Privacy Policy

1. Who we are

Data controller: Swayam Consulting
Registered address: Utrecht, The Netherlands
KvK: 77886399
VAT ID: NL003253985B60
Contact: [email protected]

This Privacy Policy explains how we collect and use personal data when you visit buildsuperagency.com, apply for a workshop seat, purchase a seat, or contact us.

2. Personal data we collect

We may collect the following categories of personal data:

• Identity and contact data: name, email address, (optional) company name and role.
• Application data: responses you submit in our application form and any details you choose to provide.
• Booking and billing data: billing name, billing address, VAT ID (if applicable), invoice references (optional).
• Transaction data: payment status, payment method, transaction identifiers from Mollie or Stripe. We do not store full card details.
• Communications: emails or messages you send to us and our replies.
• Website usage data: IP address, device/browser information, pages visited, referral source, approximate location (as derived from IP), and cookies/identifiers.

3. Why we process your data (purposes) and legal bases

We process personal data only when we have a lawful basis under the GDPR:

• To provide the workshop and manage bookings (confirm your seat, logistics, communications).
  Legal basis: contract performance (GDPR Art. 6(1)(b)).
• To respond to inquiries (answer questions before or after booking).
  Legal basis: legitimate interests (Art. 6(1)(f)) and/or steps prior to a contract (Art. 6(1)(b)).
• To issue invoices and comply with legal obligations (accounting and tax requirements).
  Legal basis: legal obligation (Art. 6(1)(c)).
• To improve and secure our website (analytics, performance, fraud/abuse prevention).
  Legal basis: legitimate interests (Art. 6(1)(f)).
• Marketing emails (only where permitted or with your consent).
  Legal basis: consent (Art. 6(1)(a)) and/or legitimate interests (Art. 6(1)(f)) where applicable. You can unsubscribe at any time.

4. Cookies and similar technologies

We may use cookies and similar technologies to keep the site functioning, measure usage, and improve content. You can control cookies through your browser settings. If we use non-essential cookies, we will request consent where required.

5. Payments

Payments are processed by our payment providers. Depending on your checkout route, we use:

• Mollie (payment processing, payment status, transaction identifiers)
• Stripe (payment processing, payment status, transaction identifiers)

We receive confirmation of payment and relevant transaction metadata needed to administer your booking. We do not receive or store full card numbers.

6. Service providers and sharing

We share personal data only when necessary to operate our website and deliver the workshop, for example with:

• Payment processors (Mollie, Stripe)
• Website hosting, security, and email providers we use to run the site and communicate with you
• Tools used to collect application responses and manage bookings (if applicable)

When these providers act on our instructions, they process data as processors under GDPR. Some providers may act as independent controllers for their own compliance purposes (for example, payment providers).

7. International transfers

Some service providers may process data outside the European Economic Area (EEA). When we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on an adequacy decision where applicable.

8. Data retention

We keep data only as long as necessary for the purposes described above:

• Bookings and communications: typically up to 24 months after the workshop.
• Invoices and accounting records: as required by Dutch law (commonly 7 years).
• Marketing consent: until you unsubscribe or withdraw consent.
• Security logs: typically up to 90 days, unless needed to investigate abuse.

9. Your rights (GDPR)

You have rights under the GDPR, including:

• access to your personal data
• correction of inaccurate data
• deletion (in certain cases)
• restriction or objection to processing (in certain cases)
• data portability (where applicable)
• withdrawal of consent at any time (for consent-based processing)

To exercise these rights, contact [email protected]. You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

10. Security

We use reasonable technical and organizational measures to protect personal data, including access controls and reputable providers. No online service can be guaranteed 100% secure.

11. Children

Our services are not intended for children under 16 and we do not knowingly collect data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page and will include the "Last updated" date.

13. Contact

Questions about privacy can be sent to [email protected].