Privacy Statement MemBirds
Effective date: August 13, 2025
Version: 1.1
1. Introduction
MemBirds attaches great importance to your privacy. We only process personal data necessary for (improving) our services and handle the information we collect with care. Your data will never be sold to third parties for commercial purposes.
This statement applies to all processing of personal data via our website, application and the related services. In this document we explain:
- Which personal data we process.
- For which purpose and on which legal basis.
- Which sub processors we engage.
- Where your data is stored.
- Which rights you have under the General Data Protection Regulation (GDPR).
For questions about this statement you can contact us via the details at the bottom of this document.
2. Roles and responsibilities
MemBirds is in most cases the data controller within the meaning of the GDPR. When we process personal data on behalf of our customers (for example in their online learning environment), we are processor and act exclusively on the instructions of that customer. With our customers we conclude a data processing agreement (DPA) in accordance with article 28 GDPR.
3. Personal data we process
Depending on your use of our services, we may process the following data:
- Name and contact details (email address, phone number, address)
- Company details (company name, role, VAT number)
- Payment details (bank account number, credit card details)
- Usage data (IP address, browser data, login data, times of use)
- Communication content (messages, support requests)
4. Purposes and legal bases
We process personal data for the following purposes:
- Service delivery: performing the agreement with our customers.
- Customer service: answering questions and providing technical support.
- Administration: invoicing, compliance with legal obligations (bookkeeping, fiscal retention obligation).
- Security: security, fraud prevention, access control.
- Marketing: only with prior consent or in existing customer relationships in accordance with the law.
Legal bases: performance of the agreement, legal obligation, legitimate interest or consent.
5. Sub processors and processing locations
We use carefully selected sub processors to deliver our services. These parties only process personal data on our instructions, on the basis of a data processing agreement.
- Mailgun – Sending transactional emails (servers in EU / US)
- Mollie – Payment processing (servers in EU)
- ActiveCampaign – Marketing automation and email campaigns (servers in US)
- Amazon AWS – Hosting and data storage (servers in EU / US)
- Cloudflare – Security, CDN, DDoS protection (servers worldwide)
- Google Analytics (GA4) – Anonymised web statistics (servers in EU / US)
- Meta (Facebook Pixel) – Ad optimisation, only with consent (servers in US)
- Moneybird – Bookkeeping and invoicing (servers in EU)
- Snelstart – Bookkeeping and invoicing (servers in EU)
- Resend – Email sending and notifications (servers in EU / US)
Transfer outside the EEA
When personal data is transferred outside the European Economic Area (EEA), we use Standard Contractual Clauses (SCCs) approved by the European Commission and additional security measures. This applies among others to our sub processors Mailgun, ActiveCampaign, Cloudflare, Meta, Resend and Google Analytics.
6. Retention periods
We do not store personal data longer than necessary for the purpose for which it was collected, unless we are legally required to keep it longer (for example the fiscal retention obligation of 7 years for invoice data).
7. Security
We take appropriate technical and organisational measures to protect personal data, including:
- SSL/TLS encryption for data transfer
- Limited access rights for employees
- Regular security updates and penetration tests
8. Your rights
Under the GDPR you have the following rights:
- Access to your data
- Rectification of incorrect data
- Erasure of your data ("right to be forgotten")
- Restriction of processing
- Data portability
- Objection to processing (incl. direct marketing)
- Withdrawal of consent
You can submit a request via info@membirds.nl. We respond within 30 days.
9. Cookies and tracking
We use functional, analytical and (with consent) marketing cookies.
- Google Analytics (GA4): anonymised statistics, no cross device tracking.
- Facebook Pixel & Conversion API: only with consent, for ad optimisation.
For more information and to adjust your preferences, see our cookie policy.
10. Data Protection Officer (DPO)
Based on our processing activities we are not required to appoint a DPO. We reassess this periodically.
11. Changes
We may change this privacy statement. The most recent version is always available on our website. In the case of significant changes we will inform you by email.
Contact
MemBirds B.V.
Keizersgracht 520h
1017 EK Amsterdam
Email: info@membirds.nl
