JM Websites (“we”, “us”) respects the privacy of every visitor of jmwebsites.nl and of our clients. This privacy policy explains which personal data we process, why we process it, how long we retain it and which rights you have. It is drafted in accordance with the EU General Data Protection Regulation (GDPR).
1. Who is the controller?
The data controller within the meaning of the GDPR is:
- JM Websites
- Wijnhaven 92, 3011 WS Rotterdam, The Netherlands
- Email: info@jmwebsites.nl
- Phone: +31 6 49659441
- Chamber of Commerce (KvK): 98061909
- VAT number: NL868343250B01
2. Which personal data do we process?
Depending on how you interact with us, we process the following categories of personal data:
- Contact details such as name, email address, phone number and company name you submit through our forms (contact form, free design request, service-page forms).
- Message content, the text you fill in or send us by email.
- Technical data such as IP address, browser type, device and visit time. Processed by our hosting provider and analytics tools for security and statistics.
- Client data from engagements, when performing an assignment we process additional data needed for delivery, billing and communication (e.g. Chamber of Commerce details, billing address, project documentation).
- Google Ads conversion data (our own campaigns), we run Google Ads campaigns to promote JM Websites. Via the Google Ads conversion tag on our own site we measure aggregated conversions (such as form submissions). See section 8 for details.
3. Why do we use these data?
- To respond to contact requests and free design enquiries.
- To prepare quotes and deliver assignments.
- To invoice and run our financial administration.
- To comply with statutory obligations (e.g. tax retention requirements).
- To improve our website and services based on anonymised statistics.
- To prevent spam, abuse and fraud on our forms.
- To measure the effectiveness of our own Google Ads campaigns, build internal reports and optimise our marketing.
4. On which legal grounds do we process data?
- Performance of a contract, for assignments, quotes and invoicing.
- Consent, for non-essential cookies and marketing communications. You may withdraw your consent at any time.
- Legitimate interest, for security, fraud prevention and service improvement.
- Legal obligation, for retention periods imposed by tax law.
5. With whom do we share data?
We do not sell data. We share personal data only with processors we engage to deliver our services. We have a data processing agreement in place with every processor. The main parties are:
- Vercel Inc., hosting and CDN for our website and client websites.
- Supabase Inc., database and backend for form submissions and client administration.
- Google LLC / Google Ireland Ltd., Google Analytics and the Google Ads API for measuring our own ads.
- Email providers, for sending transactional emails (such as contact-form confirmations).
- Accounting and invoicing software, for issuing and storing invoices.
Some of these parties are based outside the European Economic Area (EEA). In that case we ensure appropriate safeguards such as the EU standard contractual clauses (SCCs) and supplementary technical measures.
6. How long do we retain data?
- Contact and quote requests: up to 24 months after the last contact, unless they result in an engagement.
- Client files and project documentation: for the duration of the engagement plus 7 years after completion (tax retention).
- Invoices and financial administration: 7 years (tax retention).
- Website and technical logs: up to 12 months.
- Aggregated Google Ads conversion data from our own campaigns: up to 14 months (standard Google Ads retention).
7. Cookies
Our website uses three categories of cookies:
- Functional cookies, required to make the site work (e.g. remembering your cookie choice). We place these without consent on the basis of legitimate interest.
- Analytical cookies, optional Microsoft Clarity for anonymised session analysis (heatmaps and visitor behaviour). We place these only after consent, and only when we have Clarity actively enabled.
- Marketing and advertising cookies, Google Ads (conversion tag and remarketing) and Google Analytics. We place these only after your explicit consent via our cookie banner.
We use Google Consent Mode v2: as long as you have not given consent, marketing and analytical signals are blocked by Google. You can change your choice at any time by removing the cookies for jmwebsites.nl in your browser; the banner will then reappear.
8. Google Ads & Google Ads API (internal use)
JM Websites runs its own Google Ads campaigns to promote our own services. As part of that, we are registered as a Google Ads API developer, used exclusively for internal use on our own Google Ads account. We do not manage Google Ads accounts for clients via the API.
- Which data we process: aggregated campaign, ad and conversion data from our own Google Ads account. This does not include directly identifiable personal data of individual website visitors.
- Purpose: measuring the effectiveness of our own ads, building internal reports and automating budget management for our own campaigns.
- Legal ground: our legitimate interest in measuring and optimising our marketing, and — for placing the Google Ads conversion tag on our site — your consent via the cookie banner.
- Google API Services User Data Policy: our use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
9. Security
We take appropriate technical and organisational measures to protect your data: TLS/HTTPS, role-based access controls, strong authentication (including 2FA), log monitoring and regular software updates.
10. Your rights
Under the GDPR you have the right to access, correction, erasure, restriction, objection, data portability and withdrawal of consent. Send a request to info@jmwebsites.nl from the email address on file with us. We respond within 30 days. Complaints can be filed with the Dutch Data Protection Authority, Autoriteit Persoonsgegevens.
11. Changes
We may update this privacy policy from time to time. The current version always lives on this page, with the date of last revision at the top.
12. Contact
Questions about this privacy policy? Email info@jmwebsites.nl or call +31 6 49659441.