Privacy Policy

Introduction

Midaro B.V. ("Midaro", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you visit our website or use our consulting services.

As a company registered in the Netherlands (KvK: 61590438), we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy applies to all personal data we process in connection with our business operations.

Data Controller

Midaro B.V. is the data controller for the personal data we collect and process. Our contact details are:

Data Collection

The data we collect includes personal information that you voluntarily provide to us and information automatically collected when you use our website or services. We collect this information to provide and improve our consulting services, respond to your inquiries, and comply with legal obligations.

Information You Provide

• Contact information (name, email address, phone number, company details)
• Communication preferences and service interests
• Messages and inquiries sent through our contact forms or email
• Information provided during consulting engagements
• Business information relevant to our consulting services

Automatically Collected Information

• IP address and location data
• Browser type and version
• Device information and operating system
• Website usage data and analytics
• Cookies and similar tracking technologies

How We Use Your Information

We explain how we use your information to provide our consulting services, improve our website, and communicate with you. The use of your data is based on legitimate business interests, contract performance, and legal compliance requirements under GDPR.

Primary Uses

• Providing management consulting services and support
• Responding to inquiries and communication requests
• Processing and managing consulting engagements
• Improving our services and website functionality
• Sending relevant business communications and updates

Legal Basis for Processing

• Contract Performance: Processing necessary for service delivery
• Legitimate Interests: Business operations and service improvement
• Legal Compliance: Meeting regulatory and legal requirements
• Consent: Marketing communications and optional services

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following limited circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• With trusted service providers who assist in our operations (under strict confidentiality agreements)
• In connection with a business transfer or merger (with appropriate safeguards)
• To protect our rights, property, or safety, or that of others

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Our retention periods are:

• Contact inquiries: 3 years from last contact
• Client data: 7 years after engagement completion (for legal compliance)
• Website analytics: 26 months maximum
• Marketing communications: Until consent is withdrawn

After the retention period expires, we securely delete or anonymise your personal data in accordance with our data deletion procedures.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, please contact us at privacy@midaro.top. We will respond to your request within one month.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website usage. For detailed information about our cookie practices, please see our Cookie Policy.

You can control cookie settings through your browser preferences or our cookie consent banner when you first visit our website.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection and security
• Secure data backup and recovery procedures

International Data Transfers

We primarily process data within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for specific countries
• Certification schemes and codes of conduct

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

Contact Us

If you have questions about this Privacy Policy or how we handle your personal data, please contact us using the contact information below. We are committed to resolving any privacy concerns promptly and transparently.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately.