Van urenregistratie tot facturatie — PrikKlokPlus houdt uw team productief en uw bedrijf draaiende.
© 2026 PrikKlokPlus
This is the privacy policy of PrikKlokPlus B.V. ("PrikKlokPlus", "we", "us", or "our"), provider of the PrikKlokPlus SaaS platform — software for time tracking, scrum planning, and invoicing. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Dutch implementing legislation (UAVG).
| Company | PrikKlokPlus B.V. |
| Address | [Street, Postal Code, City, Netherlands] |
| Chamber of Commerce | [Number — pending registration] |
| Privacy email | privacy@prikklokplus.nl |
| Website | https://prikklokplus.nl |
We are not legally required to appoint a Data Protection Officer (DPO). For privacy questions, contact privacy@prikklokplus.nl.
Controller — we are the controller for data related to our own service operations: account management, subscription billing, platform security, and communications from PrikKlokPlus.
Processor — when you as a tenant store data about your employees, clients, or projects inside PrikKlokPlus, we act as a processor on your behalf. A Data Processing Agreement (DPA) governs those data flows. The DPA is available at /legal/dpa.
user_email_preferences) | Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Account creation and management | Performance of contract (art. 6(1)(b)) |
| Delivery of SaaS service (hours, tasks, projects, CRM) | Performance of contract (art. 6(1)(b)) |
| Subscription billing | Performance of contract + legal obligation (art. 6(1)(b)(c)) |
| Statutory invoice retention (7 years) | Legal obligation — Dutch VAT Act (art. 6(1)(c)) |
| Platform security and fraud prevention | Legitimate interests (art. 6(1)(f)) |
| Error tracking and platform stability (self-hosted monitoring) | Legitimate interests (art. 6(1)(f)) |
| Product analytics (self-hosted, no cookies) | Legitimate interests (art. 6(1)(f)) |
| Transactional emails | Performance of contract (art. 6(1)(b)) |
| Opt-in product newsletter | Consent (art. 6(1)(a)) |
We never use your data for automated individual decision-making or profiling (GDPR art. 22) without human review.
| Data type | Retention | Reason |
|---|---|---|
| Account data (name, email) | Until account deletion + 2 years | Business correspondence; GDPR art. 17(3) |
| Hashed password, 2FA secret | Until account deleted | Security requirement |
| Hour entries | 7 years | Dutch accounting obligation (art. 52 AWR) |
| Invoices and payment data | 7 years | Statutory tax retention (Dutch VAT Act) |
| Activity log | 90 days | Security monitoring; auto-deleted thereafter |
| IP addresses in logs | 30 days | Security monitoring; auto-deleted thereafter |
| Session data (Redis) | 2 hours of inactivity | Technical necessity; auto-expired |
| Monitoring traces and logs | 90 days | Debugging; auto-deleted thereafter |
| Sub-processor | Service | Data location | Transfer outside EEA |
|---|---|---|---|
| Contabo GmbH | Server hosting (application and database); self-hosted analytics (Plausible); self-hosted monitoring and error tracking (Grafana, Loki, Tempo, Prometheus); self-hosted source code and CI/CD (Forgejo) — all on the same server | Germany (EU) | No |
| Hetzner Online GmbH | Backup storage | Germany / Netherlands (EU) | No |
| Upstash / Redis | Session storage, queue, cache | EU region | No |
| Postmark (ActiveCampaign) | Transactional email | EU region available | If US: SCCs apply |
| Mollie B.V. | Payment processing | Netherlands (EU) | No |
We never sell your personal data to third parties. Analytics (Plausible) and monitoring/error tracking (Grafana/Loki/Tempo/Prometheus) are self-hosted on our own server in Germany — no data leaves the EEA for these purposes. Where a sub-processor transfers data outside the EEA (e.g. Postmark, if using US infrastructure), we rely on EU Standard Contractual Clauses (SCCs, decision EU 2021/914).
In the event of a personal data breach likely to result in a high risk to your rights, we will notify you promptly and report to the Dutch DPA (AP) within 72 hours (GDPR art. 33–34).
| Cookie | Type | Purpose | Retention |
|---|---|---|---|
prikklokplus_session | Essential | Authentication and session management | 2 hours of inactivity |
XSRF-TOKEN | Essential | CSRF attack protection | Session |
appearance | Functional | Storing theme preference (light/dark) | 1 year |
locale | Functional | Storing language preference | 1 year |
We do not use tracking or marketing cookies. No third-party advertising cookies are placed.
| Right | Description | How to exercise |
|---|---|---|
| Access (art. 15) | Request what data we hold about you | Settings → Data export or email us |
| Rectification (art. 16) | Have inaccurate data corrected | Via your profile settings or email |
| Erasure (art. 17) | Request deletion of your account and data | Settings → Delete account |
| Restriction (art. 18) | Have processing temporarily restricted | privacy@prikklokplus.nl |
| Portability (art. 20) | Receive your data in JSON/CSV format | Settings → Data export |
| Objection (art. 21) | Object to processing based on legitimate interests | privacy@prikklokplus.nl |
| Withdraw consent (art. 7(3)) | Withdraw consent (e.g. newsletter) | Unsubscribe link in emails or Settings → Notifications |
We respond within four weeks.
If you are dissatisfied, please contact privacy@prikklokplus.nl first. You also have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens (AP)
P.O. Box 93374, 2509 AJ The Hague
autoriteitpersoonsgegevens.nl
We may update this policy when our services or applicable law require it. For material changes we will notify active users by email and/or in-app notification at least 30 days before the effective date.
Dit is de privacyverklaring van PrikKlokPlus B.V., aanbieder van het SaaS-platform PrikKlokPlus. Wij verwerken persoonsgegevens in overeenstemming met de AVG en de Nederlandse UAVG.
| Bedrijfsnaam | PrikKlokPlus B.V. |
| E-mail privacy | privacy@prikklokplus.nl |
Contabo GmbH (Duitsland, EU — hosting, database, self-hosted Plausible-analytics, self-hosted monitoring/ foutopsporing en self-hosted Forgejo broncode/CI, alles op dezelfde server), Hetzner Online GmbH (EU — back-ups), Mollie B.V. (NL), Postmark (EU/VS — SCC's). Wij verkopen uw gegevens nooit aan derden.
U heeft recht op inzage, rectificatie, vergetelheid, beperking, overdraagbaarheid en bezwaar (AVG art. 15–21). Verzoeken richten aan privacy@prikklokplus.nl of via Instellingen in de applicatie. Reactie binnen vier weken. Klachten: Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl.