Skip to Content

Privacy Statement | 4URight

Last update on 04-09-2025

Our PoliciesHow to contact usWhat personal data do we collect and how do we use it?Categories of personal data and purposeClarification on legal basesPermissionRetention periodsAutomated decision-makingSharing of personal dataInternational transfers of personal dataProtection of personal dataRights of the data subject and their implementationAmendments

Our Policies

Habby B.V., trading as 4URight™ (“4URight”, “we”, “our”, “us”), is the controller of your personal data. Habby B.V. is a private limited company established under Dutch law, with its statutory seat in Amersfoort, the Netherlands, 

registered office at De Stuwdam 33–35, 

3815 KM Amersfoort, 

the Netherlands, 

telephone +31 (0)85 4019 174, 

Chamber of Commerce (KvK) no. 70401276, 

fully paid-up share capital EUR 500,000, 

VAT no. NL 8583.07.431 B 01.

This privacy statement informs you about the way in which we handle your personal data in the context of 4URight. 

How to contact us

  • GDPR contact person: Francesco Cattaneo

  • Email: f.cattaneo@4uright.com

  • Telephone: +31 (0)85 4019 174

  • Postal address (for data-subject requests): Habby B.V. (4URight), De Stuwdam 33–35, 3815 KM Amersfoort, The Netherlands

What personal data do we collect and how do we use it?

The type of personal data we collect and use is limited to the information you provide to us. This is the case, among other things, if you:

  • Contact us in any way;

  • Fill in the contact form;

  • Enter into a contract with us or request one of our other services;

  • Visit our website.

This Privacy Statement only applies to the platforms and parts of the websites we manage – which are owned by us under the trademark 4URight – and all personal data that we process of website visitors, prospects, customers and business relations.

We will never share or sell your personal data to anyone without your knowledge or approval. We will only share authorized information with third parties if they have been hired by us to facilitate the provision of our services to you or if we are required by law to hand over information to a government agency.

Categories of personal data and purpose

Activity

Category of Personal Data

Purpose

Legal basis

When you visit our website

IP address, actions on our website, information provided in contact forms.

To measure and improve interest on our website; to improve your user experience and tailor it to your behavior and interests; to administer and diagnose our website, to protect our business, to troubleshoot problems, and to prevent potentially prohibited or illegal activities; to respond to your question if you have asked it via the contact form.

Consent (Article 6 (1) (a) GDPR) and Legitimate interest (Article 6 (1) (f) GDPR)

When you contact us as a customer or business partner

Full name, email address, telephone number, other data you provide.

To carry out the agreed services; to comply with our own laws and regulations, e.g. obligation to keep records.

Necessary for the performance of a contract (Article 6 (1) (b) GDPR), necessary for a legal obligation (Article 6 (1) (c) GDPR)

When filling in the contact form

Full name, email address, telephone number.

To respond to your request and provide the information or services you requested.

Consent (Article 6 (1) (a) GDPR) and Legitimate interest (Article 6 (1) (f) GDPR)

Clarification on legal bases

Where we rely on consent, this means we will not process the relevant personal data (e.g. through non-essential cookies, contact form submissions for marketing) unless you have given us your express consent. You may withdraw this consent at any time.

Where we rely on legitimate interest, this means the processing is necessary to pursue our interest in operating, securing, and improving our website and services, provided these interests are not overridden by your fundamental rights and freedoms. You have the right to object to such processing at any time.

Permission

Where consent is the legal basis for processing your personal data, you may withdraw your consent at any time. You can do this by contacting us at f.cattaneo@4uright.com, by calling +31 (0)85 4019 174, or by writing to:

Habby B.V. (4URight), GDPR Contact Person, De Stuwdam 33–35, 3815 KM Amersfoort, The Netherlands.

Once you withdraw consent, we will no longer process the relevant personal data unless there is another lawful basis for doing so (e.g. compliance with legal obligations or the performance of a contract).

Retention periods

We retain your information to enable you to continue using our services for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

  • Contact form data: retained for up to 12 months after your inquiry has been resolved.

  • Contract-related data (customers, suppliers, partners): 7 years after termination of the relationship, in accordance with Dutch tax and administrative law.

  • Website technical data (IP address, logs): up to 6 months, unless longer retention is required for security or fraud prevention.

Automated decision-making

Automated decision-making refers to decisions made by computers or systems without human intervention. We ensure that no personal data is processed in automated decision-making.

