Privacy Policy

Privacy Policy

Last updated: 14 April 2026

1. Who we are

This Privacy Policy explains how OperatorOne B.V. ("Operator One", "O1", "we","us" or "our") collects and uses personaldata.

Controller details
Operator One B.V.
Veluwezoom 32
1327 AH Almere
The Netherlands
Email: privacy@o1.eu
Website: https://www.o1.eu

If you have questions about this PrivacyPolicy or want to exercise your privacy rights, you can contact us using thedetails above.

Data Protection Officer / privacycontact
Operator One has not appointed a Data Protection Officer. For all privacymatters, please contact privacy@o1.eu.

2. Scope of this Privacy Policy

This Privacy Policy applies to personaldata processed by Operator One in connection with:

  • contact requests, demo requests, downloads and other marketing  interactions;
  • communication with prospective customers, customers, suppliers, service providers and other business contacts;
  • the negotiation, onboarding, delivery and support of our services;
  • recruitment activities, if applicable; and
  • isits to and use of our website;related business administration, compliance, security and legal  processes.

This Privacy Policy is primarily intendedfor website visitors and business contacts.

Marketplace and end-consumer data

Where personal data is processed inconnection with marketplace transactions, end-consumer sales, customerservice, logistics, returns, payments, compliance, or platform-specificoperations, additional or separate privacy information may be providedthrough the relevant marketplace, platform, checkout flow, customercommunication, contractual documentation or service-specific notice.

This is relevant because Operator One worksin different roles depending on the setup:

  • in other situations, Operator One processes personal data on   behalf of a client, brand, marketplace or other party, in which case  that party may be the primary controller and its privacy notice may apply  instead or in addition; and
  • ;in some situations, Operator One determines the purposes and  means of processing and acts as an independent controllersome third parties involved in a transaction, such as marketplaces, payment providers, carriers or returns providers, may act as  separate controllers for their own processing activities.

This Privacy Policy does not replaceany privacy notice presented by:

  • a marketplace or platform;
  • a client or brand for whom we provide services;
  • a carrier, payment provider or other third party acting as its  own controller; or
  • a dedicated customer-facing notice used for specific  end-consumer processing activities.

Where Operator One processes personal data solelyon behalf of a client or another controller, that party's privacy noticemay apply instead or in addition.

3. The personal data we collect

Depending on how you interact with us, wemay collect the following categories of personal data:

a. Identity and contact data

  • name;
  • business email address;
  • telephone number;
  • company name;
  • job title;
  • postal address;
  • billing details.

b. Communication and relationship data

  • the content of emails, calls, meetings and messages;
  • contact requests, support requests and follow-up notes;
  • preferences, interests and communication history;
  • commercial and contractual information.

c. Website and technical usage data

  • IP address;
  • browser type and version;
  • device identifiers;
  • operating system;
  • referral URLs;
  • pages visited;
  • dates and times of access;
  • cookie and consent preferences;
  • other diagnostic, analytics and security-related website data.

d. Transactional and service-deliverydata

Where relevant to our services, we mayprocess business and operational data such as:

  • account and onboarding details;
  • invoicing and payment-related data;
  • order, shipment, return or support-related contact data;
  • records needed to provide, manage or improve our services.

e. Recruitment data

If you apply for a role with us, we mayprocess:

  • CV or resume information;
  • application correspondence;
  • interview notes;
  • references, where lawfully obtained;
  • any other information you choose to provide.

We do not intentionally collect morepersonal data than is necessary for the purposes described in this PrivacyPolicy.

4. How we collect personal data

We collect personal data:

  • directly from you, for example when you contact us, submit a     form, request a demo, enter into a contract, apply for a role, or     otherwise communicate with us;
  • automatically, through cookies, server logs and similar     technologies when you use our website;
  • from your employer or organisation, where you are acting as a     representative, user or contact person;
  • from clients, partners, marketplaces, service providers or     publicly available sources where relevant to our services, compliance     obligations or business relationship; and
  • from third-party tools and systems we use to manage     communications, marketing, operations and service delivery.

5. Why we process personal data and on what legal basis

We process personal data only where we havea valid legal basis under applicable data protection law.

a. To operate and secure our website

We process technical and usage data tooperate the website, maintain availability, prevent misuse, troubleshootissues, and protect our systems.

Legal basis:legitimate interests, and where required by law, consent for non-essentialcookies or similar technologies.

b. To respond to enquiries and managebusiness communications

We process contact and communication datato answer questions, arrange meetings, provide requested information, andmanage our relationship with prospective and existing business contacts.

