Water Ingredients

Privacy

Privacy statement

How we handle personal data under the EU General Data Protection Regulation (GDPR / AVG).

Last updated: 2026-04-14

Draft for review. This page is a starting template. Before publishing, have a Dutch lawyer validate it against your current practice — especially clauses on liability, warranty, jurisdiction and any industry conditions you already apply (e.g. Metaalunievoorwaarden, FME, your own AV).

1. Controller

The controller within the meaning of Article 4(7) GDPR is Water Ingredients B.V., Van Lyndenlaan 1, 3768 ME Soest, the Netherlands. Chamber of Commerce (KvK) registration: [[KvK number — fill in before launch]]. VAT number: [[BTW / VAT number — fill in before launch]]. You can reach us at info@wateringredients.com or +31 35 588 0989.

2. What personal data we process

We process personal data only where we need it to run a business-to-business relationship:

  • Quote and contact requests. Your name, company, email, phone, country, product interest, volume, delivery preferences and any message you send us via the contact or quote form on this website.
  • Customer and prospect records. Contact details of people we deal with at supplier and customer organisations (name, role, email, phone), together with purchase history, shipping addresses and invoicing details.
  • Email correspondence. The content of messages you exchange with us, retained in our mailbox.
  • Server and analytics logs.When you visit this website our hosting provider (Vercel) records standard HTTP logs — IP address, user-agent, timestamp, requested URL — for security, abuse prevention and debugging. We use Vercel’s cookieless analytics to measure aggregate page views. See our Cookie statement.

We do not knowingly collect personal data from children. We do not sell personal data. We do not process special categories of data (Article 9 GDPR) through this website.

3. Why we process this data (purposes and legal bases)

  • To respond to enquiries and prepare quotes — Article 6(1)(b) GDPR (steps at the request of the data subject prior to entering into a contract) or 6(1)(f) (legitimate interest of responding to B2B contacts).
  • To perform sales contracts and deliver products — Article 6(1)(b) GDPR (performance of a contract).
  • To comply with legal obligations (tax, customs, REACH, product-safety documentation, accounting) — Article 6(1)(c) GDPR.
  • To protect and improve our website (security, abuse prevention, aggregate usage measurement) — Article 6(1)(f) GDPR (legitimate interest).

4. How long we keep it

  • Quote and contact requests that do not lead to a commercial relationship: up to 24 months from last contact, then deleted.
  • Customer and supplier records: for the duration of the commercial relationship plus the statutory tax-retention period (7 years in the Netherlands).
  • Server logs: no longer than our hosting provider retains them (typically under 30 days) unless needed to investigate a specific incident.

5. Who we share it with

We share personal data only with parties that support us in running the business, under written data-processing agreements where required:

  • IT and communication providers — website hosting (Vercel Inc., USA, relying on EU-US Data Privacy Framework), transactional email (Resend, Inc., USA, relying on Standard Contractual Clauses), email provider, accounting software.
  • Logistics and freight forwarders — to ship and deliver product, including customs brokers where required.
  • Professional advisors — auditors, lawyers, tax advisors.
  • Public authorities — where we are legally obliged to share information (tax, customs, REACH, court orders).

Transfers outside the EEA are protected by an adequacy decision, the EU-US Data Privacy Framework, or Standard Contractual Clauses.

6. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have data deleted where applicable;
  • restrict or object to processing;
  • receive your data in a portable format;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).

To exercise any of these rights, email info@wateringredients.com. We will respond within one month.

7. Security

We take appropriate technical and organisational measures to protect personal data, including TLS in transit, access controls on our systems, and retention limits. If a personal-data breach occurs that is likely to result in a risk to your rights, we will notify you and the Dutch Data Protection Authority as required by Articles 33 and 34 GDPR.

8. Changes to this statement

We may update this privacy statement as our practices or the law evolve. We will revise the “last updated” date at the top of the page. Material changes will be communicated to customers where appropriate.