Privacy policy
Last updated: March 2026
MS618 B.V. ("MS618", "we", "us") respects the privacy of all visitors to the website ms618.nl and of all clients, contact persons and other data subjects. In this privacy policy we explain which personal data we collect, why we do so, how we protect this data and what rights you have.
This policy has been drawn up in accordance with the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act.
1. Controller
MS618 B.V.
Slachtedyk 4a, 8501 ZA Joure
The Netherlands
CoC: 91896185 · VAT: NL865808545B01
Email: privacy@ms618.nl
For questions about this privacy policy or the processing of your personal data, please contact us at the email address above.
2. What data we collect
2.1 Data you provide to us
When you contact us, schedule a meeting, request a quote or enter into an agreement with us, we may process the following data:
- First and last name
- Company name and job title
- Email address
- Phone number
- Address details
- Chamber of Commerce number and VAT number
- Content of your message or request
- Other data you actively provide to us
2.2 Data collected automatically
When visiting our website, the following data may be collected automatically:
- IP address (anonymised where possible)
- Browser type and operating system
- Date and time of your visit
- Pages you view and how you navigate the website
- The website from which you visited our website (referral URL)
- Device information
2.3 Data from third parties
In some cases we receive data from third parties, for example when you are referred by a partner, via LinkedIn or via Google Ads. We process this data solely for the purposes described in this policy.
3. Purposes and legal bases
We process personal data solely for the following purposes and on the basis of the stated legal grounds:
| Purpose | Legal basis |
|---|---|
| Handling your enquiry or contact request | Performance of contract / legitimate interest |
| Drawing up and executing quotes and agreements | Performance of contract |
| Invoicing and financial administration | Legal obligation |
| Providing access to our services and tools | Performance of contract |
| Improving our website and services | Legitimate interest |
| Analysing website usage | Legitimate interest / consent |
| Sending relevant information about our services | Legitimate interest / consent |
| Compliance with legal obligations | Legal obligation |
| Protecting our rights and property | Legitimate interest |
We do not process more data than necessary for the relevant purpose.
4. AI and data processing
4.1 Use of AI tools
MS618 uses AI technologies in the delivery of services, including but not limited to language models, image generation and data analysis tools. When using these tools, data may be entered into third-party systems.
4.2 Safeguards
We apply the following safeguards when using AI:
- We do not enter identifiable personal data of data subjects into AI systems, unless strictly necessary for the performance of the assignment and the client has given consent.
- Where possible we use enterprise versions of AI tools that offer a higher level of data protection.
- We assess and review AI output before delivering it to the client.
- We select AI tools partly based on their privacy policies and processing terms.
4.3 Responsibility
The client remains responsible for reviewing and approving delivered work before publishing or otherwise using it. MS618 is not liable for unintended inclusion of personal data in AI-generated output that has been approved by the client.
5. Cookies and tracking technologies
5.1 What are cookies
Cookies are small text files placed on your device when you visit our website.
5.2 Which cookies we use
| Type | Purpose | Retention period |
|---|---|---|
| Necessary cookies | Website functionality, security, session management | Duration of session |
| Analytical cookies | Insight into website usage (anonymised) | Maximum 26 months |
| Marketing cookies | Measuring advertising effectiveness (where applicable) | Maximum 12 months |
5.3 Consent
On your first visit to our website we ask your consent for placing non-essential cookies. You can change your preferences at any time via the cookie settings on the website or through your browser settings.
5.4 Google Analytics
We may use Google Analytics to analyse website usage. We have taken the following measures:
- We have concluded a data processing agreement with Google.
- IP addresses are anonymised.
- The option "share data with Google" is disabled.
- We do not use other Google services in combination with Google Analytics.
6. Sharing data with third parties
6.1 Categories of recipients
We may share personal data with the following categories of recipients:
- Processors: parties that process data on our behalf, such as hosting, email and accounting software. We conclude data processing agreements with these parties.
- AI service providers: providers of AI tools we use in delivering our services, subject to the conditions described in Article 4.
- Advertising platforms: Google and LinkedIn for measuring advertising results, solely on the basis of anonymised or pseudonymised data.
- Accounting and legal service providers: for administration and advice.
- Government authorities: where we are legally obliged to do so.
6.2 Transfer outside the EEA
Some of the service providers we use (including AI tools and cloud services) are located outside the European Economic Area (EEA). In such cases we ensure that appropriate safeguards are in place, such as:
- An adequacy decision by the European Commission
- Standard Contractual Clauses (SCCs) of the European Commission
- Binding Corporate Rules (BCRs)
6.3 No sale of data
We do not sell your personal data to third parties. Ever.
7. Retention periods
We do not retain personal data longer than necessary for the purposes for which they were collected:
| Type of data | Retention period |
|---|---|
| Contact details of prospects | Maximum 1 year after last contact, unless an agreement follows |
| Data of clients | During the term of the agreement plus 2 years thereafter |
| Invoice data and financial records | 7 years (statutory retention obligation) |
| Website analytics (anonymised) | Maximum 26 months |
| Email correspondence | 2 years after termination of the relationship |
| Application data | Maximum 4 weeks after completion of procedure, unless consent for longer retention |
After the retention period expires, data is deleted or anonymised.
8. Security
MS618 takes appropriate technical and organisational measures to protect personal data against loss, unauthorised access, alteration or destruction. These measures include:
- Encrypted connections (SSL/TLS) on the website
- Access restriction to personal data on a need-to-know basis
- Strong passwords and two-factor authentication on all systems
- Regular backups
- Awareness and training of staff
- Careful selection of processors and service providers
Despite these measures, MS618 cannot guarantee absolute security of personal data. If you have any indication of misuse, please contact us immediately.
9. Your rights
Under the GDPR you have the following rights with regard to your personal data:
- Right of access: you can request which data we hold about you.
- Right to rectification: you can request correction of inaccurate or incomplete data.
- Right to erasure: you can request deletion of your data, unless we are legally required to retain it.
- Right to restriction: you can request restriction of the processing of your data.
- Right to data portability: you can request your data in a structured, commonly used and machine-readable format.
- Right to object: you can object to the processing of your data on the basis of our legitimate interest.
- Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time.
Submitting a request
You can send your request to privacy@ms618.nl. We will respond within 30 days. To verify your identity we may request additional information.
Complaint with the supervisory authority
If you believe we are not processing your personal data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl).
10. Minors
Our website and services are not directed at persons under the age of 16. We do not knowingly collect personal data from minors. If we discover that we have collected personal data from a minor, we will delete it as soon as possible.
11. Social media and external platforms
Our website may contain references to social media platforms such as LinkedIn. When you click on such links, these platforms may collect data about you. MS618 is not responsible for data processing by these platforms. We advise you to consult the privacy policies of the relevant platforms.
12. Changes to this privacy policy
MS618 reserves the right to amend this privacy policy. Changes will be published on this page with the date of the last amendment. For significant changes we will notify you via the website or by email.
We recommend that you consult this privacy policy regularly.
13. Contact
For questions, requests or complaints regarding this privacy policy or the processing of your personal data, please contact:
MS618 B.V.
Slachtedyk 4a, 8501 ZA Joure
The Netherlands
Email: privacy@ms618.nl
Phone: +31 (0)6 331 067 02