Sharing of personal data

We use third parties to operate our platforms and services. It is possible that these third parties have access to your personal data. If that is the case, we will take appropriate measures to ensure that your data is adequately secured and only used for its intended purposes.

We may share your data with an organization or entity located outside the European Economic Area (EEA). We will then ensure that your personal data will only be transferred in accordance with applicable privacy legislation. This means, among other things, that transfers will only take place where:

  • An adequacy decision of the European Commission determines that there is an adequate level of protection; or

  • Standard Contractual Clauses (“SCCs”) adopted by the European Commission are in place, together with a documented Transfer Impact Assessment (TIA) and, where necessary, additional safeguards such as encryption, pseudonymisation, or contractual commitments to ensure essentially equivalent protection in line with the Schrems II judgment.

This may include:

  • IT service providers;

  • Hosting, maintenance and support providers;

  • Cloud providers;

  • Proton (email and communication tool);

  • Odoo (CRM and business management system);

  • Other systems used for file exchange or project management.

Where we use third-party service providers (such as IT providers, hosting companies, Proton for communications, and Odoo for CRM and business management), they act as our processors under our instructions. We have entered into data processing agreements (DPAs) with these providers in accordance with Article 28 GDPR to ensure that your data is processed securely and lawfully. In certain cases, where a third party determines its own purposes (for example, payment providers or regulators), that party acts as an independent controller under the GDPR.

In addition, we may share your data with competent regulators, authorities, judicial bodies, or other parties where we are required to do so by law, or if it is necessary in the context of legal proceedings or to establish or exercise our legal rights (for example, to deal with complaints or proceedings).

Of course, only the personal data that is necessary for the performance of the work will be shared.

International transfers of personal data

We may share your data with an organization or entity located outside the European Economic Area (EEA). We will then ensure that your personal data will only be passed on if these parties guarantee that the transfer takes place in accordance with the applicable privacy legislation.

This means, among other things, that the personal data will only be transferred outside the EEA in the event that:

  • An adequacy decision of the European Commission determines that there is an adequate level of protection for the transfer of the personal data to that country; or

  • Additional appropriate safeguards have been implemented, such as the Standard Contractual Clauses.

We ensure compliance with all additional requirements and guidance from the European Court of Justice, data protection legislation and supervisory authorities regarding the transfer of personal data.

Protection of personal data

We take the protection of your personal data very seriously. We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, accessed, or disclosed in an unauthorized way.

In addition, we limit access to your personal data to strictly necessary employees, contractors, and other third parties. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

Finally, we train our employees on the importance of confidentiality and ensuring the privacy and information security of your personal data.

Rights of the data subject and their implementation

In accordance with applicable law, you have various rights in relation to the processing of your personal data, which are listed below:

  • Right of access: you can request access to the personal data relating to you;

  • Right to rectification: you can request to correct inaccurate or incomplete data;

  • Right to erasure: you can request deletion of your data in certain circumstances;

  • Right to restriction of processing: you can request limitation of processing in certain circumstances;

  • Right to data portability: you can receive your data in a structured, commonly used, machine-readable format and transmit it to another controller;

  • Right to object: you can object to the processing of your personal data at any time;

  • Right not to be subject to automated decision-making: you can request human oversight if processing could lead to a (legal) consequence;

  • Right to be informed: you have the right to be informed about corrections, erasures, and restrictions of processing.

If you have any questions or would like to exercise any of the above rights, please contact us at:

  • Habby B.V. (4URight)

  • GDPR contact person: Francesco Cattaneo

  • Email: f.cattaneo@4uright.com

  • Telephone: +31 (0)85 4019 174

  • Postal address: De Stuwdam 33–35, 3815 KM Amersfoort, The Netherlands.

Reasonable access to your personal data will be granted free of charge after submission of the request. We will respond within one month of confirming your request. If we are unable to comply within one month, we will inform you of the expected date. We may also require additional information to verify your identity before fulfilling your request.

You also have the right to lodge a complaint with the supervisory authority. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): https://autoriteitpersoonsgegevens.nl

If you are established in another EU/EEA Member State, you may also lodge a complaint with your local supervisory authority. For example, in Italy this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

Amendments

We reserve the right to amend this Privacy Statement at any time and for any reason. We will publish the amended Privacy Statement on our website. If required by law, you will be notified of important changes to our Privacy Statement.

