Privacy statement Tulip Tech

Important Note: Tulip Tech (Chamber of Commerce registration no.: 81782047) is subject to Dutch and EU data protection laws. Certain references (e.g., the Dutch Data Protection Authority “Autoriteit Persoonsgegevens”) are specifically relevant if you are primarily regulated under Dutch law. If you process data from individuals in other jurisdictions, you may need to include additional or region-specific clauses.

Tulip Tech, hereinafter referred to as “Tulip Tech,” processes personal data through the website www.tulip.tech (the “Website”). We highly value the careful handling of personal data and respect the privacy of all users of our Website. All personal data is treated confidentially, processed, and secured in accordance with the requirements of the General Data Protection Regulation (GDPR). In this Privacy Statement, we explain which personal data we collect, for what purposes, and on which legal bases. We encourage you to read this statement thoroughly.

1. Which data do we collect and store?

We only process personal data that you voluntarily provide to us, or that are automatically collected when you visit our Website. Depending on the services and functionalities you use, we may process the following categories of personal data:

• Name and address details (full name, address, city)
• Company information
• Curriculum Vitae (if you voluntarily upload or send it to us)
• Email address
• Telephone number
• Information you enter in an open field (for example, a message in a contact or registration form)
• Technical measurement data from your device, such as IP address, MAC address, cookie identifiers, and your browsing behaviour on the Website

1.1 How long do we retain your data?

We do not retain your personal data longer than necessary for the purposes for which they were collected, unless we are legally required to keep them longer. Retention periods can vary per category of personal data and per purpose. For example:

• Contact requests via email or form: up to 1 year after the last correspondence, unless the content remains relevant (e.g., in the context of an ongoing assignment).
• Client/project files: up to 7 years after the end of the agreement, due to (tax) legal retention obligations.
• CVs and job application data: up to 4 weeks after the application process has ended unless you have given consent to keep them on file longer (up to a maximum of 1 year).

If it is not possible to specify exact retention periods, we use criteria to determine how long the data must be retained (e.g., a statutory period, ongoing customer contact, or your request for erasure).

 

2. For what purpose and on which legal basis do we process your data?

We collect and process personal data for the following purposes:

• Performance of agreements

• To schedule appointments and deliver our services (including design, development, and supply of battery systems).
• Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and/or legitimate interest (Art. 6(1)(f) GDPR) for internal business operations.

• Relationship management and marketing

• To inform you about (additional) services and to manage and expand our customer base.
• Legal basis: Legitimate interest (relationship management) and/or consent (for newsletters, Art. 6(1)(a) GDPR).

• Contact and newsletters

• To answer your questions when you contact us, and to send (automated) email campaigns or newsletters if you have subscribed.
• Legal basis: Consent (if you subscribe to our newsletter), performance of a contract (for specific service requests), or legitimate interest (for general business communication).

• Statistics, analysis, and Website optimization

• To keep track of general visit and click statistics, to improve the functioning of the Website, and to optimize the user experience.
• Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) to improve our Website and services. For marketing cookies and certain tracking, consent may be required (see section 9).

• Legal obligations

• For instance, when we are legally required to retain invoice or other business data.
• Legal basis: Legal obligation (Art. 6(1)(c) GDPR).

3. Disclosure to third parties

We do not sell your personal data to third parties. However, we may engage third parties (e.g., software experts or hosting providers) to perform certain tasks on our behalf. These third parties (processors) only gain access to your personal data if this is necessary for the performance of their work, and they will always act in accordance with our instructions. If such third parties qualify as data processors under the GDPR, we will sign a data processing agreement with them that includes, among other things, confidentiality and security obligations.

If a party we engage is located outside the European Economic Area (EEA), we ensure that any personal data transfers comply with the GDPR. This may involve using Standard Contractual Clauses (SCCs) or other appropriate safeguards. For instance, we may rely on SCCs for cloud hosting providers or other services that store data on servers outside the EEA. If you have questions about specific transfers, please contact us (Section 11).

