Privacy Policy

Version: 1.2
Date: 10 November 2025

1. Who We Are
2. Personal Data We Process
3. Purposes of Data Processing
4. Web Statistics and Cookies
5. Data Retention Periods
6. Sharing Data with Third Parties
7. Your Rights
8. Data Security
9. Minors
10. Changes

1. Who We Are

Plimpton-322 Consultancy (hereinafter: P-322) is a European data architecture and consultancy firm focused on transparent ETL solutions for the cultural and scientific sectors.

Contact details:
Plimpton-322 Consultancy
Website: https://www.p-322.com
Email: [email protected]
Registered in: The Netherlands

P-322 acts as the data controller within the meaning of the General Data Protection Regulation (GDPR).

2. Personal Data We Process

P-322 only processes personal data that you actively provide to us, for example by:

completing a contact form;
subscribing to a newsletter or update;
commenting on a blog post or podcast episode;
sending an email or contacting us via social media.

This may include:

Name
Email address
Organisation / role (if provided)
Any additional information you voluntarily share

Our website does not collect sensitive personal data (such as ethnicity, health data, or political opinions).

3. Purposes of Data Processing

We use your data exclusively for the following purposes:

Responding to questions or messages received via the contact form or email;
Sending newsletters or updates (only after explicit subscription);
Improving our website and communication based on anonymised statistics;
Complying with legal obligations.

We never process personal data for commercial resale or advertising purposes.

4. Web Statistics and Cookies

P-322 uses a privacy-friendly analytics tool that does not place cookies and does not collect personal data.
All web statistics are anonymised and are not shared with third parties.

We do not use tracking pixels, advertising cookies, or social-media profiling.

5. Data Retention Periods

P-322 does not retain personal data longer than necessary for the purposes for which it was collected.

Email and contact messages: we keep emails as long as necessary to ensure proper handling of our communication and business administration. Correspondence relevant to ongoing or completed projects may be retained as long as reasonably required, subject to statutory retention periods (such as the seven-year fiscal obligation).
Newsletter data: is deleted as soon as you unsubscribe.
Anonymised web statistics: contain no personal data and are kept permanently.

P-322 only shares personal data with third parties when strictly necessary for the provision of our services or when required by law.
We work exclusively with European or GDPR-compliant partners for hosting, analytics, and email services.

7. Your Rights

Under the GDPR, you have the right to:

access your personal data;
have inaccurate data corrected;
request the deletion of your data (“right to be forgotten”);
object to the processing of your data;
lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via www.autoriteitpersoonsgegevens.nl.

For access or corrections, you can contact us at [email protected]. We respond within one month.

8. Data Security

P-322 takes appropriate technical and organisational measures to prevent misuse, loss, unauthorised access, or unwanted disclosure of data.
Our website and online services are hosted with reliable European or GDPR-compliant providers. Where data may be processed outside the European Economic Area (EEA), we ensure adequate safeguards under the GDPR, such as Standard Contractual Clauses or equivalent certification mechanisms.
All connections are secured through encrypted HTTPS connections.

9. Minors

Our website and services are not directed at persons under the age of 16. We do not knowingly collect data from minors without parental consent.

10. Changes

P-322 reserves the right to amend this privacy policy. Any updates will be published on this page with a new version date.