GFX Networks is committed to protecting the privacy of individuals who interact with our website and services. This policy explains what data we collect, why, and what rights you have under the General Data Protection Regulation (GDPR).
1. Data Controller
The data controller responsible for your personal data is:
GFX Networks B.V.
Keizersgracht 482
1017 EG Amsterdam
Netherlands
Registration: KvK 85234761
Email: privacy@gfx1983.org
2. Data We Collect
We collect only the minimum data necessary to operate our services and fulfil our legal obligations. This may include:
- Contact information — name, email address, phone number, when you contact us or request a service quotation.
- Technical data — IP address, browser type, operating system, and access timestamps collected automatically via server logs.
- Service data — network configuration details, traffic volumes (aggregated), and service-level parameters necessary to provision and monitor contracted services.
- Billing data — company name, VAT number, invoice address, and payment references required for contractual and legal compliance purposes.
We do not collect sensitive personal data as defined under Article 9 of the GDPR.
3. Purpose and Legal Basis
We process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR) — to deliver the services you have contracted with us, including provisioning, billing, and technical support.
- Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable Dutch and EU law, including telecommunications regulation and financial record-keeping requirements.
- Legitimate interests (Art. 6(1)(f) GDPR) — to maintain network security, prevent fraud, and improve service quality. Our interests are balanced against your right to privacy.
- Consent (Art. 6(1)(a) GDPR) — for optional communications such as newsletters or product updates, where you have given explicit consent.
4. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected:
- Contact and enquiry data: 24 months from last interaction.
- Contract and billing records: 7 years, as required by Dutch tax law.
- Technical logs (IP addresses, access records): 90 days, unless required longer for security investigation.
- Service data: duration of the contract plus 12 months.
5. Data Sharing
We do not sell personal data. We may share data with:
- Service providers acting as data processors under appropriate data processing agreements (DPA), including hosting providers, accounting software, and ticketing systems.
- Competent authorities where required by applicable law or a valid legal order. We will inform affected parties where legally permitted to do so.
- Group entities within GFX Networks where operationally necessary and subject to equivalent data protection standards.
All processors are located within the European Economic Area or subject to appropriate transfer mechanisms under Chapter V of the GDPR.
6. Your Rights
Under GDPR you have the following rights, which you may exercise at any time by contacting privacy@gfx1983.org:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your data where there is no legitimate reason for continued processing.
- Restriction — request that we restrict processing of your data in certain circumstances.
- Portability — receive your data in a structured, commonly used format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
7. Security
GFX Networks implements technical and organisational measures appropriate to the risk of processing, including encryption in transit and at rest, access controls, regular security assessments, and staff data protection training. We are ISO/IEC 27001 certified.
In the event of a personal data breach likely to result in high risk to individuals, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.
8. Cookies
Our website uses only strictly necessary cookies required for basic functionality such as session management. We do not use analytics, advertising, or third-party tracking cookies. No consent banner is required as no non-essential cookies are placed.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always available at this URL. Material changes will be communicated to active clients by email at least 30 days before they take effect.
For any privacy-related queries or to exercise your rights, please contact our Data Protection Officer:
Email: privacy@gfx1983.org
Post: GFX Networks B.V., Attn: DPO, Keizersgracht 482, 1017 EG Amsterdam, Netherlands
We aim to respond to all requests within 30 days.