Effective Date: May 1, 2026
1. Introduction
ChatReach, a general partnership (Vennootschap Onder Firma) registered with the Dutch Chamber of Commerce under number 98527029, is responsible for the processing of personal data as described in this Privacy Policy.
At ChatReach, we take your privacy seriously. This Privacy Policy explains which personal data we collect, why we collect it, how we use it, and what rights you have.
We process personal data in accordance with the General Data Protection Regulation (GDPR), the Dutch Implementation Act (UAVG), and the Dutch Telecommunications Act (Telecommunicatiewet).
2. Who we are
Company name: ChatReach VOF
Address: Kazernestraat 17, 5928 NL Venlo, The Netherlands
Email: hello@chatreach.com
KVK number: 98527029
We act as:
Data Controller
For personal data of:
• Customers (account holders)
• Website visitors
• Prospects
• Individuals who contact us
This Privacy Policy primarily applies to these activities.
Data Processor
For personal data processed on behalf of our customers through our platform (e.g. their contacts and message content).
In this role:
• We act strictly on instructions of our customers
• A Data Processing Agreement (Verwerkersovereenkomst) applies
• End users must contact the relevant ChatReach customer to exercise their rights
3. Personal data we process
3.1 Account and contact data
• First and last name
• Company name and business details
• Address data
• Phone number
• Email address
• Login credentials (passwords are securely hashed)
3.2 Payment and billing data
• IBAN / bank account number
• Payment details (via providers such as Stripe or Mollie)
• VAT number
• Invoicing data
3.3 Technical data
• IP addressLocation data (derived from IP, at country/city level)
• Browser and device type
• Usage and activity data
3.4 Communication data (as Data Processor)
• Message content sent via our platform
• Contact details of end users
• Phone numbers of recipients
• Conversation metadata (timestamps, delivery status, read receipts)
3.5 Marketing data
• Newsletter preferences
• Campaign engagement
• Interaction with content
4. Source of personal data
We collect personal data:
• Directly from you
• Automatically via cookies and logs
• From third parties, including:
• Meta Platforms Ireland Ltd. (WhatsApp Business integration)
• Integration partners (e.g. Zapier)
• Payment providers
• Public sources (e.g. Chamber of Commerce)
5. Consequences of not providing data
Providing personal data is not legally required, but necessary for using our services.
Without required data, we cannot:
• Create your account
• Process payments
• Provide the platform
6. Protection of minors
Our services are intended for business users and not directed at individuals under 16 years of age.
If we become aware of data collected from minors without consent, we will delete it.
7. Purpose and legal basis
We process personal data based on Article 6 GDPR:
Contractual necessity (Art. 6(1)(b))
• Account creation and management
• Platform delivery
• Messaging services (WhatsApp campaigns, automations)
• Payments and invoicing
• Customer support
Legal obligation (Art. 6(1)(c))
• Tax and accounting compliance
• Regulatory obligations
• Legitimate interest (Art. 6(1)(f))
• Product improvement and analytics
• Security and fraud prevention
• Direct marketing to existing customers
• Service updates
Consent (Art. 6(1)(a))
• Marketing communications to prospects
• Non-essential cookies
• Cross-site trackingYou may withdraw consent at any time.
8. Automated decision-making
ChatReach does not use automated decision-making or profiling that produces legal or significant effects.
9. Data retention
We retain personal data only as long as necessary:
• Account data: Duration + 2 years
• Financial data: 7 years
• Platform communication data: Duration of subscription
• Marketing data: Until consent withdrawal
• Support tickets: 3 years
• Analytics: Up to 26 months
• Logs: 12 months
• Cookie consent: 12 months
10. Sharing personal data
We do not sell personal data.
We share data only when necessary with:
• Meta Platforms Ireland Ltd. (WhatsApp Business Platform)
• Payment providers (e.g. Stripe, Mollie)
• Hosting and infrastructure providers (EU-based where possible)
• Email and communication providers
• Analytics providers
• Accounting services
• Integration partners (when enabled by you)
• Legal advisors and authorities when required
All processors operate under Data Processing Agreements.
11. International data transfers
Where data is transferred outside the EEA, we ensure appropriate safeguards:
• Standard Contractual Clauses (SCCs)
• EU adequacy decisions
• EU-U.S. Data Privacy Framework (where applicable)
12. Security
We implement appropriate technical and organizational measures, including:
Technical
• TLS encryption (HTTPS)
• Encryption at rest
• Firewalls and intrusion detection
• Secure email authentication (DKIM, SPF, DMARC)
• DNSSEC
• Regular backups and updates
Organizational
• Access controls (need-to-know basis)
• Multi-factor authentication
• Confidentiality agreements
• Security training
• Incident response procedures
• Regular audits
13. Data breaches
In case of a data breach:
• We notify the Dutch Data Protection Authority within 72 hours (Art. 33 GDPR)
• We notify affected users if required (Art. 34 GDPR)
14. Your rights
Under GDPR, you have the right to:
• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction (Art. 18)
• Data portability (Art. 20)
• Object (Art. 21)
• Withdraw consent
Requests can be sent to: hello@chatreach.com
We respond within one month.
15. Complaints
You may file a complaint with the Autoriteit Persoonsgegevens.
We encourage you to contact us first.
16. Cookies
We use:
• Necessary cookies
• Analytical cookies
• Marketing cookies (with consent)
A detailed overview is available in our Cookie Statement.
17. Changes
We may update this Privacy Policy.
Material changes will be communicated at least 30 days in advance.
18. Data Protection Officer
ChatReach has assessed Article 37 GDPR and determined that appointing a Data Protection Officer is not required.
20. Related documents
• Terms & Conditions
• Data Processing Agreement (DPA)
• Cookie Statement
