This Privacy Policy describes how Jay Jay Internet Projects B.V. (“JJIP”, “we”, “us”) handles your personal data. It applies to all our websites and services and complements our General Terms and Conditions.
We process personal data in different capacities. Sometimes we act as an intermediary between you and a publisher or training provider and forward your data to them. Sometimes we provide a service to you directly, such as a digital invitation, and we ourselves decide how we use your data. Sometimes we run a white-label service for a business customer, and that business customer is responsible for the data of its guests. For each service we set out below what our role is, which data we process and on which legal basis we do so.
Mode of address. By “you” we mean every natural person whose personal data we process: visitors to our websites, customers, recipients of invitations, contact persons of business customers and people who contact us. By “we”, “us” or “JJIP” we mean Jay Jay Internet Projects B.V.
Version 1.0 — adopted on 27 May 2026 — entered into force on 27 May 2026
Jay Jay Internet Projects B.V., trading as JJ Internet Projects, is a private limited company incorporated under Dutch law and established in Arnhem. We are the controller for the processing activities described in this policy, except where expressly stated otherwise below.
| Address | Poggenbeekstraat 10, 6813 KG Arnhem, the Netherlands |
| Chamber of Commerce number | 24315808 |
| VAT number | NL809799741B02 |
| Central privacy contact | privacy@jjip.nl |
| General customer contact | service@jjip.nl |
We have not appointed a statutory Data Protection Officer. Jaap Groenendijk is the internal contact point for privacy matters and can be reached at privacy@jjip.nl.
This Privacy Policy applies to all JJIP Platforms. At the date of adoption these are:
For some Platforms an additional or differing explanation may apply. That explanation is then set out on the privacy page of the relevant Platform and takes precedence in the event of a conflict.
In this Privacy Policy we use the following terms.
GDPR — the General Data Protection Regulation (Regulation (EU) 2016/679).
Intermediation Platform — a JJIP website on which we present offers from a publisher or training provider and forward your registration to that party.
Invitation Platform — a Platform on which JJIP itself provides the service of creating, publishing and sharing a digital invitation, memorial card or announcement.
Business Customer — a legal entity that, under Module B.2 of the General Terms and Conditions, takes a white-label environment from us on its own domain.
Personal data — all information about an identified or identifiable natural person, as described in article 4(1) GDPR.
Processor — a party that processes personal data on JJIP’s instructions, on the basis of a data processing agreement.
EEA — the European Economic Area (the EU member states plus Iceland, Liechtenstein and Norway).
Adequacy decision — a decision of the European Commission that a country outside the EEA offers an adequate level of protection for personal data.
SCCs — the Standard Contractual Clauses adopted by the European Commission for transfers of personal data to countries outside the EEA without an adequacy decision.
This Privacy Policy applies to every processing of personal data that we carry out through our Platforms, in our customer service, in our mailings, or in direct contact with you. We provide you with the information required under articles 13 and 14 GDPR.
Where we do not obtain your data directly from you — for example, if someone else adds you as a recipient or guest to an invitation on EventInfo.pro or Rouwkaarten.online — we inform you of that processing through the invitation itself or at first interaction, and in any event no later than one month after we obtain your data, subject to the exceptions of article 14(5) GDPR.
This section describes, per service, which categories of personal data we process, for what purpose and on which legal basis (article 6 GDPR).
When you visit a JJIP Platform, we automatically process a number of technical data: your IP address, the time of your visit, the pages you visit, the referring page, the device and browser type used, and your language and region settings.
| Purpose | displaying our website, security, troubleshooting, fraud prevention and aggregated visitor statistics |
| Legal basis | legitimate interest (article 6(1)(f) GDPR) |
| Retention period | server logs no more than 12 months; analytics data 14 months (see 4.9) |
For analytical and marketing-related processing through cookies, we ask for your consent in advance. See section 9.
When you apply for a subscription or training course through abonnement.nl, proefabonnement.nl, vakbladen.nl, abonnement.be or thuisstudie.nl, you fill in an order form on our site or via a redirect. Depending on the offer, the following data is involved.
