Last updated:
Data controller
ComBron Communication
Owner: Edo Dijkgraaf
Midden Scheepvaartstraat 6
3151 NG Hoek van Holland
The Netherlands
Email: combron@combron.nl
Phone: +31 6 45622210
The data controller for personal data processed via this website is ComBron Communication. For privacy questions contact combron@combron.nl.
Scope and applicability
This privacy policy explains how we collect, use, disclose and protect personal data of visitors from the United Kingdom and Canada. Where local rules differ we identify the relevant differences below and explain the rights available to individuals in each jurisdiction. For visitors from other countries we apply the principles described here and the protections required under EU law where applicable.
Hosting, email and anti‑spam within the EU
All services that directly process personal data for this site — including website hosting, email hosting and anti‑spam processing — are operated within the European Union. Email hosting is provided by mijn.host (Netherlands). Anti‑spam is handled by Antispam Bee (PluginKollektiv) within EU infrastructure. Where required, we have signed Data Processing Agreements (DPAs) with our processors.
What personal data we collect, why and legal basis (summary)
Comments and public contributions
- Data: name, email, optional website, comment text, IP address, browser user agent.
- Purpose: display and moderate comments; spam detection.
- Legal basis: consent for publication; legitimate interest for spam prevention and moderation.
Contact forms
- Data: name, email, telephone (if provided), message.
- Purpose: answering inquiries and requests.
- Legal basis: fulfilment of a request/contract; consent where used for marketing.
Accounts and logged‑in users
- Data: username, email, profile data, login metadata (timestamp, IP).
- Purpose: account management, authentication and security.
- Legal basis: contract performance and legitimate interest (security).
Analytics and usage statistics
- Data: aggregated or anonymised usage data, cookies, potentially pseudonymised IP fragments.
- Purpose: improve the website and measure traffic.
- Legal basis: consent for non‑essential cookies; legitimate interest for minimal functional monitoring.
Technical and security data
- Data: server logs, error reports, security logs.
- Purpose: protect infrastructure, detect misuse and maintain the website.
- Legal basis: legitimate interest (security) and legal obligations where applicable.
Newsletter (paused)
We currently do not send newsletters. We stopped using MailPoet because that provider collected subscriber data in ways we no longer accept. When we resume, newsletters will only be sent on the basis of explicit opt‑in consent and using a solution that minimises data collection and processes subscriber data entirely within the EU/EEA. Data of former subscribers has been destroyed.
What personal data we collect, why and legal basis (summary)
- Comments and public contributions
- Data: name, email, optional website, comment text, IP address, browser user agent.
- Purpose: display and moderate comments; spam detection.
- Legal basis: consent for publication; legitimate interest for spam prevention and moderation.
- Contact forms
- Data: name, email, telephone (if provided), message.
- Purpose: answering inquiries and requests.
- Legal basis: fulfilment of a request/contract; consent where used for marketing.
- Accounts and logged‑in users
- Data: username, email, profile data, login metadata (timestamp, IP).
- Purpose: account management, authentication and security.
- Legal basis: contract performance and legitimate interest (security).
- Analytics and usage statistics
- Data: aggregated or anonymised usage data, cookies, potentially pseudonymised IP fragments.
- Purpose: improve the website and measure traffic.
- Legal basis: consent for non‑essential cookies; legitimate interest for minimal functional monitoring.
- Technical and security data
- Data: server logs, error reports, security logs.
- Purpose: protect infrastructure, detect misuse and maintain the website.
- Legal basis: legitimate interest (security) and legal obligations where applicable.
- Newsletter (paused)
- We currently do not send newsletters. We stopped using MailPoet because that provider collected subscriber data in ways we no longer accept. When we resume, newsletters will only be sent on the basis of explicit opt‑in consent and using a solution that minimises data collection and processes subscriber data entirely within the EU/EEA. Data of former subscribers has been destroyed.
Cookies and tracking
- We use strictly necessary cookies for site functionality and optional analytics cookies for usage measurement.
- For non‑essential cookies we ask for prior consent via a cookie banner and provide an easy way to withdraw consent.
- Typical retention examples: comment form cookie: 12 months; session/login cookie: 2 days; remember‑me: 14 days; analytics cookies: per provider settings.
Sharing, processors and transfers
- Key processors: hosting & email (mijn.host — EU), anti‑spam (Antispam Bee — EU), analytics (Google — pseudonymisation applied where feasible). DPAs are in place where required.
- If data is transferred outside the EU/EEA or to jurisdictions with different protections, we implement appropriate safeguards (for example standard contractual clauses) and document those safeguards on request. For guidance on international transfers and required disclosures, see the UK Information Commissioner’s Office guidance
Retention
- Comments and associated metadata: retained until deletion request or site administrator removal.
- Contact form submissions: deleted after handling, unless you consent to further contact.
- Log and security data: retained up to 12 months unless longer retention is necessary for investigation or legal obligation.
Your rights — UK and Canada
- UK: You have rights similar to the EU GDPR (access, rectification, erasure, restriction, portability, object, and withdraw consent). The UK ICO provides guidance for privacy notices and required disclosures; we follow those principles in our notices and handling of requests.
- Canada: Under federal and provincial privacy laws (including PIPEDA‑style obligations), you have rights to access and correct your personal information, complain about handling, and opt out of certain uses. We process access and correction requests and maintain records to satisfy Canadian transparency obligations. Practical steps (how to request) are below.
To exercise any right, email combron@combron.nl. We will respond within one month; if complex we will inform you of any extension.
(For visitors in other jurisdictions the remedies available may differ; we will help you exercise the rights that apply to you.)
Complaints
- UK: You may lodge a complaint with the Information Commissioner’s Office (ICO).
- Canada: You may file a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy commissioner.
- We ask that you contact us first so we can resolve your concern: combron@combron.nl.
Security
We use appropriate technical and organisational measures to protect personal data including HTTPS, limited access controls, periodic software updates and EU‑based hosting. Detailed security controls are available on request for legitimate inquiries.
Changes to this policy
We may update this policy from time to time. The date at the top shows the last modification. Where changes are material we will notify affected users where feasible.
Delivery of our services to the United States paused indefinitely
At this time we do not provide services to the United States. We would like to, but we lack the necessary trust. On Wednesday 8 November 2028 we will decide whether ComBron will resume providing services to the United States.
Contact
Privacy enquiries: Edo Dijkgraaf — combron@combron.nl — +31 6 45622210
