Menu

Legal

Privacy Policy

Effective date: 30 March 2026  •  The Viking — Daniel van der Velden

This Privacy Policy applies to all websites and services operated by Daniel van der Velden (sole proprietorship) under the brand The Viking, including:

  • The Viking Automation — thevikingautomation.com & book.thevikingautomation.com
  • The Viking Webdesign — thevikingwebdesign.com
  • The Viking Coaching — thevikingcoaching.com
  • The Viking (main) — theviking.info

Data controller: Daniel van der Velden, Platanenlaan 142, 1613 TS Grootebroek, Nederland. KVK registered sole proprietorship.

Contact: info@thevikingautomation.com  |  info@theviking.info

1. Data We Collect

We collect the following categories of personal data:

  • Contact data: name, email address, phone number
  • Business data: company name, VAT number (for automation and webdesign clients)
  • Health data: only for coaching services, with explicit written consent
  • Payment data: processed by third-party processors (Stripe, Mollie); we do not store card details
  • Technical data: IP address, browser type, OS, pages visited, time on page
  • Booking data: appointment details collected via TidyCal
  • Plugin data: anonymous usage statistics for free WordPress plugins; full opt-out for premium users

2. How We Use Your Data

Your data is used exclusively for:

  • Delivering coaching sessions, WordPress development, and automation services
  • Processing payments and sending invoices
  • Booking and scheduling via TidyCal
  • Responding to support requests and enquiries
  • Sending marketing communications only with your prior consent
  • Free plugin users consent to receive marketing emails for up to 12 months; premium users may opt out immediately
  • Legal compliance and record keeping

3. Legal Basis (GDPR)

  • Contract: processing necessary to deliver services you requested
  • Legal obligation: invoicing, tax records (Dutch law, 7-year retention)
  • Consent: marketing emails, health data, non-essential cookies
  • Legitimate interest: website security, fraud prevention

4. Data Retention

  • Client and invoice data: 7 years (Dutch tax law)
  • Contact form and email enquiries: 2 years after last contact
  • Health data (coaching): deleted within 1 year of end of coaching relationship unless you request otherwise
  • Marketing consent records: retained until consent is withdrawn + 1 year
  • Technical/analytics data: 26 months maximum

5. Cookies & Tracking

We use the following cookie categories:

  • Essential: required for site functionality (always active)
  • Analytics: Google Analytics / Matomo — only with consent
  • Marketing: only on pages where explicitly enabled and consented to

You can withdraw cookie consent at any time via the cookie banner or by contacting us.

6. Third-Party Services

We share data only where necessary with GDPR-compliant processors:

  • TidyCal — appointment scheduling
  • Stripe / Mollie — payment processing
  • Google Workspace — email and calendar
  • Hetzner / TransIP — hosting and DNS
  • Nextcloud (self-hosted) — file storage
  • Google Analytics — website analytics (with consent)

We do not sell your data to third parties.

7. International Data Transfers

Where data is transferred outside the EU/EEA (e.g. Google services), we ensure adequate safeguards are in place including Standard Contractual Clauses (SCCs) as required by GDPR Chapter V.

8. Your Rights

Under GDPR you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion (‘right to be forgotten’)
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior processing

To exercise any right: info@thevikingautomation.com. We respond within 30 days.

You also have the right to lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevensautoriteitpersoonsgegevens.nl

9. Security

  • All websites served over HTTPS (TLS encryption)
  • Self-hosted infrastructure (Nextcloud, n8n) secured with access controls and regular updates
  • Passwords stored with bcrypt hashing
  • Data breach notification to Autoriteit Persoonsgegevens within 72 hours if required

10. Children

Our services are not directed at persons under 16. We do not knowingly collect data from minors. If you believe a minor has provided data to us, contact us immediately.

11. Policy Updates

We may update this policy periodically. The effective date at the top of this page reflects the most recent revision. Material changes will be communicated by email to active clients.

Effective date: 30 March 2026  |  Daniel van der Velden — The Viking

Questions? info@thevikingautomation.com  •  Platanenlaan 142, 1613 TS Grootebroek, Nederland