Privacy Policy

Jamezz B.V., located at Druivenstraat 25, 4816 KB Breda, is responsible for processing personal data as shown in this privacy statement.

Website: Jamezz website
Address: Druivenstraat 25, 4816 KB Breda
Phone: 085 301 3000
Email: info@jamezz.nl

Jamezz B.V. processes your personal data because you use our services and/or because you provide this data to us yourself.

Below is an overview of the personal data we process:

• First and last name
• Phone number
• Email address
• IP address
• Other personal data that you actively provide, for example, by creating a profile on our website, in correspondence, or by phone
• Location data
• Data about your activities on our website
• List of contact details of the customer via an app
• Internet browser and device type
• Bank account number

Our website and/or service does not intend to collect data about website visitors under the age of 16 unless they have permission from parents or a guardian. However, we cannot check whether a visitor is over 16. We therefore advise parents to be involved in the online activities of their children to prevent data about children being collected without parental consent. If you believe that we have collected personal information about a minor without such consent, please contact us at info@jamezz.nl, and we will delete this information.

Jamezz B.V. processes your personal data for the following purposes:

• Handling your payment
• Sending our newsletter and/or promotional brochure
• To be able to call or email you if necessary to carry out our services
• To inform you about changes to our services and products
• To offer you the opportunity to create an account
• To deliver goods and services to you
• Jamezz B.V. analyzes your behavior on the website to improve the website and tailor the offer of products and services to your preferences
• Jamezz B.V. also processes personal data if we are legally obliged to do so, such as data we need for our tax return

Jamezz B.V. does not make decisions based on automated processing on matters that can have (significant) consequences for people. These are decisions made by computer programs or systems, without human involvement (e.g., an employee of Jamezz B.V.).

Google reCAPTCHA v3: We use Google reCAPTCHA v3 for spam prevention on our demo request form. This tool automatically calculates a risk score based on your behavior on the website. This is done based on legitimate interest (website security). reCAPTCHA works cookieless and temporarily processes your IP address and browser data. This data is deleted immediately after score calculation.

Jamezz B.V. does not retain your personal data longer than strictly necessary to realize the purposes for which your data is collected.

We apply the following retention periods:

• Personal data: 7 years - For customer records and potential follow-up
• Address: 7 years - For customer records and potential follow-up
• Contact details: 7 years - For customer records and potential follow-up
• Phone ID: 7 years - Needed for sending push notifications (e.g., 'Thank you for your order') and for storing user history in the app
• Email data: 7 years - Needed to send receipts and tickets. If the customer enters their email address once, it will be remembered for the next time
• Payment data: 30 days - To handle refunds if an item is no longer available after payment. These data are automatically deleted after 30 days
• Lead data (demo requests): Until conversion + 2 years, or until deletion requested

Jamezz B.V. shares your personal data with various third parties if this is necessary to execute the agreement and to comply with any legal obligation. We enter into a data processing agreement with companies that process your data on our behalf to ensure the same level of security and confidentiality. Jamezz B.V. remains responsible for these processing operations.

Additionally, Jamezz B.V. will only share your data with other third parties with your explicit consent.

Jamezz B.V. has concluded data processing agreements with the following parties in accordance with Article 28 GDPR:

Google Ireland Limited (Google Analytics, Google Tag Manager, reCAPTCHA)

• Data location: EU (Google Cloud Platform)
• Standard Contractual Clauses: Applicable
• Privacy policy: Google Privacy Policy

HubSpot Ireland Limited (CRM and Marketing Automation)

• Data location: EU (AWS Frankfurt, Germany)
• Standard Contractual Clauses: Applicable
• Privacy policy: HubSpot Privacy Policy

These data processing agreements ensure that these parties only process your data according to our instructions and take appropriate security measures.

We work with several international service providers who are contractually obligated to process your data primarily within the European Economic Area (EEA). These parties are part of American companies, which means data may be transferred to the United States for technical support.

We have concluded Standard Contractual Clauses (SCCs) to protect your data, in accordance with GDPR Article 46. These clauses are approved by the European Commission and provide appropriate safeguards for your privacy.

Currently Active:

• Google (Analytics, Ads, Tag Manager, reCAPTCHA): Data is primarily processed in the EEA, with possible transfer to the US under Standard Contractual Clauses + Data Privacy Framework certification
• HubSpot: Data is stored on EU servers (AWS Frankfurt, region eu1), with possible transfer to the US under Standard Contractual Clauses
• Meta Platforms Ireland Limited (Facebook Pixel): Data is transferred to the US under Standard Contractual Clauses + Data Privacy Framework. Privacy policy: Facebook Privacy Policy
• LinkedIn Ireland Unlimited Company (Insight Tag): Data is transferred to the US under Standard Contractual Clauses + Data Privacy Framework. Privacy policy: LinkedIn Privacy Policy

Jamezz B.V. uses functional, analytical, and tracking cookies. A cookie is a small text file that is stored in your browser on your computer, tablet, or smartphone when you first visit this website. Jamezz B.V. uses cookies with a purely technical functionality, ensuring that the website works properly and that, for example, your preferred settings are remembered.

In addition, we place cookies that track your browsing behavior to offer tailored content and advertisements.

For a complete overview of all cookies and how to manage them, see our Cookie Policy.

Google Tag Manager (GTM-K4RQ8RTQ)

• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Purpose: Central management of tracking tags and analytics
• Legal basis: Legitimate interest (functional) + Consent (analytics/marketing)
• Data processed: Page views, clicks, session data (cookieless via sessionStorage)
• Retention period: Not applicable (pass-through to other tools)

Google Analytics 4 (G-Q4BCR3MD0E)

• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Purpose: Website traffic analysis, user behavior, conversion tracking
• Legal basis: Consent (opt-in via cookie banner)
• Data processed: IP address (anonymized by Google Analytics 4 by default: last octet is stripped before data leaves EU servers), browser info, page views, session duration, geo-location (country/city), device type
• Cookies: _ga, _gid, _ga_Q4BCR3MD0E
• Cookie retention: 2 years
• GA4 data retention: 14 months (standard, not extended)
• Google Signals: ON — cross-device tracking for visitors signed in to Google (see "Google Analytics Advertising Features" section below)

Google Ads

• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Purpose: Ad serving, conversion measurement, remarketing
• Legal basis: Consent (opt-in via cookie banner, "marketing" category)
• Data processed: Click data (gclid), conversion events, IP address, browser info
• Cookies: _gcl_au (90 days), IDE (1 year), NID (6 months), DSID (14 days, only with Signals)
• Data retention: 13 months (per Google Ads settings)

HubSpot CRM (Portal 26049307, EU server)

• Provider: HubSpot Ireland Limited, 1st Floor 30 North Wall Quay, Dublin 1, Ireland
• Purpose: Form processing, lead management, marketing automation
• Legal basis: Consent (submitted forms) + Contractual necessity
• Data processed: Name, email, phone, company info, UTM tracking parameters, consent snapshot, CTA clicks
• Cookies: hubspotutk, __hstc, __hssc, __hssrc
• Cookie retention: 13 months
• Data location: AWS Frankfurt (EU region eu1)

Google reCAPTCHA v3

• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• Purpose: Spam prevention and form security (demo request)
• Legal basis: Legitimate interest (website security)
• Data processed: IP address, browser fingerprint, mouse movements, page behavior
• Cookies: No cookies placed (reCAPTCHA v3 works cookieless)
• Retention period: Data immediately processed and deleted after score calculation

Meta Pixel (Facebook) — ACTIVE (Pixel ID configured in Google Tag Manager)

• Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland
• Purpose: Conversion tracking, remarketing on Facebook and Instagram, audience optimization
• Legal basis: Consent (opt-in via cookie banner, "marketing" category)
• Data processed: Page views, click events, conversion events, IP address, browser info, hashed email (if available)
• Cookies: _fbp (3 months), _fbc (3 months)
• Transfer: US under Standard Contractual Clauses + Data Privacy Framework
• Privacy policy: Facebook Privacy Policy
• DPA: Meta Data Processing Terms

LinkedIn Insight Tag — ACTIVE (Partner ID configured in Google Tag Manager)

• Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
• Purpose: B2B conversion tracking, remarketing on LinkedIn, audience optimization
• Legal basis: Consent (opt-in via cookie banner, "marketing" category)
• Data processed: Page views, click events, conversion events, IP address, browser info, LinkedIn member ID (if logged in)
• Cookies: li_sugr (3 months), bcookie (2 years), lidc (24 hours), UserMatchHistory (30 days), AnalyticsSyncHistory (30 days)
• Transfer: US under Standard Contractual Clauses
• Privacy policy: LinkedIn Privacy Policy
• DPA: LinkedIn Data Processing Agreement

We use the following Google Analytics advertising features, as required by Google's advertising features policy:

1. Google Signals (cross-device tracking)

For visitors signed in to their Google account who have enabled ad personalization, Google Analytics links anonymous website traffic data with Google data to understand cross-device user journeys. We only receive aggregated reports and can never identify you individually. This only happens after your consent for marketing cookies via our cookie banner. Status: ON in 307 of 307 regions.

2. Demographics and interest reporting

We can view aggregated reports on age category, gender, and interests of visitors. This data is always aggregated and anonymized; Google applies a threshold value so that very small groups are suppressed and we can never identify you individually.

3. Remarketing audiences

We can build audiences via Google Ads based on previous visits to our website to show you relevant advertisements. This only happens after your consent for marketing cookies via our cookie banner.

4. Reporting Identity

We use the "Blended" setting to merge sessions of the same user across different devices. This applies user ID, device ID, and (where applicable) statistical modeling. Modeling estimates behavior of non-signed-in users based on patterns of signed-in users. We never identify you individually; sessions are only technically stitched for better reporting.

Combination of first-party and third-party cookies

Google Analytics cookies (first-party, _ga, _ga_*) are combined with Google's third-party advertising cookies (IDE, NID, DSID, _gcl_au) only if you have consented to marketing cookies via our cookie banner. This combination enables cross-device tracking and personalized advertising.

In addition to regular HubSpot use for form processing, we use a HubSpot Private App ("Cursor HubSpot Read Only") to generate weekly internal lead and marketing reports.

• Access type: Read-only (no write permissions)
• Purpose: Weekly Pulse reporting for internal marketing optimization
• Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — internal marketing reporting without profiling of individual visitors
• Data processed: Aggregated lead statistics (leads per day/source/page), lead source attribution, CTA conversion rates, geographic distribution (country level), device type distribution
• No profiling: We do not use this data to make automated decisions about individual persons
• Data location: Access via HubSpot EU region (eu1, Frankfurt)
• Report storage: Locally on Jamezz systems, not shared with third parties
• Opt-out: You can request removal from our reports via info@jamezz.nl

Balancing test: Jamezz's interest in internal marketing optimization outweighs the impact on your privacy because: (1) we only read data already stored in HubSpot, (2) no new collection takes place, (3) no profiling at individual level, (4) data is only used internally, (5) you can request deletion at any time.

We use Microsoft Clarity to better understand how visitors use our website (click behavior, scroll behavior, and anonymized session recordings). Microsoft Clarity is only loaded after your explicit consent for analytics cookies via our cookie banner. If consent is denied or withdrawn, no Clarity cookies are set and no session data is collected.

• Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
• Purpose: UX analysis through aggregated heatmaps, click maps, scroll maps, and anonymized session recordings to improve user experience
• Legal basis: Consent (GDPR Article 6.1.a) — opt-in via cookie banner, "analytics" category
• Data processed: Anonymous visitor ID, page views, click coordinates, scroll position, session duration, screen resolution, device type, browser, geographic location (country level). Session recordings include mouse movements and clicks; personal data is automatically masked by Clarity (form inputs, names, emails, phone numbers are not captured)
• Not processed: Keyboard input (PII masking enabled by default), form field contents, passwords, payment details
• Cookies: _clck (1 year — user ID), _clsk (1 day — session ID), MUID (1 year — Microsoft user ID), CLID (1 year — Clarity cross-product ID), ANONCHK (10 min — anti-bot), SM (session — Microsoft session marker)
• Data location: Microsoft Azure EU region (Ireland and Netherlands), with possible transfer to the US under Standard Contractual Clauses + EU-US Data Privacy Framework (Microsoft is DPF-certified)
• Retention period: 13 months for session data, automatically deleted thereafter
• Implementation: Loaded via Google Tag Manager with consent gating; tag only fires when analytics_storage = granted via Google Consent Mode v2
• Withdrawal: Click "Cookie Settings" in the footer and deselect "Analytics cookies". All Clarity cookies will be deleted immediately
• Privacy policy: Microsoft Privacy Statement
• DPA: Microsoft Products and Services Data Protection Addendum

In compliance with the EU AI Act (in force since August 2025), we transparently inform you about our use of artificial intelligence (AI):

1. AI for content creation

We use AI tools (such as large language models) for drafting, translating, and editing website content (blog posts, product pages, FAQs, translations). All AI-generated content is reviewed, fact-checked, and adjusted by humans before publication. We consider ourselves responsible for the content we publish, regardless of whether it was fully or partially drafted by AI.

2. AI discovery files

On our website we publish specific files to help AI systems (such as ChatGPT, Perplexity, Gemini, Claude) correctly understand and cite our content:

• llms.txt — concise content map for AI systems
• llms-full.txt — detailed documentation for AI systems
• ai.txt — AI usage policy (Spawning v1.7 specification)
• brand.txt — brand guidelines for AI systems
• faq-ai.txt — frequently asked questions for AI systems
• identity.json — machine-readable company information

3. AI tools for internal work processes

We use AI tools for: software development (Cursor IDE with Claude/GPT), data analysis, text correction, and internal reporting. These tools do not process personal data of visitors; they operate on internal company data.

4. No AI-automated decision-making about persons

We do not use AI to make automated decisions that have legal effects on persons or significantly affect them (Article 22 GDPR). All decisions about leads, customers, or visitors are made by human employees.

5. No AI chatbot

We currently do not use an AI chatbot or conversational AI interface on this website. If you contact us, you communicate with a human employee.

Functional Cookies (no consent required)

Analytics Cookies (consent required)

Marketing Cookies (consent required - currently inactive)

When you first visit our website, you will see a cookie banner where you can choose which cookies you allow:

• Functional cookies: Always active (necessary for website functionality)
• Analytics cookies: Optional (for website improvement)
• Marketing cookies: Optional (for personalized advertising)

You can change your cookie preferences at any time via the "Cookie Settings" link in the footer of the website.

Google Consent Mode v2: We use Google Consent Mode v2 to respect your privacy choices. This means:

• Without consent: Only essential, cookieless tracking (no personal data)
• With consent: Full analytics and marketing tracking

Consent duration: Your choice is saved for 365 days, after which you will be asked again.

Do Not Track: If you have enabled Do Not Track (DNT) in your browser, we respect this signal and do not place tracking cookies.

In addition to cookies, Jamezz B.V. also uses sessionStorage in your browser to temporarily store certain data during your visit:

UTM Parameters: If you come to our website via an advertisement or campaign, we store the source (utm_source, utm_medium, utm_campaign). This helps us understand which marketing channels are effective.

CTA Tracking: We record which buttons you click on the website to improve the user experience.

Device information: Browser type, screen size, language settings.

This data is NOT stored in cookies, but in sessionStorage, which means:

• Data disappears automatically when you close your browser
• Data is not shared between devices
• No tracking between different websites possible

Legal basis: Legitimate interest (website optimization without privacy-invasive tracking)

You have the right to view, correct, or delete your personal data. You also have the right to withdraw your consent for data processing or to object to the processing of your personal data by Jamezz B.V.

You also have the right to data portability. This means that you can submit a request to us to send the personal data we hold about you in a computer file to you or another organization you specified.

You can send a request for access, correction, deletion, data transfer, withdrawal of consent, or objection to the processing of your personal data to info@jamezz.nl.

To ensure that the request is made by you, we ask you to send a copy of your identity document with the request. Make sure to black out your photo, MRZ (machine-readable zone), passport number, and citizen service number (BSN) in this copy. This is to protect your privacy. We will respond to your request as quickly as possible, but within four weeks.

Jamezz B.V. also points out that you have the possibility to file a complaint with the national data protection authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can do this via the following link: Autoriteit Persoonsgegevens contact page

In addition to the "Cookie Settings" button in the footer of our website, you can also opt out of advertising features directly with Google:

• Google Ad Settings — manage which ads you see: adssettings.google.com
• Google My Activity — view and delete what data Google has about you: myactivity.google.com
• Google Analytics Opt-out Browser Add-on — block Google Analytics entirely in your browser: tools.google.com/dlpage/gaoptout
• Network Advertising Initiative opt-out — industry-wide opt-out for ad networks: optout.networkadvertising.org
• Your Online Choices (EU) — European opt-out for ad personalization: youronlinechoices.eu

You can also opt out of ad targeting directly with Meta (Facebook) and LinkedIn:

• Meta (Facebook/Instagram) ad preferences: facebook.com/adpreferences
• LinkedIn ad preferences: linkedin.com/psettings/advertising

Jamezz B.V. takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized changes. If you feel that your data is not properly secured or if there are indications of misuse, please contact our customer service or via info@jamezz.nl.

We do everything we can to protect the stored personal data as securely as possible and will never share this data with others without good reason.

We use reputable antivirus and security programs to protect our hardware and software. The cloud environments we operate in are secured with passwords and, where possible, two-factor authentication.