Privacy Notice

Last updated: 20 November 2025

This notice explains how bayata collects, uses, and protects personal data for clients, prospects, and website visitors in line with the GDPR, the Dutch AVG, and Dutch Telecommunications Act requirements.

Personal data we process

  • Identity data such as name, job title, and company information shared via forms or discovery calls.
  • Contact details including email address, phone number, and preferred language.
  • Engagement data such as service interests, project context, and meeting notes stored in secure CRM systems.
  • Technical metadata collected via essential analytics (IP range, browser, device) to protect our infrastructure.

Lawful bases for processing

  • Consent when you opt into newsletters, product updates, or marketing downloads.
  • Legitimate interest to answer inbound enquiries, scope proposals, and maintain business relationships.
  • Contractual necessity when preparing, executing, or supporting signed service agreements.
  • Legal obligation to retain invoices and compliance evidence required by Dutch regulators.

Your rights

  • Access, rectification, or deletion of personal data we store about you.
  • Restriction or objection to specific processing activities, including marketing communications.
  • Data portability for information supplied under consent or contract.
  • Right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch DPA).

Retention & security safeguards

  • Data is retained only for the lifecycle of an engagement plus the legally mandated archival period (up to 7 years for finance records).
  • Access is limited through role-based controls, MFA-protected admin accounts, and annual access reviews.
  • Data in transit uses TLS 1.3 and at rest is encrypted via cloud provider managed keys (Azure/AWS).
  • We align with ISO 27001 Annex A controls for asset management, logging, supplier security, and incident response.

Processors & international transfers

  • Core systems are hosted in EU data centres; any transfer outside the EEA is covered by EU SCCs and risk assessments.
  • Key processors include Microsoft 365, Atlassian, Stripe, and ISO 27001 certified hosting partners.
  • Vendors are assessed annually for GDPR, SOC 2, and ISO 27001 alignment before onboarding.

Contact & DPO

  • Email: privacy@bayata.nl
  • Postal: bayata, Herengracht 320, 1016 CE Amsterdam | KvK: 99323206
Contact our DPO →

We use cookies

We use cookies to enhance your browsing experience, analyze site traffic, and personalize content. By clicking 'Accept All', you consent to our use of cookies.

Learn more in our Privacy Policy

Cookie Settings

Manage your cookie preferences. You can enable or disable different types of cookies below.

Necessary Cookies

These cookies are essential for the website to function properly. They cannot be disabled.

Always Active

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

Marketing Cookies

These cookies are used to deliver personalized advertisements and track campaign performance.

For more information about how we use cookies, please read our Privacy Policy