Privacy policy

Privacy policy

Last updated: 21 March 2026

Article 1 – Identity of Goldflux

  • Goldflux, Goldflux Tech and Goldflux Finance are trade names of Stamroos Holding B.V., established in Eemnes and registered with the Chamber of Commerce under number 71283188.
  • Goldflux is responsible for the processing of personal data as described in this privacy policy.
  • For questions about privacy or data protection, please contact us via privacy@goldflux.nl

Article 2 – Scope of this privacy policy

This privacy policy applies to:
  • visitors to the Goldflux website,
  • business contact persons and representatives of clients,
  • clients and users of services delivered by Goldflux,
  • users of software, AI systems, or software-as-a-service systems provided by Goldflux.

Article 3 – Processing of personal data and purposes

3.1 Website and marketing

Goldflux processes personal data that you actively provide to us, such as:
  • name,
  • email address,
  • telephone number,
  • company name,
  • any other contact details.
These data are processed for:
  • answering questions,
  • contact and communication,
  • marketing and relationship management.

3.2 Services and strategic advice

When providing strategic advice, software development or related services, Goldflux may process personal data of business contact persons, such as:
  • contact and communication data,
  • project-related information provided by the client.
This processing is necessary for the performance of the agreement.

3.3 Software, AI systems and SaaS

If Goldflux provides software, AI systems or software as a service, personal data entered into those systems by or on behalf of the client may be processed.
In that situation:
  • Goldflux generally acts as a processor,
  • the client remains the controller.
Goldflux does not intend to process special categories of personal data. If such data are processed, this takes place only on instruction and under the responsibility of the client.

Article 4 – Legal bases for processing personal data

Goldflux processes personal data solely on the basis of one or more of the following legal grounds:
  • performance of an agreement,
  • compliance with a legal obligation,
  • a legitimate interest, such as business operations and security,
  • consent, where applicable.

Article 5 – Roles and responsibilities

Goldflux is the controller for:
  • the website,
  • marketing and communication,
  • its own administration and client relationship management.
Goldflux is the processor for:
  • software development,
  • AI systems,
  • SaaS solutions,
  • processing of client data within those services.
The client is responsible for:
  • the lawfulness of the data provided,
  • informing data subjects,
  • compliance with applicable laws and regulations.

Article 6 – Retention periods

Goldflux does not retain personal data longer than necessary for the purposes for which they are processed, unless a longer retention period is required by law.
For software and SaaS services, retention periods are as agreed with the client.

Article 7 – Sharing personal data with third parties

Goldflux may share personal data with third parties, including:
  • hosting and cloud providers,
  • IT and software service providers,
  • providers of AI services and infrastructure.
Appropriate agreements are made with these parties, including processing agreements where required.
Goldflux does not sell personal data to third parties.

Article 8 – International transfer of data

Goldflux processes personal data within the European Union wherever possible.
If service providers outside the European Union are used, for example for AI or cloud infrastructure, Goldflux uses providers that offer appropriate safeguards for international transfers of personal data, such as standard contractual clauses or similar mechanisms under the GDPR. For processing that takes place on the instructions of a client, the client is responsible for the choice of such providers and safeguards.
The choice of such services may also depend on the client's wishes or instructions.

Article 9 – Data security

Goldflux takes appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. These measures are aligned with the nature and scope of the processing.

Article 10 – Your rights under the GDPR

You have the right to:
  • access your personal data,
  • have data corrected or deleted,
  • restrict processing,
  • object to processing,
  • receive your data in a portable form.
You can submit a request via privacy@goldflux.nl.
You also have the right to lodge a complaint with the Dutch Data Protection Authority.

Article 11 – Data Protection Officer

Goldflux is not required to appoint a Data Protection Officer.
For questions or requests about privacy, please contact privacy@goldflux.nl.

Article 12 – Changes to this privacy policy

Goldflux reserves the right to amend this privacy policy. The most current version is always available through the website.