Melrose AcademyMelroseAcademy
NLEN
Academy
MelroseAcademy
Home
Training
Security Training Resilience & Communication First Aid & Trauma AI & Cyber Security All courses
Services
Security Consultancy Incident Management Security Intermediair AI Governance & Certification Technical Consultancy Corporate & Governance
Meer
About Us Dojo Team Contact Academy
Privacy Policy

Privacy Policy

Privacy Policy of Melrose Academy. Learn how we protect your personal data in accordance with the GDPR.

1. Introduction

Melrose Academy ("we", "us", "our") attaches great importance to the protection of your personal data. This privacy policy describes how we collect, process, store and protect personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation.

This policy applies to all services of Melrose Academy, including training, consultancy, certification programmes and the use of our website melroseacademy.nl.

Data Controller: Melrose Academy Transistorstraat 65M, 1322 CK Almere, the Netherlands Chamber of Commerce number: [to be completed] General contact: info@melroseacademy.nl Privacy questions: privacy@melroseacademy.nl Complaints: klachten@melroseacademy.nl

Melrose Academy has not appointed a Data Protection Officer (DPO). Our scale and processing activities do not trigger the legal obligation under Article 37 GDPR. For all privacy-related questions, requests or complaints please contact privacy@melroseacademy.nl. A designated internal privacy contact will respond within 30 days.

2. What data we collect

We collect personal data in the following categories:

2.1 Data you provide to us

  • Contact details: name, email address, telephone number, company name and job title
  • Registration data: data required for participation in training programmes and courses
  • Communications: content of messages you send us via contact forms, email or telephone
  • Billing data: company name, address, VAT number and payment details

2.2 Data collected automatically

  • Website usage: IP address, browser type, pages visited, visit duration and referring website
  • Cookies: functional and analytical cookies (see our Cookie Policy)

2.3 Data from third parties

  • Data provided by your employer for corporate training registrations

3. Purposes of processing

We process your personal data for the following purposes:

  • Service delivery: conducting training, consultancy and certification programmes
  • Communication: answering questions and informing you about relevant developments
  • Administration: invoicing, accounting and contract management
  • Improvement: improving our website, training programmes and services
  • Legal obligations: complying with fiscal and other statutory retention requirements

4. Legal bases for processing

We process personal data on the basis of the following legal grounds:

  • Performance of a contract: where processing is necessary for the performance of a training or service for which you have registered
  • Legitimate interest: for improving our services and securing our systems
  • Consent: where you have given explicit consent, for example to receive newsletters
  • Legal obligation: where we are legally required to process or retain data

5. Retention periods

We do not retain personal data longer than necessary for the purpose for which it was collected:

  • Client and participant data: up to 2 years after the last interaction, unless a longer retention period applies
  • Billing data: 7 years in accordance with fiscal retention requirements
  • Certification data: 10 years for the purpose of verifying certificates obtained
  • Website analytics: maximum 26 months
  • Communication history: up to 1 year after resolution

6. Sharing with third parties

We only share your personal data with third parties where this is necessary for our service delivery or where we are legally required to do so:

  • Processors: parties that process data on our behalf, such as our hosting provider, email service provider and accounting software. We have entered into data processing agreements with these parties.
  • Certification bodies: for the application and registration of certificates
  • Government authorities: where we are legally required to do so

We do not sell your personal data to third parties and do not provide it for commercial purposes of third parties.

7. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These measures include:

  • Encrypted connections (SSL/TLS) on our website
  • Access control to systems and data
  • Regular backups
  • Awareness training for staff

8. Your rights

Under the GDPR, you have the following rights with regard to your personal data:

  • Right of access: you may request which data we process about you
  • Right to rectification: you may have incorrect or incomplete data corrected
  • Right to erasure: you may request the deletion of your data
  • Right to restriction: you may request the restriction of the processing of your data
  • Right to data portability: you may request to receive your data in a commonly used format
  • Right to object: you may object to the processing of your data
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

You can exercise your rights by contacting us at privacy@melroseacademy.nl. We will respond to your request within 30 days and may ask for additional information to verify your identity.

8.1 No automated decision-making

Melrose Academy does not use automated decision-making, profiling or algorithmic assessment within the meaning of Article 22 GDPR. Decisions about admission to training, certifications and consultancy programmes are made exclusively by employees.

8.2 International transfers

We aim to process your personal data within the European Economic Area (EEA). In a limited number of cases, data may be processed by service providers outside the EEA. In that case we apply appropriate safeguards under Chapter V GDPR, such as the European Commission's Standard Contractual Clauses or an adequacy decision.

We deliberately avoid US cloud services without valid transfer safeguards. Our website does not use Google Fonts CDN, Google Analytics or US-hosted trackers without your explicit consent.

9. Cookies

For information about our use of cookies, please refer to our Cookie Policy.

10. Changes

We reserve the right to amend this privacy policy. The most recent version is always available on our website. In the event of substantial changes, we will inform you by email or by means of a notice on our website.

11. Complaints

If you have a complaint about the processing of your personal data, please first contact us at privacy@melroseacademy.nl. We aim to handle your complaint within 30 days.

You always have the right to lodge a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens PO Box 93374, 2509 AJ The Hague, the Netherlands Phone: +31 88 1805 250 www.autoriteitpersoonsgegevens.nl

12. Contact

For questions about this privacy policy or about the processing of your personal data, you may contact us:

Melrose Academy Transistorstraat 65M, 1322 CK Almere, the Netherlands Privacy questions: privacy@melroseacademy.nl Complaints: klachten@melroseacademy.nl General: info@melroseacademy.nl Chamber of Commerce number: [to be completed]