This privacy policy explains how TwentySeven B.V. (KvK 80247687), located at Essenstraat 1, 5616 LG Eindhoven, handles your personal data when you visit our website or get in touch with us.
We respect your privacy. We handle your data carefully and transparently — in line with the AVG (GDPR) and our ISO 27001 / ISO 9001 certifications.
1. Who we are
This website is operated by:
Twentyseven B.V.
Essenstraat 1
5616 LG Eindhoven
The Netherlands
KvK: 80247687
If you have questions about this policy or your data, contact us via:
2. What data we collect (and why)
We only collect personal data that you actively provide or that is needed to improve the site. We collect:
Data type | Purpose | Legal basis |
Name, email, message (via contact form) | To respond to your inquiry | Consent (Art. 6.1.a GDPR) |
Website usage data (via cookies/analytics) | To improve our website and services | Legitimate interest (Art. 6.1.f GDPR) |
Job application data | For recruitment purposes | Consent / pre-contractual obligations (Art. 6.1.a/b GDPR) |
We do not use your data for automated decision-making or profiling.
3. Cookies and tracking
We use functional and analytical cookies. These help us understand how our site is used, so we can improve it.
We do not use invasive tracking or advertising cookies without your explicit consent.
4. How long we keep your data
We don’t keep personal data longer than necessary. Here’s how we handle retention:
Contact form data: Max 1 year
Analytics data: Anonymised and retained per provider settings (e.g. Google Analytics)
Job application data: Max 4 weeks after closing unless agreed otherwise
5. Who has access to your data?
Only relevant team members have access to your data — and only when they need it. We don’t share your data with third parties unless:
You’ve given consent
It’s necessary to fulfil a contract (e.g. hosting providers)
We’re legally obligated to do so
When we do use external partners, we ensure they meet our privacy and security standards — including signed Data Processing Agreements (DPAs).
6. Your rights
Under the GDPR, you have the right to:
Access your personal data
Correct your data
Have your data deleted
Withdraw consent at any time
Object to or restrict processing
Request data portability
You can send a request to privacy@twentysevenagency.com. We’ll respond within 30 days.
Still not satisfied? You can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
7. How we secure your data
We take security seriously. As part of Handpicked Agencies, Twentyseven is certified for:
ISO/IEC 27001:2022 (information security)
ISO 9001:2015 (quality management)
We use appropriate technical and organisational measures to keep your data safe — from encrypted traffic (TLS) to access control and secure backups.
8. Changes to this policy
We may update this privacy policy from time to time. When we do, we’ll publish the latest version here.
Last updated: 11-10-2025
Questions or feedback? We’d love to hear from you at privacy@twentysevenagency.com