Privacy Policy

1. Introduction

shortoasfo B.V. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website shortoasfo.top or use our services.

This policy complies with the General Data Protection Regulation (GDPR) and Dutch data protection laws. By using our website or services, you consent to the data practices described in this policy.

2. Data Controller

The data controller for your personal information is:

3. Information We Collect

3.1 Personal Information

We may collect the following personal information:

• Name and contact details (email address, phone number, postal address)
• Professional information (company name, job title, business details)
• Financial information relevant to our services
• Communication records and correspondence
• Service preferences and requirements

3.2 Technical Information

When you visit our website, we automatically collect:

• IP address and location data
• Browser type and version
• Device information and operating system
• Website usage data and analytics
• Cookies and similar tracking technologies

3.3 Cookies

We use cookies and similar technologies to enhance your browsing experience. For detailed information about our use of cookies, please see our Cookie Policy.

4. How We Use Your Information

We process your personal data for the following purposes:

4.1 Service Provision

• Providing finance and legal advisory services
• Processing and responding to inquiries
• Managing client relationships and communications
• Delivering contracted services and solutions

4.2 Legal and Regulatory Compliance

• Complying with legal and regulatory obligations
• Preventing fraud and ensuring security
• Maintaining records as required by law
• Conducting due diligence procedures

4.3 Business Operations

• Improving our services and website functionality
• Conducting market research and analysis
• Sending relevant business communications
• Managing our business operations effectively

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary for performing our contractual obligations to you
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services
• Legal Obligation: Processing required to comply with legal or regulatory requirements
• Consent: Where you have given explicit consent for specific processing activities

6. How We Share Your Information

We may share your information with:

6.1 Service Providers

• Professional service providers (accountants, lawyers, consultants)
• Technology service providers and hosting companies
• Payment processors and financial institutions
• Analytics and marketing service providers

6.2 Legal Requirements

• Regulatory authorities and government agencies
• Law enforcement when legally required
• Courts and legal proceedings
• Professional regulatory bodies

6.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your information may be transferred to the acquiring entity.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• Encryption of data in transit and at rest
• Access controls and authentication procedures
• Regular security assessments and updates
• Staff training on data protection requirements
• Secure data storage and backup procedures

8. Data Retention

We retain personal data for as long as necessary to:

• Provide our services and maintain client relationships
• Comply with legal and regulatory obligations
• Resolve disputes and enforce agreements
• Pursue legitimate business interests

Specific retention periods vary depending on the type of data and applicable legal requirements. Contact us for more information about retention periods for specific data categories.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise your rights, contact us at privacy@shortoasfo.top. We will respond to your request within one month.

10. International Data Transfers

We primarily process data within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for multinational organisations
• Certification schemes and codes of conduct

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our website

The "Last updated" date at the top of this policy indicates when the most recent changes were made.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data unlawfully. In the Netherlands, the relevant authority is: