Data Controller: Sylvanity B.V.
Services: Sylvanity Academy Platform & Sylvanity.eu Website
1. Collection of Personal Data
Sylvanity B.V. collects personal data through the following methods:
1.1 Automatic Data Collection
When you access our Services (Sylvanity Academy Platform and Sylvanity.eu website), our servers automatically record the following information:
- Internet Protocol (IP) addresses, browser type and version, and operating system information
- Pages accessed, device identifiers, and search query terms entered
- Device configuration data including operating system type, settings, and error reports
- Usage analytics including content interaction patterns and session duration
1.2 Cookies and Tracking Technologies
Our Services utilize cookies and similar technologies in the following categories:
- Strictly Necessary Cookies: Required for core platform functionality, authentication sessions (Supabase), and secure payment processing (Stripe)
- Performance and Analytics Cookies: Used to analyze visitor behavior and platform performance
- Marketing and CRM Cookies: HubSpot tracking cookies for visitor intelligence and marketing automation (Sylvanity.eu only)
- Advertising Cookies: Enable the delivery of targeted advertisements and measurement of advertising campaign effectiveness through Google Ads conversion tracking
Google Consent Mode v2: For users in the European Economic Area, we implement Google Consent Mode v2 via our Google-certified consent management platform (CookieYes). This ensures that user consent choices are properly communicated to Google services (Google Ads, Google Analytics) in compliance with Google's requirements for EEA users.
1.3 Third-Party Data Sources
The following third parties may collect and process information about your interactions with our Services:
- Google: Browsing activity for advertising campaign effectiveness measurement through Google Ads conversion tracking
- HubSpot: Visitor intelligence, form submissions, and marketing engagement data (Sylvanity.eu only)
- Stripe: Payment method information and transaction details for payment processing
2. Consequences of Not Providing Personal Data
Pursuant to Article 13(2)(e) of the GDPR, we inform you of the consequences of not providing certain categories of personal data:
- Account and Authentication Data: Failure to provide name, email address, and password will prevent account creation and access to the Sylvanity Academy Platform.
- Payment Information: If you do not provide payment details (processed by Stripe), we cannot process purchases of paid training courses or services.
- Contact Form Data: Failure to provide contact information in inquiry forms will prevent us from responding to your requests.
- Cookies and Tracking: Rejection of non-essential cookies will not prevent access to the Services but may limit functionality such as personalized content, analytics-driven improvements, and advertising effectiveness measurement.
3. Purpose and Legal Basis for Processing
Sylvanity B.V. processes personal data exclusively for specified, explicit, and legitimate purposes in accordance with Article 5(1)(b) of the GDPR. The processing of personal data is conducted pursuant to the following legal bases set forth in Article 6 of the GDPR:
- Performance of Contract (Article 6(1)(b) GDPR): Processing necessary for the performance of a contract, including provision of educational services through the Sylvanity Academy Platform, processing of payments, account management, and delivery of purchased content.
- Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for the purposes of legitimate interests, including improvement and optimization of Services, ensuring network and information security, fraud prevention, direct marketing to existing customers, and responding to inquiries.
- Consent (Article 6(1)(a) GDPR): Processing based on freely given, specific, informed, and unambiguous consent, including deployment of non-essential cookies, Google Ads conversion tracking, and HubSpot marketing automation.
- Legal Obligations (Article 6(1)(c) GDPR): Processing necessary for compliance with legal obligations, including retention of financial records pursuant to Dutch tax law and response to lawful requests from competent authorities.
3.1 Automated Decision-Making and Profiling
Pursuant to Article 13(2)(f) and Article 22 of the GDPR, we provide the following information regarding automated decision-making and profiling:
- Limited Profiling for Advertising: When you consent to advertising cookies, we engage in limited profiling activities that associate your on-site browsing behavior with advertising audiences for remarketing purposes via Google Ads.