We pass this data on to the affiliate network and/or the publisher or training provider offering the product. The actual agreement is concluded between you and that publisher or training provider. From the moment of transfer that party is the independent controller of your data and its own privacy terms apply.
| Purpose | enabling your registration, validation of the application and commission settlement with the affiliate network |
| Legal basis | performance of an agreement or pre-contractual step (article 6(1)(b) GDPR); for commission settlement, legitimate interest (article 6(1)(f) GDPR) |
| Recipients | the relevant affiliate network (OMG, TradeTracker) and the publisher or training provider |
| Retention period at JJIP | no more than 90 days after transfer, after which deletion |
You are not obliged to provide your data to us, but without that data we cannot forward your application and no subscription or training course will be concluded.
When you create an account on eventinfo.pro as a consumer to compose an invitation, we process the following data.
| Purpose | creating and maintaining your account, providing the invitation service, processing payments, providing support and complying with legal obligations |
| Legal basis | performance of the agreement (article 6(1)(b) GDPR); for follow-up commercial communications, legitimate interest or your consent (see 4.8) |
| Retention period | account data for as long as your account is active; content of your invitation up to 12 months after publication or your deletion request; after termination of your account a further 30 days in back-ups, then deletion |
When a Business Customer takes a white-label environment from us on its own domain, we process two categories of data, in different roles.
a. Data of the Business Customer itself and its contact persons. We process company name, Chamber of Commerce number, VAT number, billing address, contact person (name, role, business email address and telephone number) and payment details. For this we are the controller. The legal basis is performance of the agreement and statutory obligations (such as invoicing and fiscal retention).
b. Data that the Business Customer processes through the white-label environment. This includes all personal data of end users, guests or recipients that the Business Customer processes through its environment. For this data the Business Customer is itself the controller and we are the processor. The arrangements that apply are set out in the Data Processing Agreement attached as Annex 2 to our General Terms and Conditions.
| Retention period for customer data | duration of the agreement plus 7 years for invoicing (fiscal retention obligation) |
| Retention period for end-user data | in accordance with the instructions of the Business Customer and the Data Processing Agreement; by default up to 60 days after the end of the agreement for export, then deletion |
When you create a digital memorial card or condolence environment through rouwkaarten.online, largely the same processing activities apply as described in section 4.3. Specific to this service:
Personal data of deceased persons does not fall under the GDPR. We nevertheless handle it with care and respect. Data of entitled persons and those leaving condolences does fall under this policy.
| Purpose | providing the memorial card and condolence service, enabling access for entitled persons and displaying condolences |
| Legal basis | performance of the agreement with you as the commissioning party (article 6(1)(b) GDPR); for those leaving condolences, legitimate interest and, where necessary, their consent (article 6(1)(a) and (f) GDPR) |
| Retention period | up to 24 months after publication or your deletion request |
On EventInfo.pro and Rouwkaarten.online you can invite others or share a card. When a guest opens the invitation and, for example, leaves an RSVP or condolence, we process from that guest:
For these processing activities we are the controller. We process this data only to deliver the service that you, as the organiser, have requested. The legal basis is legitimate interest (article 6(1)(f) GDPR) and, to the extent that a guest actively enters data, performance of a service at his or her request.
When you contact our customer service — through a service@ address, a contact form or another channel — we process the data that you send us. This is at least your name and email address and the content of your message; in addition, any data you choose to add (such as an order number, account data or attachments).
