Get in touch

Privacy Policy

Last updated: 3 December 2025

We are committed to protecting your personal data and handling it responsibly. This policy explains what information we collect, how we use it, with whom we may share it, and the rights you have under the GDPR. We only collect information necessary to operate our website and deliver our services, and we handle all data with strict security and confidentiality.

  1. Introduction

This Privacy Policy explains how InFECT-NL b.v. (“INFECTA”, “we”, “our”, or “us”) collects, uses, stores, and protects your personal data when you visit www.infecta.org  or interact with our products and services.

We are committed to handling your information responsibly, transparently, and in accordance with applicable privacy laws, including the EU GDPR and relevant national legislation.

By using our website or providing your information, you acknowledge that you have read and understood this Privacy Policy.

 

  1. Data Controller

The data controller responsible for your personal data is:

INFECTA
Langegracht 70, 2312 NV Leiden
The Netherlands
Email: info@infecta.org
Website: www.infecta.org

For certain processing operations, we may act as a data processor on behalf of healthcare institutions, research partners, or clients. In those cases, our processing is governed by a data processing agreement (DPA).

 

  1. What Personal Data We Collect

We collect personal data in several ways, depending on how you interact with our website and services.

3.1 Data You Provide Directly

  • Contact information: name, email address, phone number
  • Company information: organisation name, role, department
  • Form submissions: demo requests, inquiries, partnership forms, downloads
  • Communication content: email correspondence, customer support messages

3.2 Data Collected Automatically (Website Use)

When you visit our website, we may collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages viewed / time spent on site
  • Referral source
  • Cookie identifiers
  • General location information (city-level, not precise GPS)

3.3 Cookies & Tracking Technologies

See Section 4 for details.

3.4 Data from Third Parties

We may receive data from:

  • Analytics providers
  • Lead generation partners
  • Publicly available business sources (e.g., LinkedIn company page data)
  • Integration partners

3.5 Special Categories of Data

INFECTA provides clinical research and consultancy.

When processing clinical research data through our professional services, we act as a data processor, not a controller.

Such data is handled strictly under contractual agreements, data-minimisation principles, and medical-grade security measures (ISO standards where applicable).

No health data is processed through the public website www.infecta.org.

3.6 Children’s Data

Our website and services are not intended for children under 16.
We do not knowingly collect personal data from children.

 

  1. Cookies & Tracking Technologies

We use cookies and similar technologies to ensure website functionality, improve user experience, and analyse website performance.

4.1 Types of Cookies We Use

Type of Cookie

Purpose

Example

Strictly Necessary

Website operation, security, core functions

Session cookies

Analytics / Performance

Understand usage patterns, improve content

Google Analytics (IP anonymised), Microsoft Clarity

Functional

Remember user preferences

Language settings

Marketing / Advertising

Measure campaign effectiveness (only with consent)

LinkedIn Insight Tag

4.2 Legal Basis for Cookies

Necessary cookies: legitimate interest (Art. 6(1)(f) GDPR)

Analytics/marketing cookies: consent (Art. 6(1)(a) GDPR)

4.3 Managing Cookies

You can manage or disable cookies via:

  • The cookie banner
  • Your browser settings
  • “Do Not Track” preferences (where supported)

 

  1. Data Storage & Retention

We store personal data only as long as needed for the purposes described in this policy or as required by law.

Typical Retention Periods:

  • Contact forms: 12–24 months
  • Contract/customer data: 7 years (for legal/accounting purposes)
  • Newsletter data: until you unsubscribe
  • Analytics data: 26 months (or shorter depending on tool configuration)
  • Technical logs: up to 12 months for security and diagnostics

If legal obligations (e.g., tax, medical device, clinical research laws) require longer retention, we comply accordingly.

 

  1. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted connections (HTTPS/TLS)
  • Secure data centres and access controls
  • Data access limited to authorised personnel
  • Staff confidentiality agreements
  • Regular system and security audits
  • Data-minimisation principles in all services

 

  1. Data Sharing

We do not sell personal data.

We may share data with trusted third parties when necessary:

7.1 Categories of Recipients

  • Hosting and infrastructure providers (e.g., cloud servers)
  • Analytics and performance tools
  • Email and communication tools
  • CRM and customer-support systems
  • Legal and regulatory authorities (when required)
  • Professional service providers (e.g., accounting, legal, compliance)

7.2 Purpose of Sharing

  • Operating our website
  • Responding to your requests
  • Ensuring security and performance
  • Providing contracted services
  • Meeting legal obligations

7.3 Data Processing Agreements (DPAs)

All processors operate under GDPR-compliant agreements.

 

  1. International Transfers

If we transfer personal data outside the EU/EEA, we ensure adequate safeguards as required by GDPR, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Additional security measures where required

You may request a copy of the applicable transfer mechanism via [Privacy Mail].

 

  1. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Access – request a copy of your data
  • Rectification – correct inaccurate or incomplete data
  • Erasure (“Right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection (including marketing grounds)
  • Withdraw consent at any time
  • Lodge a complaint with your local Data Protection Authority

How to Exercise Your Rights

Email: info@infecta.org  
We may request additional information to verify your identity before processing your request.

 

  1. Questions or Requests

If you have questions about this Privacy Policy or how we process your data, please contact:

INFECTA
Langegracht 70, 2312 NV Leiden
The Netherlands
Email: info@infecta.org
Website: www.infecta.org

 

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal obligations. The “Last updated” date at the top of the page indicates when this policy was most recently revised.

 

Let’s accelerate the development of your infectious disease product together