PRIVACY POLICY
Sassen Group
Last updated: March 2026
PREAMBLE
This Privacy Policy (“Policy”) is issued by Sassen Group, a company headquartered in The Hague, the Netherlands (“the Company”, “we”, “us”, “our”). This Policy governs the collection, use, storage, disclosure, and protection of personal data obtained through the Company’s website at https://sassengroup.com (“the Website”) and through any associated business communications. This Policy is issued in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “General Data Protection Regulation” or “GDPR”) and applicable Dutch national implementing legislation.
Any person accessing the Website or submitting personal data through it (“Data Subject”, “you”, “your”) is encouraged to read this Policy carefully. Enquiries regarding this Policy may be directed to connect@sassengroup.com.
Article 1 — Categories of Personal Data Collected
1.1 The Company may collect and process the following categories of personal data:
(a) Contact Information — including full name, email address, telephone number, and the content of any message or enquiry submitted via the Website’s contact or enquiry form.
(b) Professional Information — including company name, job title or role, and the nature of the enquiry (e.g., investor relations, partnership, or supply chain).
(c) Technical Data — including Internet Protocol (IP) address, browser type and version, device identifiers, and records of pages visited, collected automatically upon access to the Website.
(d) Cookie Data — data stored via small files placed on the Data Subject’s device in accordance with Article 5 of this Policy.
1.2 The Company does not collect, solicit, or process special categories of personal data as defined under Article 9 GDPR, including but not limited to health information, financial account numbers, or government-issued identification numbers, through the Website.
Article 2 — Purposes of Processing
2.1 Personal data collected by the Company is processed exclusively for the following purposes:
(a) To receive, assess, and respond to enquiries submitted through the Website’s Connect page;
(b) To evaluate and pursue potential investment, partnership, or operational opportunities consistent with the Company’s business activities;
(c) To monitor, maintain, and improve the technical performance and user experience of the Website;
(d) To fulfil legal and regulatory obligations applicable to the Company under Dutch and European Union law.
2.2 The Company does not sell, rent, lease, or otherwise transfer personal data to third parties for commercial marketing purposes.
Article 3 — Legal Bases for Processing
3.1 All processing of personal data by the Company is conducted on one or more of the following legal bases as prescribed under Article 6 GDPR:
(a) Legitimate Interests (Article 6(1)(f) GDPR) — the Company processes data where necessary for the purposes of its legitimate business interests, including operating and improving the Website and responding to inbound business communications, provided such interests are not overridden by the fundamental rights and freedoms of the Data Subject.
(b) Consent (Article 6(1)(a) GDPR) — where a Data Subject has freely and unambiguously consented to the processing of their personal data, including by actively submitting an enquiry form or by consenting to the use of non-essential cookies.
(c) Legal Obligation (Article 6(1)(c) GDPR) — where processing is necessary for compliance with a legal obligation to which the Company is subject.
Article 4 — Data Retention
4.1 The Company retains personal data only for as long as is necessary to fulfil the purpose for which it was originally collected, or as required or permitted by applicable law.
4.2 Personal data submitted through the Website’s contact form shall be retained for a maximum period of twenty-four (24) months from the date of submission, unless a continuing business relationship is established with the Data Subject, in which case data shall be retained for the duration of such relationship and for a reasonable period thereafter as determined by the Company’s record-keeping obligations.
4.3 Upon expiry of the applicable retention period, personal data shall be securely deleted or anonymised in accordance with applicable data protection requirements.
Article 5 — Use of Cookies
5.1 The Website employs cookies and similar tracking technologies to support core functionality and to gather aggregate insights into visitor behaviour. The categories of cookies in use are as follows:
(a) Essential Cookies — strictly necessary for the operation and security of the Website. These cookies cannot be declined without affecting the functionality of the Website.
(b) Analytics Cookies — used to collect anonymised statistical information concerning how visitors interact with the Website (for example, via Google Analytics, where enabled). These cookies are non-essential and require the Data Subject’s prior consent.
