Privacy Policy
This policy explains what personal data aiGrunn collects, why, on what legal basis, and what rights you have as a visitor or subscriber. We keep it to the point — no vague language, no hidden clauses.
Who is responsible for your data
The data controller for this website is:
Stekz B.V.
Groningen, the Netherlands
info@aigrunn.org
If you have any questions about how we handle your personal data, please contact us at the email address above.
What data we collect and why
We collect the minimum data needed to run the website and communicate with attendees. The table below lists each type of processing, its purpose, and its legal basis under the GDPR.
| Activity | Data collected | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Website analytics (Google Analytics 4) | Pages visited, session duration, approximate location (city level), device & browser type, anonymised IP address | Understanding how visitors use the site so we can improve it | Consent — Art. 6(1)(a) GDPR. Analytics only load after you click Accept in our cookie banner. | 14 months (GA4 default), then automatically deleted |
| Newsletter subscription (MailerLite) | Email address, subscription date, email engagement (opens, clicks) | Sending updates about aiGrunn 2026 — programme announcements, ticket releases, event news | Consent — Art. 6(1)(a) GDPR. You subscribe voluntarily and can unsubscribe at any time. | Until you unsubscribe. We delete your data within 30 days of unsubscription. |
| Consent preference | Your cookie accept/decline choice, stored in your browser's localStorage | Remembering your preference so we do not ask again on every visit | Legitimate interest — Art. 6(1)(f) GDPR. Necessary to honour your consent decision. | Until you clear your browser data or withdraw consent |
| Server logs (Vercel infrastructure) | IP address, request timestamps, pages requested, HTTP status codes | Security, abuse prevention, and infrastructure reliability | Legitimate interest — Art. 6(1)(f) GDPR | Up to 30 days, managed by Vercel Inc. |
We do not collect names, phone numbers, payment data, or any sensitive personal data through this website.
Cookies and local storage
This website uses the following:
- localStorage key
cookie_consent— stores your accept or decline choice. Not a cookie; stays in your browser only. Never sent to our servers. - localStorage key
aigrunn-theme— stores your light/dark mode preference. Not a cookie; stays in your browser only. - Google Analytics cookies (
_ga,_ga_*) — only set if you accept analytics. These are first-party cookies used by Google Analytics 4 to distinguish visitors and sessions. You can prevent them by declining our cookie banner or by installing the Google Analytics Opt-out Browser Add-on.
We do not use advertising cookies, tracking pixels, or any third-party marketing cookies.
Third-party processors
We share data with the following processors only to the extent necessary to deliver the services described above:
- Google Ireland Limited (Google Analytics 4) — Google processes analytics data on our behalf. Data may be transferred to Google LLC in the United States under Standard Contractual Clauses (SCCs) as approved by the European Commission. Google's privacy policy: policies.google.com/privacy.
- UAB MailerLite (newsletter) — MailerLite is based in Vilnius, Lithuania (EU) and processes subscriber data on our behalf under a Data Processing Agreement. MailerLite's privacy policy: mailerlite.com/legal/privacy-policy.
- Vercel Inc. (hosting) — Vercel hosts this website and processes server logs. Vercel is based in the United States and operates under Standard Contractual Clauses. Vercel's privacy policy: vercel.com/legal/privacy-policy.
We do not sell your data to any third party. We do not share your data with sponsors, partners, or other third parties beyond what is listed above.
Data transfers outside the EU
Two of our processors operate (in part) outside the European Economic Area:
- Google Analytics — data may be transferred to the United States. Transfer is governed by Standard Contractual Clauses (SCCs) between Google Ireland Limited and Google LLC. IP anonymisation is enabled.
- Vercel — infrastructure is hosted globally. Transfers to the US are covered by SCCs.
You can ask us for a copy of the applicable SCCs by contacting info@aigrunn.org.
Your rights under the GDPR
As a resident of the European Economic Area, you have the following rights regarding your personal data:
- Right of access (Art. 15) — you can request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — you can ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — you can ask us to delete your data ("right to be forgotten"), subject to legal obligations that require us to retain it.
- Right to restriction of processing (Art. 18) — you can ask us to pause processing your data in certain circumstances.
- Right to data portability (Art. 20) — you can request your data in a structured, machine-readable format.
- Right to object (Art. 21) — you can object to processing based on legitimate interest at any time.
- Right to withdraw consent (Art. 7(3)) — where processing is based on your consent, you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal. To withdraw consent for analytics, click Decline in our cookie banner (clear your browser's localStorage first to make the banner reappear). To withdraw consent for newsletters, use the unsubscribe link in any email we send you.
To exercise any of these rights, contact us at info@aigrunn.org. We will respond within 30 days.
Right to lodge a complaint
If you believe we are handling your personal data unlawfully, you have the right to lodge a complaint with the Dutch data protection authority:
Autoriteit Persoonsgegevens (AP)
Postbus 93374, 2509 AJ Den Haag
autoriteitpersoonsgegevens.nl
We would, however, appreciate the opportunity to address your concerns before you contact the AP. Please reach out to us first at info@aigrunn.org.
Children
This website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
Changes to this policy
We may update this policy from time to time. Material changes will be announced on this page with an updated date below. We encourage you to review this policy periodically.
Last updated: 12 May 2026