Privacy policy

Last updated: 15 September 2025

This Privacy Policy explains how The Flux Factory SINGLE MEMBER P.C. (“we”, “our”, “us”) collects, uses, and protects personal data in connection with our website, coaching and consulting services, and related activities. We are committed to complying with the General Data Protection Regulation (EU 2016/679, “GDPR”), Greek Law 4624/2019, and all applicable data protection legislation.

1. Data Controller

The data controller for your personal data is:

The Flux Factory SINGLE MEMBER P.C.

GEMI Number: 177821827000

EUID: ELGEMI.177821827000

Chamber of Registration: Heraklion Chamber of Commerce

Tax ID (AFM): 802515183

Tax Authority: DOY Heraklion

Registered Office: Geronimaki 34, 71306 Heraklion, Greece

Phone: +30 2810288479

Email: sander@sanderdenboer.com

2. Personal Data We Collect

We may collect the following categories of personal data:

Identification data: name, surname, job title.
Contact data: email address, phone number, mailing address.
Billing and payment data: invoicing details, VAT number, transaction records.
Service-related data: information you provide in questionnaires, coaching session notes, feedback forms.
Website usage data: IP addresses, device/browser information, cookies and similar technologies.
Marketing data: newsletter subscriptions, consent records, marketing preferences.

We do not intentionally collect sensitive categories of data (Article 9 GDPR), unless you voluntarily disclose such information during coaching sessions. If disclosed, we treat it with heightened confidentiality.

3. Purposes and Legal Bases of Processing

We process your personal data for the following purposes:

Contractual necessity: to deliver coaching and consulting services, manage client relationships, and process payments.
Legal obligation: to issue invoices, maintain accounting records, and comply with tax and corporate laws.
Consent: to send newsletters, promotional communications, testimonials, or to use cookies requiring consent.
Legitimate interests: to maintain security of our systems, improve our services, and manage communications with business contacts.

4. How We Collect Data

We collect personal data directly from you (when you fill out forms, sign agreements, contact us, or participate in sessions) and indirectly (through website cookies, analytics tools, referrals, and professional networks such as LinkedIn).

5. Sharing and Disclosure of Data

We may share personal data with:

Service providers (e.g. Google Workspace, Zoom, Calendly, website hosting providers).
Accountants and auditors (for tax and financial compliance).
IT and communication providers (for email, scheduling, and storage).
Legal authorities when required by law.

All third-party service providers act as data processors and are bound by GDPR-compliant agreements.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), particularly in the United States. When transferring data outside the EEA, we rely on:

Adequacy decisions (such as the EU–US Data Privacy Framework, where applicable).
Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain personal data only as long as necessary for the purposes described above:

Coaching/consulting contracts and related records: up to 5 years (legal limitation period).
Accounting and invoicing data: 10 years (Greek tax law).
Session notes: for the duration of the client relationship plus up to 2 years, unless earlier deletion is requested.
Marketing data: until consent is withdrawn.
Website data (cookies): according to the cookie policy.

8. Data Subject Rights

Under GDPR, you have the right to:

Access, correct, or erase your personal data.
Restrict or object to processing.
Receive a copy of your data in portable format.
Withdraw your consent at any time (without affecting lawfulness of prior processing).
Lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr.

Requests can be submitted at any time to sander@sanderdenboer.com

9. Cookies

We use cookies and similar technologies to operate our website, analyse traffic, and improve user experience. Some cookies are strictly necessary, while others (analytics, marketing) require your prior consent.

Details are provided in our separate Cookie Policy.

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption, secure cloud storage, limited access, and contractual safeguards with third-party providers.

11. Contact

For any questions about this policy or your rights, please contact: