085 - 013 4500

Privacy & Cookie Statement

Version 3.0 — January 2026 (based on the ICTWaarborg template, adapted to our actual processing activities).

Introduction

This privacy and cookie statement applies to all site visits, transactions and agreements with Virtual Computing BV, registered office Laarakkerweg 6a, 5061 JR Oisterwijk, the Netherlands, registered with the Dutch Chamber of Commerce under no. 52527468.

Version 3.0 — January 2026.

We respect the privacy of visitors to our website and treat the personal information you provide to us with confidentiality. Below you can read which personal data we collect, for which purposes, on which legal basis and how long we retain them.

1. Use of personal data

When you use our website virtualcomputing.nl and its subdomains (including klanten.virtualcomputing.nl), we obtain certain data from you. We only store and use personal data that is directly provided by you — for example via a contact, demo, quote or "become a customer" form — or where it is clear from the context that you provide it to us for processing. We will not use your personal data for purposes other than those described in this statement, unless you have given prior consent or we are permitted or obliged to do so by law or by contract.

2. Purposes and legal bases of processing

Virtual Computing processes your personal data for the following purposes, each with the corresponding legal basis (article 6 GDPR) and retention period:

2.1 Answering questions submitted via the contact form

  • Purpose: answering your question and providing follow-up.
  • Legal basis: your consent or pre-contractual measures at your request (article 6(1)(a) / (b) GDPR).
  • Retention: up to 24 months after last contact, then deleted or anonymised.

2.2 Issuing quotes and processing demo requests

  • Purpose: offering you a tailored quote or demo for the requested service.
  • Legal basis: pre-contractual measures at your request (article 6(1)(b) GDPR).
  • Retention: 7 years for issued quotes due to the Dutch fiscal retention obligation; 24 months for unsent requests.

2.3 Creating a customer account via "become a customer", invoicing and service delivery

  • Purpose: performance of the contract, including creating a customer account in our administration (HostFact), invoicing and delivering the contracted ICT services.
  • Legal basis: performance of the contract and legal obligation (article 6(1)(b) and (c) GDPR; article 52 of the Dutch General Tax Act).
  • Retention: 7 years for financial records; customer file retained for the duration of the agreement plus 24 months.

2.4 Customer relationship management and execution of contracts, transactions and support requests

  • Purpose: supporting existing customers, resolving support requests, account and contract management.
  • Legal basis: performance of the contract (article 6(1)(b) GDPR) and legitimate interest (article 6(1)(f) GDPR) for maintaining a good customer relationship.
  • Retention: duration of the service plus 24 months.

2.5 Gaining insight into the use of our website

  • Purpose: improving the content, navigation and technology of our website.
  • Legal basis: legitimate interest with appropriate safeguards (IP address truncated/pseudonymised via Google Consent Mode v2 and ads_data_redaction). Non-functional cookies are placed only after your explicit consent via the cookie banner.
  • Retention: see section "Cookies" for the per-cookie retention. Aggregated reporting data is retained for 14 months in Google Analytics 4.

2.6 Showing advertisements and measuring campaign effectiveness

  • Purpose: showing you relevant advertisements via Google Ads and measuring the return on our marketing spend.
  • Legal basis: your consent via the cookie banner (article 6(1)(a) GDPR, in conjunction with article 11.7a Dutch Telecommunications Act).
  • Retention: advertising cookies up to 90 days.

2.7 Detecting unlawful conduct

  • Purpose: preventing and combating fraud, abuse, hacking and other unlawful actions against Virtual Computing, its relations and its employees.
  • Legal basis: legitimate interest (article 6(1)(f) GDPR).
  • Retention: up to 24 months after the incident is identified.

2.8 Sending an (occasional) newsletter

  • Purpose: keeping you informed about developments concerning our services, security updates and relevant news items.
  • Legal basis: your explicit consent at sign-up (article 6(1)(a) GDPR and article 11.7 Dutch Telecommunications Act). Every email contains an unsubscribe link.
  • Retention: until you unsubscribe, or up to 12 months after your last open/click.

3. Which personal data we process

For the purposes set out above we process — depending on the specific form and the contracted service — the following personal data:

  • Address details: street, number, postal code, city (only if you provide them yourself).
  • Company details: company name, Chamber of Commerce number, possibly VAT number for invoicing.
  • Contact details: first and last name, business email address, business (mobile) phone number.
  • Content of your message: the text you fill in yourself in the message field, notes added to a quote/demo, question or support request.
  • Service preference: selected service or product of interest (hosting, M365, workspace, telephony, etc.).
  • Company indication: approximate number of employees (optional field on quote and demo forms).
  • Technical visit data: IP address (truncated/pseudonymised by GA4), user-agent, screen resolution, preferred language, referring page.
  • Cookie IDs: see section 6 for the detailed list.
  • Usage behaviour: click and browsing behaviour on our website (only via Google Analytics 4 and only after consent).
  • Additional customer data: for customers we also process billing address, IBAN for direct debit, and usage data of the contracted service (e.g. mailbox counts, used storage, telephony traffic). These are processed in our customer administration (HostFact).

We do not request or process date of birth, gender, BSN (Dutch national service number), or social media account details. If you nevertheless voluntarily enter such data in a free-text field, we will remove it from our system as soon as we notice it.

4. Retention periods

We do not retain your personal data longer than necessary for the purposes set out in this statement or insofar as we are legally required to retain data. Concretely:

  • 7 years for financial administration and invoicing (statutory fiscal retention obligation, article 52 Dutch General Tax Act).
  • Term of the agreement plus 24 months for customer files (contracts, support tickets, delivered services).
  • 24 months for lead and contact data without a concluded agreement.
  • 12 months for newsletter subscriptions after the last interaction.
  • Cookie data is automatically deleted at the end of the cookie's lifetime (see section 6).

