Privacy Policy

Introduction

Orvion B.V. ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage with our civil engineering services. This policy complies with the General Data Protection Regulation (GDPR) and Dutch privacy laws.

Data Controller

Orvion B.V. acts as the data controller for the personal information we collect. Our contact details are:

Orvion B.V.
Beukenlaan 94
5660 RN Eindhoven
North Brabant, Netherlands
Email: privacy@orvion.top
Phone: +31 40 435 2283
KvK: 74029518 | VAT: NL892476305B01

Data Collection

The data we collect includes personal information that you voluntarily provide to us when you contact us, request our services, or interact with our website. This may include:

• Name and contact information (email address, phone number, postal address)
• Company or organisation details
• Project requirements and technical specifications
• Communication preferences
• Website usage data and analytics information
• Cookie data and browsing behaviour

How We Use Your Information

We explain how we use your information for the following purposes, based on legitimate business interests and your consent where required:

• Providing civil engineering services and project consultation
• Responding to your enquiries and communication
• Processing service requests and managing client relationships
• Improving our website and services
• Sending relevant information about our services (with your consent)
• Complying with legal obligations and regulatory requirements
• Protecting our legitimate business interests

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: When you explicitly agree to our processing of your data
• Contract: When processing is necessary for performing our services
• Legitimate Interest: For business operations, website improvement, and client communication
• Legal Obligation: When required by law or regulation

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With trusted service providers who assist in our business operations
• When required by law or legal process
• To protect our rights, property, or safety
• With your explicit consent
• In connection with a business transfer or acquisition

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Typically:

• Client project data: 7 years after project completion (legal requirement)
• Contact enquiries: 3 years from last contact
• Website analytics: 26 months
• Marketing communications: Until you unsubscribe or withdraw consent

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us at:

Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable data protection laws.