Privacy Policy

Introduction

IronHaven B.V. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website ironhaven.world or use our financial services.

We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws. Our registered office is located at Kerkstraat 147, 1056 DW Amsterdam, Netherlands (Registration Number: KvK46231657).

Data We Collect

We collect various types of personal data to provide our student financial services effectively. The data we collect includes information you provide directly to us, information we collect automatically when you use our services, and information we receive from third parties.

Information You Provide to Us:

• Personal identification information (name, email address, phone number, date of birth)
• Educational information (university, course of study, academic year)
• Financial information (income, expenses, financial goals, banking details for service provision)
• Contact preferences and communication history
• Feedback, survey responses, and support enquiries

Information We Collect Automatically:

• Website usage data (pages visited, time spent, click patterns)
• Device information (IP address, browser type, operating system)
• Cookies and similar tracking technologies (see our Cookie Policy for details)

How We Use Your Information

We use the personal data we collect for various purposes related to providing our financial services and improving your experience. How we use your data depends on the services you use and your preferences.

• To provide personalised financial advice and money management services
• To communicate with you about our services, appointments, and updates
• To process payments and manage your account
• To improve our services and develop new offerings
• To comply with legal and regulatory requirements
• To protect against fraud and ensure the security of our services
• To send marketing communications (with your consent where required)

Legal Basis for Processing:

We process your personal data based on the following legal grounds:

• Contract performance: To provide our financial services
• Legitimate interests: To improve our services and prevent fraud
• Consent: For marketing communications and non-essential cookies
• Legal obligation: To comply with financial regulations and tax requirements

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use and how to control them, please see our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• With service providers who assist us in delivering our services (e.g., payment processors, cloud hosting)
• With professional advisors (lawyers, accountants) when necessary for business operations
• To comply with legal obligations or respond to lawful requests from authorities
• To protect our rights, property, or safety, or that of our clients or others
• In connection with a business transfer, merger, or acquisition

All third parties with whom we share data are required to maintain appropriate security measures and use your data only for the specified purposes.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Other legally recognised transfer mechanisms

Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Our data retention periods vary depending on the type of information and the purpose for which it was collected.

• Client service data: Retained for the duration of our relationship plus 7 years for regulatory compliance
• Marketing data: Retained until you withdraw consent or for 3 years of inactivity
• Website analytics: Typically retained for 26 months
• Financial records: Retained for 7 years as required by Dutch law

Your Rights

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data to another service provider
• Right to object: Object to processing based on legitimate interests or for marketing purposes
• Right to withdraw consent: Withdraw consent for data processing where applicable

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure data storage and backup procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

Children's Privacy

Our services are intended for individuals aged 16 and over. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have collected information from a child under 16, please contact us immediately so we can delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: