PRIVACY POLICY (EXPAT Advisory)

Effective date: 11-01-2026

1) Who we are
This Privacy Policy explains how EXPAT Advisory B.V. (“we”, “us”, “our”) processes personal data when you visit httpw://www.expatadvisroy.nl, create an account, use our member portal, complete intake forms, or work with us.

Controller (data controller):
EXPAT Advisory B.V.
Address: Fortunalaan 154, 7321GR Apeldoorn, Netherlands
KvK: 98550764
VAT: 868543317B01
Contact email: privacy@expatadvisory.nl

2) What personal data we collect
We collect personal data you provide directly and data generated through your use of our website/portal, including:

A) Account and profile data

  • Name, email address, username, password (stored in encrypted/hashed form), and basic profile details.
  • Login and account activity information (e.g., timestamps).

B) Intake and service information (Advisory)
When you complete an intake form or otherwise provide information for advisory support, we may collect:

  • Move timeline information (e.g., intended move date, location).
  • Financial planning information you choose to provide (e.g., high-level income/budget details, accounts list summaries, priorities and concerns).
  • Information you include in free‑text fields.

Important: Please do not include special category data (e.g., health, biometrics, political opinions) unless we specifically request it and you are comfortable sharing it. If you provide it voluntarily, we may process it only as needed to respond to you and deliver services.

C) Communications

  • Messages you send us through the portal, by email, or via forms.

D) Scheduling and payment data

  • If you book calls via scheduling tools, we may receive booking details (name, email, appointment time).
  • If payment is collected via a payment processor (e.g., Stripe through Calendly), we receive confirmation of payment status and basic transaction references. Payment card details are processed by the payment provider, not stored by us.

E) Technical and usage data

  • IP address, device and browser information, and basic log data (e.g., to keep the site secure and functioning).
  • Cookie and consent preferences (see Cookie Policy).

3) Why we process your personal data (purposes)
We process personal data to:

  • Create and manage your account and provide portal access.
  • Review your intake and provide our advisory services.
  • Communicate with you about your request, scheduling, or services.
  • Process payments and maintain bookkeeping records where required.
  • Maintain website security, prevent fraud, and troubleshoot issues.
  • Improve our website and user experience (e.g., analytics), where permitted by your cookie preferences.

4) Legal bases for processing (GDPR)
Depending on context, we rely on one or more of:

  • Contract: to provide services you request and manage your account.
  • Legitimate interests: to operate and secure our website, prevent abuse, and improve services.
  • Legal obligation: to keep records required for tax/accounting and compliance.
  • Consent: for optional cookies/analytics and certain marketing communications where required.

5) Cookies and similar technologies
We use cookies and similar technologies for website functionality, security, and (if enabled) analytics/marketing. Where required, we ask for consent before placing non-essential cookies. See our Cookie Policy for details and how to change your preferences.

6) Sharing your personal data
We share personal data only as necessary for the purposes above, including with:

  • Website hosting and infrastructure providers.
  • Email and productivity providers (e.g., for operational communications).
  • Scheduling providers (e.g., Calendly) for appointment booking.
  • Payment providers (e.g., Stripe, via Calendly) for payment processing.
  • Form providers (e.g., Google Forms) if you submit information through embedded forms.
  • Service providers who help us run the website/portal (plugins and related technical services).

We do not sell your personal data.

7) International transfers
Some service providers may process data outside the European Economic Area (EEA). When this happens, we take steps to ensure appropriate safeguards are in place (such as standard contractual clauses or other lawful transfer mechanisms).

8) Data retention
We keep personal data only as long as needed for the purposes described above, including:

  • While your account is active.
  • For the duration of any service relationship and a reasonable period afterward for follow-up and recordkeeping.
  • Longer where required by law (e.g., bookkeeping/tax obligations) or to resolve disputes.

You may request deletion of your account, subject to legal retention obligations.

9) Your rights (EEA/UK)
Depending on your location and applicable law, you may have rights including:

  • Access to your personal data.
  • Rectification (correction).
  • Erasure (deletion), in certain cases.
  • Restriction of processing, in certain cases.
  • Data portability, where applicable.
  • Objection to processing based on legitimate interests, in certain cases.
  • Withdrawal of consent at any time, where processing is based on consent.

To exercise your rights, contact us at: privacy@expatadvisory.nl

You also have the right to lodge a complaint with your supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (AP).

10) Security
We use reasonable administrative, technical, and organizational measures to protect personal data. However, no method of transmission or storage is completely secure.

11) Children
Our services and website are not directed to children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

12) Changes to this policy
We may update this Privacy Policy from time to time. The “Effective date” at the top indicates when this policy was last updated.