image

Privacy Statement

BIG PICTURES

Big.Pictures respects your privacy and is committed to protecting your personal data. This Privacy Statement explains what personal data we collect through our website and communications, why we collect it, how we use it, and what rights you have.

1. Who we are

Big.Pictures is a video production and creative media company based in the Netherlands.

Business name: Big.Pictures
Legal entity: [insert VOF / eenmanszaak / registered legal name]
KvK number: [insert KvK number]
Address: [insert business address, or “available upon request” if appropriate]
Email: [insert privacy/contact email]

For privacy-related questions, you can contact us at: [email]

2. What personal data we collect

We may collect and process the following personal data:

Information you provide to us

When you contact us through our website, by email, phone, social media, or another communication channel, we may collect:

Your name
Email address
Phone number
Company or organisation name
Project details, messages, requests, or other information you choose to share
Billing and administrative information if you become a client
Website and technical data

When you visit our website, we may collect limited technical information, such as:

IP address
Browser type
Device type
Pages visited
Date and time of visit
Referring website
Basic analytics data

This information helps us understand how visitors use our website and helps us maintain website security.

3. Why we use your personal data

We use personal data for the following purposes:

To respond to inquiries and messages
To prepare proposals, quotes, and project plans
To communicate with clients and potential clients
To provide video production, creative, and media services
To manage administration, invoicing, accounting, and tax obligations
To improve our website and services
To protect the security and proper functioning of our website
To comply with legal obligations
4. Legal basis for processing

Under the GDPR/AVG, we only process personal data when we have a valid legal basis. Depending on the situation, we process your data based on:

Pre-contractual or contractual necessity: when you ask for a quote, proposal, or enter into an agreement with us.
Legitimate interest: when we respond to business inquiries, maintain client relationships, improve our website, or protect our systems.
Legal obligation: when we need to keep records for accounting, tax, or other legal requirements.
Consent: when required, for example for certain cookies, newsletter subscriptions, or marketing communications.

The GDPR does not set one fixed retention period for all data, but businesses should not keep personal data longer than necessary for the purpose for which it was collected.

5. Cookies and analytics

Our website may use cookies or similar technologies.

Functional cookies are used to make the website work properly. We may also use limited analytics tools to understand website traffic and improve the site. According to Dutch government guidance, functional cookies and analytics cookies with little or no privacy impact do not require prior consent, but visitors must still be informed about them.

If we use tracking cookies, advertising pixels, remarketing tools, or embedded third-party content that places tracking cookies, we will ask for your consent where required.

Examples of third-party services that may process data include:

Website hosting provider
Email provider
Analytics provider
Embedded video platforms such as Vimeo or YouTube
Form or CRM tools, if used

Third-party services may process data according to their own privacy policies.

6. Sharing personal data

We do not sell your personal data.

We may share personal data only when necessary with:

Hosting and website service providers
Email, form, CRM, or project management tools
Bookkeeping or accounting providers
Payment or invoicing services
Professional advisors, if necessary
Public authorities, if required by law

Where appropriate, we use service providers who process personal data on our behalf and are expected to protect that data properly.

7. International transfers

Some of the services we use may process data outside the European Economic Area. If that happens, we aim to use providers that apply appropriate safeguards under GDPR, such as standard contractual clauses or other legally recognised transfer mechanisms.

8. How long we keep personal data

We do not keep personal data longer than necessary.

In general:

Inquiry and contact form data may be kept for up to [12–24 months], unless further contact or a business relationship develops.
Client communication and project records may be kept for as long as needed to complete the project and manage the client relationship.
Invoices and financial records are kept for the period required by Dutch tax and accounting law.
Website analytics data is kept according to the settings of the analytics provider.
9. Your privacy rights

Under the GDPR/AVG, you have rights regarding your personal data. These may include the right to:

Access your personal data
Correct inaccurate or incomplete data
Request deletion of your data
Restrict or object to certain processing
Withdraw consent where processing is based on consent
Request transfer of your data where applicable

The Dutch Data Protection Authority explains these privacy rights, including access, correction, and deletion rights.

To exercise your rights, contact us at [email].

We may need to verify your identity before responding to a request.

10. Security

We take reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction.

However, no website or online communication system is completely secure. Please avoid sending sensitive personal information through ordinary contact forms or unencrypted email unless necessary.

11. Complaints

If you have concerns about how we handle your personal data, please contact us first at [email] so we can try to resolve the issue.

You also have the right to file a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens, which supervises GDPR compliance in the Netherlands.

12. Changes to this Privacy Statement

We may update this Privacy Statement from time to time. The latest version will always be available on our website.