Privacy statement

The Hague, June 2025

GDPR | Ad Hoc Data


This is the privacy statement of Ad Hoc Data BV, located at Koninginnegracht 46-I in The Hague and registered with the Dutch Chamber of Commerce (KvK) under number 28077834. We attach great importance to your privacy and, through this privacy statement, inform you of how we may process personal data. Should Ad Hoc Data process personal data in a manner not mentioned in this privacy statement, we will inform the relevant person or persons separately.

In this document, Ad Hoc Data provides an overview of the personal data we may collect, how we process and protect this data, how long we retain it, which rights you have regarding your data, and how these rights can be exercised. In addition, we provide clarity about the purposes of processing, the legal bases for processing, and the manner in which we comply with our legal obligations.

Ad Hoc Data determines the purposes and means of processing personal data as set out in this privacy statement. We determine which personal data is collected, for what purpose, and through which means. Accordingly, Ad Hoc Data is the data controller for the processing of this personal data.

This privacy statement does not apply to the processing of data, including personal data, by our partners. In that case, the partner is the data controller and the partner’s privacy statement applies. Please consult the partner’s privacy statement and other information for the relevant details, including information on how you can exercise your rights as a data subject.

Disclaimer regarding this English translation
This document is an English translation of the Privacy Statement originally drafted in Dutch. This translation has been provided for the convenience of data subjects. In case of any discrepancies or differences in interpretation, only the Dutch version of the Privacy Statement is legally binding and rights may only be derived from the Dutch version.


  1. Explanation of this Privacy Statement

    Ad Hoc Data plays an essential role for many organizations in supporting B2B marketing and sales activities, analyzing target groups, and maintaining carefully compiled business databases up to date. In addition, Ad Hoc Data helps organizations to prevent business risks, for example by providing organizations with essential information before they enter into a contract with another company. We achieve this through a comprehensive and up-to-date dataset of enterprises, customer-oriented service, and user-friendly tools.

    Ad Hoc Data places the lawfulness, security, and confidentiality of personal data processing at the center of its operations. We process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, “GDPR”) and the Dutch Implementation Act of the General Data Protection Regulation (“UAVG”).

    Personal data are data with which a natural person can be identified directly or indirectly. Processing of personal data means the use of personal data, such as storing, making available, modifying, and deleting personal data.

    This privacy statement concerns the processing of various categories of personal data:

    • On the one hand, this document concerns the processing of personal data of natural persons whose data are included in our database, or personal data of people who contact us regarding the database;
    • On the other hand, this privacy statement concerns the processing of personal data of customers, potential customers, and former customers of Ad Hoc Data;
    • In addition, we may also process personal data of persons who visit our website, wish to receive information about our services, or otherwise have contact with us, for example because they are a contact person at a company with which we cooperate.

    For the purposes of its business activities, Ad Hoc Data processes data of enterprises.

    Part of the data processed by Ad Hoc Data may be considered personal data, because on the basis of this data a natural person can be identified directly or indirectly. Ad Hoc Data processes this data carefully and in accordance with applicable privacy legislation.

    It is important to emphasize that the GDPR does not apply to the processing of data of legal entities, and in particular to enterprises established as legal entities, such as the legal form of the entity and the contact details of the legal entity. However, data of, for example, contact persons or representatives of legal entities do constitute personal data, as this relates to an identifiable or identified natural person.

    Ad Hoc Data processes business addresses of enterprises, which are chosen by the enterprise itself and are public by law. These addresses are available through public sources such as the Commercial Register, which can be consulted via the website of the Chamber of Commerce. In some cases, the business address may coincide with the private address of the entrepreneur. Although, in legal terms, home address and business address are different, they may coincide in practice. Enterprises can register their establishments with the Chamber of Commerce, whereby the address provided serves as identification. Ad Hoc Data processes this data as part of its business activities.



  2. Objective of Ad Hoc Data

    Ad Hoc Data manages and commercializes an extensive database containing data on enterprises. Our customers are granted direct access to a current and structured dataset with reliable and high-quality business information. This data can be used for various commercial and analytical purposes, such as market analyses, prospecting, and data enrichment. The database is accessible to organizations of all sizes, from sole proprietors to multinationals, who can use an online tool to compile targeted datasets based on specific criteria. Ad Hoc Data makes this information available at a significantly lower price than is customary in the market, allowing companies cost-effective access to extensive and up-to-date business data.