5.2 Data Subjects may manage or withdraw consent to non-essential cookies at any time through their browser settings or through any cookie consent mechanism displayed on the Website. Restriction of cookies may impair the availability or functionality of certain Website features.
Article 6 — Third-Party Data Processors
6.1 The Company may engage third-party service providers who process personal data on the Company’s behalf. Such processors include, but are not limited to:
(a) Website Hosting Providers — the Website is hosted on secure third-party servers. Hosting providers may process technical data, including IP addresses, as an incident of standard server operations.
(b) Analytics Providers — the Company may utilise tools such as Google Analytics for the purpose of understanding aggregate website usage patterns. Data collected through such tools is anonymised and subject to the applicable privacy policies of the respective providers.
(c) Email and Communication Service Providers — used to receive and manage enquiries submitted through the Website’s contact form.
6.2 All third-party processors engaged by the Company are bound by appropriate data processing agreements and are contractually required to process personal data solely in accordance with the Company’s instructions and in compliance with applicable data protection legislation.
Article 7 — Rights of Data Subjects
7.1 Under the GDPR and applicable Dutch law, Data Subjects have the following rights in respect of their personal data held by the Company:
(a) Right of Access (Article 15 GDPR) — the right to obtain confirmation of whether personal data concerning you is being processed and, if so, to receive a copy of such data.
(b) Right to Rectification (Article 16 GDPR) — the right to request the correction of inaccurate or incomplete personal data.
(c) Right to Erasure (Article 17 GDPR) — the right to request the deletion of personal data where it is no longer necessary for the purposes for which it was collected, or where no overriding legal basis for retention exists.
(d) Right to Restriction of Processing (Article 18 GDPR) — the right to request that the Company temporarily limit the manner in which your personal data is processed.
(e) Right to Object (Article 21 GDPR) — the right to object at any time to the processing of personal data based on the Company’s legitimate interests.
(f) Right to Data Portability (Article 20 GDPR) — the right to receive personal data provided to the Company in a structured, commonly used, and machine-readable format.
7.2 Requests to exercise any of the above rights should be submitted in writing to info@sassengroup.com. The Company shall respond to all valid requests within thirty (30) calendar days of receipt, subject to any extensions permitted under applicable law.
7.3 Data Subjects also have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), accessible at www.autoriteitpersoonsgegevens.nl.
Article 8 — Data Security
8.1 The Company implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction, having regard to the nature and sensitivity of the data processed and the risks involved.
8.2 The Website is served exclusively over an encrypted HTTPS connection. Access to personal data held by the Company is restricted to authorised personnel on a strictly need-to-know basis.
8.3 Notwithstanding the foregoing, no method of data transmission or storage can be guaranteed as entirely secure. The Company cannot warrant absolute security of personal data transmitted to or through the Website.
Article 9 — International Data Transfers
9.1 Sassen Group is established and operates from the Netherlands, within the European Economic Area (“EEA”). Where the Company engages third-party service providers located outside the EEA, it shall ensure that appropriate transfer mechanisms and safeguards are in place in accordance with Chapter V GDPR, including, where applicable, the use of Standard Contractual Clauses approved by the European Commission.
Article 10 — Amendments to This Policy
10.1 The Company reserves the right to amend this Policy at any time to reflect changes in its data processing practices, applicable legislation, or regulatory guidance. Any amendments shall be effective from the date on which the revised Policy is published on the Website.
10.2 The “Last updated” date at the head of this Policy will be revised accordingly upon each amendment. Data Subjects are encouraged to review this Policy periodically. Continued use of the Website following the publication of any amendments shall constitute acceptance of the revised Policy.
Article 11 — Contact
11.1 For any questions, requests, or concerns relating to this Policy or the Company’s processing of personal data, please contact:
Sassen Group
The Hague, Netherlands
Email: connect@sassengroup.com
Website: https://sassengroup.com
This Policy is governed by the laws of the Netherlands and applicable European Union data protection legislation.