Privacy Policy
Last Updated: March 12, 2026
This Privacy Policy explains how Bol Interieuragenturen B.V. (“we”, “us”, “our”) collects, uses, and protects personal data when you visit this website and when you request information about our interior design education and space planning programs available across Canada.
We operate from our registered office in the Netherlands and follow the requirements of the EU General Data Protection Regulation (“GDPR”) and applicable Dutch data protection rules. If you are located in Canada, you may also have rights under Canadian privacy frameworks; we address practical Canadian considerations in Section 14.
1. Introduction & Controller Identity
Bol Interieuragenturen B.V. is the data controller for the processing described in this Privacy Policy. That means we decide why and how your personal data is processed.
- Legal entity: Bol Interieuragenturen B.V.
- Registered address: Kerklaan 16 E, 1261 JB Blaricum, Netherlands
- Contact email: [email protected]
- Telephone: +31 35 203 1184
We do not appoint a Data Protection Officer (“DPO”) as a default; if a DPO becomes required for our activities, we will update this policy and provide dedicated contact details.
Effective date: March 12, 2026.
2. Personal Data We Collect
The data we collect depends on how you use the site. We aim to collect only what is needed to respond to requests, maintain security, and improve the learning resources we publish.
- Identity and contact data: name, email address, phone number, and any organization name you include in your message.
- Form content: the content of your message, requested program, preferred start timeframe, and other details you choose to provide.
- Technical data: IP address, browser type, device identifiers, operating system, language settings, and approximate location derived from IP.
- Usage data: pages visited, time spent, referrer and click paths, and interaction events (for example, whether a page was loaded or a form was attempted).
- Cookies and identifiers: first-party cookies used for essential operation and consent recording, plus third-party identifiers if you consent to analytics and/or marketing cookies.
- Conversion events: events related to requests submitted through our forms (for example, successful submission signals), used to measure website performance and the usefulness of our program pages.
We do not intentionally collect special-category data (such as health data, biometric data, religious beliefs, political opinions), government ID numbers, or financial account details through this website. Please do not submit such information in free-text fields.
3. Why We Process Your Data & Legal Bases (GDPR Art. 6)
Under GDPR, we must have a lawful basis for processing. The legal basis can vary depending on the purpose.
- Responding to inquiries and registration requests (contact form): We process your details to respond and provide enrollment steps. Legal basis: GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent) where applicable.
- Website analytics (if you consent): We use analytics to understand which pages are helpful and to improve structure and content. Legal basis: GDPR Art. 6(1)(a) (consent).
- Marketing and remarketing (if you consent): We may measure conversions and show relevant ads to people who have engaged with our site. Legal basis: GDPR Art. 6(1)(a) (consent).
- Security and abuse prevention: We protect the site against spam, automated abuse, and malicious activity. Legal basis: GDPR Art. 6(1)(f) (legitimate interests).
- Compliance with legal obligations: We may keep limited records when required by law (for example, tax or corporate compliance). Legal basis: GDPR Art. 6(1)(c) (legal obligation).
Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you.
4. Cookies & Tracking
We use cookies and similar technologies to run the site, remember your cookie preferences, and (if you consent) measure usage and marketing performance. Cookies are small text files stored in your browser. Some cookies are set by us (first-party), while others may be set by third-party providers (third-party).
Our cookie categories and examples are aligned with our Cookie Policy.
- Essential cookies (always active): required for core functionality and to store your cookie preference choice. Examples include _site_session and cookie_consent. Retention: session to 12 months (depending on cookie).
- Analytics cookies (consent required): used to understand site usage. Example: Google Analytics 4 (GA4), IP anonymization settings where supported. Examples: _ga and _ga_XXXXXXXXXX. Typical retention: up to 2 years for identifiers; analytics data retention configured to 14 months.
- Marketing cookies (consent required): used for conversion attribution and advertising relevance. Examples include _gcl_au, _fbp, and _fbc. Typical retention: 90 days for marketing identifiers.
In addition to cookies, some measurement may occur through pixel tags or server-to-server signals (for example, conversion events) when you consent. If these are implemented, they are used to understand which educational pages lead to inquiries and to improve how we present program information.
5. Consent (EEA/UK Users)
Users in the European Economic Area (“EEA”) and the United Kingdom receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)).
Consent is recorded in the cookie_consent browser cookie (typically 12 months). You may withdraw your consent at any time by using the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before your withdrawal.
6. Sharing With Advertising & Service Partners
We use reputable service providers to host and protect the site and, if you consent, to measure traffic and advertising performance. We share personal data only as needed for the purposes described in this policy.
- Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie IDs, usage data, conversions, and remarketing list membership where consent is granted. Reference: https://policies.google.com/privacy
- Meta Platforms, Inc. (Meta Pixel, custom/lookalike audiences, conversion measurement): page view events, conversion events, audience membership, and hashed identifiers where implemented and consent is granted. Reference: https://www.facebook.com/privacy/policy
- Cloudflare, Inc. (CDN and security): IP-based threat detection and performance delivery to protect the site. Reference: https://www.cloudflare.com/privacypolicy/
We do not sell personal data. Where third-party advertising and analytics tools are used, we configure them to operate as service providers/processors for our purposes. These providers may process data according to their own terms as well; we recommend reviewing their policies.
We do not permit these providers to use site data for their own independent commercial purposes beyond providing the services requested by us, subject to the provider’s applicable terms and technical settings.
7. International Transfers
Some service providers (such as Google, Meta, and Cloudflare) may process data outside the EEA/UK, including in the United States. When personal data is transferred internationally, we apply safeguards as required by GDPR and Dutch law.
- EU-U.S. Data Privacy Framework (primary mechanism, where applicable since July 2023)
- UK Extension to the EU-U.S. Data Privacy Framework (where applicable)
- Swiss-U.S. Data Privacy Framework (where applicable)
- Standard Contractual Clauses (EU 2021/914) as a fallback
- UK IDTA as a fallback for UK transfers
Where required, we also implement supplementary measures (such as data minimization and access controls) appropriate to the type of transfer.
8. Data Retention
We keep personal data only for as long as necessary for the purposes described above, unless a longer retention period is required by law.
- Contact submissions: typically up to 2 years from our last interaction with you, to handle follow-ups and administrative continuity.
- Analytics data: configured to 14 months (where analytics is enabled with consent), subject to provider settings.
- Marketing cookies: per cookie lifetime (for example, 90 days for some marketing identifiers), subject to your consent choices.
- Email correspondence: typically for the duration of the relationship plus 1 year, unless a longer period is needed for dispute handling.
- Server/security logs: typically up to 90 days, unless a longer period is necessary to investigate abuse or security incidents.
- Cookie consent record: up to 3 years for audit purposes (where applicable), in a minimal form.
- Legal/tax records: retained as required by Dutch law (often 6–10 years for certain business records), where applicable.
9. Your Rights (GDPR & UK GDPR)
If GDPR applies to you, you have the following rights, subject to legal limitations:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent at any time (Art. 7(3))
- Right to lodge a complaint with a supervisory authority (Art. 77)
To exercise your rights, email [email protected]. We typically respond within 30 days. For complex requests, the response time may be extended by up to 60 additional days; if so, we will inform you of the reason.
Supervisory authority information (general references):
- EU guidance: https://edpb.europa.eu
- UK ICO: https://ico.org.uk
- Netherlands Authority for Personal Data (Autoriteit Persoonsgegevens): https://autoriteitpersoonsgegevens.nl
10. Children
This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we discover that we have collected personal data from a child under 16 without appropriate consent, we will delete it promptly.
11. Do Not Track
This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own handling of DNT signals or similar preference mechanisms.
12. Data Deletion Requests
To request deletion of your personal data, email us at [email protected] with the subject line “Data Deletion Request”. We may ask for information needed to verify your identity before acting on the request.
Some data may be retained where required by law or where necessary to establish, exercise, or defend legal claims. In those cases, we will limit access and use the data only for the relevant purpose.
13. Business Transfers
In a merger, acquisition, asset sale, financing, reorganization, or insolvency event, personal data may be transferred to a successor entity. If a transfer materially changes how your data is used, we will provide notice on the website.
14. Canadian Privacy Considerations
Our educational programs are available across Canada, and we may receive inquiries from Canadian residents. As a Dutch company, our primary legal framework for this website is GDPR; however, we apply practical privacy safeguards consistent with common Canadian expectations:
- Purpose limitation: information you submit is used to respond to your program inquiry and to provide registration guidance.
- Consent choices: cookies for analytics and marketing are optional and controlled through the cookie preferences panel.
- Access and correction: you can ask us what we hold about you and request corrections by contacting [email protected].
- Safeguards: we use technical and organizational measures designed to protect data against unauthorized access and misuse.
If you are located in Canada and have questions about cross-border processing (for example, when third-party tools process data in the United States), you can contact us using the details in Section 18.
15. California (CCPA/CPRA)
If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the CPRA. Over the last 12 months, the categories of personal information we may collect include:
- Identifiers: name, email address, IP address, cookie IDs (shared with service providers and, if you consent, ad partners).
- Internet/network activity: browsing interactions on our site (shared with analytics and advertising providers if you consent).
- Inferences: interests or preferences derived from site interactions (used for advertising relevance if you consent).
We do not sell personal information as defined by CCPA. We may share data for cross-context behavioral advertising when you consent to marketing cookies; you can opt out at any time through our cookie preferences panel.
California rights may include the right to know, delete, correct, opt out of sale/sharing, and non-discrimination. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your identity before fulfilling requests. Authorized agents may submit requests with proof of authorization.
16. Virginia (VCDPA)
If you are a Virginia resident, you may have rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.
To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If we decline your request, you may appeal by emailing “Appeal of Refusal — Privacy Request”. We will respond within 60 days.
17. Nevada
Nevada residents may submit a verified opt-out request by emailing us with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service providers. If we make material changes, we will post a notice on the website at least 14 days before the changes take effect where feasible.
The “Last Updated” date at the top of this page indicates when this policy was most recently revised.
19. Contact
If you have questions about this Privacy Policy or about how we handle personal data, contact:
- Bol Interieuragenturen B.V.
- Address: Kerklaan 16 E, 1261 JB Blaricum, Netherlands
- Email: [email protected]
- Phone: +31 35 203 1184
For cookie choices, you can also use the “Manage cookie preferences” link in the footer.
Privacy questions and requests
For access, deletion, correction, or cookie-related questions, email [email protected] or call +31 35 203 1184. Include enough context for us to locate your request (for example, the email used on a form submission) and we will guide you through the next steps.
Registered office: Kerklaan 16 E, 1261 JB Blaricum, Netherlands. Service area: Canada.