Legal

Privacy statement

Privacy statement, Human Centric B.V.
Version: 24 May 2026
Chamber of Commerce no.: 80360874
Registered address: Fluwelen Burgwal 32, The Hague
Email: info@humancentric.nl

Human Centric B.V. (hereafter "Human Centric", "we" or "us") respects your privacy and processes personal data carefully, securely and transparently. In this privacy statement we explain:

which personal data we process;
for which purposes and on what legal grounds;
how long we retain data;
with which (sub-)processors we work;
how you can exercise your privacy rights.

Who does this statement apply to?
Which personal data do we process?
Purposes and legal grounds
Sharing with third parties
Retention periods
Security
Use of AI
Your rights
Complaints
Changes

1. Who does this statement apply to?

This statement applies to:

Clients (contacts at customers and suppliers);
Participants in training, workshops and consultancy programmes;
Visitors to our website humancentric.nl and our LinkedIn page.

2. Which personal data do we process?

We mainly collect and process:

Category	Data	Source
Identification	First name, last name	Directly from the data subject, client, forms, questionnaires or our online scheduling tool
Contact	Email address, phone number	Same
Organisation	Company name, department/team, role	Same
Address (optional)	(Work) address, postcode, city, country	Only when relevant for billing or on-site delivery
Technical	Browser type, device category, country at IP level (no IP storage, no cookies set by our website)	Automatically via our website (Plausible Analytics) and third-party applications such as LinkedIn
Research data	Notes, transcripts, (draft) reports and analyses from interviews, focus groups and observations	Directly from the data subject, the client, or our own observations during an engagement

In the context of inclusion and social-safety engagements, notes and reports may occasionally contain special categories of personal data (for example regarding health, ethnic origin or sexual orientation) when respondents share this themselves. We process such data solely for the performance of the agreement, on the basis of the data subject's explicit consent, and anonymise it where possible in final deliverables.

3. Purposes and legal grounds

Purpose	Legal ground (art. 6 GDPR)
Performance of agreements (scheduling, delivery, billing)	Contract (6(1)(b))
Customer & participant administration, relationship management	Legitimate interest (6(1)(f))
Marketing & acquisition (newsletters, LinkedIn campaigns)	Consent (6(1)(a)) or legitimate interest B2B (6(1)(f)); opt-out available
Improving services, website analytics	Legitimate interest (6(1)(f))
Legal obligations (tax, accounting)	Legal obligation (6(1)(c))

Opt-out marketing. If you do not wish to receive marketing communications, you can email info@humancentric.nl to register your opt-out.

4. Sharing with third parties

We engage various (sub-)processors and external service providers to deliver our services. The list below contains our main (sub-)processors; we update this overview when there are material changes. We have a data processing agreement in place with each processor.

Supplier	Service	Location	Transfer ground
Microsoft 365	Email, document and data storage, Teams	EU & US	EU-US Data Privacy Framework
Apple iCloud	Device synchronisation	EU & US	EU-US Data Privacy Framework
Google Workspace	Email, document and data storage, Meet	EU & US	EU-US Data Privacy Framework
Plausible Analytics	Cookieless, privacy-friendly website analytics (no IP storage)	EU	n/a (within EU)
Netlify	Website hosting	EU & US	EU-US Data Privacy Framework
Typeform	Online forms (quick scan, feedback)	EU & US	EU-US Data Privacy Framework
Calendly	Online scheduling for introductory calls	US	EU-US Data Privacy Framework
WhatsApp (Meta)	Messaging channel for customer contact via the WhatsApp button on the contact page	EU & US	EU-US Data Privacy Framework
Anthropic (Claude)	Enterprise AI environment for draft text, summaries and analysis support	EU & US	EU-US Data Privacy Framework
Google (Gemini)	Enterprise AI environment for draft text, summaries and analysis support	EU & US	EU-US Data Privacy Framework
Microsoft (Copilot)	Enterprise AI environment for draft text, summaries and analysis support	EU & US	EU-US Data Privacy Framework

Transfers outside the EU. Several of the processors above are based in the United States. Transfers take place under the EU-US Data Privacy Framework or, where applicable, the European Commission's standard contractual clauses.

Click-to-load for external widgets

Some parts of our website are embedded services from third parties (Calendly for scheduling, YouTube for videos, Typeform for the quick scan). The moment such a widget loads, the third party sets its own cookies and may receive your IP address. To prevent that, we deliberately use a click-to-load approach:

Calendly (on the home, contact and active-bystander pages) is loaded only after you explicitly click "Load Calendly planner" or "Schedule an introductory call". Until then, no request is sent to Calendly and no Calendly cookies are placed. A direct link to calendly.com is offered as an alternative for visitors who prefer not to load the widget.
YouTube (all videos on our website) is loaded only when you activate a video. Until then you only see the still image on our server, and there is no contact with YouTube or Google. Once you press play, YouTube sets cookies and your IP address may become known to Google.
Typeform (the quick scan from the resources page) we do not embed. Clicking the quick-scan button opens Typeform in a new tab, so your visit data only reaches Typeform there, not via humancentric.nl.
WhatsApp (the WhatsApp button on the contact page) is not a widget but a plain wa.me link. As long as you do not click it, no request is sent to WhatsApp or Meta and no Meta cookies are set via our website. Once you do click, WhatsApp opens on your own device and WhatsApp Ireland Ltd / Meta Platforms processes your phone number and the contents of your message. Data may be processed outside the EU; see the WhatsApp privacy policy for details. We receive your message in our business inbox and retain it like any other customer correspondence.

Additionally, our own website does not place tracking cookies. We use Plausible Analytics, which runs without cookies and does not store IP addresses. That is why no cookie banner is required on humancentric.nl: external parties can only process data once you take action yourself (activating a widget or following a link to Calendly, YouTube, Typeform or WhatsApp).

Google Ads

We advertise via Google Ads to raise awareness of our services. humancentric.nl does not host Google Ads tracking cookies, conversion tags or remarketing pixels: we do not feed visitor data from our website to Google. Ad delivery and click tracking happen on Google's own platforms, governed by Google's privacy policy.

5. Retention periods

Contract and invoice data: 7 years (statutory tax retention period).
Training and participation data: 5 years after the last attendance.
Research data (notes, transcripts, (draft) reports and analyses): 5 years after completion of the engagement; anonymised, aggregated insights may be retained longer for methodological purposes.
Marketing and prospect data: 3 years after the last interaction or until opt-out.
Analytics data (Plausible): aggregated statistics without cookies or IP addresses, retained according to Plausible Analytics' policy (see their data policy).

6. Security

We take appropriate technical and organisational measures to protect personal data against loss or any form of unlawful processing.

Research data (notes, transcripts, (draft) reports and analyses) is stored in our secured Microsoft 365 and Google Workspace environments, with two-factor authentication and access limited to the project team involved. Where possible we anonymise or pseudonymise data in (draft) reports and final deliverables.

7. Use of AI

We use AI to support tasks such as drafting text, summarising public sources and preparing presentations. The tools currently in use are Anthropic Claude, Google Gemini and Microsoft Copilot.

We use enterprise AI environments where inputs are not used for model training. We do not enter confidential research data, such as interview transcripts and attributable statements from participants, into public AI tools. Final responsibility for all advice, reports and analyses lies with our advisors at all times; we do not use automated decision-making or profiling that has legal effects on data subjects.

8. Your rights

Within the statutory framework, you have the right to access, rectification, erasure, restriction, portability and objection. You also have the right to withdraw any consent previously given, without affecting the lawfulness of the processing prior to withdrawal. Send your request to info@humancentric.nl. We will respond within 1 month.

9. Complaints

If you are not satisfied with how your request has been handled, you can lodge a complaint with the Dutch Data Protection Authority.

10. Changes

We may amend this privacy statement; the most recent version is always available at www.humancentric.nl/en/privacy. We notify affected parties of substantial changes by email or via the website.