Legal

Privacy Policy

Last updated: 23 April 2026 · Effective date: 23 April 2026

This Privacy Policy explains how IONOX Group B.V. ("IONOX", "we", "us", "our") collects, uses and protects your personal data when you visit our website or engage with us as a prospect, customer or partner. We are committed to processing personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and all applicable Dutch and European privacy law.

1. Who we are

IONOX Group B.V. is a company incorporated under the laws of the Netherlands, with its registered office at Beethovenstraat 505, Amsterdam, The Netherlands. For all matters relating to this Privacy Policy or the processing of your personal data, you can contact us at info@ionoxgroup.com.

IONOX acts as the data controller for personal data collected through this website and through direct interactions with prospects and customers. For personal data processed within the IONOX platform on behalf of our customers, IONOX acts as a data processor under a separate Data Processing Agreement (DPA).

2. What personal data we collect

We collect personal data in the following categories:

2.1 Information you provide directly

  • Contact form submissions: name, company name, work email address, professional role and the content of your message.
  • Correspondence: any information you include in emails, calls or meetings with our team.
  • Design partner data: contract signatories, billing contacts and operational contacts at design partner organizations.

2.2 Information collected automatically

  • Technical data: IP address, browser type and version, operating system, device type, time zone and referring URL.
  • Usage data: pages viewed, time spent, interaction with forms. We do not use advertising or cross-site tracking cookies.

We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

3. Why we process your data and on what legal basis

Under Article 6(1) GDPR we process your personal data on the following legal bases:

  • Legitimate interest (Art. 6(1)(f)): responding to inbound inquiries, managing our business relationships with prospects and customers, securing our website, preventing abuse, and conducting direct B2B outreach where we have reasonable grounds to expect your interest.
  • Contract performance (Art. 6(1)(b)): fulfilling contractual obligations with design partners and customers, including providing the IONOX platform, invoicing and support.
  • Consent (Art. 6(1)(a)): for optional communications such as marketing newsletters, where separately requested.
  • Legal obligation (Art. 6(1)(c)): retention of financial records and cooperation with lawful requests from supervisory authorities.

4. Who we share your data with

We only share your personal data with the minimum number of third parties necessary to operate our business. Current categories of recipients include:

  • Infrastructure and hosting providers located in the European Union (Netlify website hosting, EU-native cloud for the IONOX platform).
  • Email and productivity providers used by our team to communicate with you.
  • Professional advisors (legal, accounting, audit) bound by confidentiality.
  • Competent authorities where disclosure is required by applicable law.

A current list of sub-processors used in the IONOX platform is available on request to existing customers. We do not sell personal data. We do not use personal data to train third-party AI models.

5. International transfers

We aim to keep all personal data within the European Economic Area (EEA). Where a processor has a non-EEA parent company or minor supporting operations outside the EEA, we rely on Standard Contractual Clauses (Commission Implementing Decision 2021/914) and supplementary safeguards assessed on a case-by-case basis. Our sovereignty-first architecture is specifically designed to minimise non-EEA exposure.

6. How long we keep your data

  • Contact form submissions and related correspondence: up to 24 months after last contact, unless a business relationship is established.
  • Design partner and customer records: for the duration of the relationship and up to 7 years thereafter, in line with Dutch fiscal retention obligations.
  • Website analytics data: up to 14 months.
  • Backups: rolling 30 days.

7. How we protect your data

IONOX implements appropriate technical and organizational measures under Article 32 GDPR, including encryption in transit and at rest, access controls with multi-factor authentication, principle of least privilege, audit logging, regular backups, and an incident response procedure aligned with the 72-hour breach notification requirement.

8. Your rights

Under GDPR you have the following rights in relation to your personal data:

  • Right of access — to obtain a copy of the personal data we hold about you.
  • Right to rectification — to have inaccurate data corrected.
  • Right to erasure — to have your data deleted in certain circumstances.
  • Right to restriction — to limit how we process your data.
  • Right to data portability — to receive your data in a machine-readable format.
  • Right to object — in particular to processing based on legitimate interest, including direct marketing.
  • Right to withdraw consent — at any time, where processing is based on consent.

To exercise any of these rights, contact us at info@ionoxgroup.com. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your country of residence.

9. Cookies

This website uses only strictly necessary cookies required for the site to function. We do not use advertising, analytics profiling or cross-site tracking cookies. As we expand, we will update this policy and add an appropriate cookie consent mechanism before any non-essential cookies are deployed.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services or the regulatory environment. The "Last updated" date at the top of this page indicates when the most recent changes were made. Material changes will be communicated via email to active customers and design partners.

11. Contact

For questions about this Privacy Policy or to exercise any of your rights:

IONOX Group B.V.
Beethovenstraat 505
Amsterdam, The Netherlands
info@ionoxgroup.com