Privacy Statement Polder Software

Version date: 20 februari 2026

1. Inleiding

Polder Software (hereinafter: “we” or “us”) attaches great importance to the protection of your personal data. We are transparent about the data we collect through our website and applications (“Apps”), how we use it, and how we protect it. We process personal data in accordance with the General Data Protection Regulation (GDPR).

2. Who is responsible?

Polder Software is the Data Controller for the processing of data.

Contact details:

  • Company name: Polder Software (sole proprietorship)
  • Business address: Schieland 7, Emmeloord
  • CoC number: 98692887
  • Email address: info@polder-software.nl

3. Which data do we collect?

We process personal data because you use our services, because you provide this data to us yourself, and because our software generates technical data.

A. Via the Website (Contact & Communication)

  • First and last name
  • Email address
  • Phone number (if provided)
  • Content of your message (We strongly urge you not to share sensitive personal data, such as medical data or Citizen Service Numbers (BSN), in open fields such as these. If we receive unsolicited sensitive personal data, we will delete it immediately. Please note that data in our secure backup cycles is overwritten in accordance with our retention policy.)

B. Via the Apps (Account Information)

  • Name (or chosen username)
  • Email address (for verification, notifications, and password recovery)
  • Login credentials (passwords are stored securely using a hash)

C. Automatically generated data (Technical Data)

When you use our Apps or website, we collect technical information to ensure the service functions correctly and remains secure:

  • IP address (Note: IP addresses used for website statistics are anonymized immediately)
  • Device information (device type, operating system, browser version)
  • Log files (login timestamps, error messages and activity within the apps)

4. Purposes and Legal Bases for Processing

We may only process data if there is a legal basis for doing so. Below, we explain why and on what basis we process your data:

PurposeWhich data?Legal Bases
1. Account Management & Service Provision
To provide the Apps and allow you to log in.		Account information, Technical data.Performance of a Contract. Without this data, we cannot provide the service as agreed upon in our Terms of Use.
2. Customer Contact & Support
To answer questions or provide assistance.		Contact details, Message contentLegitimate Interest. We must be able to communicate with you to properly provide our services.
3. Security & Improvement
To prevent misuse and resolve bugs.		IP address, Logs, Device infoLegitimate Interest: We have an interest in keeping our software secure and functioning optimally.
4. Administration & Billing
To process payments (where applicable).		Payment dataLegitimate Obligation. We are required by tax authorities to maintain financial records.
5. Website Statistics
To understand website usage and improve our content.		Anonymized technical data (no IP address traceable to a person).Legitimate Interest: We have an interest in measuring website effectiveness without infringing on visitor privacy.

5. Sharing Personal Data with Third Parties

Disclosure to Third Parties We never sell your data to third parties for commercial purposes. We only share your personal data with third parties if this is necessary for the performance of the contract (our service provision), or if we are legally obligated to do so (for example, by order of the police or judicial authorities). A current overview of our specific sub-processors is available upon request.

Our Processors For the technical functioning of our services, we use specialized suppliers (‘processors’). We have entered into a Data Processing Agreement (DPA) with all these parties. This agreement stipulates that they may only process your data on our behalf and in accordance with our security standards.

We utilize the following categories of service providers:

  • Hosting and Infrastructure Providers: For the secure storage of data and the operation of our servers and databases, we use certified cloud and hosting parties.
  • Communication Services: To send essential emails (such as password resets and system notifications), we use specialized email providers that guarantee high delivery reliability.
  • Financial Service Providers (PSPs): To handle payments, we engage Payment Service Providers.
    • Please note: When you initiate a payment, you are redirected to the secure environment of the payment provider. The actual processing of your payment data (such as credit card numbers or bank login details) takes place directly there. Polder Software only receives feedback on the payment status (success/failure) and does not store sensitive payment data itself.
  • Diagnostic and Monitoring Tools: To monitor the quality and stability of the Apps, we use services that register software errors (bugs and crashes).

International Transfers (Outside the EEA) We prefer storage and processing within the European Economic Area (EEA). If we use suppliers located outside the EEA (such as in the United States) for specific technical services, we only do so if there is an adequate level of protection. This means the supplier is certified under the EU-U.S. Data Privacy Framework, or that we have established binding agreements via the Standard Contractual Clauses (SCCs) of the European Commission.

