Privacy Policy - Polderbase.ai

Last Updated: January 10, 2026

1. Introduction

Polderbase.ai ("we," "us," "our") is committed to protecting the privacy of our website visitors and customers. This Privacy Policy describes how we process personal data in compliance with the General Data Protection Regulation (GDPR / Algemene Verordening Gegevensbescherming - AVG) and the Dutch GDPR Implementation Act (UAVG).

2. Our Consortium and Data Controllership

Polderbase operates as a consortium of several legal entities. These entities act as Joint Controllers (within the meaning of Article 26 GDPR) because they jointly determine the purposes and means of the data processing described in this policy.

To ensure transparency and a single point of entry for our users, we have designated the following entity as our lead contact for privacy matters:

  • Lead Entity: AsterX B.V.

  • Chamber of Commerce (KvK) Number: 94279306

  • Email: info@polderbase.ai

The entities within our consortium have entered into a Joint Controllership Agreement to coordinate how we handle your data, secure it, and respond to your requests.

3. Data We Collect

We process personal data obtained through two primary channels:

A. Data Provided by You (Inbound)

When you use our website or contact form:

  • Identification & Contact: First Name, Last Name, Email address, Phone number.

  • Communication Content: Any information you voluntarily provide in message fields.

B. Data Obtained from Third Parties (Outbound/Prospecting)

To identify potential business partners and customers, we may obtain professional contact information from third-party service providers and public sources (e.g., Apollo.io, LinkedIn):

  • Professional Data: Job title, company name, professional email address, and business phone number.

  • Source: We ensure these providers comply with data protection standards before integrating their data into our systems.

C. Technical Data

  • Usage Data: IP address, browser type, and usage data collected via cookies (see Section 9).

4. Purpose and Legal Basis for Processing

In accordance with Article 6 of the GDPR, we process your data based on the following legal grounds:

Purpose

Category of Data

Legal Basis

Responding to Inquiries: Managing leads from contact form submissions.

Name, Email, Phone, Message

Performance of a Contract (pre-contractual measures).

Purpose

B2B Prospecting: Identifying and reaching out to potential business customers.

Category of Data

Professional Contact Data

Legal Basis

Legitimate Interest (balancing our interest in business growth against your privacy expectations).

Purpose

Marketing & Communications: Sending newsletters or updates.

Category of Data

Name, Email

Legal Basis

Consent (opt-in) or Legitimate Interest (existing customers).

Purpose

Website Analytics: Improving performance and user experience.

Category of Data

IP address, Cookie data

Consent (via our cookie banner).

Legal Basis

Purpose

Security & Compliance: Protecting systems and meeting legal obligations.

Category of Data

Log data, ID data

Legal Basis

Legal Obligation and Legitimate Interest.

5. Data Retention

We do not store your personal data longer than is strictly necessary:

  • Lead Information: If no contract is established, we delete your data within 12 months of the last contact.

  • Customer Records: Data related to active contracts is kept for the duration of the relationship and up to 7 years thereafter (statutory Dutch tax retention period).

  • Prospecting Data: If you indicate you are not interested, we move your data to a "suppression list" to ensure we do not contact you again, or delete it upon request.

6. Sharing Data with Third Parties

We share data with trusted service providers (Processors) including:

  • CRM & Sales Intelligence: Such as Apollo.io, to manage our lead generation and outreach.

  • Cloud Infrastructure: Hosting and storage providers.

  • Analytics: Google Analytics for website traffic monitoring.

All Processors are bound by a Data Processing Agreement (DPA) ensuring they only process data according to our instructions and maintain high security standards.

7. International Transfers

While we prioritize storage within the European Economic Area (EEA), some of our service providers (e.g., Apollo.io, LinkedIn.com) are based in the United States.

For transfers to the US, we rely on:

  • The EU-U.S. Data Privacy Framework: For providers certified under this framework.

  • Standard Contractual Clauses (SCCs): Approved by the European Commission, ensuring equivalent protection for your data.

8. Data Security

We implement appropriate technical and organizational measures:

  • Encryption: All website traffic is secured via SSL/TLS (HTTPS).

  • Access Control: Restricted access to authorized personnel only.

  • Provider Audits: We select tools (like Apollo.io) that maintain industry-standard certifications (e.g., SOC 2).

9. Cookies

We use cookies to improve your experience.

  • Functional Cookies: Necessary for the website to work.

  • Analytical Cookies: We use Google Analytics with IP masking. Full tracking requires your explicit consent via our banner.

10. Your Rights

Under the GDPR, you have the following rights:

  • Access, Rectification, and Erasure: View, correct, or delete your data.

  • Object to Direct Marketing: You can opt-out of our outreach at any time via the "unsubscribe" link in our emails.

  • Data Portability and Restriction: Transfer your data or limit its processing.

  • Withdraw Consent: Revoke consent at any time without affecting prior processing.

To exercise these rights, email info@polderbase.ai. We respond within one month.

11. Right to Complain

In the Netherlands, you may lodge a complaint with the Autoriteit Persoonsgegevens (AP):

12. Changes to this Policy

Updated periodically. The "Last Updated" date indicates the most recent version.

13. Contact

Email: info@polderbase.ai

Website: https://www.polderbase.ai