We use Freshdesk and Google Workspace to receive and manage your message. Our staff in a customer contact role have access to your correspondence.
| Purpose | answering your question or complaint and documenting the handling internally |
| Legal basis | performance of the agreement (article 6(1)(b) GDPR) or our legitimate interest (article 6(1)(f) GDPR) in providing good customer service |
| Retention period | for as long as needed for the handling, with a buffer of six months; correspondence that forms part of our administration is retained for as long as the fiscal retention obligation (7 years) requires |
We periodically send newsletters, offers and service updates from our Platforms, mainly through Mailjet. For this we process your name, email address, language and region settings, and data about opens and clicks of earlier mailings.
| Situation | Legal basis |
|---|---|
| You are already a customer and we send you similar offers | legitimate interest (article 6(1)(f) GDPR), with opt-out in every mailing |
| You have subscribed to a newsletter without a prior customer relationship | your consent (article 6(1)(a) GDPR) |
| Service emails about your order, account or invitation | performance of the agreement (article 6(1)(b) GDPR) |
You may withdraw your consent at any time and unsubscribe at the bottom of every commercial mailing. Withdrawal does not affect the lawfulness of the processing prior to withdrawal.
Retention period: until unsubscription plus three months for administrative closure. Service emails are retained for as long as your customer relationship or account exists.
On our Platforms we use Google Analytics 4 to track how many people visit our sites and how they use them. This helps us improve our content and technology.
We have configured Google Analytics so that IP addresses are automatically shortened and are not passed in full to Google. We do not share analytics data with Google for any other purpose and we have limited “Share data with Google”. Google Analytics places cookies; these are activated only after you have given consent through our cookie banner (see section 9).
| Purpose | insight into visitor numbers, popular content, functional issues and general usage patterns |
| Legal basis | your consent (article 6(1)(a) GDPR) |
| Retention period | by default 14 months in Google Analytics; aggregated reports longer |
| Recipient | Google Ireland Limited as processor; transfer to the United States under the EU-US Data Privacy Framework (see section 6) |
We use Google Ads to display advertisements and, to a limited extent, to measure conversions through the Google Ads conversion pixel. We do not use a Meta Pixel, a LinkedIn Insight Tag, or any other advertising pixels.
| Purpose | measuring which advertisements have led to an application or purchase and evaluating our advertising spend |
| Legal basis | your consent (article 6(1)(a) GDPR) |
| Retention period | in accordance with the Google Ads settings, by default up to 540 days for conversion attribution |
We never sell or rent your personal data to third parties. We share it only with the parties described below, or where we are legally required to do so.
a. Recipients who themselves become controllers. In intermediation (section 4.2) we pass your data to the affiliate network and to the publisher or training provider with which you register. As soon as that party has received your data and your agreement with it has been concluded, that party is the independent controller. For further information we refer you to the privacy statements of these parties, including OMG Affiliate (omg.nl), TradeTracker (tradetracker.com) and the specific publisher or training provider with which you have registered.
b. Processors that support us. To perform our services we engage a number of processors. An up-to-date overview is set out in Annex 1. With all of these parties we have entered into a data processing agreement or have put in place appropriate contractual arrangements.
c. Statutory obligations. We may be required to provide personal data to competent authorities, for example on the basis of a court order, a fiscal obligation or a request from a supervisory authority. We do so only to the extent the law requires and inform you about it where permitted.
Some of our processors and their sub-processors process personal data outside the EEA. We do so only where we have put in place an appropriate safeguard within the meaning of Chapter V GDPR.
New Zealand. Our developer Daniel works from New Zealand and, for his maintenance tasks, has access to production data of our Platforms. New Zealand benefits from an adequacy decision of the European Commission (Decision 2013/65/EU), which means that the transfer of personal data to New Zealand has an adequate level of protection. We have also agreed contractual confidentiality and security obligations with Daniel.
United States. For Google services (Google Analytics 4, Google Ads and Google Workspace) and for some sub-processors of Freshdesk, transfer takes place to the United States. Google Ireland is certified under the EU-US Data Privacy Framework. For transfers that are not covered by an adequacy decision, our processors apply the European Commission’s Standard Contractual Clauses and, where relevant, supplementary technical and organisational measures.
You may ask us at privacy@jjip.nl for a copy of the relevant safeguards or for further explanation per processor.