6. Security

We take the protection of your data seriously and have implemented both technical and organizational measures:

  • Technical: We use secure connections (SSL/TLS). Passwords are stored as an irreversible ‘hash’ (meaning we cannot read your password).
  • Organizational: Access to personal data is restricted to employees who require it to perform their duties. We perform regular backups to prevent data loss.

7. How long do we retain data?

We do not store your personal data longer than is strictly necessary for the purposes for which it was collected. We apply the following specific retention periods:

Account Data & Inactivity Your account data is retained as long as you actively use our services.

  • Cancellation: If you cancel your account yourself, your data will be immediately deactivated and permanently deleted from our active systems within 30 days.
  • Inactivity (The ‘Dormant Account’ rule): If you have not logged in for a continuous period of 12 months, we consider your account inactive. You will receive an email reminder 30 days before this period expires. If you do not respond to this reminder, your account and associated personal data will be permanently deleted.

Technical Data & Logs Technical log files (such as login attempts, IP addresses, and error reports) are stored for a maximum of 30 days. This period is limited to what is strictly necessary for security and troubleshooting purposes..

  • Exception: Only in the event of a specific security incident or fraud investigation may we retain relevant logs longer until the incident has been fully resolved.

Financial For our administration, we are legally required to adhere to the statutory fiscal retention period of 7 years. This applies exclusively to the data required by the Dutch Tax Authorities (Belastingdienst), such as invoices, transaction dates, and the legal basis of the payment. Following the cancellation of your account, this data is archived and is no longer accessible for daily operational purposes.

Backups To prevent data loss in the event of a disaster or system failure, we create encrypted backups. Data that has been deleted from our active systems may remain present in these backup cycles for a maximum of 90 days. These backups are not used actively and are automatically overwritten over time as part of the rotation cycle.

8. Cookies, Telemetry and Troubleshooting

Polder Software distinguishes between tracking for marketing purposes (which we do not do) and technical telemetry required to optimize functionalities and keep the software operational (which we do do).

A. On our Website On our public website, we do not place advertising cookies and we do not build visitor profiles.

  • Functional cookies: We only place strictly necessary cookies required for the website to function (for example to remember your session). No consent is required for these.
  • Privacy-friendly statistics: We use the tool Burst Statistics to analyze how our website is used.
    • No cookies: This tool is configured to be cookieless, meaning no tracking files are placed in your browser.
    • Privacy Safeguards: IP addresses are anonymized before being stored. No data is shared with third parties (such as Google) for their own purposes. All data remains on our own servers under our direct control. Because this method does not infringe on your personal privacy, no cookie banner is required or displayed for this purpose.

B. In our Apps (Technical Telemetry) When you use our Apps, we process technical data based on our Legitimate Interest. We have an interest in providing you with a functional, secure, and optimally performing service.

Retention: These technical logs are automatically deleted after 90 days.

Local storage: Your login status and app preferences are stored encrypted on your device. This is technically necessary for ease of use.

[Future] Foutopsporing (Crash Reporting): When Apps crash or encounter a critical error, a technical report is automatically sent to our monitoring tool [Unknown].

Purpose: This allows us to identify and resolve bugs immediately without requiring you to contact us.

Content: This report contains technical specifications (device type, operating system version, timestamp) and the ‘stack trace’ (the line of code where the error occurred). We configure our tools to exclude personal data as much as possible (data stripping), but cannot guarantee that technical logs or free-text fields will not occasionally contain incidental fragments.

Privacy Safeguard: We have configured this tool so that IP addresses are masked or anonymized. We never use this data to monitor individual user behavior, but only at an aggregated level to monitor the technical health of the software.

9. Your Rights

Under the GDPR, you have the following rights:

  • Right of access to your personal data.
  • Right to rectification of incorrect data.
  • Right to erasure (the ‘right to be forgotten’).
  • Right to restriction of processing.
  • Right to data portability (transferability of data).
  • Right to object to the processing.

Would you like to exercise any of these rights? Please send an email to info@polder-software.nl. We will respond to your request as soon as possible, but no later than within four weeks.

We do not use automated decision-making (including profiling) that has legal consequences for you.

Filing a Complaint

Should you be dissatisfied with how we handle your privacy, we would welcome the opportunity to discuss it with you. However, you always have the right to file a complaint with the national supervisory authority: the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).