- Your Rights: You may withdraw consent to profiling activities at any time by adjusting your cookie preferences via the consent banner or cookie settings.
We do not engage in automated decision-making that produces legal effects or similarly significantly affects you without human intervention.
4. Disclosure to Third Parties
4.1 Service Providers and Processors
Personal data is shared with the following processors who provide essential services:
- Supabase, Inc.: Database hosting, authentication, and real-time data services
- Stripe, Inc.: Payment processing and financial transaction services
- Netlify, Inc.: Platform hosting and content delivery services
- HubSpot, Inc.: Customer relationship management and marketing automation (Sylvanity.eu only)
- Google LLC: Advertising measurement services
- CookieYes Limited: Cookie consent management and compliance services
- Resend, Inc.: Transactional email delivery services
4.2 Legal and Regulatory Obligations
Personal data may be disclosed when required by applicable law, legal process, governmental request, or regulatory authority.
4.3 Corporate Transactions
In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the successor entity or acquiring party.
5. Data Subject Rights Under GDPR
Pursuant to Chapter III of the GDPR, data subjects whose personal data is processed by Sylvanity B.V. are entitled to exercise the following rights:
- Right of Access (Article 15 GDPR)
- Right to Rectification (Article 16 GDPR)
- Right to Erasure (Article 17 GDPR)
- Right to Restriction (Article 18 GDPR)
- Right to Data Portability (Article 20 GDPR)
- Right to Object (Article 21 GDPR)
- Right to Withdraw Consent (Article 7(3) GDPR)
- Right to Lodge a Complaint (Article 77 GDPR)
To exercise any of these rights, please submit a request to academy@sylvanity.eu including proof of identity.
6. Data Security
Sylvanity B.V. has implemented and maintains appropriate technical and organizational measures pursuant to Article 32 of the GDPR, including:
- Encryption of personal data in transit using Transport Layer Security (TLS) protocols
- Implementation of access controls and authentication mechanisms
- Regular testing, assessment, and evaluation of the effectiveness of technical and organizational measures
- Procedures for regularly reviewing and updating security measures
- Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems
7. Minors and Children
The Sylvanity Academy Platform is not directed to individuals under the age of 16. Sylvanity B.V. does not knowingly collect personal data from children under 16 years of age. If we become aware that personal data has been collected from a child under 16 without parental consent, we will take prompt measures to delete such information from our systems.
8. Cross-Border Data Transfers
Personal data processed through the Platform may be transferred to and stored in jurisdictions outside your country of residence, where data protection laws may differ from those applicable in your jurisdiction.
Where personal data is transferred to countries that have not received an adequacy decision from the European Commission, Sylvanity B.V. ensures that appropriate safeguards are implemented in accordance with Chapter V of the GDPR, including Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework where applicable, and Data Processing Agreements containing the mandatory provisions set forth in Article 28 of the GDPR.
9. Data Retention
Sylvanity B.V. retains personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations:
- Account Data: Retained for the duration of your account and 30 days after deletion request
- Transaction Records: Retained for 7 years in compliance with Dutch tax regulations
- Marketing Data: Retained until consent is withdrawn or 2 years of inactivity
- Technical Logs: Retained for up to 90 days for security and performance monitoring
- Consent Records: Retained for 24 months to evidence compliance with GDPR Article 7(1) requirements
10. Amendments to This Policy
Sylvanity B.V. reserves the right to modify this Privacy Policy at any time. Material changes will be reflected by updating the “Last Updated” date at the beginning of this document. Your continued use of the Platform following the posting of changes constitutes acceptance of such modifications.
11. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:
Data Controller: Sylvanity B.V.
Email: academy@sylvanity.eu
Registered Address: Unit 59, FLEX Treubstraat 21, 2288EH Rijswijk, The Netherlands
Telephone: +31 70 205 9301
Chamber of Commerce Registration: 96488646
Supervisory Authority: If your concerns regarding the processing of personal data have not been adequately addressed, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).