Skip to main content
mygenzy
Home / Legal / Privacy Policy
Version2026.06
Last updated13 June 2026
JurisdictionEU . Netherlands
99 . LegalPrivacy Policy

Privacy Policy.
Plainly, then legally.

What we collect, why we collect it, how long we keep it, and how to exercise your rights under GDPR. Plain-language summary at the top of each section.

Quick summary

We collect only what we need: server logs for security, contact details to reply to inquiries, and project materials to deliver our services. We do not sell data, share it with advertisers, or train AI models on it. You can access, correct, or delete your data at any time by emailing Email.

01Who we are

Mygenzy is operated by Benedikt Wieser, sole proprietor (eenmanszaak), registered in the Netherlands.

  • Address: Mosae Forum 1C, 6211DW Maastricht, Netherlands
  • Email: Email
  • Phone:
  • Chamber of Commerce (KvK): 97352365
  • VAT ID (btw-id): NL005264593B35

For the purposes of the EU General Data Protection Regulation (GDPR) and the Dutch Implementing Act (UAVG), Benedikt Wieser is the data controller.

02What we collect and why

We collect only what is necessary for the specific purpose:

  • Server logs. IP address, timestamps, pages visited, referrer, browser/OS, and status codes. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in operating and securing the website. Retained only as long as necessary, then deleted or anonymized.
  • Contact, bookings & project inquiries. When you use our contact form, book a call, or complete a project questionnaire (our "get started" flows), we collect your name, email, message content, the selected appointment time where applicable, and the project details you provide (briefing, desired service, budget). Legal basis: Art. 6(1)(b) GDPR — pre-contractual measures. These submissions are emailed to us and stored in our database (see "Who we share your data with").
  • Community opt-in (optional). If you sign up via our "free" community page, we collect your name and email to send you a community invitation by email. Legal basis: Art. 6(1)(a) GDPR — consent, which you can withdraw at any time.
  • Contract fulfillment. Project communications, briefings, media assets (video, audio, images — may contain personal data such as faces and voices). Legal basis: Art. 6(1)(b) GDPR — contract fulfillment. Retained as long as needed for delivery, revisions, and legal obligations.

We do not collect precise location data, advertising identifiers, or third-party tracking data without your explicit consent.

03How long we keep your data

Inquiries, bookings, and funnel submissions that do not become projects: up to 12 months, then deleted — this includes the copies stored in our database. Active client data: for the duration of the engagement plus 24 months. Invoices and accounting records: 7 years, as required by Dutch tax law. Server logs: anonymized or deleted within 14 months. Calendar entries created for a booked call are removed after the meeting takes place or is cancelled.

04Who we share your data with

We share data only with processors that help us operate, and only the data they need:

  • Hosting: Vercel Inc. (USA), with the application served from an EU data region, for hosting and delivering the website.
  • CDN, security & bot management: Cloudflare, Inc. (USA) for content delivery, DDoS/bot protection, and web application firewall. Cloudflare processes connection data (including IP address) to route and secure traffic and sets a strictly necessary security cookie (__cf_bm).
  • Email delivery: Resend (EU region) for routing contact form submissions.
  • Spam protection: Cloudflare Turnstile for blocking spam on forms. Turnstile does not set tracking cookies.
  • Rate limiting & abuse prevention: Upstash, Inc. (USA) provides the database we use to enforce form rate limits and block abuse. It stores your IP address and email address as short-lived keys that expire automatically.
  • Form & booking storage: Supabase, for storing contact, booking, and funnel submissions in a database hosted in the EU (Frankfurt region).
  • Scheduling: Google (Google Ireland Ltd.), for creating and managing calendar entries when you book a call — processing your name, email, and the appointment time.

Third-party services requiring consent: Google Analytics 4 (Google Ireland Ltd.), Microsoft Clarity (Microsoft Ireland Operations Ltd.), Meta Pixel (Meta Platforms Ireland Ltd.), Vimeo, and Instagram embeds. These load only after you grant explicit consent. See our Cookie Policy for details.

We do not share data with advertisers, data brokers, or AI training pipelines. Some recipients are located in or transfer data to the USA (e.g., Google, Microsoft, Meta, Cloudflare, Vercel, Upstash). Such transfers are safeguarded under the EU–U.S. Data Privacy Framework, where the recipient is certified, and/or the EU Standard Contractual Clauses, in line with Art. 44 ff. GDPR.

05Your rights

Under GDPR you have the right to:

  • Access the data we hold about you (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Have your data erased (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise any of these rights, email Email. We respond within 30 days, usually faster.

06Cookies and tracking

We use essential cookies that are strictly necessary for the site to function (e.g., session tokens for the client portal). Non-essential cookies — including analytics and marketing cookies — require your explicit consent before activation, per the Dutch Telecommunicatiewet, Article 11.7a. Google Analytics runs in Google Consent Mode: before you consent — and if you decline — it stores no cookies and sends only aggregated, cookieless signals; cookies and full measurement activate only with your consent. For the full cookie inventory, see our Cookie Policy.

07Security

We use TLS/SSL encryption for all data transmission and maintain appropriate technical and organizational measures to protect against loss, misuse, and unauthorized access.

08Contact and complaints

Questions about this policy or a request related to your data:

  • Email: Email
  • Postal: Mygenzy, c/o Benedikt Wieser, Mosae Forum 1C, 6211DW Maastricht, Netherlands

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Version v2026.06Last updated 13 June 2026Back to topBack to home