Last updated: 2025-01-01
Custom IT Solutions (CITS) is a KVK-registered business in the Netherlands. We provide B2B IT consulting, custom web application development, and AI chatbot integration services. Contact: chong20030909@gmail.com
We collect personal data you provide via our contact form (name, email address, company name, services of interest, message) and AI chatbot (conversation messages). We also collect anonymised technical data (hashed IP address, user agent hash) for security and fraud prevention.
Contact form: Article 6(1)(a) — your explicit consent (GDPR checkbox). Chatbot: Article 6(1)(b) — performance of a service you requested. Security logging: Article 6(1)(f) — legitimate interests in preventing abuse.
At the time of data collection, we inform you of: the identity and contact details of the controller (Custom IT Solutions); the purpose and legal basis; your rights (access, rectification, erasure, portability, restriction, objection); the right to lodge a complaint with the Dutch Data Protection Authority (AP — autoriteitpersoonsgegevens.nl); and the data retention periods listed below.
We use strictly necessary cookies required for the website to function (session management). With your consent, we may also use analytics cookies (Google Analytics 4) and marketing cookies. You can manage your preferences at any time via the Cookie Settings link in the footer. Our cookie consent manager (Cookiebot) automatically implements EU legal requirements.
Contact leads: 2 years, after which personal identifiers (name, email) are anonymised. Chatbot conversation logs: 90 days, then automatically deleted. Audit and security logs: 1 year. GDPR consent records: retained permanently as legal evidence. Admin accounts: 1 year after deactivation.
Under GDPR you have the right to: access your data; correct inaccurate data; request erasure ('right to be forgotten'); restrict or object to processing; receive your data in a portable format. To exercise any right, email chong20030909@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (ap.nl).
To request permanent deletion of your personal data, email chong20030909@gmail.com with the subject 'Data Deletion Request'. We will process your request within 30 days and confirm completion. Note: GDPR consent records (required as legal evidence) and fully anonymised data are exempt from deletion.
All personal data is encrypted at rest (AES-256). Data is stored within the EU on Railway infrastructure. We use HTTPS/TLS 1.3 for all data in transit. In the event of a data breach, we will notify the Dutch Data Protection Authority within 72 hours as required by GDPR Article 33.
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The date of the last update will be shown at the top of this page. For material changes, we will notify users via email or a prominent notice on our website.