    Ad Hoc Data’s approach contributes to a transparent and fair market in which business information remains widely accessible and is not exclusively in the hands of capital-strong parties. By making data on enterprises available at favorable rates, we support fair competition and enable companies of all sizes to make use of relevant market information. In addition, the Ad Hoc Data platform helps organizations to accurately select their target group, thereby reducing nuisance caused by irrelevant communications and promoting the increase of desired and relevant interaction.



  3. Legal Bases and Purposes of Processing

    For the processing of personal data, a legal basis and a processing purpose are required. Below, we explain, for the processing operations to which this Privacy Statement applies, on which legal bases and for which purposes we process personal data.

    When processing personal data, we are fully aware of the applicable (privacy) laws and regulations, and we handle the personal data for which we are responsible with the utmost care at all times. We ensure that your data is processed and shared only in accordance with the applicable laws and regulations and that appropriate technical and organizational measures are taken to protect the security and confidentiality of your personal data.



  4. The Legal Bases for Processing

    The GDPR sets out six legal bases on which the processing of personal data can be based. We process personal data on the basis of the legal grounds listed below:

    Entering into and Executing an Agreement

    We require your personal data in order to enter into, conclude, and execute an agreement with you. Without the necessary personal data, we cannot enter into an agreement with you, provide you with products or services, or fulfill contractual obligations that are incumbent upon us on the basis of the agreement with you. We may also process personal data of persons who are employed by partners or third parties with whom we enter into an agreement.

    Legitimate Interest

    The processing of your personal data may be necessary due to a legitimate interest of Ad Hoc Data or of a third party. In such cases, we make a careful balancing of interests, weighing our interests or those of the third party(ies) against your right to privacy. An example of this is the processing of personal data in our business database for the purpose of providing our services to our customers or for the visibility towards potential new customers. This processing is also necessary for our business operations, the provision of our services, and serving our customers. We also process your personal data on the basis of legitimate interest when we approach you with offers for products and services that we believe are relevant to you. If you would like to know more about the careful balancing of interests we have made in applying the legitimate interest, you can find more information here.

    Compliance with a Legal Obligation

    It may be necessary to process your personal data in order to comply with a legal obligation to which we are subject. The obligation to collect, retain, or share personal data may arise from national or European legislation and regulations. For example, when you exercise your rights under the GDPR to rectify, delete, or restrict your personal data. In such cases, we are legally obliged to handle your request carefully and to take the required actions. Additionally, we may be (legally) required to provide information to competent authorities, such as regulators, tax authorities, or law enforcement agencies. We may also be legally required to retain personal data for a certain period of time, for example pursuant to the Civil Code or the Value Added Tax Act.

    Consent

    We may process your personal data when you have given your consent for this. You may withdraw this consent at any time by submitting a written or electronic request, together with proof of your identity. Such requests may be sent to [email protected]. For more information about withdrawing consent with respect to non-functional cookies, we refer you to our cookie statement. The withdrawal of your consent does not affect the lawfulness of the processing of your personal data that takes place on other legal grounds or that was carried out on the basis of your consent prior to its withdrawal. This means that all processing previously carried out in accordance with your earlier consent remains valid.

    Ad Hoc Data does not process personal data that can be qualified as special categories of personal data. This includes, among other things, data regarding race, ethnic origin, political opinions, membership of trade unions, religious or philosophical beliefs, genetic or biometric data for the purpose of unique identification, data concerning health, or data relating to sexual orientation. Furthermore, at Ad Hoc Data there is no form whatsoever of automated decision-making that has legal consequences or that significantly affects the data subject. This means that we do not create or use individual profiles for automated decisions without human intervention (profiling).



  5. Purposes of Processing

    In addition to a legal basis, we always have a purpose for processing personal data. Below we describe the purposes for which we process personal data and provide several examples, specifying for each example the purpose and the legal basis.

    Our Services

    In order to provide our services, we record data in our database on the basis of a legitimate interest. This concerns data of enterprises and establishments that are actively participating or have recently participated in commercial transactions and are registered in the Commercial Register. Although this always concerns data of enterprises, it is possible that certain data of enterprises in our database also qualify as personal data. This mainly concerns personal data relating to the legal representative(s), such as directors or statutory representatives, of the respective legal entity or the personal data of natural person-enterprises. This includes, among others, the following categories of personal data: first and last name, business address, business telephone number(s), business email address, and other contact details of natural person-enterprises or the legal representative of the relevant company. The personal data we process also include information about the position and/or capacity of the person or persons within the relevant enterprise. In the case of a natural person-enterprise, this concerns the full set of recorded data, including legal form, SBI code, and business address. A complete overview of all data can be found here.

    Entering into and Executing Customer Agreements

    We process personal data of (potential, current, and former) customers, among other things, to enter into agreements with our customers, to execute those agreements, and to be able to provide the agreed services. This includes, for example, creating or managing an online account through which the customer has access to our database, answering customer questions, processing customer orders, or ensuring the correct financial settlement of our services. Additionally, we keep track of whether deduplication lists have been used, in accordance with the agreement. For this purpose, we process, for example, the contact details of the customer, the personal data of the customer’s representative(s), passwords, account details, and account numbers.

    As part of our services, we may also process customers’ personal data in order to offer partner services via our platform to the customer, based on an agreement with us and/or with the partner.

    Relationship Management and Promotional Purposes

    On the basis of legitimate interest, we process personal data of prospects and customers in order to build and maintain a strong and lasting relationship with them and their representatives. In this context, we may contact customers, for example, to ask questions, make an offer, or share information about services provided by our partners. In addition, we like to keep our customers informed about our own products and services, for example by sending newsletters or other communications containing relevant information. The personal data we use for this purpose may include contact details, order history, and conversation notes.

    Contact with Us and Responding to Questions

    When you ask us questions using the tools on our website, we do not collect personal data that can directly identify you, unless you provide such data to us yourself or you have given us explicit consent for this purpose. This may happen, for example, when you fill out a form on our website, use the chat function, or contact us directly via email or telephone and provide your name and contact details. In such cases, we use the personal data you have provided to handle your question or request on the basis of a legitimate interest or in connection with an agreement with you. This enables us to provide you with an accurate and appropriate response and, if necessary, to offer further assistance.

    Marketing and the Optimal Functioning of Our Website

    We use cookies and similar techniques to collect certain personal data that are essential for the operation and security of our website. These cookies provide us with insight into the use of our website, such as the click behavior of website visitors, which web pages you have viewed, and what your IP address is. With this information, we can optimize our website and better tailor it to the needs of our website users. Please note, however, that certain functionalities of our website may not be available if you choose not to share personal data or refuse certain cookies. With your consent, we may also use your data via specific cookies and similar techniques for purposes such as custom audiences and retargeting. This allows us to show you relevant and personalized offers, for example through banners on other websites you visit. For more information about our use of cookies and your choices in this regard, we refer you to our cookie statement.

    Product and Service Optimization

    We are continuously working on improving and optimizing our data quality, products, and services in order to meet the needs of our customers as effectively as possible. In this process, we may process personal data on the basis of legitimate interest, where necessary.

    In addition, we may use personal data from our database for the creation of deduplication lists. Following a (legitimate) deletion request from a data subject whose data are included in the database, we facilitate a process by which our customers are informed that these personal data may no longer be processed. In addition to fulfilling our agreement with our customers and complying with regulations, this ensures a high quality of our services.

    Partners and Third Parties

    We may process personal data of customers in order to offer partner services via our platform on the basis of an agreement that our customer has entered into with us and/or the partner. For example, we may provide the contact details of our customer to our partner so that the partner can provide the agreed services. In addition, if agreed, we may process personal data such as payment details in order to collect amounts owed by the customer to the partner. We may also, on the basis of legitimate interest, share personal data from our database or personal data of customers with third parties engaged by us. For example, this could be a service provider who supports a specific part of our services and therefore has access to part of our database. Furthermore, it may be necessary, on the basis of legitimate interest, to share your personal data with parties with whom we are considering cooperation, or in the event of a (proposed) sale or purchase of a company, including (a business unit of) our own company.

    Business Processes and Risk Management

    We have a legitimate interest in striving for well-organized and efficient management of our administration and data. This enables us to conduct our business operations in a reliable and transparent manner. For this purpose, we may process personal data. For example, customer order data may be used to produce reports to help us improve our business processes or to optimally structure our organization, so that we can better respond to internal and external challenges. This also includes processing personal data in our database or of (potential) customers to prepare management reports that help us make strategic decisions and identify and manage risks. This enables us to safeguard our business operations and further optimize our services. These applications not only contribute to better internal organization but also ensure that we can serve our customers and partners in a professional and reliable manner.

    Compliance with Laws and Regulations, Contractual Obligations, and Protection of Our Legal Position

    We process your personal data where this is necessary to comply with legal obligations, to fulfill contractual agreements, or to protect our legal position on the basis of our legitimate interest. This may mean that we retain or use personal data to demonstrate that we have fulfilled our obligations. For example, we may be required to retain certain information for a specific period to comply with tax legislation or other regulations, such as the Civil Code or tax laws. We may also process personal data to be able to demonstrate that we have properly fulfilled contractual agreements or complied with legal obligations. This may include retaining personal data to demonstrate that we have cooperated in a timely manner with a request for access or deletion as required under the GDPR.

    Management and Publication of Customer Reviews

    Ad Hoc Data processes personal data for the collection, management, and publication of customer reviews about our services, both on our own platform and on external review websites. We do this in order to ensure transparent and honest feedback so that potential customers can make an informed decision about using our services. When you post a review on our platform or on an external website, we may share the content of the review, including your name and other provided contact details, on our website. This is done on the basis of legitimate interest in order to display honest and authentic reviews to our website visitors and to improve our services. We may also use this data to contact you for additional information or to resolve any questions or complaints resulting from your review. Furthermore, we may analyze customer reviews to obtain trends and insights that contribute to the optimization of our products and services. In line with our review policy, we may also process data in order to take steps to remove reviews that are in violation of our guidelines or applicable law.

    We may sometimes use personal data for a processing purpose other than that for which it was originally provided. This is permitted if the new processing purpose is compatible with the purpose for which the personal data was initially obtained. In addition, if we intend to process your personal data for a purpose not included in this privacy statement and that is not compatible with the original processing purpose, we will inform you of this. In that case, we will inform you via the email address you provided about the intended processing and its specific purpose, so that you are aware of how your data will be used.



  6. Confidentiality and Sources

    Ad Hoc Data processes all personal data with the utmost care and in accordance with the GDPR and other applicable laws and regulations. We apply strict confidentiality to all processing. When we process personal data of customers, these have been provided to us by the customer themselves. For personal data of data subjects included in our database, we cooperate with a reliable partner or partners. These partners have assured us that the processing of personal data is carried out in accordance with the regulations, including compliance with information obligations. If you have any questions about the origin of your personal data, you can contact us at [email protected].

    In addition, we may process personal data obtained from other sources. This includes data we obtain via cookies on our website, as well as data from public sources, such as information available on the internet. We always process this data within the boundaries of the law and with respect for your privacy.



  7. Categories of Recipients

    For the various categories of personal data to which this Privacy Statement applies, there are also different categories of recipients. These categories of recipients are explained further below.

    • For the various categories of personal data to which this Privacy Statement applies, there are also different categories of recipients. These categories of recipients are explained further below.
    • We may share personal data with our partners. This may occur, for example, when a customer purchases a service or product from a partner through our platform. In these cases, we only share the strictly necessary data so that the partner can provide the agreed services and we can execute the agreement with the customer.
    • For the performance of our services, Ad Hoc Data may share personal data with carefully selected parties that play a role in the delivery of our services or the support of our operations. For example, we may engage external service providers and business partners to support our services and operations. This includes IT service providers, parties that assist us with web development, financial service providers that process payments, and professional advisory firms such as accountants or legal advisors. These parties are contractually bound by strict agreements to process personal data only in accordance with laws and regulations.
    • It may occur that we share personal data with third parties in the context of a (proposed) acquisition, investment, or cooperation with a new business partner. In such situations, we take appropriate measures to ensure the security and confidentiality of the data.


  8. Retention Periods

    Ad Hoc Data handles the retention of personal data with care and adheres to statutory and/or reasonable periods that are aligned with the purposes of processing. Below we explain how we handle retention periods for data in our database, data of customers and potential customers, and other personal data.

    Database (for the benefit of providing services to our customers)

    Ad Hoc Data does not retain the personal data in its database longer than necessary for the legitimate interest. This retention period is limited to the period that Ad Hoc Data reasonably needs to delete the personal data after the relevant company ceases to exist. Under the agreement with our customers, data subjects’ data from our database may be retained by customers for a maximum of 90 days after the end of the customer agreement and must then be deleted by the customer.

    Customers and Potential Customers

    The personal data related to our (potential) customers, including the personal data of customer representatives, are not kept longer than necessary. This means that we retain personal data for a maximum of ten years after our contractual relationship has ended. We retain the data of potential customers for as long as these data are still relevant.

    Other

    Other Personal data processed as a result of inquiries via the contact form or via the chat on the website are kept for a maximum of 1 year after the last contact. The retention periods for personal data processed in the context of cookies are specified separately in our cookie statement.

    Personal data of partners or third parties are retained as long as we have a legitimate interest in doing so, for example because we are still cooperating with the partner or third party.



  9. The Rights of Data Subjects

    A data subject is the natural person to whom the personal data relate. This may concern, for example, persons whose data are included in our database, or personal data relating to a customer or to another person who has been in contact with us. As a data subject, you have several rights under the GDPR regarding the processing of your personal data. These rights are described below and can be exercised for the personal data processed by Ad Hoc Data as the data controller. To exercise your rights, you can submit a dated written or electronic request via [email protected]. This request must be accompanied by documentation that reasonably allows us to establish your identity, so that we can ensure that we provide the requested information to the authorized person. If you submit a request on behalf of another data subject, we ask for an additional statement demonstrating that you are authorized to act on behalf of this person. After receipt and verification of your identity, we will review your request. If we are able to grant your request, we will process it as soon as possible. If it is not possible to fulfill your request, we will inform you in writing of the reason. We strive to handle each request carefully and within the statutory deadlines, with respect for your privacy and rights.

    • Right of Access: You have the right to know whether we process your personal data and, if so, what data we process. You can submit a request for access by contacting us via [email protected].
    • Right to Rectification: If you believe that we process incorrect or incomplete personal data about you, you can request us to rectify or supplement these data. You can contact us for this purpose via [email protected].
    • Right to Erasure: You can request us to delete your personal data. However, this request does not always have to be granted, for example if we are legally obliged to retain the data. You can submit a request for erasure via [email protected].
    • Right to Restriction of Processing: You have the right to temporarily or permanently restrict the processing of your personal data. This may be the case, for example, if you dispute the accuracy of the data or object to the processing. You can submit a request via [email protected].
    • Right to Object: If we process your personal data on the basis of a legitimate interest, you can object to this processing. You can communicate your objection via [email protected].
    • Right to Data Portability: You have the right to have personal data that we process based on your consent or an agreement, and which are processed by automated means, transferred to yourself or to another party. You can submit a request for this via [email protected].
    • Right in relation to Automated Decision-Making: You have the right to object to automated decision-making, including profiling. Within Ad Hoc Data, we do not apply automated decision-making or profiling.
    • Right to Object to Direct Marketing: You can object at any time to the use of your personal data for direct marketing purposes. If you no longer wish to receive information or offers, you can notify us via [email protected].


  10. Transfer of Personal Data

    The personal data that we process may be transferred by us to parties located outside the European Union and that are not considered to provide an adequate level of protection. For example, this may occur if a supplier provides services from a location outside the EU. When Ad Hoc Data, as the data controller, transfers personal data to a third country or international organization, resulting in personal data being processed in a country that is not considered adequate by the European Commission, Ad Hoc Data will ensure that appropriate or suitable safeguards are in place to protect the personal data, taking into account the circumstances of the case, including applicable laws and regulations, such as by entering into standard contractual clauses as provided by the European Commission.



  11. Complaints and Questions

    Ad Hoc Data BV
    Koninginnegracht 46-I
    2514 AD The Hague
    [email protected]

    Have you contacted Ad Hoc Data regarding a complaint about the processing of your personal data by Ad Hoc Data and are you not satisfied with our response? In that case, you can contact our Data Protection Officer (DPO). Our DPO can be reached at [email protected].

    If you believe that the processing of your personal data by us constitutes a breach of the provisions of the GDPR, you always have the right to submit a question or complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via this link. If your habitual residence or place of work is not in the Netherlands, you also have the option to file a complaint with the supervisory authority of the relevant Member State.

    The services of Ad Hoc Data are aimed at processing data of enterprises in support of business customers. When the data processed by Ad Hoc Data contains personal data, the provisions of this privacy statement apply. However, data of enterprises that do not qualify as personal data do not fall within the scope of the GDPR, and the processing of such data is therefore not assessed by the Dutch Data Protection Authority.



  12. Amendments

    Ad Hoc Data may expand or amend this Privacy Statement, for example due to changes in laws or regulations or due to changes in our processing activities. The most current version of this Privacy Statement is always available on our website.

    It is advisable to consult the Privacy Statement regularly. You can always find a copy of the previous version of our Privacy Statement here.



Any questions?

Contact us via [email protected]

Related documents

Privacy center

Legitimate Interest

Terms & conditions

Cookiestatement

Anti-spam policy

Review policy

Disclaimer

Loading...