SecurityMindset B.V. (KvK: [number], Diemen) respects your privacy and processes personal data in accordance with the General Data Protection Regulation (GDPR/AVG) and Dutch Implementation Act (UAVG). When you engage our cybersecurity consulting services, we collect and process personal data necessary to deliver our services, including: contact details, organizational role information, technical environment data, security assessment findings, and training participation records. We process this data on the legal basis of contract performance (Article 6(1)(b) GDPR) and, where applicable, your explicit consent for specific activities such as photography during training sessions. Your personal data is only accessible to our consultants and trainers directly involved in your project and is retained for seven years after project completion in accordance with Dutch fiscal law requirements. We may share data with trusted subprocessors (cloud hosting providers, specialized security tools) who are contractually bound to GDPR standards. During security assessments, we may encounter personal data within your systems; such data is processed under strict confidentiality and deleted immediately after analysis unless retention is necessary for our advisory report. You have the right to access, correct, delete, restrict processing, data portability, and object to processing of your personal data by contacting 

peter@securitymindset.eu

We implement appropriate technical and organizational measures to protect your data and will notify you and the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of any data breach affecting your information. For questions or complaints, contact our data protection representative at the above email address or file a complaint with the Dutch DPA (autoriteitpersoonsgegevens.nl).