Privacy Policy

Our privacy policy explains what information we collect, how we use it, and how you can opt out.

April 1, 2026 Wednesday, April 1, 2026.

Privacy Policy

This privacy policy explains how Volare Software collects, uses, shares, and protects personal data in connection with our website (the "Website"). We process personal data in accordance with the General Data Protection Regulation ("GDPR"), the Dutch GDPR Implementation Act (Uitvoeringswet AVG), and all other applicable privacy legislation currently in force.

Who we are

Volare Software is the data controller for personal data collected via this Website. If you have questions about how we handle your data, please contact us via the contact page on this Website.

What data we collect and why

Contact form submissions

When you submit our contact form we collect your name, email address, telephone number, message, and the page from which you submitted the form. We also record your IP address for security purposes.

To help us understand the context of your enquiry, we additionally capture anonymised engagement signals at the moment you submit the form — specifically, whether you arrived via a marketing channel (UTM parameters captured from your landing URL) and how many of our service pages you visited or spent meaningful time on during your session. These signals are used solely to assess whether an enquiry is from a genuine business prospect or an automated or unsolicited submission, and to help us respond more relevantly.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to respond to your enquiry and assess its relevance to our business. We have weighed this interest against your privacy rights and concluded it does not override them, given the limited and proportionate nature of the data collected.

Server logs

Our web server automatically records standard technical information each time a page is requested, including IP address, browser type and version, pages visited, date and time of visit, and HTTP status codes. This information is used to maintain the security and stability of the Website.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to protect the Website against attacks, diagnose technical problems, and ensure the correct delivery of content.

Analytics

With your consent, we use Google Analytics to understand how visitors interact with the Website. Rather than loading Google Analytics scripts directly in your browser, we send analytics events server-side through Cloudflare Zaraz — a tag manager that runs on Cloudflare's edge network. This means your real IP address is masked by Cloudflare before any data reaches Google; Google never receives your raw IP address. We have configured Google Analytics with IP anonymisation enabled, Google Signals disabled, and Restricted Data Processing enabled. Data is collected and used in aggregate; we cannot identify you as an individual from it.

Legal basis: Consent (Art. 6(1)(a) GDPR and Art. 11.7a of the Dutch Telecommunications Act). You can give or withdraw your consent at any time via the cookie banner or the "Cookie settings" link in the footer of any page.

Cookie consent records

When you make a cookie choice on this Website, we record a consent entry in our own secure database. This record contains a randomly generated consent ID, a timestamp, the categories you consented to, the policy revision shown to you, your preferred language, a hashed (one-way encrypted) representation of your IP address, and your browser's user agent string. Raw IP addresses are never stored.

Legal basis: Legal obligation (Art. 6(1)(c) GDPR) — the GDPR requires us to be able to demonstrate that valid consent was obtained (Art. 7(1) GDPR).

How we use this information

We use the data we collect to:

• respond to enquiries submitted through the contact form;
• assess enquiry context to prioritise genuine business prospects;
• maintain the security and correct functioning of the Website;
• understand, in aggregate and anonymised form, how visitors interact with the Website so we can improve it; and
• fulfil our legal obligation to maintain records of cookie consent.

How we share this information

We do not sell or rent your personal data to third parties. We share data only where necessary:

• Microsoft Azure — our hosting infrastructure. Contact form data and cookie consent records are stored in Azure Table Storage in the West Europe region (located in the EU). Microsoft processes data as our data processor under a Data Processing Agreement.
• Cloudflare — our CDN and edge network provider, which processes analytics events server-side and masks IP addresses before forwarding anonymised data to Google. Cloudflare also operates Turnstile, a bot protection service active on our contact form, which receives minimal browser signals to verify that a visitor is human. No Turnstile data is shared with us. Cloudflare acts as our data processor under a Data Processing Agreement. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.
• Google Analytics — receives anonymised, aggregated analytics events via Cloudflare Zaraz, only if you have given your consent. Google is certified under the EU–US Data Privacy Framework.

We may also be legally required to share your data in response to a court order or other lawful request from a competent authority.

International transfers

Google Analytics transfers data to the United States. We rely on Google's certification under the EU–US Data Privacy Framework, an adequacy decision adopted by the European Commission in July 2023, as the appropriate safeguard for this transfer in accordance with Chapter V of the GDPR. Our hosting infrastructure (Microsoft Azure) is located in the EU and does not involve international transfers. You can request a copy of the applicable safeguards by contacting us.

Retention periods

We do not retain personal data for longer than is necessary for the purposes for which it was collected:

• Contact form data — retained for as long as necessary to follow up on the enquiry and for a reasonable period thereafter in connection with any resulting business relationship, after which it is deleted.
• Server logs — retained for a maximum of 90 days for security purposes.
• Analytics data — retained in Google Analytics for 2 years (Google's standard retention setting, which we have not extended).
• Cookie consent records — retained for 36 months from the date of consent, after which they are automatically deleted. This period covers the 12-month consent validity window plus a reasonable post-expiry audit buffer.

Your rights under the GDPR

You have the following rights in relation to your personal data:

• Right of access (Art. 15) — you can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — you can ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17) — you can ask us to delete your data where there is no overriding reason for us to continue processing it.
• Right to restriction of processing (Art. 18) — you can ask us to restrict how we use your data in certain circumstances, for example while a dispute about accuracy is resolved.
• Right to data portability (Art. 20) — where processing is based on consent or contract and carried out by automated means, you can ask us to provide your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21) — you can object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Right to withdraw consent (Art. 7(3)) — where processing is based on consent (such as analytics cookies), you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing that took place before withdrawal.

To exercise any of these rights, please contact us. We will respond within one month. If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.

Change of control

If we sell or otherwise transfer part or all of our assets to another organisation (for example during a merger, acquisition, bankruptcy, dissolution, or liquidation), personal data collected through the Website may be among the items sold or transferred. The buyer or transferee will be required to honour the commitments made in this privacy policy.

Legal requests and preventing harm

We may access, preserve, and share your data in response to a lawful legal request (such as a court order or subpoena) where we are legally required to do so. We may also process your data where we have a good-faith belief it is necessary to detect, prevent, or address fraud or other illegal activity, or to protect the safety of any person.

Safety and security

We have taken appropriate technical and organisational measures to protect your data against loss or unlawful processing. However, no transmission of data over the internet is fully secure, and we cannot guarantee the absolute security of information you send to us. You are responsible for maintaining the confidentiality of any account credentials and for controlling access to communications between you and us.

Third-party links

Our Website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with personal data.

Children's privacy

Our Website is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has submitted personal data to us, please contact us and we will delete it promptly.

Changes to this privacy policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page. You are advised to review this policy periodically. Changes take effect when they are posted on this page.

How to contact us

If you have questions about this privacy policy or wish to exercise your rights, please contact us via the contact page on this Website.

Volare Software
Stadhouderslaan 12
1213 AH Hilversum
Noord-Holland
Nederland
+31 (0) 35 80 80 337

info@volaresoftware.com