Skip to main content

GDPR Compliance Statement

Biarritz Agency
Version: 1.0
Date: 23 August 2025



Biarritz Agency only collects and uses the personal data needed to run the business—providing marketing services, staying in touch with clients and suppliers, and keeping operations smooth.

All personal data remains within the EU. We run self-hosted, open-source business applications and do not rely on Big Tech or U.S.-based platforms for core operations.

We follow the core principles of GDPR: 

  • Legal, fair, and transparent use of data
  • Clear purpose, no unnecessary collection
  • Minimal data, kept accurate and only as long as needed
  • Protected with strong security
  • Fully accountable, with the records to prove it

Security isn’t an afterthought. We use encrypted storage, strong passwords, multi-factor authentication, regular updates, and backups. 

Vendors are chosen carefully—each one meets GDPR standards and has the right data protection terms in place.

Anyone can ask to access, correct, delete, or move their data, or object to how it’s used. Just email This email address is being protected from spambots. You need JavaScript enabled to view it. We aim to acknowledge requests within 5 working days and respond fully within one month.

We review our policies, tools, and vendors regularly. If there's ever a personal data breach that poses a risk, we’ll report it to the Dutch authority (Autoriteit Persoonsgegevens) within 72 hours—and notify affected individuals if needed.