Fiddlestack Privacy Notice

​

1. Who We Are

• Fiddlestack B.V.

• Email: contact@fiddlestack.dev

• Website: fiddlestack.dev

​

We act as a Data Processor on behalf of our clients (the Data Controllers) when we process personal data from marketing campaigns and related activities.

​

2. What Personal Data We Process

When our clients engage us for marketing services, the types of personal data we may process (on their behalf) could include:

• Contact information (e.g., name, email address, phone number)

• Marketing preferences (e.g., whether you opted in or out of a newsletter)

• Lead data (e.g., form submissions, campaign interactions, or other lead-generation details)

• Technical information (e.g., IP address, browser type, and similar data if relevant to the campaign)

​

We collect this data either directly from our clients or through digital marketing campaigns they authorize, such as website forms, email marketing tools, or other marketing platforms.

​

3. Why We Process Personal Data

We process personal data strictly for the purposes defined by our clients, which may include:

• Managing and executing marketing campaigns

• Communicating with leads regarding products and services

• Providing analytics and reports on marketing performance

• Improving campaign targeting and personalization

• Compliance with legal or regulatory obligations as required

​

4. Legal Basis for Processing

Since we act as a Data Processor, our clients (the Data Controllers) determine the legal basis for processing your personal data under the GDPR. Common legal bases used by our clients may include:

• Consent: When individuals have consented to receive marketing communications.

• Legitimate Interests: For direct marketing purposes or other legitimate business interests, balanced against the individual’s rights.

• Contractual Necessity: Where processing is necessary for the performance of a contract with you.

​

If you have questions about the specific legal basis under which your personal data is processed, please contact the organization that originally collected your data or reach out to us for assistance.

​

5. How We Share Personal Data

We do not sell or rent your personal data. We only share personal data:

1. With our Sub-Processors
   We may engage trusted third-party service providers (sub-processors) to help us deliver our marketing services (e.g., email marketing platforms, analytics providers). Any such sub-processor is contractually bound to handle your personal data in a manner consistent with this Privacy Notice and applicable data protection laws.

2. As Required by Law
   We may disclose personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

3. With Consent
   Where required by law, we will only share your personal data with your explicit consent.

​

6. Data Retention

We retain personal data only for as long as directed by our clients (the Data Controllers) or as necessary to fulfill the purposes for which it was collected. Retention periods may vary depending on contractual requirements, legal obligations, or the purpose of processing.

​

7. Data Security

We take appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption, secure storage, access controls, and regular monitoring of our systems to maintain data integrity.

​

8. Your Rights

Depending on the applicable data protection laws (including GDPR), you may have the right to:

• Access your personal data

• Rectify inaccurate or incomplete data

• Erase your personal data under certain circumstances (“right to be forgotten”)

• Restrict or object to the processing of your data

• Data Portability, i.e., to receive your personal data in a structured, commonly used, and machine-readable format

• Withdraw consent at any time, if processing is based on consent

​

If you have any concerns or questions regarding how your personal data is processed, or wish to exercise any of these rights, please contact the Data Controller (our client) directly or reach out to us at [Contact Email or Contact Form URL]. We will cooperate with our clients in responding to any such requests in accordance with GDPR.

​

9. International Data Transfers

If we transfer personal data outside the European Economic Area (EEA), we ensure it is adequately protected in accordance with GDPR requirements, including the use of standard contractual clauses or other appropriate safeguards.

​

10. Updates to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or relevant regulations. Any updates will be posted on this page with the revised “Last updated” date at the top.

​

11. Contact Us

If you have any questions, comments, or requests regarding this Privacy Notice or our data processing activities, please contact us at:
Email: contact@fiddlestack.dev
Website: fiddlestack.dev

​

Thank you for reading our Privacy Notice. By using our services or interacting with our marketing campaigns (on behalf of our clients), you acknowledge that you understand the practices described in this Notice. If you have any concerns or require further clarification, feel free to get in touch.