Last updated: 20 June 2026This Privacy Policy explains how NorthHaven Studio ("we", "us", or "our") collects, uses, and protects personal data when you visit or interact with this website (the "Website"). It has been drafted to align with the General Data Protection Regulation (GDPR) and applicable Dutch data protection law.
1. Who we areThis Website is operated by:
NorthHaven Studio
Legal form: eenmanszaak / sole proprietorship
Registered with the Dutch Chamber of Commerce (KVK)
KVK number: 99279339
VAT number: NL005378599B47
Country of establishment: The Netherlands
Email: contact@northhavenstudio.com
NorthHaven Studio is the data controller for the processing of personal data described in this Privacy Policy.
2. Personal data we collectWe only collect personal data that is necessary for legitimate business purposes. Depending on how you interact with the Website, this may include:
- Name and contact details (such as email address)
- Information you provide in our brand questionnaire (business details, brand preferences, social media handles)
- Communication content (emails or messages you send to us)
- Booking details when you schedule a strategy call with us
- Payment and billing information when you purchase a service
- Technical data (such as IP address, browser type, device information), where automatically logged
- Limited functional cookie data necessary for embedded tools to work (see Section 6)
We do not knowingly collect personal data from children under the age of 16.
3. How we collect personal dataPersonal data is collected when you:
- Complete our brand questionnaire
- Schedule a strategy call with us via our booking tool
- Make a payment for one of our services
- Communicate with us by email
- Visit the Website, where limited technical and functional data may be collected automatically
We use third-party tools — Tally, Calendly, and Stripe — to operate parts of the Website. These are described in Section 7.
4. Purposes and legal basesWe process personal data only where permitted under the GDPR, on the following legal grounds:
Responding to inquiries and pre-contract stepsTo respond to your messages and take steps prior to entering into a contract at your request.
Legal basis: Performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR).
Providing our services and processing paymentsTo deliver the services you book and to handle payment and invoicing.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
Website operation and securityTo ensure the Website functions properly and securely.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
Legal and administrative obligationsTo comply with legal obligations, such as tax and accounting requirements.
Legal basis: Legal obligation (Article 6(1)(c) GDPR).
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.
5. How long we keep personal dataWe do not retain personal data longer than necessary for the purposes for which it was collected.
- Inquiry and communication data: kept for as long as necessary to handle your inquiry and for a reasonable period afterwards (typically up to 24 months from last contact), then deleted.
- Client and project data: kept for the duration of our working relationship and a reasonable period afterwards.
- Invoicing, payment, and tax records: retained for 7 years, as required by the Dutch tax retention obligation (bewaarplicht, Algemene wet inzake rijksbelastingen).
Data held in third-party tools is retained only as long as needed to perform its function or as required by law.
6. CookiesWe aim to keep cookie use to a minimum. We do not use analytics cookies (such as Google Analytics) or advertising/marketing cookies on this Website.
However, some pages embed third-party tools —
Calendly (booking) and
Stripe (payments) — that may set essential or functional cookies when those tools load. These cookies are necessary for the booking and payment features to work securely (for example, to maintain a session or prevent fraud) and do not track you across other websites for advertising purposes.
Under Dutch law (Telecommunicatiewet), strictly necessary and functional cookies do not require prior consent, but we disclose them here for transparency. You can block or delete cookies at any time through your browser settings, though some features (such as booking or payment) may not work correctly if you do.
For details on the cookies set by these tools, see their respective cookie and privacy policies linked in Section 7.
7. Third-party tools we useWe use the following third-party services to operate the Website. Each processes personal data under its own privacy terms, and we have appropriate agreements in place with each.
7.1 Formspree (contact form)We use Formspree (Formspree, Inc., United States) to receive and deliver enquiries submitted through our contact form.
When you submit the form, Formspree processes the information you provide — such as your name, email address, phone number, business name, social media handles, service interest, budget, and any message — and forwards it to us by email. Formspree may also process limited technical data, such as your IP address, for security and spam prevention. NorthHaven Studio is the data controller for this data; Formspree acts as our data processor, processing form submissions on our behalf under a data processing agreement.
Because Formspree is based in the United States, your data may be transferred outside the European Economic Area (EEA). These transfers are safeguarded by Standard Contractual Clauses approved by the European Commission.
Legal basis: Performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR); consent, which you give by ticking the consent box on the form (Article 6(1)(a) GDPR).
For more information, see
Formspree's Privacy Policy.7.2 Tally (brand questionnaire)We use Tally (Tally BV, August Van Lokerenstraat 71, 9050 Ghent, Belgium) to run our brand questionnaire, which clients complete as part of our design process.
When you submit the questionnaire, we may collect your name, email address, business details, brand preferences, social media handles, and any other information you choose to provide. NorthHaven Studio is the data controller for this data; Tally acts as our data processor, processing form submissions on our behalf under a data processing agreement.
Legal basis: Performance of pre-contractual steps (Article 6(1)(b) GDPR); where applicable, consent (Article 6(1)(a) GDPR).
Tally stores form data on servers within the European Union and encrypts data in transit and at rest. We can delete form responses at any time. For more information, see
Tally's Privacy Policy.
7.3 Calendly (strategy call booking)We use Calendly (Calendly, LLC, United States) to let you book a strategy call with us.
When you book, Calendly collects your name, email address, the meeting details you provide, and technical data such as IP address. NorthHaven Studio is the data controller for booking data; Calendly acts as our data processor under its Data Processing Addendum.
Because Calendly is based in the United States, your data may be transferred outside the European Economic Area (EEA). These transfers are safeguarded by Calendly's certification under the EU–U.S. Data Privacy Framework, supported by Standard Contractual Clauses approved by the European Commission.
Legal basis: Performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR).
For more information, see
Calendly's Privacy Notice.
7.4 Stripe (payments)We use Stripe (Stripe, Inc. and its EU affiliates) to process payments for our services.
When you make a payment, Stripe collects transaction data including your name, email address, billing address, and payment method details. We do not receive or store your full card number — this is handled directly by Stripe.
For payment processing, Stripe acts partly as our data processor and partly as an independent data controller, because it has its own legal obligations relating to fraud prevention, anti-money-laundering (AML), know-your-customer (KYC), and financial reporting.
Stripe may transfer data to the United States. These transfers are safeguarded by Stripe's certification under the EU–U.S. Data Privacy Framework, supported by Standard Contractual Clauses.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR); compliance with legal obligations and Stripe's legitimate interests for fraud prevention (Articles 6(1)(c) and 6(1)(f) GDPR).
For more information, see
Stripe's Privacy Policy.
8. Interactive tools on this Website8.1 The 12-Point Website Check
The 12-Point Website Check, available at northhavenstudio.com/look, is an interactive self-assessment tool that runs entirely within your web browser.
We collect no personal data through this tool. The answers you give to the twelve questions, and the score they produce, exist only in your browser's memory for as long as the page is open. They are not transmitted to NorthHaven Studio, not sent to any server, and not stored on your device. Closing or refreshing the page erases them permanently.
The tool sets no cookies and uses no local storage, session storage, or any other browser storage mechanism. It requires no email address, no name, and no account. It makes no network requests of any kind while you use it.
Because no personal data is processed, the GDPR does not apply to your use of this tool. Section 2 of this Policy continues to apply to any technical data automatically logged by our hosting provider when you visit the page, as it does for every page on this Website.
8.2 The link to InstagramOn completing the check, you are offered a link to our Instagram account. Following that link takes you to a platform operated by Meta Platforms, Inc., where Meta's own privacy policy and data practices apply and ours do not. No information about your answers or your score is passed through this link.
If you choose to send us a message telling us your result, you are sharing that information voluntarily. It will be handled as any other communication you send us, under Sections 2, 4 and 5 of this Policy.
9. Sharing personal data with third partiesBeyond the tools described in Section 7, we only share personal data where necessary for the operation of the Website or our services, and only under appropriate safeguards. This may include hosting and IT service providers, and professional advisors where legally required.
We do not sell personal data.
10. International data transfersSome service providers (such as Calendly and Stripe) may process personal data outside the EEA, including in the United States. Where this occurs, we ensure appropriate safeguards are in place — primarily the EU–U.S. Data Privacy Framework and, as an additional safeguard, Standard Contractual Clauses approved by the European Commission. Tally stores data within the EU.
11. Your rights under the GDPR
You have the following rights regarding your personal data:
- Right of access;
- Right to rectification;
- Right to erasure ("right to be forgotten");
- Right to restriction of processing;
- Right to data portability;
- Right to object to processing;
- Right to withdraw consent at any time (where processing is based on consent).
To exercise any of these rights, contact us using the details in Section 14.
You also have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl), if you believe your data has been handled unlawfully.
12. Security measuresWe take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, or disclosure.
13. Changes to this Privacy PolicyWe may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. Updates will be posted on this page with a revised "Last updated" date. Where changes are material, we will take reasonable steps to make them clearly visible.
14. ContactIf you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:
NorthHaven Studio
Email: contact@northhavenstudio.com