PRIVACY POLICY

Last Updated: 5.5.2026

1. Data Controller The data controller is Maas Maritime Consultancy B.V. The person in charge of registry matters is Misha Klapwijk who can be reached via email at info@maasmaritime.com.

2. Purpose of Data Collection We collect personal data to manage customer relationships and process orders effectively. Furthermore, we use the information to maintain professional communication and continuously develop our services to better meet the needs of our clients.

3. Legal Basis for Processing We process your data in accordance with the EU General Data Protection Regulation (GDPR) based on the following grounds. Processing is based on your consent when we collect information through cookies regarding your website usage, such as visited pages. Processing is necessary for the performance of a contract when we collect information provided via forms to handle your contact requests and provide our services. We also process data based on our legitimate interest for the purposes of maintaining and developing the customer relationship.

4. Content of the Registry The information we collect through forms may include the company name and business ID. We also collect the name and contact details of the contact person, such as their email address and phone number. Additionally, we may store specific service requests or preferences. Through analytics, we collect location data, IP addresses, and website usage information if you have accepted the use of cookies.

5. Data Retention Period We retain personal data only for as long as is necessary for the purposes mentioned in this policy. Customer data is stored for the duration of the contract and for an additional period required by applicable legislation, such as accounting obligations.

6. Regular Sources of Information Information is primarily collected directly from you through the forms you fill out on our website. In addition, we collect website usage data using Google Analytics 4 and technical log data from the Duda platform. Cookie preferences are managed through the Termly service.

7. Data Transfers and Disclosures Outside the EU/EEA We do not regularly disclose your information to third parties outside the company, but we utilize trusted service providers to implement our website and analytics. Our website is built on the Duda platform, and its hosting and servers are located in Europe. We use Termly for cookie consent management. For analytics and advertising, we use Google Analytics 4, Google Ads, and Meta Pixel. Google services in the EU are provided by Google Ireland Ltd. Although servers are located within the EU, some providers such as Google, Duda Inc., and Termly Inc. are based in the United States, which means data may technically be processed outside the EU. In such cases, data protection is ensured through EU Standard Contractual Clauses (SCC) and the EU-US Data Privacy Framework arrangement, to which these providers are committed.

8. Use of Cookies We use cookies on our website to improve your user experience and analyze site usage. We use the Termly tool for managing cookies and collecting consent. Essential cookies are required for basic website functions, such as security and site loading on the Duda platform, and cannot be turned off. Performance and analytics cookies measure visitor numbers and traffic sources, such as Google Analytics. Advertising cookies allow us to show you ads corresponding to your interests, such as Google Ads, and Meta Pixel. We ask for your consent for cookie usage via the Termly banner upon your arrival. You can change your settings at any time via the Cookie Settings link or icon found on the website.

9. Data Security We protect your data with great care. All data transmission is secured with an SSL connection (HTTPS). Electronic data is protected by firewalls as well as individual usernames and passwords. We use two-factor authentication (2FA) in our management systems. Access to data is restricted only to those individuals who require the information to perform their specific job duties.

10. Automated Decision-Making Aiming at individual decisions based on automated processing as defined in Article 22 of the GDPR is not performed.

11. Rights of the Data Subject You have the following rights regarding your personal data. You have the right of access to know what data we have stored about you. You have the right to rectification to demand the correction of incorrect information. You have the right to erasure to request the deletion of your data, excluding cases where legal obligations require retention. You also have the right to restrict processing, the right to object, and the right to data portability. You have the right to withdraw your consent for cookies at any time through the Termly settings. If you believe our data processing does not comply with the law, you have the right to lodge a complaint with the Data Protection Ombudsman. You may exercise your rights by sending a written request to the person in charge of registry matters mentioned in section 1.