Privacy Policy

1. Who We Are

Medita is a commerce systems architecture studio based in Eindhoven, the Netherlands (KVK: 99904500). We build custom commerce infrastructure for SMEs. When we say “we”, “us”, or “Medita”, we mean the entity responsible for processing your personal data as described in this policy.

2. What Data We Collect

We collect data only when necessary for our services:

• →Contact information: Name, email, phone number, and company name when you submit our intake form or contact us directly.
• →Project information: Details about your business systems, pain points, budget, and timeline that you provide through our intake form.
• →Analytics data: We use Google Analytics to collect anonymized usage data such as pages visited, time spent, and general geographic location. No personally identifiable information is shared.
• →Technical data: IP address (anonymized), browser type, device information, and operating system — collected automatically for security and performance purposes.

3. How We Use Your Data

• →To respond to your inquiries and assess project fit
• →To deliver architecture scans, platform builds, and retainer services
• →To send invoices and manage the business relationship
• →To improve our website and services based on aggregate usage patterns
• →To comply with Dutch legal and tax obligations

4. Legal Basis (GDPR)

We process your data under the following legal bases: legitimate interest (responding to inquiries, improving services), contractual necessity (delivering services you've engaged us for), consent (analytics cookies, marketing communications), and legal obligation (tax and financial record-keeping).

5. Data Retention

Contact form submissions are retained for 2 years unless a business relationship is established. Client project data is retained for 7 years per Dutch tax law (Belastingdienst requirements). Analytics data is anonymized and retained for 26 months.

6. Third-Party Services

We use the following third-party services that may process your data:

• →Google Analytics: Website usage analytics (anonymized IP). Data processed in the EU.
• →Hosting provider: Server infrastructure for website and application hosting.

7. Your Rights

Under the GDPR, you have the right to:

• →Access your personal data and receive a copy
• →Rectify inaccurate or incomplete data
• →Erase your data (“right to be forgotten”)
• →Restrict processing of your data
• →Port your data to another service provider
• →Object to processing based on legitimate interest

To exercise these rights, email us at info@medita.nl. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Cookies

We use essential cookies for website functionality and Google Analytics cookies for understanding how visitors use our site. You can control cookie settings through your browser preferences. Disabling cookies may affect some website functionality.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS/SSL), secure server infrastructure, access controls, and regular security audits. However, no method of electronic transmission or storage is 100% secure.

10. Contact

For questions about this privacy policy or to exercise your data rights: