CoreNorthStudio handles the personal data of visitors, clients, and business partners responsibly, securely, and in accordance with applicable data protection laws.
Last updated: May 30th, 2026Information We Collect
Corenorthstudio is hosted at https://corenorthstudio.com and is the brand of Corenorthstudio KVK ("website", "we", "our", "us") registered with Dutch Chamber of Commerce. Corenorthstudio is our service providing platform through which we are offering ours. At our platform and website, the privacy of all of our clients, customers, agents and users (collectively referred to as "users") is protected and respected. This privacy statement is drafted in order to declare our website's data protection and data collection practices. This explains specifically how we protect user's data, and what measures have been taken in order to be in compliance with different privacy laws. This policy is written for all users to understand how our website uses, collects, shares, and protects users' information and data. We request our users to read this privacy policy statement before using our website. The users of our website will be assumed to be in agreement with our privacy statement after we have published this Privacy Policy on our website.
Collection of Data
In the course of operating our business and providing services, we may collect and process various categories of personal data. The type and extent of data collected will depend on how you interact with us, the nature of the services requested, and the context of the engagement (e.g., direct client relationship, partner agency collaboration, or general website use). We aim to collect only the data that is reasonably necessary, relevant, and proportionate for legitimate business and legal purposes.
2.1 Information You Provide Directly
We collect personal data that you voluntarily provide to us when you submit a contact form on our website, request a proposal, consultation, or quote, communicate with us through email, messaging platforms, or social media, or enter into a contractual or business relationship with us. This information may include, but is not limited to:
- Full Name
- Email Address
- Phone Number
- Company Name And Business Details
- Project Details And Requirements
- Communication Content
Please note that any information you provide in communications or project materials may be stored and used as necessary to evaluate, deliver, and manage services.
2.2. Information Collected Automatically
When you access or interact with our website or digital platforms, certain technical and usage data may be collected automatically through standard technologies such as cookies, server logs, and analytics tools. This may include:
- IP address
- Browser type and version
- Device information
- Operating system
- Website usage data
- Referral URLs
- Cookies and tracking technologies
This data is generally collected in aggregated or pseudonymized form and is used for operational, analytical, and security purposes.
2.3 Information from Third Parties
We may also receive personal data from third-party sources in connection with our business operations, including professional platforms (such as LinkedIn, marketplaces, or similar platforms, where you interact with us, engage our services, or are introduced to us), partner agencies and other publicly available sources, including publicly accessible websites, professional profiles, or business directories. Such data may include contact details, professional information, or project-related information necessary for initiating or managing a business relationship. Where data is obtained from third parties, we rely on them to ensure that such data has been collected and shared in compliance with applicable laws.
2.4 Sensitive Data
We do not intentionally collect or process sensitive personal data, such as:
- Health information
- Biometric data
- Religious or political beliefs
- Sexual orientation
- Financial account credentials (beyond what is necessary for payments via secure processors)
You are advised not to provide sensitive personal data unless it is strictly necessary and appropriate for the engagement.
2.5 Project and Client Data Context
In the course of providing services, we may process data that belongs to your end users, your customers and your internal systems. In such cases we may act as a data processor on your behalf. You remain responsible as the data controller, unless otherwise agreed.
Use of Cookies
Our website uses cookies to store data on users' devices. To know more read our Cookie Policy.
Purpose of Data Collection
Corenorthstudio processes personal data only for services providing legitimate, legal and clearly defined purposes. Under the Netherland privacy law (Dutch GDPR implementation as per Algemene Verordening Gegevensbescherming – AVG), we must have a lawful basis for each processing activity.
4.1. To Evaluate Project Requests
When you contact us through our website, by email, or by booking a call, we need to understand what you are looking for. We collect your name, email address, phone number, and a brief description of your needs.
4.2. To Communicate With Clients And Prospects
Once you are a client or a serious prospect we collect certain data. We use your email address and phone number for this purpose. You can ask us to limit non-essential communications at any time, but we must still be able to reach you for contractual or invoicing matters.
4.3. To Deliver Services
For direct marketing clients (those who sign our Client Services Agreement), we process personal data as part of the service itself. For example:
When we run a cold email campaign for you, we may process your prospect's contact information on your behalf;
When we generate leads, we compile lists that may contain names, business emails, and company details;
When we prepare reports, we analyze campaign data that may include user behavior.
In these cases, we act as a data processor under your instructions. We never use that data for our own purposes or share it with anyone else except when necessary to perform the service (e.g. using an email sending platform).
4.4. To Manage Contracts And Payments
We need to keep records of our legal agreements with you, as well as invoices, payment receipts, and any correspondence related to billing. This purpose serves:
Our ability to prove what was agreed (in case of a dispute);
Dutch tax law requirements (we must keep financial records for 7 years);
Our ability to collect overdue payments or resolve billing errors.
The data processed here includes your name, company name, signature (electronic or physical), invoice details, and payment history.
4.5. To Collaborate With Partner Agencies
One half of our business is referral partnerships. When we introduce you to a partner agency (e.g. a software developer or CRM provider), we need to share certain information with that partner.
4.6. To Comply With Legal Obligations
Dutch and EU laws impose certain data processing obligations on us. These include:
Retention of tax-relevant records (invoices, ledgers) for 7 years.
Providing information to the tax authorities or law enforcement if legally required.
When we process data for legal compliance, we do so regardless of your consent, because we have no choice under the law. However, we will always limit the disclosure to what is strictly required.
4.7. To Improve Our Services And Website
We continuously try to make our website and our services better. For this purpose, we may analyze how visitors interact with our website (e.g. which pages are visited, how long they stay), which types of leads or campaigns produce the best results for our clients and common questions or complaints, so we can improve our FAQs and processes.
This analysis is done in an aggregated or anonymized form wherever possible. We do not sell this data to any third party, and we do not use it to make automated decisions that legally affect you without your knowledge.
How this Applies to our Two Business Activities
Your Rights in Relation to These Purposes and Bases
Because we have explained the purpose and legal basis for each processing activity, you can more easily exercise your rights.
Right To Access. You can ask us: "Why are you processing my data? On what basis?" We will point out to you the relevant section above.
Right To Object. If we rely on legitimate interests, you can object. We will stop unless we have compelling overriding grounds.
Right To Withdraw Consent. If we rely on consent, you can withdraw at any time, and we will stop that specific processing.
Right To Restriction. You can ask us to stop using your data while you verify the accuracy or the legal basis.
All these rights are explained in detail in our Privacy Policy. To exercise them, email support@corenorthstudio.com.
How we Share Information
We do not sell personal data. However, in order to operate our business, deliver services, and comply with legal obligations, we may share personal data with certain categories of third parties under controlled and limited circumstances. Any such sharing is conducted in accordance with applicable data protection laws and subject to appropriate safeguards, contractual obligations, and confidentiality requirements. We ensure that personal data is shared only where necessary, relevant, and proportionate to the purpose for which it is being processed.
7.1 Partner Agencies
As part of our business model, Corenorthstudio may collaborate with independent third-party partner agencies for the purposes of project delivery, business development, referrals, or joint engagements. In such cases partner agencies may receive access to personal data, project details, technical specifications, and other relevant information strictly to the extent necessary to perform their role in the project or collaboration. Access to data is restricted to what is reasonably required for the specific engagement. We do not provide unrestricted or unnecessary access to personal data. All partner agencies are contractually required to maintain strict confidentiality as well as comply with applicable data protection laws.
7.2. Service Providers
We may share personal data with trusted third-party service providers who support our business operations. These providers are engaged to perform specific functions on our behalf and are required to process data only in accordance with our instructions and applicable legal requirements. Such service providers may include hosting providers, analytics providers and payment processors.
7.3. Legal Authorities and Compliance
We may disclose personal data to courts, regulators, law enforcement agencies, or other governmental authorities where required or permitted by law.
7.4 Business Transfers
In the event of a corporate transaction or restructuring, personal data may be disclosed or transferred as part of the business assets involved.
7.5 No Unauthorized Sharing
We do not share personal data with third parties for their own independent marketing purposes, nor do we sell personal data as defined under applicable laws such as GDPR/CCPA/CPRA.
7.6 Safeguards and Principles
Across all sharing scenarios, we apply the following principles:
- Data minimization
- Purpose limitation
- Confidentiality
- Security
- Accountability
CCPA Compliance
Our whole privacy policy is in compliance with the California Consumer Protection Act (CCPA). We are fully aware of all of your data protection rights. Every user is entitled to the following:
The Right To Access. You have the right to request our platform to know what kind of data is being collected.
The Right To Rectification. You have the right to request that we correct (or complete) any information you believe is inaccurate (or incomplete) about yourself.
The Right To Erasure. You have the right to request that we erase your personal data, under certain conditions.
The Right To Restrict Processing. You have the right to request that we restrict the processing of your personal data, under certain conditions.
The Right To With Draw The Consent. You have the right to withdraw the consent from any of our website's processing of your personal data, under certain conditions.
The Right To Data Portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The Right Of Non-Discrimination. You have the right to Non-Discrimination under CCPA while you are using our website.
Any user can contact us to let us know about their rights at support@corenorthstudio.com.
Children's privacy
Our services are intended for business and professional use and are not directed at individuals under the age of 18. We do not knowingly collect, solicit, or process personal data from children. If we become aware that personal data has been collected from a minor without appropriate authorization, we will take reasonable steps to delete such information. If you believe that a child has provided personal data to us, you may contact us so that appropriate action can be taken.
International Data Transfers
Due to the global nature of our business operations, your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including jurisdictions that may not provide the same level of data protection as your local laws. Where such international transfers occur, we take appropriate steps to ensure that your personal data remains protected in accordance with applicable data protection laws. These safeguards may include:
- Standard Contractual Clauses (SCCs). Legally approved contractual mechanisms designed to ensure adequate protection of personal data when transferred internationally.
- Adequacy decisions. Transfers to countries recognized by relevant authorities (such as the European Commission or UK authorities) as providing an adequate level of data protection.
- Contractual and organizational protections. Additional agreements and internal safeguards to ensure that recipients of data maintain appropriate security, confidentiality, and compliance standards.
By using our services, you acknowledge and understand that your data may be transferred across international borders subject to these protections.
Third-Party Services
Our services may rely on or integrate with third-party tools, software, APIs, plugins, platforms, hosting providers, payment processors, and other external services that are not owned or controlled by us. These third-party services may be used for purposes such as:
- Hosting And Infrastructure
- Payment Processing
- Analytics And Performance Monitoring
- Communication And Collaboration
- Software Development And Deployment
While we take reasonable steps to work with third parties reputable providers, we do not control and are not responsible for how they collect, use, store, or share personal data and technical and organizational safeguards they implement. Users and clients are encouraged to independently review the privacy policies and terms of any third-party service they interact with, whether directly or indirectly, through our services.
Data Protection Responsibilities
Depending on the specific project, contractual structure, and nature of services, different parties may assume different roles under data protection laws. These roles may include:
- As Data Controller. Where we determine the purposes and mean of processing personal data (e.g., managing client relationships, website operations).
- As Data Processor. Where we process personal data on behalf of a client, particularly in the course of delivering software solutions or handling client-controlled data.
- Partner Agencies As Sub-Processors Or Independent Controllers. Depending on their involvement, partner agencies may act as sub-processors under our instructions or operate as independent controllers with their own responsibilities. All such roles, responsibilities, and obligations are defined in applicable agreements, including service agreements, partner agreements, and data processing arrangements.
Breach Notification
We take data security seriously and have procedures in place to address potential data breaches. In the event of a data breach, we will take reasonable and prompt steps to contain, investigate, and mitigate the impact of the incident. Also, where required by applicable law, we will notify affected individuals including clients and relevant authorities within the legally required timeframes.
Marketing Communications
We may use your contact information to send communications related to:
14.1. Services
Information about our offerings, capabilities, or relevant updates.
14.2. Updates
Business Announcements, policy updates, or important service-related notices.
14.3. Offers
Promotional content, where permitted by law.
You have the right to opt out of receiving marketing communications at any time by:
- using the unsubscribe link included in communications, or
- contacting us directly with a request to opt out
Opting out will not affect essential service-related communications.
Do Not Track Signals
Some browsers offer a "Do Not Track" (DNT) feature that signals a user's preference not to be tracked.
At this time, our systems do not respond to Do Not Track signals. However, users may manage tracking preferences through browser settings and cookie controls.
Changes To This Policy
We may update or modify this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or operational needs. When updates are made the revised version will be posted on our website. The "Last Updated" date will be updated accordingly.
Contact Information
For any questions, requests, or concerns related to this Privacy Policy or our data practices, you may contact us at support@corenorthstudio.com.