Data Governance and Relationship Table


CategorySubcategoryDetail
ControllerEntityHabby B.V., trading as 4URight™
ControllerLegal formPrivate limited company under Dutch law
ControllerStatutory seatAmersfoort, the Netherlands
ControllerRegistered officeDe Stuwdam 33–35, 3815 KM Amersfoort, the Netherlands
ControllerTelephone+31 (0)85 4019 174
ControllerChamber of Commerce (KvK)70401276
ControllerShare capital (paid-up)EUR 500,000
ControllerVAT numberNL 8583.07.431 B 01
ScopeCovered platformsWebsites, platforms and services owned and managed by Habby B.V. under the trademark 4URight™
ContactsGDPR contact personFrancesco Cattaneo
ContactsEmailf.cattaneo@4uright.com
ContactsTelephone+31 (0)85 4019 174
ContactsPostal address (DSARs)Habby B.V. (4URight), De Stuwdam 33–35, 3815 KM Amersfoort, The Netherlands
Processing activityWebsite visit: DataIP address; actions on website; information provided in contact forms
Processing activityWebsite visit: PurposeMeasure and improve interest; enhance UX; administer, diagnose and secure website; troubleshoot; prevent prohibited or illegal activities; respond to contact form questions
Processing activityWebsite visit: Legal basisConsent (Art. 6(1)(a) GDPR); Legitimate interest (Art. 6(1)(f) GDPR)
Processing activityCustomer or partner contact: DataFull name; email address; telephone number; other data provided
Processing activityCustomer or partner contact: PurposeCarry out agreed services; comply with record-keeping and other legal obligations
Processing activityCustomer or partner contact: Legal basisContract performance (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c))
Processing activityContact form: DataFull name; email address; telephone number
Processing activityContact form: PurposeRespond to request; provide requested information or services
Processing activityContact form: Legal basisConsent (Art. 6(1)(a)); Legitimate interest (Art. 6(1)(f))
Legal basisConsentExplicit consent required; can be withdrawn anytime via email, phone or post; after withdrawal processing stops unless another lawful basis applies
Legal basisLegitimate interestNecessary to operate, secure and improve services; balanced against rights and freedoms; right to object anytime
RetentionContact form dataUp to 12 months after inquiry resolved
RetentionContract-related data7 years after termination, per Dutch tax and administrative law
RetentionWebsite technical dataUp to 6 months unless longer needed for security or fraud prevention
Automated decision-makingUseNot used; no personal data processed in automated decision-making
RecipientsProcessorsIT providers; hosting, maintenance and support; cloud providers; Proton (email and communications); Odoo (CRM/business management); file exchange and project management systems
RecipientsIndependent controllersPayment providers; regulators and supervisory authorities when determining their own purposes
RecipientsAuthorities or judicial bodiesRegulators, authorities, courts under legal obligation or legal proceedings
International transfersMechanismsAdequacy decision or Standard Contractual Clauses; documented TIA; additional safeguards such as encryption or pseudonymisation; ensure essentially equivalent protection aligned with Schrems II
International transfersCompliance approachFollow ECJ guidance and supervisory authorities for transfers
SecurityTOMsAppropriate technical and organizational measures to prevent loss, unauthorized access or disclosure
SecurityAccess controlAccess limited to necessary personnel and third parties under instructions and confidentiality
SecurityTrainingEmployees trained on confidentiality, privacy and information security
RightsAccessRequest access to personal data
RightsRectificationCorrect inaccurate or incomplete data
RightsErasureRequest deletion in certain circumstances
RightsRestrictionLimit processing in certain circumstances
RightsPortabilityReceive data in a structured, commonly used, machine-readable format and transmit to another controller
RightsObjectObject at any time to processing based on legitimate interests
RightsAutomated decisionsRight not to be subject to automated decision-making; request human oversight
RightsTo be informedBe informed about corrections, erasures and restrictions of processing
RightsComplaintsDutch DPA (Autoriteit Persoonsgegevens) or local supervisory authority (e.g., Italy: Garante)
RequestsHow to submitEmail f.cattaneo@4uright.com; call +31 (0)85 4019 174; or write to GDPR Contact Person at De Stuwdam 33–35, 3815 KM Amersfoort, NL
RequestsResponse timeWithin one month of confirming request; extensions communicated with expected date
RequestsIdentity verificationAdditional information may be required to verify identity
RequestsFeesReasonable access provided free of charge
GovernanceAmendmentsPolicy may be amended at any time; published on website; important changes notified where required by law