Ga naar hoofdinhoud
Legal

Privacy Policy

Last updated: 10 January 2026

1. Introduction

SW.STUDIO respects your privacy and takes the protection of your personal data seriously. This privacy policy explains what personal data we collect, why we collect it, how we use it, and who we share it with.

This privacy policy applies to all services and products offered by SW.STUDIO, including our website, communication by email, and any other interactions you have with us.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy legislation in the Netherlands and the European Union.

2. Data Controller

SW.STUDIO is the controller responsible for processing your personal data. Our contact details are:

SW.STUDIO

Stef Wubbe

Email: stef.wubbe@sw-studio.nl

Website: sw-studio.nl

For questions about this privacy policy or the processing of your personal data, please contact us using the details above.

3. What Personal Data We Collect

We collect different types of personal data, depending on how you get in touch with us:

3.1 Data You Provide Yourself

  • Name and contact details: First and last name, email address, phone number, company name
  • Company information: Industry, website URL, type of service you are interested in
  • Project information: Budget, timeline, desired features, target audience
  • Correspondence: Emails, messages and other communication with us
  • Payment details: Billing address, VAT number (not credit card details; these are processed by our payment provider)

3.2 Automatically Collected Data

  • Technical data: IP address, browser type, device type, operating system
  • Usage data: Pages visited, click behavior, referring websites
  • Analytics data: Via Google Analytics 4 (anonymized) and Microsoft Clarity (session recordings and heatmaps, see section 9)

3.3 Data From Third Parties

We do not collect personal data from third parties without your consent, unless legally required or permitted.

4. Why We Collect This Data

We process your personal data for the following purposes, each based on a valid legal ground under GDPR:

4.1 Performance of a Contract

We process your data to deliver our services:

  • Processing your request for a strategy call
  • Communication about your project
  • Design and development of your website
  • Providing training and support
  • Invoicing and payment processing

4.2 Legitimate Interest

For certain processing activities, we rely on a legitimate interest:

  • Improving our services and website
  • Analyzing user behavior (anonymized)
  • Protection against fraud and misuse
  • Limited business follow-up on existing inquiries or client contacts, to the extent this falls within our legitimate interest

4.3 Legal Obligation

In some cases we are legally required to retain data:

  • Tax records (7-year retention period)
  • Contracts and legal documents
  • Compliance with supervisory authorities

4.4 Consent

For certain processing activities, we explicitly ask for your consent, such as newsletters or non-essential cookies. You can withdraw this consent at any time.

5. How Long We Retain Your Data

We do not retain your personal data longer than necessary for the purposes for which it was collected:

Data TypeRetention Period
Contact form inquiries2 years after last contact
Client data (active project)Duration of project plus 1 year
Invoicing and tax records7 years (legally required)
Contracts and legal documents7 years after end of contract
Analytics data (anonymized)14 months (Google Analytics)
CookiesSee cookie policy

Once the retention period has expired, your data is securely deleted or anonymized.

6. Sharing Data With Third Parties

We never sell your data to third parties. We only share your data with third parties when necessary to deliver our services or when legally required to do so:

6.1 Processors

We use external service providers for hosting, analytics and other technical services. Where these parties act as processors, we put appropriate contractual arrangements in place. Where personal data is transferred outside the EEA, we base that transfer, where required, on Standard Contractual Clauses (SCCs) or another permitted transfer mechanism:

  • Hosting: Vercel (USA, Standard Contractual Clauses)
  • CMS & Database: Sanity.io (USA, Standard Contractual Clauses)
  • Analytics: Google Analytics 4 (USA, SCCs), Microsoft Clarity (USA, SCCs), Ahrefs (Singapore, SCCs)
  • Email Marketing: Brevo (France, EU based)

Where GDPR requires it, we enter into data processing agreements or comparable data protection arrangements that set out responsibilities, security measures and retention periods.

6.2 Legal Obligation

We may disclose your data to authorities when legally required, for example under a court order or for tax purposes.

7. Security of Your Data

We take appropriate technical and organizational measures to protect your personal data:

  • Encryption: All data transfer via HTTPS/SSL
  • Access control: Restricted access to personal data
  • Hosting security: Professional hosting with security measures
  • Updates: Regular security updates for software and systems

Data Breach Notification Duty

In the event of a data breach, we act in accordance with GDPR. Where notification is required, we report it without undue delay and, where necessary, within 72 hours to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). We inform affected individuals whenever the law requires it.

8. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

Right of access

You have the right to know what personal data we process about you.

Right to rectification

You have the right to have inaccurate or incomplete personal data corrected.

Right to erasure ("right to be forgotten")

You have the right to have your personal data deleted, unless we have a legal obligation to retain it.

Right to restriction of processing (GDPR Article 18)

You have the right to restrict the processing of your personal data in the following situations:

  • Accuracy contested: While you contest the accuracy of the personal data, for a period allowing us to verify its accuracy.
  • Unlawful processing: Where processing is unlawful and you request restriction instead of erasure.
  • Legal claims: Where we no longer need the personal data, but you need it for the establishment, exercise or defense of legal claims.
  • Objection: Where you have objected to processing, pending verification of whether our legitimate grounds override your interests.

What happens during restriction? Your data remains stored but is not further processed, except for storage, for the establishment, exercise or defense of legal claims, for the protection of the rights of another natural or legal person, or with your explicit consent.

Right to data portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to object

You have the right to object to the processing of your personal data on grounds of legitimate interest.

Right to withdraw consent

Where we process your data based on consent, you can withdraw that consent at any time.

How Can You Exercise Your Rights?

You can easily exercise your GDPR rights via our secure Data Request Form with two-step email verification, or by contacting us directly:

Email: stef.wubbe@sw-studio.nl

We will respond to your request within 1 month (30 days). In complex cases, we may extend this period by up to 2 additional months.

Filing a Complaint?

If you are not satisfied with how we have handled your complaint, you have the right to lodge a complaint with the supervisory authority:

Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
Website: autoriteitpersoonsgegevens.nl
Phone: (+31) - (0)70 - 888 85 00

9. Cookies and Tracking

Our website uses cookies and similar technologies. For detailed information about which cookies we use and why, please see our separate Cookie Policy.

Summary:

  • Essential cookies: Necessary for the website to function (no consent required)
  • Analytics cookies: Google Analytics 4 with IP anonymization (consent required)
  • Marketing cookies: We do not use these without your explicit consent

You can adjust your cookie preferences at any time via our consent management page.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our services or applicable legislation.

How do we inform you?

  • For minor changes: an update to the "Last updated" date at the top of this page
  • For significant changes: email notification to existing clients and a clear notice on our website

We recommend reviewing this privacy policy regularly to stay informed of any changes.

11. Contact

Do you have questions about this privacy policy or about how we process your personal data? Feel free to get in touch:

SW.STUDIO

Contact person: Stef Wubbe

Email: stef.wubbe@sw-studio.nl

Website: sw-studio.nl

We aim to respond to your question within 2 business days.

This privacy policy has been drafted in accordance with the General Data Protection Regulation (GDPR), the Dutch GDPR Implementation Act (Uitvoeringswet AVG) and other applicable Dutch and European privacy legislation.