1. Controller Information

The controller responsible for data processing under the General Data Protection Regulation (GDPR) is:

SPINCHOICE B.V.

F.B. Deurvorststraat 15

7071 BE Ulft

Netherlands

Email: hello@spinchoice.com

2. Scope

This Privacy Notice applies to all users of our website, services, contact forms, newsletters, and digital communications.

We comply with:

• EU General Data Protection Regulation (GDPR)
• Dutch GDPR Implementation Act (UAVG)
• German BDSG (where applicable)
• Austrian DSG
• Spanish LOPDGDD
• EU ePrivacy Directive

3. Categories of Personal Data

We may process the following categories of personal data:

• Identity data (name, surname if provided)
• Contact data (email address, phone number if provided)
• Communication data (messages, inquiries)
• Technical data (IP address, browser type, device information)
• Usage data (website interaction, pages visited)
• Marketing consent data (opt-in status, timestamps)

4. Purpose of Processing

We process personal data for:

• Providing and operating our website
• Responding to inquiries and communication
• Business development and lead generation
• Sending newsletters and updates (with consent)
• Marketing and advertising optimization (with consent)
• Analytics and website improvement
• Fraud prevention and security

5. Legal Basis for Processing

We process data under:

• Art. 6(1)(a) GDPR – Consent (marketing, cookies, tracking)
• Art. 6(1)(b) GDPR – Contract or pre-contractual requests
• Art. 6(1)(f) GDPR – Legitimate interest (security, analytics, business operations)

6. Cookies and Consent Management

We use cookies and similar technologies.

Non-essential cookies are only activated after explicit consent via a Consent Management Platform (CMP), in compliance with:

• GDPR
• EU ePrivacy Directive
• Google Consent Mode v2

You may withdraw consent at any time via cookie settings.

7. Analytics

We use Google Analytics 4 (GA4).

• IP anonymization enabled where applicable
• Data processed only with consent
• Usage data helps improve website performance

Provider: Google Ireland Limited

8. Marketing & Advertising Technologies

With consent, we may use:

• Meta Pixel (Facebook/Instagram)
• Google Ads / Remarketing
• LinkedIn Insight Tag
• Affiliate tracking technologies (if applicable)

These tools allow measurement of marketing performance and delivery of relevant content.

Processing only occurs based on Art. 6(1)(a) GDPR (consent).

9. Embedded Third-Party Content

We may embed content such as:

• YouTube videos
• External widgets or review tools (e.g. ProvenExpert)

These providers may process technical usage data when content is loaded.

10. Communication & Contact Forms

When you contact us, we process your data to respond to your inquiry.

Legal basis:

• Art. 6(1)(b) GDPR (pre-contractual communication)
• Art. 6(1)(f) GDPR (legitimate interest in communication)

Data is deleted when no longer necessary unless legal retention applies.

11. Newsletter & Direct Marketing

If you subscribe, we process your email address to send:

• Market updates
• Investment opportunities
• International living content

Legal basis: Art. 6(1)(a) GDPR

You can unsubscribe at any time.

We store proof of consent (timestamp, IP address) for compliance purposes.

12. Business Development & Lead Processing

We may process contact data submitted via forms or inquiries for business development purposes.

This includes follow-up communication regarding relevant services or opportunities.

Legal basis:

• Art. 6(1)(b) GDPR
• Art. 6(1)(f) GDPR

13. International Data Transfers

Where data is transferred outside the EEA (e.g. to US-based providers such as Google, Meta, LinkedIn), we ensure appropriate safeguards such as:

• EU Standard Contractual Clauses (SCCs)
• Additional technical and organizational measures

14. Data Retention

We retain personal data only as long as necessary for:

• The purpose it was collected
• Legal obligations
• Legitimate business needs

Afterwards, data is securely deleted or anonymized.

15. Data Security

We implement appropriate technical and organizational measures to protect personal data against:

• Unauthorized access
• Loss
• Misuse
• Alteration

All data transmission is encrypted via SSL/TLS.

16. Data Subject Rights

You have the right to:

• Access your data
• Rectify incorrect data
• Erase your data (“right to be forgotten”)
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent
• Lodge a complaint with a supervisory authority

17. Supervisory Authority

You may lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens

www.autoriteitpersoonsgegevens.nl

Or your local EU authority (Germany, Austria, Spain).

18. Consent Management

We use a Consent Management Platform (CMP) to ensure that no non-essential cookies or tracking technologies are activated without your explicit consent.