MFOZ Privacy Statement

1. Who are we?

MFORZ is responsible for the processing of personal data as described in this privacy statement, insofar as it concerns personal data of website visitors, prospects, customers, suppliers, and other business contacts.

2. When does this privacy statement apply?

This privacy statement applies to the processing of personal data by MFORZ as the data controller, for example when you:

• visits our website;
• contacts us;
• fills out a form;
• requests a quotation;
• becomes a customer;
• signs up for newsletters, events or downloads;
• communicates with us about our services.

For work we perform on behalf of clients, for example in clients' CRM, automation, analytics, or AI environments, that client is usually the data controller and MFOORZ acts as the data processor. In that case, the privacy statement of the relevant client applies in principle to that processing.

3. Which personal data do we process?

Depending on the contact we have with you, we may process the following personal data, among others:

• first and last name;
• company name;
• function;
• email address;
• phone number;
• address details;
• IP address;
• content of messages, requests and correspondence;
• quotation and customer details;
• technical data about your use of our website, such as browser type, device information, and pages visited;
• other personal data that you provide to us yourself.

4. How do we obtain your personal data?

We obtain personal data directly from you, for example when you:

• fills out a contact form;
• calls or emails us;
• requests a quotation or introductory meeting;
• signs up for a newsletter, event, or download;
• becomes a customer or supplier.

In addition, we may automatically collect personal data via our website, for example via functional cookies, analytical cookies, server logs, and similar techniques.

5. For what purposes and on what grounds do we process data?

We process personal data only if there is a valid legal basis for doing so. Under the GDPR, these include, for example, performance of a contract, a legal obligation, a legitimate interest, or consent.

We process personal data for the following purposes:

Contact and answering questions

To contact you regarding an inquiry, message, or introduction.
Basis: legitimate interest or taking pre-contractual steps.

Quotations, agreements and performance of services

To prepare quotations, execute assignments, provide support, manage projects, and enable our services.
Basis: execution of an agreement or taking steps prior to an agreement.

Relationship management and business communication

To maintain customer relationships, handle follow-up contact, and send service messages.
Basis: legitimate interest.

Newsletters and marketing communications

To send you newsletters, updates, invitations, or commercial information about our services.
Basis: consent, or where legally permitted on the basis of an existing customer relationship.

Improvement of website, service, and security

To analyze website usage, improve the website, measure performance, and prevent abuse or security incidents.
Basis: legitimate interest and, where legally required, consent.

Legal and administrative obligations

To comply with tax, administrative, and other legal obligations.
Basis: legal obligation.

6. With whom do we share personal data?

We only share personal data when necessary for our services, business operations, or legal obligations. This may occur, for example, with parties that support us with:

• CRM and business software;
• automation and integrations;
• website hosting and email hosting;
• analytics and reporting;
• administration and invoicing;
• newsletter and communication tools;
• IT management, security and backup.

Where necessary, we enter into a data processing agreement with parties that process personal data on our behalf. We never sell personal data to third parties.

7. International transfers

It may occur that personal data is processed by service providers outside the European Union or European Economic Area, or that data is accessible from those countries. In that case, we ensure that transfer only takes place if permitted under applicable privacy legislation, for example on the basis of an adequacy decision or appropriate safeguards such as Standard Contractual Clauses.

8. How long do we retain personal data?

We do not retain personal data longer than necessary for the purpose for which we collected it, unless we are legally required to retain the data longer.

In principle, we apply the following retention periods:

• contact requests and general correspondence: maximum 12 months after settlement, unless a customer relationship arises therefrom;
• quotation requests and prospect data: maximum 24 months after the last relevant contact, unless removal is requested earlier or an agreement is reached;
• newsletter details: until you unsubscribe or until we determine that the data is no longer up-to-date;
• customer and project details: during the term of the agreement and thereafter for as long as necessary for administration, evidence, support, and aftercare;
• invoices and tax administration: at least 7 years, to the extent required by law;
• login and security details: no longer than necessary for security and management purposes.

9. Cookies and similar technologies

Our website uses cookies and similar technologies. You can find more information about this in our separate cookie statement.

To the extent required by law, we ask for prior consent to place non-essential cookies, in particular tracking and marketing cookies.

10. Security of personal data

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, unwanted disclosure, and unauthorized modification.

Consider, among other things:

• access restriction based on necessity;
• secure connections;
• strong passwords and, where possible, multifactor authentication;
• periodic updates and security measures;
• careful selection of suppliers and processors.

11. Automated decision-making and AI

MFORZ can utilize automation, reporting, and AI functionalities to make processes run more efficiently, for example for analyses, summaries, draft texts, classification, or workflow support.

We do not make decisions without human intervention that are based solely on automated processing and that have legal effects on you or otherwise significantly affect you, unless this is expressly stated and there is a valid legal basis for it.

12. Your rights

Under the GDPR, you have the following rights, among others:

• right of inspection;
• right to rectification;
• right to removal;
• right to restriction of processing;
• right to data portability, where applicable;
• right to object to processing based on legitimate interest;
• right to object to direct marketing;
• right to withdraw previously given consent;
• right to lodge a complaint with the Dutch Data Protection Authority.

You can send a request to info@mforz.com. To prevent misuse, we may ask you to verify your identity in an appropriate manner.

13. Complaints

If you have a complaint about the way we handle personal data, we would like to hear from you first so that we can try to resolve it. You also have the right to lodge a complaint with the Dutch Data Protection Authority.

14. Changes

We may amend this privacy statement from time to time, for example if legislation changes or if our services change. The most current version is always available on our website.