This privacy policy template was generated as a starting point. It is not legal advice. Every business is different, and we recommend having your privacy policy reviewed by a legal professional, especially if you process sensitive data, serve minors, or operate in multiple jurisdictions.
Privacy Policy
Last updated: 21 April 2026
Who we are
FaberEsto (faberesto.nl) is the data controller responsible for processing your personal data. We are based in the Netherlands.
Contact email: faberesto@gmail.com
What personal data we collect and why
We collect personal data only when necessary for the purposes described below. For each type of data, we indicate the legal basis under the GDPR.
Contact form
When you submit our contact form, we collect your name, email address, and message content.
- Purpose: To respond to your inquiry.
- Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — you contact us expecting a reply.
- Retention: 12 months after your last communication.
Cookies and tracking
Our website uses cookies. Cookies are small text files stored on your device when you visit a website. Under the Telecommunicatiewet (Dutch Telecommunications Act) and the GDPR, we are required to inform you about the cookies we use and to obtain your consent before placing non-essential cookies.
Types of cookies we use
- Strictly necessary cookies: These are essential for the website to function (e.g., session cookies, security cookies). These do not require consent.
- Analytics cookies: These help us understand how visitors use our website. They are only placed after you give consent.
- Third-party cookies: Some embedded content (such as maps, videos, or social media buttons) may set cookies from third-party domains. These are only loaded after consent.
You can manage your cookie preferences at any time through our cookie consent banner. You can also delete cookies through your browser settings.
Third-party services
We use the following third-party services that may process your personal data:
- Google Maps: IP address, location data, usage data. Privacy policy: https://policies.google.com/privacy
- YouTube (Google): IP address, viewing behavior, device information. Privacy policy: https://policies.google.com/privacy
- Vimeo: IP address, viewing behavior, device information. Privacy policy: https://vimeo.com/privacy
- Facebook (Meta): IP address, browsing behavior, interaction data. Privacy policy: https://www.facebook.com/privacy/policy/
- Instagram (Meta): IP address, browsing behavior, interaction data. Privacy policy: https://privacycenter.instagram.com/policy
- LinkedIn: IP address, browsing behavior, interaction data. Privacy policy: https://www.linkedin.com/legal/privacy-policy
- Formspree: Name, email address, IP address, and any personal information submitted via contact forms. Privacy policy: https://formspree.io/legal/privacy-policy/
Data retention
We do not keep your personal data longer than necessary for the purposes described in this privacy policy. Below is a summary of our retention periods:
- Contact form submissions: 12 months after last communication
- Analytics data: 26 months
- Server logs: 90 days
Your rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can ask us to correct inaccurate or incomplete data.
- Right to erasure: You can ask us to delete your personal data, subject to legal obligations.
- Right to data portability: You can request your data in a structured, machine-readable format.
- Right to object: You can object to processing based on legitimate interest.
- Right to restrict processing: You can ask us to limit how we use your data.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.
If you wish to exercise any of these rights, please contact us at the email address listed above. We will respond within 30 days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (AP):
https://autoriteitpersoonsgegevens.nl/een-klacht-indienen
International data transfers
Some of the third-party services we use are based in the United States. This means your personal data may be transferred outside the European Economic Area (EEA).
This applies to: Google Maps, YouTube (Google), Vimeo, Facebook (Meta), Instagram (Meta), LinkedIn, Formspree
These transfers are safeguarded by the EU-U.S. Data Privacy Framework adequacy decision adopted by the European Commission in July 2023. Where a service is not covered by this framework, Standard Contractual Clauses (SCCs) approved by the European Commission are used as the legal mechanism for the transfer.
Changes to this privacy policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will update the "last updated" date at the top of this page. We encourage you to review this page periodically.
Contact
If you have any questions about this privacy policy or how we handle your personal data, please contact us: