Privacy Notice – Ignite Group
Last updated: 29-09-2025
Version 1.0 – Effective date: 01-10-2025
1) Introduction and controller (GDPR Art. 13(1)(a))
Ignite Group B.V. (“Ignite Group”, “we” or “us”) respects your privacy. This notice explains what personal data we process, for which purposes and legal bases, with whom we share data, how long we retain it, what rights you have and how to exercise them.
2) Categories of personal data (GDPR Art. 13(1)(c))
We may process: identification and contact details; correspondence data; recruitment data; project/grant-related data necessary for applications and reporting; online usage data such as IP address, browser type, visited pages and interaction data (anonymised where possible).
Special identifiers (e.g., tax identifiers) are processed only where legally required and strictly necessary.
3) Purposes and legal bases (GDPR Art. 13(1)(c),(d))
Service delivery; grant applications and reporting; communications and newsletters (opt-out available); website optimisation and statistics; marketing and personalisation (only with consent).
Legal bases: contract performance, legal obligations, legitimate interests (e.g., service improvement) and/or consent (for marketing/tracking).
4) Cookies and similar technologies (GDPR Art. 6(1)(a))
We use functional and analytical cookies. Marketing/Tracking cookies are placed only with your consent. Manage settings via your browser or our cookie controls.
Detailed cookie and tooling settings:
- Cookie banner categories: Functional (always on), Analytical (without personal data), Marketing/Tracking (off, opt-in).
- Google Analytics: IP anonymisation enabled, processor agreement with Google, no data sharing with other Google services; opt-out via the Google Analytics Opt-out Add-on: https://tools.google.com/dlpage/gaoptout/
- Google Ads: only with consent; retention up to 26 months.
- Microsoft Clarity: only with consent; anonymised usage data (click, mouse and scroll behaviour).
5) Sharing with third parties (GDPR Art. 13(1)(e))
We do not sell personal data. We share data only when necessary for service delivery (e.g., grant authorities, auditors), with processors under our instructions and safeguards, due to legal obligations or legitimate interests, or in case of corporate reorganisation with appropriate safeguards.
6) International transfers and storage (GDPR Art. 13(1)(f))
Data may be processed inside or outside the EEA subject to appropriate safeguards (e.g., SCCs). Where possible, storage remains within the EU.
7) Security measures (GDPR principle Article 5(1)(f))
We implement appropriate technical and organisational measures, including SSL, access controls and periodic evaluations/audits.
8) Retention (GDPR Art. 13(2)(a))
We retain data only as long as necessary or legally required (e.g., up to 7 years for certain records; recruitment data retained for the duration of the procedure; analytics/ads data according to tool configurations, e.g., 26 months).
9) Your rights (GDPR Art. 13(2)(b))
You have rights to access, rectification, erasure, restriction, portability, and to object (including direct marketing). You may withdraw consent at any time. You can lodge a complaint with the Dutch Data Protection Authority.
10) Events, photos and video (GDPR Article 6(1)(a) for consent; right to object Article 21)
We may capture overview images during events. For close-ups we ask consent; you may withdraw and request deletion.
11) Newsletters (GDPR Art. 6(1)(a); right to object Art. 21)
We send newsletters only upon subscription/consent. Each email contains an unsubscribe link.
12) Third-party websites (Transparency principle Article 5(1)(a))
Our site may contain links to third-party websites. Please review their privacy notices.
13) Changes and versioning (Transparency principle Article 5(1)(a))
Version 1.0 – 01-10-2025: First consolidated and harmonised privacy notice, including detailed cookie and tooling settings.
14) Contact point (GDPR Art. 13(1)(a))
Ignite Group is the controller. For questions about this notice or our processing, please contact our designated contact point:
Email: info@ignite-group.nl | Phone: 310882020400 | Address: Leeuwenbrug 97, 7411 TH Deventer.
15) Rights notice (GDPR Art. 13(2)(b))
You have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing, including objection to direct marketing. You may withdraw consent at any time without retroactive effect.
16) Rights enablement (GDPR Art. 13(2)(b))
You can exercise your rights by submitting a request via info@ignite-group.nl. We respond within one month of receipt; this period may be extended by two months depending on complexity and number of requests. Where necessary, we may request additional information to verify your identity. If you are dissatisfied with our response, you can lodge a complaint with the Dutch Data Protection Authority.
17) Source of data (where not obtained directly) (GDPR Article 14(2)(f))
Where personal data are not obtained directly from you (e.g., via partners, public sources or grant authorities), Ignite Group will inform you in line with GDPR information obligations, including the source of the data, the categories and purposes of processing.
18) Recipients or categories of recipients of personal data (GDPR Art. 13(1)(e))
Your personal data may be shared with external parties that support us in providing our services, such as IT service providers, hosting providers, administrative service providers, marketing partners and subcontractors. These parties process personal data solely on behalf of and according to the instructions of Ignite Group, and are contractually obliged to protect this data appropriately. We may also disclose data where we are legally required to do so.
19) Right to lodge a complaint with the supervisory authority (GDPR Art. 13(2)(d))
If you believe that your personal data are not being processed carefully or in accordance with the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). This can be done via:
20) Privacy compliance technologies (GDPR Art. 12(2)(b), 13(2)(b))
Ignite Group applies various technical and organisational measures to protect your personal data and ensure privacy (“privacy by design” and “privacy by default”). Examples include the use of secure internet connections (TLS/SSL), advanced firewalls and antivirus/anti‑malware, strict access controls, logging of data access, and email security standards such as DKIM, SPF and DMARC. Data are shared only with trusted partners that uphold the same privacy standards. Our employees are trained to act in a privacy‑aware manner, and we periodically evaluate our privacy policy against the latest regulatory requirements.