Privacy & Data Protection Policy

This Privacy & Data Protection Policy explains how Kozel Fuel Solutions (“we”, “us”, “our”) collects, uses, and protects personal data in line with the EU GDPR and the Dutch GDPR Implementation Act (UAVG).

We respect your privacy and handle your data carefully.

1. Who We Are

Kozel Fuel Solutions
KvK: 98645544

We act as the data controller for the processing of personal data described in this policy.

2. Personal Data We Collect

We may collect:

Information you provide

  • Name, job title, company

  • Email address, phone number

  • Billing details

  • Information shared in meetings, emails, or forms

Project-related data

  • Documents and communications required to deliver our services

Website and technical data

  • IP address, device and browser details

  • Pages visited

  • Cookies (see Section 10)

We do not intentionally collect special categories of data.

3. Legal Bases for Processing

We process personal data on the following grounds:

  • Performance of a contract (providing our services)

  • Legitimate interests (improving services, security, administration)

  • Consent (e.g., newsletters, non-essential cookies)

  • Legal obligations (tax, accounting, regulatory duties)

4. How We Use Personal Data

We use personal data to:

  • Provide and manage our consulting services

  • Communicate with clients and prospects

  • Prepare proposals, agreements, and project documentation

  • Invoice and maintain financial records

  • Improve our website and business operations

  • Ensure IT and data security

  • Comply with legal requirements

We do not use personal data for automated decision-making or profiling.

5. Sharing Personal Data

We do not sell personal data.

We may share data with:

Service providers (processors)
(e.g., hosting, email, IT, accounting, cloud storage)
These parties operate under GDPR-compliant Data Processing Agreements.

Subcontractors
Only where necessary for project delivery and under confidentiality obligations.

Authorities
Only when required by law.

If transfers occur outside the EEA, we apply appropriate safeguards (e.g., SCCs or adequacy decisions).

6. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Access controls

  • Secure storage and encryption where appropriate

  • Security monitoring

  • Confidentiality obligations for staff and subcontractors

  • Regular backups

Despite safeguards, no system is completely secure; we work to minimise risks.

7. Data Retention

We retain personal data only as long as necessary:

  • Client/project files: up to 7 years (Dutch tax law)

  • Inquiries: up to 12 months

  • Contracts/legal documents: up to 7 years

  • Marketing data (with consent): until unsubscribed

  • Website logs/analytics: up to 12 months

After retention periods, data is securely deleted or anonymised.

8. Your Rights

Under GDPR, you can request:

  • Access to your data

  • Correction of inaccurate data

  • Deletion of data (where legally possible)

  • Restriction of processing

  • Data portability

  • Objection to processing based on legitimate interests

  • Withdrawal of consent at any time

To exercise rights, contact us. We respond within one month.

9. Cookies

Our website may use cookies to:

  • Make the website function properly

  • Analyse usage (with consent)

  • Improve performance

Non-essential cookies (e.g., analytics) will only be used with your consent.
You can change cookie settings via your browser.
A detailed cookie overview can be added as a separate page if needed.

10. Children’s Data

Our services are not aimed at children under 16.
We do not knowingly collect their data.

11. Changes to This Policy

We may update this policy periodically.
The latest version will always be published on our website.

12. Contact

For privacy questions, concerns, or requests, pls let us know.