Introduction
Modilium is a freelance design studio based in Amsterdam, the Netherlands, operated by Cedrik
Wouters and Sabrina Bollegraf.
We are committed to protecting your personal data and your right to privacy. This Privacy Policy
explains what information we collect, how we use it, who we share it with, and what rights you
have over your data when you visit modilium.com or engage our services.
This policy applies to all visitors, clients, and contacts of modilium. It complies with the General
Data Protection Regulation (GDPR) for EU-based individuals and, where applicable, US state
privacy laws including the California Consumer Privacy Act (CCPA).

Who We Are (Data Controller)
For the purposes of applicable data protection law, the data controller is:
modilium
Amsterdam, the Netherlands
Email: info@modilium.com
Website: modilium.com
As a studio based in the Netherlands, modilium operates under EU data protection law,
including the GDPR and the Dutch Implementation Act (Uitvoeringswet AVG). For US-based
clients and visitors, we comply with applicable federal and state privacy regulations.

What Personal Data We Collect
3.1 Data You Provide Directly
We collect personal data that you voluntarily provide to us, including:
• Name and contact details (email address, phone number) when you fill in our contact
form or reach out via email
• Company name, job title, and project details when enquiring about or engaging our
services
• Billing and payment information when a project agreement is in place
• Any other information you choose to share with us in communications

3.2 Data Collected Automatically
When you visit modilium.com, we may collect certain technical data automatically, including:
• IP address and approximate location
• Browser type and version
• Device type and operating system
• Pages visited, time spent on pages, and referring URLs
• Cookie data (see Section 7 for full details)

3.3 Data from Third Parties
We may receive limited data about you from third-party platforms such as LinkedIn or X (Twitter)
if you interact with our profiles or reach out to us through those channels. We do not purchase
or obtain personal data from data brokers.

How We Use Your Data
Modilium uses personal data only for legitimate, specified purposes. We use your data to:
• Respond to enquiries and communicate with you about potential or active projects
• Deliver, manage, and invoice for our design services
• Send relevant updates or proposals related to your project
• Comply with our legal obligations under Dutch and EU law
• Protect our legitimate business interests, such as defending against legal claims

Legal Basis for Processing (EU/GDPR)
For individuals in the European Economic Area (EEA), we process personal data on the
following legal bases:
• Contractual necessity: Processing required to fulfil a project agreement or respond to a
pre-contractual enquiry
• Legitimate interests: Processing for our business operations, portfolio use, and where
these do not override your rights
• Legal obligation: Processing required to comply with applicable law

How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes described in this policy
or as required by law:
• Client contact and project data: Retained for up to 7 years after project completion for
accounting and legal purposes, in line with Dutch tax law requirements
• Enquiry data (no project commenced): Retained for up to 12 months after last contact
• Website analytics data: Retained in anonymised or aggregated form only
• Cookie data: Retained as specified in our Cookie Policy (Section 7)
After applicable retention periods, data is securely deleted or anonymised.

Cookies
Modilium.com may use cookies and similar tracking technologies to improve your browsing
experience and understand how visitors use our site.

7.1 Types of Cookies We Use
• Essential cookies: Required for the website to function correctly. These cannot be
disabled.
• Analytics cookies: Help us understand how visitors interact with our site (e.g. pages
visited, time on site). Data is anonymised where possible.
• Preference cookies: Remember your settings and preferences across visits.

7.2 Managing Cookies
You can control and manage cookies through your browser settings at any time. Disabling
non-essential cookies will not affect your ability to use our website. For EU visitors, we will
request your consent for non-essential cookies on your first visit in accordance with GDPR
requirements.

Who We Share Your Data With
Modilium does not sell, rent, or trade your personal data. We may share your data with trusted
third parties only where necessary:
• Service providers: Tools we use to run our business (e.g. invoicing software, project
management tools, email platforms). These providers are bound by data processing
agreements and may not use your data for their own purposes.
• Payment processors: When processing invoices, data may be shared with our payment
provider, who operates under their own privacy policy.
• Legal authorities: Where required by law, court order, or regulatory obligation.
Where data is transferred outside the EU (e.g. to US-based service providers), we ensure
appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved
by the European Commission.

Your Rights Under GDPR (EU Visitors)
If you are based in the EU or EEA, you have the following rights under the GDPR:
• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request that we correct inaccurate or incomplete data.
• Right to erasure: You may request that we delete your personal data, subject to legal
retention obligations.
• Right to restriction: You may request that we limit the processing of your data in certain
circumstances.
• Right to data portability: You may request your data in a structured, machine-readable
format.
• Right to object: You may object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it
at any time without affecting prior processing.
To exercise any of these rights, please contact us at info@modilium.com. You also have the
right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit
Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Your Rights Under US Privacy Law (US Visitors)
10.1 California (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer
Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
• Right to know: You may request details about the categories and specific pieces of
personal data we have collected about you.
• Right to delete: You may request that we delete personal data we have collected, subject
to certain exceptions.
• Right to correct: You may request that we correct inaccurate personal data.
• Right to opt-out of sale: modilium does not sell personal data. However, you may contact
us to confirm this.
• Right to non-discrimination: We will not discriminate against you for exercising your
privacy rights.

10.2 Other US States
Modilium respects the privacy rights of residents of all US states. If your state has enacted
specific privacy legislation (e.g. Virginia CDPA, Colorado CPA, Connecticut CTDPA), we will
honour your applicable rights upon verified request to info@modilium.com.

Data Security
Modilium takes the security of your personal data seriously. We implement appropriate technical
and organisational measures to protect your data against unauthorised access, loss,
destruction, or alteration. These measures include:
• Secure encrypted communication (HTTPS) on our website
• Password-protected access to client files and project data
• Use of reputable, GDPR-compliant third-party tools with their own security certifications
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify
the relevant supervisory authority within 72 hours and inform affected individuals without undue
delay, as required by GDPR.

Children's Privacy
Modilium's website and services are not directed at individuals under the age of 16. We do not
knowingly collect personal data from children. If you believe a child has provided us with
personal data, please contact us at info@modilium.com and we will promptly delete it.

Third-Party Links
Our website may contain links to third-party websites, including social media platforms such as
LinkedIn and X (Twitter). Modilium is not responsible for the privacy practices of these websites
and encourages you to review their respective privacy policies before providing any personal
data.

Changes to This Privacy Policy
Modilium may update this Privacy Policy from time to time to reflect changes in our practices or
applicable law. The most current version will always be published at modilium.com with the
updated effective date. We encourage you to review this policy periodically.
For material changes that affect how we process your personal data, we will provide additional
notice where required by law.

Contact Us
If you have any questions, requests, or concerns regarding this Privacy Policy or how your data
is handled, please contact us:
modilium
Amsterdam, the Netherlands
Email: info@modilium.com
Website: modilium.com
For EU residents, you may also contact the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
autoriteitpersoonsgegevens.nl
modilium