Legal and privacy

Privacy Policy

This policy explains what data GFX Networks collects, why it is processed, and which rights individuals have under the GDPR when interacting with our website and infrastructure services.

Last updated: 1 January 2025 · GFX Networks B.V., Amsterdam, Netherlands

Contact our DPO Back to homepage
Framework
GDPR-led
Retention
Minimal by design
Security
ISO/IEC 27001

At a glance

  • We collect only the data needed to operate services, meet legal obligations, and support customers.
  • We do not sell personal data or use non-essential tracking cookies on this website.
  • Individuals can request access, correction, deletion, restriction, portability, objection, and consent withdrawal.
Engineer reviewing secure infrastructure equipment
Security designed into operations Privacy protection is tied to how infrastructure is provisioned, monitored, and governed.

Policy Overview

GFX Networks is committed to protecting the privacy of individuals who interact with our website and services. This policy explains what data we collect, why, and what rights you have under the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

GFX Networks B.V.
Keizersgracht 482
1017 EG Amsterdam
Netherlands
Registration: KvK 85234761
Email: [email protected]

2. Data We Collect

We collect only the minimum data necessary to operate our services and fulfil our legal obligations. This may include:

  • Contact information — name, email address, phone number, when you contact us or request a service quotation.
  • Technical data — IP address, browser type, operating system, and access timestamps collected automatically via server logs.
  • Service data — network configuration details, traffic volumes (aggregated), and service-level parameters necessary to provision and monitor contracted services.
  • Billing data — company name, VAT number, invoice address, and payment references required for contractual and legal compliance purposes.

We do not collect sensitive personal data as defined under Article 9 of the GDPR.

3. Purpose and Legal Basis

We process personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR) — to deliver the services you have contracted with us, including provisioning, billing, and technical support.
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable Dutch and EU law, including telecommunications regulation and financial record-keeping requirements.
  • Legitimate interests (Art. 6(1)(f) GDPR) — to maintain network security, prevent fraud, and improve service quality. Our interests are balanced against your right to privacy.
  • Consent (Art. 6(1)(a) GDPR) — for optional communications such as newsletters or product updates, where you have given explicit consent.

4. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • Contact and enquiry data: 24 months from last interaction.
  • Contract and billing records: 7 years, as required by Dutch tax law.
  • Technical logs (IP addresses, access records): 90 days, unless required longer for security investigation.
  • Service data: duration of the contract plus 12 months.

5. Data Sharing

We do not sell personal data. We may share data with:

  • Service providers acting as data processors under appropriate data processing agreements (DPA), including hosting providers, accounting software, and ticketing systems.
  • Competent authorities where required by applicable law or a valid legal order. We will inform affected parties where legally permitted to do so.
  • Group entities within GFX Networks where operationally necessary and subject to equivalent data protection standards.

All processors are located within the European Economic Area or subject to appropriate transfer mechanisms under Chapter V of the GDPR.

6. Your Rights

Under GDPR you have the following rights, which you may exercise at any time by contacting [email protected]:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your data where there is no legitimate reason for continued processing.
  • Restriction — request that we restrict processing of your data in certain circumstances.
  • Portability — receive your data in a structured, commonly used format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

7. Security

GFX Networks implements technical and organisational measures appropriate to the risk of processing, including encryption in transit and at rest, access controls, regular security assessments, and staff data protection training. We are ISO/IEC 27001 certified.

In the event of a personal data breach likely to result in high risk to individuals, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.

8. Cookies

Our website uses only strictly necessary cookies required for basic functionality such as session management. We do not use analytics, advertising, or third-party tracking cookies. No consent banner is required as no non-essential cookies are placed.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at this URL. Material changes will be communicated to active clients by email at least 30 days before they take effect.

10. Contact

For any privacy-related queries or to exercise your rights, please contact our Data Protection Officer:

Email: [email protected]
Post: GFX Networks B.V., Attn: DPO, Keizersgracht 482, 1017 EG Amsterdam, Netherlands

We aim to respond to all requests within 30 days.

Privacy questions?

  • Email: [email protected]
  • Post: Attn: DPO, Keizersgracht 482, 1017 EG Amsterdam
  • Supervisory authority: Autoriteit Persoonsgegevens