Invisix logo featuring blue letters I, V, X with pink accent stripes and cyan underline
Contact

Privacy Policy

Effective date: 20 May 2026  |  Version: 1.0

1. Introduction

Invisix B.V. ("Invisix", "we", "us" or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect personal data processed through our website at https://invisix.com. We process personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR") and the Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, the "UAVG").

2. Controller

Invisix B.V. is the controller within the meaning of Article 4(7) GDPR.

  • Name: Invisix B.V.
  • Statutory seat: Eindhoven, the Netherlands
  • Chamber of Commerce (KvK) number: 97757772
  • VAT (BTW) number: NL868218297B01
  • Website: https://invisix.com
  • Email: info@invisix.nl

Invisix has not appointed a Data Protection Officer (DPO) within the meaning of Article 37 GDPR. Privacy-related queries can be addressed to the contact details above.

3. Personal data we process

We process the following categories of personal data through our website.

3.1 Contact form data

When you submit our contact form, we process your name, email address and the content of your message. Any additional data you choose to provide voluntarily (such as company name or telephone number) is also processed.

3.2 Communication data

When you contact us by email or otherwise communicate with us, we process the content of that communication and any personal data you include in it.

3.3 Website usage data

We process technical data through Google Analytics 4, deployed via Google Tag Manager. This may include your IP address (truncated where supported), device and browser information, the referring URL, pages visited, time on page and approximate location derived from your IP address. Google Analytics 4 is configured in line with the guidance issued by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), where applicable.

We do not process special categories of personal data within the meaning of Article 9 GDPR through our website.

4. Purposes and legal bases

We process personal data only when we have a lawful basis under Article 6(1) GDPR. The table below sets out the purposes for which we process personal data and the corresponding legal basis.

Purpose

Legal basis (GDPR Art. 6(1))

Responding to enquiries submitted through the contact form

(b) pre-contractual steps, or (f) legitimate interest in handling business enquiries

Business communications and relationship management

(f) legitimate interest in conducting business

Website analytics and improvement (Google Analytics 4)

(a) consent, where required by Article 11.7a of the Dutch Telecommunications Act

Compliance with legal obligations

(c) legal obligation

Establishment, exercise or defence of legal claims

(f) legitimate interest

 

Where our processing is based on legitimate interests, we have carried out a balancing test and concluded that our interests are not overridden by your interests, rights or freedoms. Details of this assessment are available on request.

5. Cookies and similar technologies

Our website uses cookies and similar technologies, deployed through Google Tag Manager. We distinguish between:

  • Functional cookies, strictly necessary to operate the website. These do not require consent.
  • Analytical cookies (Google Analytics 4), used to measure how the website is used. These are placed only after you have given consent through our cookie banner, in accordance with Article 11.7a of the Dutch Telecommunications Act (Telecommunicatiewet).

You can withdraw your consent at any time through the cookie settings on our website or by clearing the cookies in your browser. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Recipients and processors

We share personal data only with the following categories of recipients, and only to the extent strictly necessary:

  • Hosting and IT service providers that operate our website infrastructure and store form submissions on our behalf.
  • Google Ireland Limited and Google LLC, providers of Google Analytics 4 and Google Tag Manager, acting as our processors.
  • Email service providers used to receive and respond to communications.
  • Professional advisors (legal, accounting, tax) where strictly necessary.
  • Competent public authorities or regulators, where we are required to do so by law or court order.

We conclude data processing agreements with all processors in accordance with Article 28 GDPR.

7. International transfers

Some of our processors are located outside the European Economic Area (EEA), in particular Google LLC in the United States. Where personal data is transferred outside the EEA, we rely on appropriate safeguards within the meaning of Chapter V GDPR. These safeguards include the European Commission's Standard Contractual Clauses (Article 46(2)(c) GDPR), the EU-U.S. Data Privacy Framework (Article 45 GDPR adequacy decision) where applicable, and supplementary measures where required by the EDPB recommendations following the Schrems II ruling. A copy of the safeguards in place is available on request via info@invisix.nl.

8. Retention periods

We do not retain personal data longer than necessary for the purposes set out in this Privacy Policy.

  • Contact form submissions and related correspondence: up to 24 months after the last contact, unless a longer retention period is required to establish, exercise or defend legal claims, or is mandated by law.
  • Website analytics data: a maximum of 14 months in Google Analytics 4.
  • Statutory retention periods, such as the seven-year fiscal retention period under the Dutch General Tax Act (Algemene wet inzake rijksbelastingen), take precedence where applicable.

9. Your rights

Under the GDPR you have the following rights with regard to your personal data:

  • Right of access (Article 15 GDPR).
  • Right to rectification (Article 16 GDPR).
  • Right to erasure, also known as the right to be forgotten (Article 17 GDPR).
  • Right to restriction of processing (Article 18 GDPR).
  • Right to data portability (Article 20 GDPR).
  • Right to object to processing (Article 21 GDPR), including an unconditional right to object to processing for direct marketing purposes.
  • Right to withdraw consent at any time (Article 7(3) GDPR), where processing is based on consent.
  • Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR). Invisix does not engage in automated decision-making producing legal or similarly significant effects.

You can exercise your rights by sending a written request to info@invisix.nl. We may ask for additional information to verify your identity. We respond within one month of receiving your request, with a possible extension of two further months for complex or numerous requests, in accordance with Article 12(3) GDPR.

10. Right to lodge a complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), Postbus 93374, 2509 AJ The Hague, the Netherlands, www.autoriteitpersoonsgegevens.nl, or with the supervisory authority of the EU Member State of your habitual residence, place of work or alleged infringement. This is without prejudice to any other administrative or judicial remedy available to you, including the right to an effective judicial remedy under Article 79 GDPR.

11. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data, in accordance with Article 32 GDPR. These measures include transport-layer encryption (TLS), access controls, the principle of least privilege, regular software updates and security monitoring. No transmission over the internet is fully secure; you communicate with us through this website at your own risk.

12. Personal data breaches

In the event of a personal data breach, we will notify the Dutch Data Protection Authority within 72 hours of becoming aware of the breach where required by Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also inform you without undue delay in accordance with Article 34 GDPR.

13. Children

Our website is not directed at children under the age of 16 and we do not knowingly collect personal data from children. If you believe that we have collected personal data from a child without proper consent, please contact us via info@invisix.nl so that we can take appropriate action.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available at https://invisix.com/privacy-policy/. Material changes will be communicated through our website. The effective date at the top of this Privacy Policy indicates when the latest version entered into force.

15. Governing law

This Privacy Policy is governed by Dutch law and the directly applicable provisions of the GDPR. Any dispute arising out of or in connection with this Privacy Policy will be submitted to the exclusive jurisdiction of the competent court in Oost-Brabant, location 's-Hertogenbosch, the Netherlands, without prejudice to your statutory right to lodge a complaint with a supervisory authority or to pursue any judicial remedy under Article 79 GDPR.

16. Contact

For all privacy-related questions or to exercise your rights, please contact us:

  • Invisix B.V.
  • Statutory seat: Eindhoven, the Netherlands
  • Email: info@invisix.nl
  • KvK: 97757772 | VAT: NL868218297B01