Last updated: 16 April 2026 - Version 5.0
1. Who are we?
AI Agent B.V. ("we", "us", "our") is established at Beethovenstraat 669, 1083 HK Amsterdam and registered with the Chamber of Commerce (CoC: 99763842). We provide project-based services (training, advice, custom software and AI development) and AI agent implementation services on open-source frameworks, through which we help customers deploy AI on their own infrastructure. You can contact us via aiagent.nl.
Contact: hello@aiagent.nl
2. What data do we collect?
2.1 Implementation projects
For project-based assignments (implementation, custom software, advisory), we collect:
- Project configuration, specifications and implementation documentation
- Communication with the customer about scope, planning and delivery
- Temporarily: SSH or API keys during active implementation (deleted after delivery)
2.2 Invoicing
For project-based services we invoice by email. We only store the following invoice-related data:
- Invoice and contact details (name, company, address, email)
- Invoice history and payment status
- Chamber of Commerce number and VAT number (if applicable)
2.3 Contact form
When you contact us, we collect:
- Name
- Email address
- Subject and message
2.4 AI Readiness Scan
Via the AI Readiness Scan we collect:
- Name and email address
- Optionally: company name and phone number
- Answers and results on the scan (linked to your email address)
2.5 AI Literacy Test
- Name and email address (for the certificate)
- Test results and scores
2.6 Website visits
We use Vercel Web Analytics for anonymous visitor statistics. No personal data is collected. See our cookie policy for more information about the cookies we use.
3. What do we use your data for?
| Purpose | Legal basis (GDPR) |
|---|---|
| Execution of project-based assignments, implementations and support | Performance of contract (Art. 6.1.b) |
| Responding to contact requests | Legitimate interest (Art. 6.1.f) |
| AI Literacy Test and certificate | Consent (Art. 6.1.a) |
| AI Readiness Scan (lead generation and follow-up) | Consent (Art. 6.1.a) and legitimate interest (Art. 6.1.f) |
| Improving the website (anonymous analytics) | Legitimate interest (Art. 6.1.f) |
| Invoicing and bookkeeping | Legal obligation (Art. 6.1.c) |
4. Where do we store your data?
Data we process in our own systems is stored within the European Union: business administration and internal CRM at Hetzner (Falkenstein, Germany), leads and website form submissions at Supabase (Frankfurt, Germany). For sub-processors outside the EU, Standard Contractual Clauses apply as a GDPR-compliant transfer mechanism. See section 5 for a full overview of our sub-processors.
- AI agent infrastructure: Customer's own infrastructure (EU-based hosting recommended). Data on this infrastructure is outside our responsibility and managed by the customer.
We only select processors with GDPR-compliant data processing agreements or valid transfer mechanisms.
5. Do we share data with third parties?
We do not share your data for marketing or commercial purposes. The following parties process data on our behalf:
| Party | Purpose | Location |
|---|---|---|
| Supabase | Database for leads, contact requests and scan results | Frankfurt, Germany |
| Vercel | Website hosting, anonymous analytics and DNS management | US (GDPR-compliant) |
| Resend | Sending emails | US (GDPR-compliant) |
| Calendly | Appointment scheduling (only on pages with scheduling widget) | US (GDPR-compliant) |
| Hetzner Online | Server hosting for business administration and internal CRM | Falkenstein, Germany |
6. Cookies
We ourselves only place limited functional cookies and use cookieless analytics (Vercel Web Analytics). On pages where we display a Calendly scheduling widget, Calendly may place third-party cookies; see our cookie policy for details. We do not place tracking cookies, advertising cookies or social media cookies ourselves.
See our full cookie policy for a detailed overview of all cookies.
7. How long do we retain your data?
| Data type | Retention period |
|---|---|
| Implementation project data | 30 days after project delivery, then deleted |
| Payment and invoice data | 7 years (statutory retention obligation) |
| Contact form data | 6 months after handling (for follow-up on open questions and requests) |
| AI test results | 12 months (for certificate verification and aggregate statistics) |
8. Your rights under the GDPR
You have the following rights:
- Access: You may request which data we hold about you
- Rectification: You may have incorrect data corrected
- Erasure: You can request deletion of your data (including leads, contact details and scan results)
- Restriction: You may request that the processing of your data be restricted
- Portability: You may request your data in a standard format
- Objection: You may object to processing based on legitimate interest
Send an email to hello@aiagent.nl with your request. We will respond within 30 days.
We cannot comply with a deletion request for data we are legally required to retain (for example invoice data for 7 years under Dutch tax law).
You may also file a complaint with the Dutch Data Protection Authority (see section 12).
9. Security
We take the following measures to protect your data:
- Encrypted connections (TLS/HTTPS) for all data communication
- Access credentials (SSH/API) accessed only temporarily during active implementation, never persistently stored
- Secured access to project environments during implementation
- Separated project environments per customer during implementation phase
- Secure storage at certified cloud providers in the EU
- Regular security updates and patches on all systems
- Access restrictions to personal data within the organization
- Logging and monitoring of system access
In case of a potential data breach (unauthorized access or disclosure of personal data), we will notify the Dutch Data Protection Authority without undue delay, and at the latest within 72 hours, in accordance with GDPR Article 33. Data subjects will be informed without undue delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with GDPR Article 34.
10. Minimum age
Our services are intended for persons aged 18 or older. We do not knowingly collect data from persons under 18. If you suspect a minor has left data with us, please contact us so we can delete the data.
11. Changes to this privacy policy
We may update this privacy policy from time to time. In the event of material changes, we will notify active customers and newsletter subscribers by email. Visitors can always view the most recent version on this page.
12. Complaints
If you have a complaint about the processing of your personal data, you may contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
- Website: https://autoriteitpersoonsgegevens.nl
- Telephone: 088 - 1805 250
- Postal address: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ The Hague, the Netherlands