to handle the enquiry and any resulting engagement, and for a reasonable period afterwards.
  • Newsletter data is kept until you unsubscribe or withdraw your consent.
  • Website analytics data is kept for the retention period set in the relevant analytics tool, as described in the Cookie Policy.

When personal data is no longer needed, we delete it securely or anonymise it so that it can no longer be linked to you.

8. Your rights

Under the GDPR you have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation of whether we process your personal data and to receive a copy of it.
  • Right to rectification: to have inaccurate or incomplete personal data corrected.
  • Right to erasure: to have your personal data deleted in certain circumstances, also known as the right to be forgotten.
  • Right to restriction: to ask us to limit the processing of your personal data in certain circumstances.
  • Right to data portability: to receive the personal data you provided to us in a structured, commonly used, machine readable format, and to have it transmitted to another controller where technically feasible.
  • Right to object: to object to processing based on legitimate interests, and to object at any time to processing for direct marketing purposes.
  • Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time.

To exercise any of these rights, please contact us at patrick.van.der.pijl@businessmodelsinc.com. We will respond to your request within one month, as required by the GDPR. We may need to verify your identity before acting on a request. Exercising your rights is free of charge, unless a request is manifestly unfounded or excessive.

9. Right to lodge a complaint

If you believe that we have not handled your personal data correctly, we ask that you first contact us so that we can try to resolve the matter. You also have the right to lodge a complaint with the Dutch Data Protection Authority:

  • Autoriteit Persoonsgegevens
  • Postbus 93374, 2509 AJ Den Haag, Netherlands
  • Website: www.autoriteitpersoonsgegevens.nl

If you are resident in another EU country, you may also contact the data protection authority in that country.

10. Security of your personal data

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encrypted connections (TLS) for data transmitted through the website, restricted access to personal data, and the use of reputable service providers. While we work hard to protect your personal data, no method of transmission over the internet or method of storage is completely secure, and we cannot guarantee absolute security.

11. Children

This website and the products and services offered through it are intended for adults. We do not knowingly collect personal data from children under the age of 16. If you believe that a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The date at the foot of this document shows when it was last updated. We encourage you to review this policy periodically. Significant changes will be communicated through the website or by email where appropriate.

13. Contact

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us at patrick.van.der.pijl@businessmodelsinc.com.