 

4. Securing personal data

We implement appropriate technical and organizational measures to protect your personal data against misuse, loss, or unauthorized access. Examples include:

• Access controls: Only authorized personnel have access to personal data.
• Secure connections (SSL/TLS): Data you submit on our Website is transmitted over encrypted connections.
• Strict password and authorization policies: We maintain robust internal authentication and authorization procedures.
• Regular security reviews: We periodically evaluate and update our security measures to ensure ongoing protection.

5. Statistics

Our Website keeps general visitor data, which may include IP addresses, timestamps, and browser information. We use these data for statistical analyses of visitor and click behavior, and to optimize our Website and services. Wherever possible, we anonymize or aggregate these data so that they cannot be traced back to an individual.

6. Social media

Our Website includes buttons to promote or share pages on social networks (Facebook, LinkedIn, Instagram). These buttons are implemented using code provided by the social media platforms themselves. This code can place cookies. We recommend you read the privacy statements of Facebook, LinkedIn, and Instagram (which may change periodically) to see how they process your personal data via this code.

7. Google Analytics

We use Google Analytics to understand how users interact with our Website and to obtain reports on Website usage. The information, including your IP address, may be transferred to and stored by Google on servers potentially located in the United States.

• IP addresses: Where possible, we enable Google’s “IP anonymization” feature (anonymizeIP).
• Transfer outside the EEA: Google may process your data on servers outside the EEA. In such cases, we take appropriate measures (such as the use of Standard Contractual Clauses) to ensure an adequate level of protection.
• Google as processor: Google may disclose this information to third parties when legally required to do so, or where such third parties process the information on Google’s behalf. We have no control over this.

For more information, please see the Google Privacy Policy.

 

8. Email communication and newsletter

If you have expressly consented (or in cases where there is an existing customer relationship), we may send you emails to inform you about our services or related (marketing) campaigns. Every newsletter contains a link that allows you to unsubscribe (opt-out).

• Unsubscribe: If you no longer wish to receive emails, you may unsubscribe at any time via the link in the newsletter or by contacting us using the details in Section 10.

9. Use of cookies

We use cookies to enhance the user experience and performance of our Website, and (if you consent) to show you personalized offers or content. A cookie is a small file that is stored on your device’s hard drive when you visit our Website.

• Functional cookies: Required for the Website to function properly. We always place these.
• Analytical cookies: Help us understand how visitors use the Website. In some cases, these data may be anonymized.
• Tracking/marketing cookies: Are only placed with your prior consent. These allow us to track your browsing behavior on our Website and potentially on third-party sites in order to customize content and advertisements to your interests.

You can refuse the use of cookies at any time by adjusting your browser settings. Please note that some Website features may become less functional or unavailable.

10. Your rights: access, rectification, erasure, restriction, and data portability

You have the right to:

• Access the personal data we process about you.
• Rectify (correct) or complete your data if they are inaccurate or incomplete.
• Request the erasure of your data (“right to be forgotten”).
• Request restriction of the processing if you believe we are processing your data unlawfully or incorrectly.
• Object to (further) processing of your personal data.
• Request data portability, meaning you can request to receive the personal data we hold about you in a structured, commonly used, and machine-readable format so that you can transfer them to another party.

If you have any questions or requests regarding these rights, please contact us using the details below. You will receive a response within four weeks of receiving your request. We may ask for additional information to verify your identity.

 

11. Contact details

Tulip Tech

Attn: Privacy Department

Horsten 1 5612 AX, Eindhoven

The Netherlands

Email: [email protected]

We are happy to assist if you have any complaints or questions about the processing of your personal data. If, despite our efforts, we cannot resolve the matter together, you have the right to file a complaint with the supervisory authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

12. Changes to this Privacy Statement

We may amend this Privacy Statement from time to time. Any changes will be published on our Website with a new version date. We recommend that you consult this Privacy Statement regularly so that you remain informed of any updates.

Last updated in April 2025.