Legal basis:steps prior to entering into a contract, contract performance, and/orlegitimate interests.

c. To onboard customers, suppliers andpartners and to deliver our services

We process relevant business, operationaland contact data to negotiate, conclude and perform agreements, providesupport, manage projects, administer services and maintain business records.

Legal basis:contract performance and legitimate interests.

d. To handle administration, finance andcompliance

We process personal data where necessaryfor invoicing, accounting, tax, legal compliance, audits, dispute management,fraud prevention and the exercise or defence of legal claims.

Legal basis:legal obligation, legitimate interests, and where relevant the establishment,exercise or defence of legal claims.

e. To send service communications andbusiness updates

We may use contact details to sendoperational updates, important service notices, contract-related communicationsand similar business messages.

Legal basis:contract performance and legitimate interests.

f. To send marketing communications

Where allowed by law, we may sendnewsletters, insights, invitations or other marketing communications.

Legal basis:consent where required, and otherwise legitimate interests in promoting ourservices to relevant business contacts.

You can unsubscribe from marketingcommunications at any time.

g. To improve our services, website andbusiness operations

We may analyse interactions, feedback,usage patterns and business data to improve our website, services, content,internal processes, security and commercial offering.

Legal basis:legitimate interests, and consent where legally required.

h. To recruit and assess candidates

If you apply for a role with us, we useyour personal data to review your application, communicate with you and managethe recruitment process.

Legal basis:steps prior to entering into an employment contract, legitimate interests, andconsent where required.

i. To manage marketplace-related orcustomer-facing operations where applicable

Where Operator One acts in connection withmarketplace operations, customer support, logistics, returns, compliance,payments or similar activities, we may process personal data where necessary toperform those activities.

Legal basis:contract performance, legal obligation, legitimate interests, and/or any otherlawful basis applicable to the relevant processing context.

Where a separate or platform-specificprivacy notice applies, that notice should also be consulted.

6. If you do not provide personal data

Where we need personal data to respond to arequest, enter into a contract, provide a service, or comply with a legalobligation, and you do not provide that data, we may be unable to respondfully, enter into the relationship, or provide the relevant service.

7. Recipients of personal data

We may share personal data, where necessaryand appropriate, with the following categories of recipients:

  • our employees and authorised personnel on a need-to-know basis;
  • affiliated companies within our group, where relevant and     lawful;
  • hosting, website, cloud, IT, CRM, email, communications and     software providers, including providers such as Webflow, HubSpot and     TransIP where relevant;
  • analytics, cookie and website service providers, including     providers such as Google Analytics, LinkedIn and Meta where relevant;
  • accountants, auditors, insurers, banks, payment service     providers and professional advisers;
  • logistics, fulfilment, returns, support and operational     partners;
  • marketplace, platform and integration partners involved in the     relevant services;
  • public authorities, regulators, law enforcement agencies and     courts where required by law or necessary to protect our rights; and
  • any buyer, investor, lender or professional adviser involved in     a corporate transaction, subject to appropriate confidentiality and data     protection safeguards.

Where third parties process personal dataon our behalf, we require them to act only on our instructions, keep the datasecure, and comply with applicable data protection law.

8. International data transfers

Some of our service providers or partnersmay process personal data outside the European Economic Area ("EEA"),the United Kingdom or Switzerland. This may include, for example, certainwebsite, analytics, marketing, CRM, communications or cloud providers used inour operations.

Where we transfer personal datainternationally, we will do so only where a lawful transfer mechanism is inplace, such as:

  • an adequacy decision by the European Commission;
  • the European Commission's Standard Contractual Clauses (or the     UK equivalent where applicable);
  • supplementary measures where required; or
  • another valid transfer mechanism permitted by law.

You may contact us if you would like moreinformation about the safeguards used for relevant international transfers.

Operational note: before publication, verify the actual countries, providers andtransfer mechanisms used by Operator One.

9. Data retention

We do not keep personal data longer than necessary for the purposes for which it was collected, unless a longerretention period is required or permitted by law.