We do not retain your data longer than necessary for the purposes for which we collected it or longer than legally required. The main retention periods are summarised below. In the event of a conflict between this table and a specific processing activity in section 4, the specific processing activity prevails.
| Type of data | Retention period |
|---|---|
| Server logs | no more than 12 months |
| Intermediation applications (name and address, IBAN, date of birth) | no more than 90 days after transfer |
| EventInfo account | as long as the account is active |
| Content of an EventInfo invitation | up to 12 months after publication or deletion request |
| Content of a Rouwkaarten card and condolence register | up to 24 months after publication or deletion request |
| Back-ups after termination of EventInfo account | no more than 30 days |
| Export period for Module B.2 after end of agreement | no more than 60 days, then deletion |
| Customer service correspondence | for as long as needed plus 6-month buffer |
| Invoicing and administrative data | 7 years (fiscal retention obligation, Article 52 AWR) |
| Newsletter subscription | until unsubscription plus 3 months |
| Google Analytics 4 | 14 months, aggregated longer |
| Google Ads conversion data | up to 540 days for attribution |
| Cookies | in accordance with our cookie statement and the Cookiebot settings |
We take appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, alteration or disclosure. These include:
If, despite these measures, we suffer a personal data breach with (potentially) serious consequences, we will report it to the Dutch Data Protection Authority within 72 hours and, where necessary, inform you directly, as required by articles 33 and 34 GDPR.
On our Platforms we use cookies and similar techniques. We distinguish three categories.
On your first visit to a Platform you will see a cookie banner managed by Cookiebot. There you may give consent, refuse or choose per category. You may change your choice at any time through the “Cookie settings” link at the bottom of the page. A detailed overview of the cookies used per Platform is set out in our Cookie Statement.
Under the GDPR you have various rights in relation to your personal data. You may exercise any of these rights by sending a request to privacy@jjip.nl or to the service@ address of the relevant Platform. We respond within one month, with the possibility of an extension by two months in the case of complex requests.
To prevent misuse, we may ask you to make your identity plausible before we act on your request. We ask for no more information than strictly necessary.
Are you dissatisfied with how we handle your personal data? We consider it important to hear this from you first. Send your complaint to privacy@jjip.nl or to the service@ address of the relevant Platform. We will respond within fourteen business days.
You also have the right at any time to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or with the supervisory authority of the EU country where you reside. The Dutch Data Protection Authority can be reached via autoriteitpersoonsgegevens.nl.
We may amend this Privacy Policy from time to time, for example to align with new legislation, new services or changed processors. The current version is always available on our Platforms, stating the version and date of entry into force. For material changes we will inform you through a banner or by email, as required by the GDPR.
For questions or requests about this Privacy Policy you can contact:
| Jay Jay Internet Projects B.V. | for the attention of Privacy |
| Address | Poggenbeekstraat 10, 6813 KG Arnhem, the Netherlands |
| Privacy email | privacy@jjip.nl |
| Customer service email | service@jjip.nl |
| Chamber of Commerce number | 24315808 |
| Platform | Hosting | Analytics | Mailing | Payments | Cookie consent | Customer service |
|---|---|---|---|---|---|---|
| abonnement.nl | Proserve | Google Analytics 4 | Mailjet | n/a | Cookiebot | Freshdesk + Google Workspace |
| proefabonnement.nl | Proserve | Google Analytics 4 | Mailjet | n/a | Cookiebot | Freshdesk + Google Workspace |
| vakbladen.nl | Proserve | Google Analytics 4 | Mailjet | n/a | Cookiebot | Freshdesk + Google Workspace |
| abonnement.be | Proserve | Google Analytics 4 | Mailjet | n/a | Cookiebot | Freshdesk + Google Workspace |
| thuisstudie.nl | Proserve | Google Analytics 4 | Mailjet | n/a | Cookiebot | Google Workspace |
| eventinfo.pro | Proserve | Google Analytics 4 | Mailjet | Mollie | Cookiebot | Google Workspace |
| rouwkaarten.online | Proserve | Google Analytics 4 | Mailjet | Mollie | Cookiebot | Google Workspace |
Where we add new Platforms or change processors in the future, we will update this annex and publish the new version through our Platforms.