After the retention period has expired, data is deleted, or — if technically not immediately possible — anonymised so that it can no longer be traced back to a person.

5. Disclosure to third parties / sub-processors

We treat your personal data confidentially. The personal data we collect via our website is not provided to third parties for their own marketing purposes.

For the delivery of our services we use carefully selected sub-processors with whom we have concluded data processing agreements in accordance with article 28 GDPR:

  • Vercel Inc. — website hosting (server location EU-region Frankfurt).
  • Supabase Inc. — processing of form data (database + edge functions, EU region).
  • SMTP2GO Ltd. — sending email notifications of form submissions.
  • Google Ireland Ltd. — Google Analytics 4 and Google Ads. We have activated Consent Mode v2 + ads_data_redaction, which truncates IP addresses and prevents advertising identifiers from being shared without consent.
  • HostFact (eFactuur B.V.) — customer and billing administration for customers.
  • Microsoft Ireland Operations Ltd. — Microsoft 365 service delivery for customers using this service.
  • Datto Inc. — backup and monitoring infrastructure for customers with managed services.

Disclosure of personal data to other parties only takes place if (i) it is legally required, (ii) you have given prior consent, or (iii) it is necessary for the performance of an agreement with you.

Transfer outside the European Economic Area only takes place if appropriate safeguards are in place (e.g. the Standard Contractual Clauses of the European Commission or an adequacy decision).

6. Cookies

On virtualcomputing.nl and its subdomains we use cookies and similar techniques. Cookies are small text files that are stored by your browser on your device (computer, tablet or smartphone). On your first visit we ask for explicit consent for non-functional cookies via a cookie banner. Functional and strictly necessary cookies are placed without consent because the website would not function properly without them.

6.1 Functional cookies (no consent required)

  • Storing your cookie choice (banner status, preferences).
  • Protecting forms against abuse (CSRF / spam-bot detection).
  • Session and navigation status within a single visit.

6.2 Analytical cookies (consent required via banner)

We use Google Analytics 4 to gain insight into the use of our website:

  • `_ga` — distinguishes unique visitors, retention 13 months.
  • `_ga_HP8XN1537F` — GA4 session cookie, retention 13 months.
  • IP addresses are truncated by Google and are not linked to other services thanks to `ads_data_redaction`.

In addition we monitor site performance via Vercel Analytics and Vercel Speed Insights. These use anonymised counters, no personal tracking ID, and place no cookies.

6.3 Advertising cookies (consent required via banner)

We use Google Ads to measure the effectiveness of our advertising campaigns and to show you relevant advertisements:

  • `_gcl_aw` — Google Ads click ID (gclid), retention 90 days.
  • `_gcl_au` — Google Conversion Linker, retention 90 days.

6.4 Server-side conversion measurement

When you submit a form (contact, quote, demo, "become a customer"), we — provided you have given consent for analytical cookies — send your GA4 cookie ID and any `gclid` to our server, which then registers a conversion event via the Google Analytics Measurement Protocol. This way we understand which marketing source actually generates leads, even when client-side blockers prevent measurement. No additional personal data is shared in this process; only the cookie ID and gclid we already received via your browser.

6.5 Enabling and disabling cookies

You can withdraw or change your cookie consent at any time via the "Cookies" link at the bottom of every page. You can also fully block or delete cookies via your browser settings. Note that this may cause our website to function less optimally.

7. Data security

Virtual Computing applies technical and organisational measures to protect your personal data against loss, misuse and unauthorised access. Concretely, among others:

  • Our website runs entirely over TLS 1.3 with automatic certificate renewal.
  • All internal systems are secured with multi-factor authentication.
  • Access to personal data is limited on a need-to-know basis; only authorised employees have access.
  • We perform periodic security audits and pen-test our environment.
  • We operate a data-breach notification procedure in line with the GDPR: notification to the Dutch Data Protection Authority within 72 hours of detection, and to data subjects in case of high risk.
  • Our employees are bound by a confidentiality undertaking and follow periodic security-awareness training.

8. Links to third-party websites

Our pages contain links to websites of third parties (such as suppliers, partners and social media). This privacy and cookie statement does not apply to third-party websites that are linked from our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend reading the privacy policy of these websites before using them.

9. Your rights

Under the GDPR you have the following rights regarding your personal data:

  • Right of access to the personal data we process about you.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") unless we are legally required to retain the data.
  • Right to restriction of processing.
  • Right to data portability in a common machine-readable format.
  • Right to object to processing based on legitimate interest or for direct marketing.
  • Right to withdraw previously given consent at any time, without affecting the lawfulness of processing prior to that withdrawal.

To exercise your rights you can contact us via ciso@virtualcomputing.nl or by phone at +31 13 7110324. We respond within 30 days of receiving your request. To make sure that the request is genuinely yours, we may ask you to identify yourself.

10. Changes to this privacy and cookie statement

We reserve the right to amend this privacy and cookie statement, for example in case of changes in our service offering or in laws and regulations. Changes will be published on this page, with the version number and date stated at the top. We recommend reviewing this statement periodically so that you are aware of the most recent version.

11. Contact details

Virtual Computing BV

Laarakkerweg 6a

5061 JR Oisterwijk

The Netherlands

Chamber of Commerce: 52527468

Email: ciso@virtualcomputing.nl

Phone: +31 13 7110324

12. Complaint with the Dutch Data Protection Authority

If you believe that we are not acting in accordance with the GDPR, you have the right to lodge a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl. We would appreciate it if you contact us first so we can try to help you.