Our retention periods may vary depending onthe data and the purpose. As a general rule:

  • website logs and security data:     retained for as long as reasonably necessary for security, troubleshooting     and abuse prevention;
  • contact requests and general correspondence: retained for up to 24 months after the last substantive     contact, unless a longer period is needed;
  • prospect and customer business contact data: retained during the business relationship and for up to 24     months thereafter unless a longer period is required for contract     management, legal claims or compliance;
  • customer, supplier and partner relationship data: retained during the relationship and for an appropriate period     afterwards for administration, audit, legal and contractual purposes;
  • contract, invoicing, accounting and tax-related data: retained for at least the period required by applicable law.     For Dutch tax and administrative records this is generally 7 years;     where records relate to OSS / Union Scheme or Import Scheme obligations,     the retention period may be 10 years;
  • marketing data and preferences:     retained until you unsubscribe, withdraw consent, object, or the data is     no longer relevant, and in principle no longer than 24 months after     the last meaningful interaction unless a longer retention period is     justified;
  • recruitment data: retained only for     as long as necessary for the recruitment process. If an applicant is not     hired, we generally delete the application data no later than 4 weeks     after the end of the recruitment process, unless the applicant has     consented to a longer retention period permitted by law;
  • dispute, legal claim and compliance records: retained for as long as necessary to handle the matter and     satisfy applicable limitation or retention requirements.

Where possible, we delete, anonymise orsecurely archive personal data when it is no longer needed.

Operational note: before publication, align this section with Operator One's actualretention schedule and statutory obligations.

10. Cookies and similar technologies

Our website may use cookies, pixels, localstorage and similar technologies for:

We currently use or may use technologiesand providers such as HubSpot, Meta, LinkedIn and GoogleAnalytics, as well as cookies or similar tools required for the operationof our website hosted or supported via Webflow and TransIP.

  • website functionality;
  • security and performance;
  • analytics;
  • personalisation; and
  • marketing, where applicable.

Where required by law, we request yourconsent before placing non-essential cookies or similar technologies on yourdevice.

You can manage your preferences through ourcookie banner or browser settings.

For more detailed information about thecookies and technologies we use, including providers, purposes and retentionperiods, please see our cookie settings tool available on our website and anyseparate Cookie Policy we may publish from time to time.

11. Third-party websites, platforms andservices

Our website and services may contain linksto third-party websites, platforms, marketplaces or tools. Those third partieshave their own privacy notices and practices. We are not responsible for thecontent, security or privacy practices of third-party services acting asindependent controllers.

12. Data security

We take appropriate technical andorganisational measures to protect personal data against accidental or unlawfuldestruction, loss, alteration, unauthorised disclosure or access.

These measures may include access controls,authentication, least-privilege permissions, contractual safeguards, securehosting, monitoring, encryption where appropriate, backup procedures andinternal governance measures.

However, no system is completely secure. Ifyou believe your interaction with us is no longer secure, please contact usimmediately.

13. Your privacy rights

Subject to applicable law, you may have theright to:

  • request access to your personal data;
  • request rectification of inaccurate or incomplete personal     data;
  • request erasure of your personal data;
  • request restriction of processing;
  • object to processing carried out on the basis of legitimate     interests;
  • withdraw consent at any time, where processing is based on     consent;
  • request data portability, where applicable; and
  • not be subject to a decision based solely on automated     processing, including profiling, that produces legal or similarly     significant effects, where applicable.

To exercise your rights, please contact usat: privacy@o1.eu.

We may ask for reasonable proof of identitybefore acting on a request.

We will respond in accordance withapplicable data protection law.

Complaints

If you believe that our processing of yourpersonal data violates applicable law, you also have the right to lodge acomplaint with the competent supervisory authority. In the Netherlands, this isgenerally the Autoriteit Persoonsgegevens.

14. Children

Our website and services are not directedto children, and we do not knowingly collect personal data from childrenthrough our website unless this is specifically required and lawful in therelevant operational context.

If you believe that a child has providedpersonal data to us unlawfully, please contact us so that we can takeappropriate action.

15. Changes to this Privacy Policy

We may update this Privacy Policy from timeto time to reflect changes in law, our processing activities, or our services.

We will publish the updated version on thispage and update the "Last updated" date above. Where required by law,we will provide additional notice.

16. Contact us

For privacy questions, requests orcomplaints, please contact:

Operator One B.V.
Veluwezoom 32
1327 AH Almere
The Netherlands
Email: privacy@o1.eu
Website: https://www.o1.eu

17. Internal publication checklist

Before publishing this Privacy Policy,confirm and complete at least the following:

  1. legal entity name and registered address;
  2. privacy contact email and DPO details if any;
  3. actual categories of processing carried out by Operator One as     controller;
  4. where Operator One acts as processor only, and whether a     separate notice exists;
  5. actual vendor categories and key processors/subprocessors,     including providers such as Webflow, TransIP, HubSpot, Google Analytics,     Meta and LinkedIn where relevant;
  6. international transfers and safeguards used;
  7. retention periods aligned with your internal retention     schedule;
  8. cookie tools, analytics providers and marketing technologies     used;
  9. whether recruitment is in scope for this website notice; and
  10. whether any separate customer-facing or marketplace-specific     privacy notices should be linked from this page.