# Privacy Policy > Privacy policy for JM Websites. How we process personal data, which third parties we use (including the Google Ads API) and your rights under the GDPR. Source: https://jmwebsites.nl/en/privacy --- - Privacy Policy | JM Websites[Skip to content](#main-content)[←Back to home](/en) JM Websites (“we”, “us”) respects the privacy of every visitor of [jmwebsites.nl](https://jmwebsites.nl) and of our clients. This privacy policy explains which personal data we process, why we process it, how long we retain it and which rights you have. It is drafted in accordance with the EU General Data Protection Regulation (GDPR). ## 1. Who is the controller? The data controller within the meaning of the GDPR is: **JM Websites** - Wijnhaven 92, 3011 WS Rotterdam, The Netherlands - Email: [info@jmwebsites.nl](mailto:info@jmwebsites.nl) - Phone: [+31 6 14633648](tel:+31614633648) - Chamber of Commerce (KvK): 98061909 - VAT number: NL868343250B01 ## 2. Which personal data do we process? Depending on how you interact with us, we process the following categories of personal data: - **Contact details** — name, email address, phone number and company name you submit through our forms (contact form, free design request). - **Message content** — the text you fill in or send us by email. - **Technical data** — IP address, browser type, device and visit time. Processed by our hosting provider and analytics tools for security and statistics. - **Google reCAPTCHA data** — to prevent spam and abuse on our forms. - **Client data from engagements** — when performing an assignment we process additional data needed for delivery, billing and communication (e.g. Chamber of Commerce details, billing address, project documentation). - **Google Ads conversion data (our own campaigns)** — we run Google Ads campaigns to promote JM Websites. Via the Google Ads conversion tag on our own site we measure aggregated conversions (such as form submissions). See section 8 for details. ## 3. Why do we use this data? - To respond to contact requests and free-design requests. - To prepare quotes and perform engagements. - To invoice and keep our financial records. - To meet legal obligations (e.g. tax retention duty). - To improve our website and services based on anonymized statistics. - To prevent spam, abuse and fraud on our forms. - To measure the effectiveness of our own Google Ads campaigns, build internal reporting and optimize our marketing. ## 4. Legal basis for processing - **Performance of the contract** — for engagements, quotes and invoicing. - **Consent** — for non-essential cookies and marketing emails. You may withdraw consent at any time. - **Legitimate interest** — for security, fraud prevention and improving our services. - **Legal obligation** — for retention periods imposed by tax law. ## 5. Who do we share data with? We do not sell data. We only share personal data with processors we engage to deliver our services. We have a data processing agreement in place with each processor. The main parties are: - **Vercel Inc.** — hosting and CDN for our site and our clients' sites. - **Supabase Inc.** — database and backend for form submissions and client portals. - **Google LLC / Google Ireland Ltd.** — reCAPTCHA, Google Analytics (if enabled) and the Google Ads API. - **Email providers** — for sending transactional emails (such as contact form confirmations). - **Accounting & invoicing software** — for creating and storing invoices. - **n8n / self-hosted workflow tools** — for automations we build for clients. Some of these parties are based outside the European Economic Area (EEA). In that case we put in place appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs) and additional technical measures. ## 6. How long do we retain data? - Contact and quote requests: up to 24 months after last contact, unless an engagement follows. - Client files and project documentation: duration of the engagement plus 7 years (Dutch tax retention). - Invoices and financial records: 7 years (tax retention). - Website and technical logs: up to 12 months. - Aggregated Google Ads conversion data from our own campaigns: up to 14 months (standard Google Ads retention). ## 7. Cookies Our website uses three types of cookies: - **Functional cookies** — required for the site to work (e.g. language preference, form security via reCAPTCHA). We set these without consent on the basis of legitimate interest. - **Analytics cookies** — Vercel Analytics (cookieless and anonymized) and optionally Microsoft Clarity for anonymized session analysis. Clarity is only loaded after consent. - **Marketing & advertising cookies** — Google Ads (conversion tag and remarketing) and Google Analytics. We only activate these after your explicit consent via our cookie banner. We use [Google Consent Mode v2](https://support.google.com/tagmanager/answer/10718549): as long as you have not given consent, marketing and analytics signals are blocked by Google. You can change your choice at any time by clearing cookies for [jmwebsites.nl](https://jmwebsites.nl) in your browser; the banner will reappear. ## 8. Google Ads & Google Ads API (internal use) JM Websites runs its own Google Ads campaigns to promote our services. In that context we are registered as a Google Ads API developer, solely for **internal use on our own Google Ads account**. We do not manage Google Ads accounts for clients via the API. - **Which data we process:** aggregated campaign, ad and conversion data from our own Google Ads account. This does not include directly identifying personal data of individual visitors. - **Purpose:** measuring the effectiveness of our own advertising, building internal reporting, and automating budget management for our own campaigns. - **Legal basis:** our legitimate interest in measuring and optimizing our marketing and — for placing the Google Ads conversion tag on our site — your consent through the cookie banner. - **Google API Services User Data Policy:** our use of Google APIs complies with the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. ## 9. Security We apply appropriate technical and organizational measures to protect your data: TLS/HTTPS, role-based access control, strong authentication (including 2FA), log monitoring and regular software updates. ## 10. Your rights Under the GDPR you have the right to: - request access to your personal data; - have incorrect data corrected or completed; - request deletion (right to be forgotten); - restrict processing; - object to processing based on legitimate interest; - data portability; - withdraw a previously given consent. Send requests to [info@jmwebsites.nl](mailto:info@jmwebsites.nl). We respond within 30 days. If you disagree with our handling, you may file a complaint with the Dutch [Autoriteit Persoonsgegevens](https://autoriteitpersoonsgegevens.nl). ## 11. Changes We may update this privacy policy from time to time. The current version is always available on this page, with the date of last update at the top. ## 12. Contact Questions about this privacy policy? Email [info@jmwebsites.nl](mailto:info@jmwebsites.nl) or call [+31 6 14633648](tel:+31614633648).