PRIVACY POLICY

Last Updated: March 25, 2025

1. Introduction

CoreFrame.work B.V. ("we", "our", or "us"), with its principal place of business at Weena 690, 3012 CN Rotterdam, The Netherlands, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://coreframe.work (the "Website") or use our services.

We process personal data in accordance with the General Data Protection Regulation (GDPR) as implemented in the Netherlands through the Dutch Implementation Act (Uitvoeringswet AVG) and other applicable privacy laws.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Website.

2. Data Controller

CoreFrame.work B.V. acts as the data controller for the personal data processed through our Website. You can contact us regarding data protection matters at:

Email: info@coreframe.work
Address: Weena 690, 3012 CN Rotterdam, The Netherlands

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide to Us

  • Account Information: When you create an account, we collect your name, email address, password, company name, job title, and professional information.
  • Profile Information: Information you provide in your profile, including profile pictures, biographies, and professional details.
  • Communications: When you contact us, we collect the content of your messages, your contact information, and our communications with you.
  • Branding Materials: Logos, brand guidelines, and other materials you upload as part of your membership.

3.2 Information We Collect Automatically

  • Usage Data: Information about how you use the Website, including pages visited, time spent, and actions taken.
  • Device Information: IP address, browser type and version, operating system, and other technical information about the device you use to access the Website.
  • Cookies and Similar Technologies: Information collected through cookies and similar technologies. For more information, please refer to our Cookie Policy.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Performance of a Contract: To provide you with our services based on the Terms of Service or Membership Agreement.
  • Legitimate Interests: For our legitimate interests, such as to improve our Website and services, ensure security, prevent fraud, and for general business administration.
  • Consent: Where you have given us specific consent to process your data, such as for marketing communications.
  • Legal Obligation: To comply with legal obligations to which we are subject.

5. How We Use Your Personal Data

We may use your personal data for the following purposes:

  • To create and manage your account
  • To provide and maintain our services
  • To process and complete transactions
  • To send administrative information, such as updates to our terms, conditions, and policies
  • To respond to your inquiries and provide customer support
  • To personalize your experience on our Website
  • To monitor and analyze usage patterns and trends
  • To improve our Website, products, and services
  • To protect our services, prevent fraud, and enforce our terms
  • To send you marketing and promotional communications (with your consent where required by law)
  • To display your profile information and branding on our Website as part of your membership
  • To comply with legal obligations

6. Data Storage and Retention

6.1 Data Storage Location

All personal data collected through or in connection with our Website is stored exclusively on servers located within the European Union. We will not transfer your personal data to locations outside the European Economic Area (EEA) without implementing appropriate safeguards as required by the GDPR.

6.2 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. We have established specific retention periods for different types of personal data:

  • Account Information: Retained for the duration of your active account plus 24 months after account closure or last activity.
  • Profile Information: Retained for the duration of your active account plus 24 months after account closure or last activity.
  • Communications and Support Requests: Retained for 24 months after the last communication.
  • Transaction Data: Retained for 7 years to comply with tax and financial regulations.
  • Branding Materials: Retained for the duration of your membership plus 6 months after termination.
  • Usage Data: Retained in identifiable form for 26 months, then anonymized for long-term analytics.
  • Device Information: Retained for 13 months, then anonymized.
  • Cookie Data: Varies by cookie type (see our Cookie Policy); generally retained for a maximum of 24 months.
  • Marketing Preferences: Retained until you withdraw consent or request deletion.

You may request deletion of your personal data at any time, subject to our legal obligations to retain certain information.

7. Disclosure of Your Information

We may share your personal data with the following categories of recipients:

7.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as web hosting, data analysis, payment processing, and customer service. These providers have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

7.2 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal data.

7.3 Legal Requirements

We may disclose your information where required by law or if we reasonably believe that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing in connection with the Website
  • Protect the personal safety of users of the Website or the public
  • Protect against legal liability

8. Your Data Protection Rights

Under the GDPR, you have the following rights:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the contact details provided in Section 2. We will respond to your request within 30 days.

9. Data Security

We have implemented appropriate technical and organizational measures to protect the security of your personal data. These measures include:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication procedures for our systems
  • Staff training on data protection and security
  • Physical security measures for our premises and servers

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority (the Dutch Data Protection Authority - Autoriteit Persoonsgegevens) without undue delay and, where feasible, within 72 hours after becoming aware of the breach.

The notification will:

  • Describe the nature of the breach
  • Communicate the name and contact details of our data protection officer or other contact point
  • Describe the likely consequences of the breach
  • Describe the measures taken or proposed to address the breach
  • Recommend measures to mitigate possible adverse effects

10. Automated Decision-Making and Profiling

10.1 Automated Decision-Making

We do not make any decisions about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. If we were to introduce such automated decision-making in the future, we would:

  • Notify you and explain the logic involved
  • Ensure the processing is necessary for a contract or based on your explicit consent
  • Implement suitable safeguards for your rights and freedoms
  • Allow you to obtain human intervention, express your point of view, and contest the decision

10.2 Analytical Profiling

We may use non-intrusive profiling for analytical and service improvement purposes, such as:

  • Analyzing which features of our Website are most used
  • Understanding user navigation patterns to improve user experience
  • Identifying common user characteristics to better tailor our services

This type of profiling does not have legal or significant effects on you and helps us improve our services. You can object to this processing at any time by contacting us.

11. Children's Privacy

Our Website is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us so that we can take the necessary actions.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this Privacy Policy
  • Sending you an email notification if the changes significantly affect your rights or our use of your data
  • Displaying a prominent notice on our Website for material changes

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: info@coreframe.work
Address: Weena 690, 3012 CN Rotterdam, The Netherlands

14. Complaints

If you are concerned about an alleged breach of privacy law or any other regulation, you can contact our Data Protection team who will investigate your complaint. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the data protection authority in your country of residence.