1. Introduction
Nestflow cares about your privacy and treats your personal data as confidentially as possible.
The protection of your privacy and your personal data is an extremely serious matter for us. We collect, store and use your personal data only in accordance with the contents of this privacy statement (“Privacy Statement”) and the applicable regulations on data protection, in particular the provisions of the General Data Protection Regulation (“GDPR”) and the national data protection provisions.
This Privacy Statement explains what personal data is collected and processed, for what purposes, how long we keep personal data, what your rights are in this regard and how you can contact us.
This Privacy Statement applies, inter alia, to (i) our website Nestflow.com (hereinafter our “Website”), and the services and activities associated with it and (ii) all relationships through any other means of communication between you and us.
2. General Information Applicable To All Our Personal Data Processing Activities
2.1. Who Is Controller?
Nestflow B.V., a private limited company, with registered office at ’t Braassemhof 2, 2371BL Roelofarendsveen, the Netherlands and registered in the Dutch Chamber of Commerce under the number 89650336 (hereinafter “Nestflow”, “we” or “us”), is responsible for processing your data as described in this Privacy Statement. This Privacy Statement also applies to Nestflow’s affiliates, unless stated otherwise.
Please note that Nestflow is a data controller, which means that we have a direct responsibility to you in relation to the processing of your personal data. This Privacy Statement relates solely to our relationship with you as a data controller.
2.2. How Do We Receive Your Personal Data?
Personal data is data that can be used directly or indirectly to identify a natural person. We may collect and process personal data in various ways, for example (but not limited to) when:
- you contact or have contacted us (for example via email, telephone, the “Get Estimate” form or chatbot available on the Website);
- we provide or have evaluated providing any of our services to you;
- you wish to apply for a job at Nestflow;
- you subscribe to our newsletter.
Usually, you give us your personal data yourself. Sometimes we receive your contact details through third parties, for example (but not limited to):
- we can receive personal data about third parties from our homeowners or investors that do business with us. This may include data about: cohabiting partners; spouses; heirs; other individuals connected to a service we are providing;
- professional advisors or intermediaries acting on your behalf (for example, investment agents, legal representatives or financial advisors).
We may also find, update, supplement and improve your data through public sources (for example, directories or other publicly available information) and social networks.
2.3. Do We Share Your Personal Data Outside The European Union?
In principle, we use your personal data only for providing the services you request. If we use external service providers to provide these services, these service providers also have access to your personal data exclusively within the scope of their services. We have implemented necessary technical and organizational measures to ensure compliance with data protection regulations and also require external service providers to adhere to these provisions. We have entered into data processing agreements with relevant third parties, which include necessary safeguards regarding the confidentiality and privacy compliance of your personal data.
Notwithstanding the foregoing, it is possible that Nestflow may disclose your personal data to competent authorities (i) if Nestflow is required to do so by law or legal process and/or (ii) to protect and defend our rights.
In principle, we aim to store your personal data on IT systems in the European Economic Area (“EEA”). If personal data are transferred to countries or organizations outside the EEA, appropriate safeguards will always be provided. Any transfer of personal data outside the EEA to a recipient in a country not covered by a decision of the European Commission to provide an adequate level of protection, will be subject to the provisions of a data transfer agreement, which will include (i) the standard contractual clauses issued by the European Commission, or (ii) any other mechanism in accordance with the GDPR, or any other regulation relating to the processing of personal data such as the EU-U.S. Data Privacy Framework for transfers to the U.S.
2.4. What Rights Do You Have As A Data Subject?
- You have a right to access your personal data. This allows you to check what personal data we process about you;
- You have a right to correct your personal data. This allows you to correct or supplement any incorrect or incomplete personal data we process about you;
- You have a right to erasure of your personal data. This allows you to permanently erase personal data that we process about you. We are not always obliged to erase your personal data at your request – this right only applies in the cases and to the extent provided by law;
- You have a right to restrict the processing of your personal data. This allows you to freeze our use of your personal data without erasing it. We are not always obliged to restrict your personal data at your request; this right applies only in the cases and to the extent provided for by law;
- You have the right to object to the processing of your personal data. This allows you to object to the further processing of your personal data. We are not always obliged to honor your objection; this right only applies when we process your personal data based on our legitimate interests;
- You always have the right to withdraw your consent when the processing of your personal data is based on your consent;
- You always have the right to object to the processing of your personal data for direct marketing purposes;
- You have the right to data portability. This allows you to transfer, copy or forward personal data smoothly from one controller to another. This right can only be exercised if the processing is based on your consent or on an agreement with you.
If you wish to exercise any of the rights listed above, please contact us by e-mail or post using the details below (under Section 2.5).
