Privacy Policy
Last Updated: 28 March 2026
EnableNext ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy applies to the website enablenext.nl and the services offered through it, including our contact form, ESA Assessment, and NIS2 Checker tools. It does not cover other platforms or services operated by EnableNext.
1. Who We Are
EnableNext (KvK 53538633)
Oder 20, 2491 DC The Hague, the Netherlands
Website: enablenext.nl
Contact: Use our contact form
2. Information We Collect
2.1 Contact Form Submissions
When you submit our contact form, we collect:
- Name - to address you appropriately in our response
- Email address - to respond to your enquiry
- Subject and message - to understand and address your enquiry
2.2 Assessment Tool Responses
When you use our free assessment tools (ESA Assessment, NIS2 Checker), we may collect:
- Assessment responses - your answers to questions
- Email address (optional) - if you choose to receive results via email
- Submission timestamp - to analyse usage patterns and improve our tools
2.3 Information We Do NOT Collect
We explicitly do not collect:
- IP addresses
- Device fingerprints
- Location data
- Browsing history
- Analytics or tracking cookies
3. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we process your personal data based on:
- Consent - You voluntarily provide information through our contact form or assessment tools
- Legitimate interests - To respond to your enquiries and provide requested services
- Contractual necessity - If you engage our services, to fulfil our contractual obligations
4. How We Use Your Information
We use your personal data only for the following purposes:
- Responding to enquiries - To answer questions submitted via our contact form
- Providing assessment results - To deliver results from our ESA Assessment or NIS2 Checker tools
- Service delivery - If you engage our consulting services
- Improving our services - Anonymised, aggregated analysis of assessment tool usage
We do not:
- Sell, rent, or share your personal data with third parties
- Use your data for marketing purposes without explicit consent
- Track your behaviour across websites
- Profile you for automated decision-making
5. Data Storage and Security
5.1 Where We Store Your Data
Your personal data is stored securely on servers located within the European Economic Area (EEA). We do not transfer data outside the EEA.
5.2 Security Measures
We implement industry-standard security measures to protect your data:
- Encrypted database connections (TLS/SSL)
- Secure database access controls
- Input validation and sanitisation
- Rate limiting to prevent abuse
- Regular security reviews and updates
5.3 Data Retention
We retain your personal data only for as long as necessary:
- Contact form submissions: 4 months, or until you request deletion
- Assessment tool responses: 4 months for anonymous analytics; email addresses deleted after 90 days if provided
- Client engagement data: 7 years for legal and accounting purposes
6. Cookies and Session Data
6.1 Essential Cookies
We use only essential session cookies for security purposes:
- PHP Session Cookie (PHPSESSID) - Required for rate limiting to prevent form abuse and denial-of-service attacks
These cookies are strictly necessary for the security and proper functioning of our website. They do not track you, store personal data, or persist beyond your session.
6.2 No Tracking or Analytics Cookies
We do not use:
- Google Analytics or similar tools
- Marketing or advertising cookies
- Social media tracking pixels
- Third-party analytics services
7. Your Rights Under GDPR
As a data subject in the European Union, you have the following rights:
7.1 Right of Access
You can request a copy of the personal data we hold about you.
7.2 Right to Rectification
You can request correction of inaccurate or incomplete data.
7.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data, subject to legal retention requirements.
7.4 Right to Restriction of Processing
You can request that we limit how we use your data.
7.5 Right to Data Portability
You can request your data in a structured, machine-readable format.
7.6 Right to Object
You can object to processing based on legitimate interests.
7.7 Right to Withdraw Consent
You can withdraw consent at any time where we rely on consent for processing.
7.8 Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data properly.
To exercise any of these rights: Submit a privacy request via our contact form. Mark your subject line as "Privacy Request" for priority handling.
8. Third-Party Services
Our website may contain links to third-party websites and services:
- Microsoft Bookings - For scheduling consultations (governed by Microsoft's privacy policy)
When you click these links, you leave our website and are subject to the third party's privacy practices. We are not responsible for the privacy practices of external websites.
9. Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant data protection authority within 72 hours
- Notify affected individuals without undue delay
- Take immediate steps to mitigate the breach
10. Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.
11. International Data Transfers
We do not transfer personal data outside the European Economic Area. All data is stored and processed within the EEA, ensuring full GDPR protection.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:
- Update the "Last Updated" date at the top of this page
- Notify you of material changes via email if we have your contact details
- Obtain new consent where required by law
We encourage you to review this Privacy Policy periodically.
13. Legal Compliance
This Privacy Policy complies with:
- EU General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
- Dutch Data Protection Authority (Autoriteit Persoonsgegevens) guidelines
- ePrivacy Directive (Cookie Law)
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
EnableNext (KvK 53538633)
Oder 20, 2491 DC The Hague, the Netherlands
Website: enablenext.nl
Submit Privacy Enquiry via Contact Form
For privacy-related enquiries, please use "Privacy Request" or "GDPR Request" in the subject line for priority handling.
We aim to respond to all enquiries within 5 business days and fulfil GDPR requests within 30 days as required by law.