When you make a request to exercise your rights, we will first verify your identity through the appropriate and least privacy-intrusive means. We do this to prevent your data from falling into the wrong hands.
The exercise of your rights is in principle free of charge. If your request is manifestly unfounded or excessive, we may charge you a reasonable fee in light of the administrative costs incurred by us. In such cases, however, we may also choose not to comply with your request. You will be notified of the reasons for this, if applicable.
In any case, we will always inform you of the outcome of your request no later than within one month. For complex or multiple requests, this period may be extended by two months, but we will also inform you of this necessary extension within the initial month.
2.5. Want To Exercise Your Rights, Have Questions Or A Complaint?
For the exercise of your rights, for any questions or complaints related to the processing of personal data, you can always contact us:
(b)
via post:
Nestflow B.V.
FAO: data protection manager
’t Braassemhof 2
2371BL Roelofarendsveen
the Netherlands
You can also file a complaint with the supervisory authority in the location where you reside. For the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
(c)
by phone: +31 (0)88-1805 250
(d)
via post:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
The Netherlands
For more information regarding complaints and remedies, we invite you to consult the Dutch Data Protection Authority’s website: autoriteitpersoonsgegevens.nl/contact/klacht-over-de-ap
3. Specific Processing Activities That May Apply To You
Under what circumstances Nestflow collects, uses or otherwise processes different categories of personal data from you, for what purpose, on what legal basis, for what period and with whom it is shared, is described below.
3.1. You Are A Client Of Nestflow
3.1.1. You Are A Homeowner Or Inquire About Our Services To Homeowners
Nestflow may collect and process one or more of the following personal data:
- contact information: for example, name, first name, email address, phone number, address;
- property information: for example, address details (including country, postal code, house number, street name, city, and unit or other specific address details), current estimated home value, existing mortgage value, along with process-related documents such as formal mortgage deeds, detailed valuation reports for the property, and other documents and details about the property required for legal or operational purposes;
- personal details: information about individuals connected to the property, including:
- homeowner(s): age, a copy of their passport/identity card, and other relevant information required in the context of co-ownership agreements;
- other residents (if applicable): information about other individuals living in the property (for example family members, tenants), including names and contact details;
- heirs, executors, and contact persons (as applicable): names and contact details;
- credit information: data provided by the homeowner, which may include (without limitation) records retrieved from credit registration systems (for example, Bureau Krediet Registratie), if applicable. This may include details of outstanding loans or financial obligations. Please note that this data is provided exclusively by the homeowner and is not directly obtained by Netsflow from these institutions; additionally, we may also collect credit scores for homeowners from third-party services that use publicly available data;
- correspondence and other forms of communication: letters, e-mails, electronic chats, and other (forms of) communication;
- billing and bank account data: for example, bank account numbers and any other information necessary for payments;
However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.
Nestflow processes the above personal data for the following purposes:
i.)
to provide you with more information about our services and products at your request or at our initiative, if deemed necessary to accurately perform our services for you;
ii.)
to provide you with the services as agreed with you;
iii.)
to handle any complaint and/or feedback;
iv.)
to make or collect payments;
v.)
to evaluate your financial situation as part of ensuring suitability for our services;
vi.)
to maintain a business relationship with you as a client.
Nestflow processes the personal data listed above on the following legal grounds:
- the processing is necessary for the performance of an agreement to which you are a party or to take steps at your request prior to the conclusion of an agreement (purposes I to IV above);
- the processing is necessary for the purposes of the legitimate interests pursued by Nestflow or a third party (purposes V and VI above). In this case Nestflow’s legitimate interest lies in evaluating the financial situation of its clients, and the condition of their property (where applicable), to ensure that its services are suitable and responsibly offered. This is necessary to mitigate financial and operational risks and to support the long-term stability and sustainability of both Nestflow, its equity real estate investors and the homeowner(s) (purpose V above). Further, our legitimate interest is to serve you as a client even better by keeping you informed about our activities, services and products (purpose VI above).
Nestflow will retain your personal data for a period of 1 year after the completion of the service or termination of the agreement. This retention period allows us to handle any post-service inquiries, complaints, or administrative follow-ups.
In certain cases, we may retain your personal data for a longer period, including but not limited to the following situations:
- if applicable laws require us to retain specific data (for example (but not limited to), tax, accounting, or anti-money laundering regulations), we will retain the data for the duration of the legally required period;
- data necessary to establish, exercise, or defend legal claims will be retained for the duration of the applicable statutory limitation period.
In pursuit of these purposes, we may disclose your personal data to:
- subcontractors who process personal data on our behalf (processors) in relation to, for example (but not limited to), hosting, mailing and marketing initiatives. They only process your personal data under our written instructions and in accordance with an agreed processing agreement;
- equity real estate investors: where necessary for the execution of agreements we may share limited data with equity real estate investors, including: property identification information such as postal code and house number; family name; the amount acquired by Nestflow in the property and the formal valuation reports;
- appointed notary: certain data, such as property details and identity verification (for example, copies of passports or deeds), may be shared with the appointed notary to formalize agreements or register transactions;
- judicial, police or administrative authorities, if required by law or court proceedings.
3.1.2. You Are An Equity Real Estate Investor
Nestflow may collect and process one or more of the following personal data:
- contact information: for example, name, first name, email address, phone number, address, company information (if applicable);
- KYC information: Information collected as part of Know Your Customer checks, which may include but is not limited to:
- For natural persons: identity verification (such as full name as shown in passport, date of birth, passport number, and issuing country); proof of address; tax residency and tax identification number; bank account details; declaration of asset origin;
- For legal entities: statutory name of the entity; government-issued company number and tax ID; complete business address; bank account details for the entity; information on authorized signatories; declaration regarding UBO and PEP status;
- bank account and billing information: bank account details and other information necessary for processing payments;
- correspondence and communication: letters, emails, and other forms of communication exchanged with Nestflow.
However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.
Nestflow processes the above personal data for the following purposes:
i.)
to provide you with more information about our services and products at your request or at our initiative, if deemed necessary to accurately perform our services for you;
ii.)
to provide you with the services as agreed with you;
iii.)
to handle any complaint and/or feedback;
iv.)
to make or collect payments;
v.)
to perform Know Your Customer (KYC) checks and comply with legal and regulatory obligations, including anti-money laundering (AML) and fraud prevention regulations;
vi.)
to maintain a business relationship with you as a client.
Nestflow processes the personal data listed above on the following legal grounds:
- the processing is necessary for the performance of an agreement to which you are a party or to take steps at your request prior to the conclusion of an agreement (purposes I to IV above);
- the processing is necessary to comply with legal and regulatory obligations, such as anti-money laundering (AML) and fraud prevention regulations (purpose V above);
- the processing is necessary for the purposes of the legitimate interests pursued by Nestflow or a third party (purpose VI above). Our legitimate interest is to serve you as a client even better by keeping you informed about our activities, services and products
Nestflow will retain your personal data for a period of 1 year after the completion of the service or termination of the agreement. This retention period allows us to handle any post-service inquiries, complaints, or administrative follow-ups.
In certain cases, we may retain your personal data for a longer period, including but not limited to the following situations:
- if applicable laws require us to retain specific data (for example (but not limited to), tax, accounting, or anti-money laundering regulations), we will retain the data for the duration of the legally required period;
- data necessary to establish, exercise, or defend legal claims will be retained for the duration of the applicable statutory limitation period.
In pursuit of these purposes, we may disclose your personal data to:
- subcontractors who process personal data on our behalf (processors) in relation to, for example (but not limited to), hosting, mailing and marketing initiatives. They only process your personal data under our written instructions and in accordance with an agreed processing agreement;
- appointed notary: certain data, such as property details and identity verification (for example copies of passports or deeds), may be shared with the appointed notary to formalize agreements or register transactions;
- judicial, police or administrative authorities, if required by law or court proceedings.
3.2. You are A Supplier Or Subcontractor of Nestflow
Nestflow may collect and process one or more of the following personal data:
- contact information: for example, name, title, function, telephone and mobile number, e-mail address, office address and other contact and/or company information;
- correspondence and other forms of communication: letters, e-mails and other (forms of) communication; and
- information on the delivery of the product/service and any information on our engagement with the supplier/subcontractor, bank account numbers and any other information on payments.
However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.
Nestflow processes the above personal data for the following purpose:
i.)
to buy goods or services.
Nestflow processes the personal data listed above on the following legal basis:
- the processing is necessary for the performance of an agreement to which the supplier/subcontractor is a party or to take steps at the request of the supplier/subcontractor prior to the conclusion of a contract (purpose I above).
We keep your personal data for 1 year after completion of the service, unless Nestflow is required by law to keep the data longer.
In pursuit of this purpose, we may disclose your personal data to:
- subcontractors processing personal data on our behalf (processors).
3.3. You Are A Vistor To Nestflow’s Website or Subscriber To Our Newsletter
Nestflow may collect and process one or more of the following personal data:
- contact information: for example, name, first name, e-mail address, company name, role in your company, address;
- correspondence and other forms of communication: e-mails and other (forms of) communication;
- your electronic identification data: for example, your IP address and connection times, following a visit to our Website that uses cookies or similar techniques.
However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.
Nestflow processes the above personal data for the following purposes:
i.)
to answer your question or request for information, or to schedule an exploratory meeting;
ii.)
for direct marketing, to keep you informed about, among other things, Nestflow activities, products and services;
iii.)
for placing and reading cookies. More information on our use of cookies can be found in our
Cookie Policy.
Nestflow processes the personal data listed above on the following legal grounds:
- the processing is necessary to take pre-contractual measures at your request (purpose I above);
- The user/visitor has given consent for the processing of his/her personal data (purposes II and III above). Regarding cookies, we request your consent for categories of cookies other than strictly necessary cookies (for example, preference cookies and analytical cookies), insofar as our Website uses them. For more information, we refer you to our Cookie Policy;
- The processing is necessary for the protection of the legitimate interests of Nestflow or a third party (purpose III above). For strictly necessary cookies, which are cookies that ensure functionalities without which you would not be able to use our Website as intended, we rely on the legal basis of legitimate interest. These cookies are required purely for technical reasons to be able to use the Website. Given the technical necessity, there is only an obligation to provide information, and we place these cookies as soon as you access the Website.
Nestflow will not retain your personal data for longer than necessary for the purposes for which they were collected. The following retention periods apply:
- (visitor) Nestflow will retain your personal data for up to 24 months after the last contact you had with us as a prospect (purpose I above);
- (subscriber) Nestflow will retain your personal data until you withdraw your consent to the use of your data. You may withdraw your consent at any time using the procedure described under titles 2.4 and 2.5 of this Privacy Statement (purpose II above);
- the retention period for cookies varies depending on the type of cookie. More information on our use of cookies can be found in our Cookie Policy (purpose III above).
In pursuit of these purposes, we may disclose your personal data to:
- subcontractors processing personal data on our behalf (processors);
- the third parties listed in the Cookie Policy.
3.4. You Are A (Potential) Job Applicant of Nestflow
Nestflow may collect and process one or more of the following personal data:
- contact information: for example, name, first name, function, telephone and mobile number, home address, e-mail address, social media account and other contact information;
- correspondence and other forms of communication: letters, e-mails and other (forms of) communication; and
- other recruitment-related or employment-related information (as permitted by law): gender, date of birth, photograph, application form, CV, interview notes, and other employment history information.
However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.
Nestflow processes the above personal data for the following purposes:
i.)
to assess the suitability of the (potential) applicant and to start an application process and for the evaluation of the application;
ii.)
to keep applicants informed of our job openings; and
iii.)
to invite applicants to our Nestflow activities and have them participate in our activities.
Nestflow processes the personal data listed above on the following legal grounds:
- the processing is necessary to take steps at the applicant’s request prior to the conclusion of an agreement to which the applicant becomes a party (purpose I above);
- the applicant has given consent to the processing of his/her personal data (purposes II and III above).
- Nestflow will delete applicants’ personal data no later than 4 weeks after the end of the application process unless the applicant has given his/her express consent to keep his/her data for a longer period. In that case, Nestflow will keep the personal data for a period of 1 year, after which the applicant will be asked whether he/she wishes to renew his/her consent.
In pursuit of these purposes, we may disclose your personal data to:
- subcontractors processing personal data on our behalf (processors).
3.5. You Are A Participant In One Of Our Nestflow Activities (including networking events)
Nestflow may collect and process one or more of the following personal data:
- contact information: for example, name, first name, company name, function, address, telephone and mobile number, e-mail address, payment details (in case of paid activity);
- correspondence and other forms of communication;
- in case of events: for example, business cards, dietary restrictions, photos, videos.
However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.
Nestflow processes the above personal data for the following purposes:
i.)
organizing the Nestflow activity;
iii.)
direct marketing: to invite participants to our Nestflow activities and engage them in our activities; and
iv.)
marketing: posting photos and videos on Nestflow’s Website and social media (for example LinkedIn) to promote our services and activities.
Nestflow processes the personal data listed above on the following legal grounds:
- the processing is necessary for the performance of an agreement to which you are a party or to take steps at your request prior to the conclusion of an agreement (purpose I above);
- the processing is necessary for the protection of the legitimate interests of Nestflow or a third party (purposes II and III above). Our legitimate interests include improving the quality of Nestflow activities (purpose II) and serving you even better by keeping you informed about other Nestflow activities (purpose III); and
- the data subject has given consent to the processing of his/her personal data (purpose IV).
Nestflow will not retain your personal data for longer than is necessary for the purposes described above for which it was collected.
In pursuit of these purposes, we may disclose your personal data to:
- subcontractors processing personal data on our behalf (processors).
4. Changes To This Privacy Statement
We may update this Privacy Statement from time to time. Therefore, we encourage you to consult it regularly so that you are aware of any changes.
Last updated: Feb 25, 2025