PRIVACY POLICY

Issued: November 2025

1. Preamble

WHEREAS, 90EIGHT (“the Company”, “we”, “us”, or “our”), registered under the laws of the Kingdom of the Netherlands, operates the digital platform www.90eight.com (“the Site”) as a global-facing creative firm specializing in natural advertising, creator-driven brand integrations, and contextual media design;

AND WHEREAS, the Company recognizes the inviolable right to privacy and data protection as a fundamental human and legal entitlement under Article 8 of the Charter of Fundamental Rights of the European Union;

AND WHEREAS, the Company undertakes to comply fully with the General Data Protection Regulation (EU) 2016/679, the Dutch Data Protection Act (Uitvoeringswet AVG), and where applicable, the California Consumer Privacy Act (CCPA) and other comparable frameworks governing cross-border personal data processing;

NOW, THEREFORE, this Privacy Policy (“Policy”) is hereby enacted to establish binding obligations, rights, and procedures governing the lawful collection, processing, retention, and protection of all Personal Data obtained through the Site or in connection with the Company’s business operations.

2. Scope and Territorial Application

2.1 This Policy applies exclusively to the processing of Personal Data collected directly through the Company’s official website, www.90eight.com, including any subdomains, contact forms, or digital assets owned and controlled by 90EIGHT.

2.2 This Policy does not apply to any third-party websites, affiliate platforms, or social media pages that may be accessible via hyperlinks, embedded media, or integrations on the Site.
90EIGHT disclaims any responsibility or liability for the data practices or policies of such third-party entities.

2.3 This Policy applies globally to all users and visitors, irrespective of nationality or jurisdiction, where applicable under international data protection law.

3. Definitions

For the purposes of this Policy, the following terms shall have the meanings ascribed below:

  • “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”) as defined under Article 4(1) of the GDPR.

  • “Processing” means any operation performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or destruction.

  • “Controller” means the natural or legal person which determines the purposes and means of the processing of Personal Data.

  • “Processor” means any natural or legal person that processes Personal Data on behalf of the Controller.

  • “Consent” means a freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they signify agreement to the processing of Personal Data relating to them.

  • “Data Subject” means any individual whose Personal Data is collected, stored, or otherwise processed by the Company.

  • “GDPR” refers to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data.

  • “Supervisory Authority” refers to the competent data protection authority in the Netherlands: Autoriteit Persoonsgegevens (AP).

  • “Business Correspondence Data” refers to Personal Data submitted through digital communication channels, including contact forms and email correspondence.

4. Legal Basis for Processing

The Company processes Personal Data only under the lawful bases enumerated in Article 6 of the GDPR, namely:

  • Consent (Art. 6(1)(a)) — when the Data Subject has voluntarily provided Personal Data for communication or inquiry purposes.

  • Performance of a Contract (Art. 6(1)(b)) — where data processing is necessary for the execution or potential establishment of a contractual relationship.

  • Legal Obligation (Art. 6(1)(c)) — where processing is required by applicable law or regulatory obligation.

  • Legitimate Interest (Art. 6(1)(f)) — for maintaining website functionality, business communication, and the prevention of fraud or abuse.

No Personal Data shall be processed beyond the scope of the purpose for which it was originally collected.

5. Categories of Data Collected

The Company limits its data collection to information that is directly and voluntarily provided by the user via the Site’s contact form or direct correspondence.
Such information includes:

  • Full Name

  • Company or Organization Name

  • Business Email Address

  • Message Content (inquiry details, partnership interest, or project description)

The Company expressly does not collect:

  • IP addresses

  • Browser identifiers

  • Device fingerprints

  • Tracking cookies or behavioral analytics data

90EIGHT maintains a strict data minimization policy, consistent with Article 5(1)(c) GDPR (“data adequate, relevant and limited to what is necessary”).

6. Purpose Limitation

All Personal Data collected by the Company shall be used exclusively for:

  1. Evaluating and responding to business inquiries submitted through the Site;

  2. Initiating, developing, or maintaining legitimate professional relationships;

  3. Conducting lawful internal record-keeping; and

  4. Ensuring compliance with statutory and regulatory obligations.

Any processing outside these purposes shall require renewed explicit consent from the Data Subject.

7. Data Retention Policy

Personal Data shall be retained only for as long as necessary to fulfill the purposes set forth herein.
Unless otherwise required by law or legitimate business necessity, Personal Data submitted via the contact form shall be securely deleted within twelve (12) months following the date of collection.

All deletions are carried out in accordance with industry-standard data destruction protocols, ensuring that no residual recoverable data remains.

8. Data Protection and Security

The Company enforces a comprehensive information-security framework including, without limitation:

  • Encrypted communications via SSL/TLS;

  • Segregated access controls with least-privilege enforcement;

  • Secure server hosting within the European Economic Area (EEA);

  • Continuous internal compliance monitoring; and

  • Mandatory incident-response protocols consistent with Articles 32–34 GDPR.

Any suspected data breach shall be assessed within 24 hours and, where applicable, reported to the Autoriteit Persoonsgegevens within 72 hours, alongside notification to affected Data Subjects as mandated by law.

9. Cross-Border Data Transfer

90EIGHT does not transfer Personal Data outside the EEA.
Should future business operations necessitate cross-border data transfers, such transfers shall occur only:

  1. To jurisdictions formally recognized by the European Commission as providing adequate data protection (per Article 45 GDPR); or

  2. Pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission; or

  3. Under legally binding corporate rules ensuring equivalent protection.

No data shall be transferred to any third country without documented guarantees of adequacy and enforceability.

10. Non-Disclosure and Third-Party Access

The Company does not share, sell, rent, or trade Personal Data with any third party.
Access to Personal Data is restricted solely to authorized personnel who are contractually bound by confidentiality obligations and trained in GDPR compliance.

Disclosure shall occur only:

  • Under lawful subpoena, court order, or governmental request;

  • To assert, exercise, or defend legal claims; or

  • With the explicit, informed consent of the Data Subject.

Perfect. Hieronder volgt een voorbeeld van Part II van je privacy policy in de zware, formele toon die past bij het eerste deel.
Dit is uitsluitend een concept voor informatieve en esthetische doeleinden – geen juridisch advies of bindend document.

11. Data Subject Rights

11.1 Every individual whose Personal Data is processed by the Company (“Data Subject”) is entitled to exercise all rights provided under the General Data Protection Regulation. These include, without limitation:

  • Right of Access – to obtain confirmation as to whether Personal Data concerning them is being processed, and to receive a copy thereof.

  • Right to Rectification – to require correction of any inaccurate or incomplete information.

  • Right to Erasure – to request deletion of Personal Data where processing is no longer necessary or lawful.

  • Right to Restrict Processing – to limit the use of their data under the conditions set out in Article 18 GDPR.

  • Right to Data Portability – to receive their data in a structured, commonly used, and machine-readable format.

  • Right to Object – to object, on grounds relating to their particular situation, to the processing of their Personal Data.

11.2 All requests must be submitted in writing to privacy@90eight.com.
The Company will respond within thirty (30) days of receipt and may require reasonable verification of identity prior to disclosure or deletion.

11.3 The Company reserves the right to refuse manifestly unfounded or excessive requests as permitted under Article 12 GDPR.

12. Enforcement and Compliance Mechanisms

12.1 The Company maintains an internal Data Protection Compliance Program overseen by a designated Data Protection Officer (DPO) responsible for ensuring continuous adherence to all relevant privacy laws and internal standards.

12.2 Any suspected breach of this Policy will trigger an immediate internal investigation conducted under the supervision of the DPO and senior management. Appropriate remedial measures, including technical, administrative, or disciplinary action, shall be implemented without delay.

12.3 The Company shall fully cooperate with the Autoriteit Persoonsgegevens or any other competent supervisory authority upon request, and shall provide documentation evidencing compliance with Articles 5 through 30 of the GDPR.

12.4 If a Data Subject believes that their rights have been infringed, they are entitled to lodge a complaint with the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl) or with any other competent supervisory authority within the European Union.

13. Limitation of Liability

13.1 To the maximum extent permitted by law, 90EIGHT, its affiliates, directors, officers, employees, and agents shall not be liable for any direct, indirect, incidental, consequential, or punitive damages arising out of or relating to the processing of Personal Data, the use of this Site, or the reliance on any information contained herein.

13.2 Nothing in this section shall limit liability where prohibited by applicable law, including liability arising from willful misconduct or gross negligence.

13.3 The Data Subject acknowledges that the internet is not an entirely secure environment and that the transmission of information to or from the Site is at their own risk.

14. Legal Framework and Jurisdiction

14.1 This Policy shall be governed by and construed in accordance with the laws of the Kingdom of the Netherlands, without regard to conflict-of-law principles.

14.2 Any dispute, controversy, or claim arising from or relating to this Policy shall fall under the exclusive jurisdiction of the courts of Amsterdam, the Netherlands.

14.3 If any provision of this Policy is held invalid or unenforceable, the remaining provisions shall remain in full force and effect.

15. Amendments and Interpretation

15.1 90EIGHT reserves the unilateral right to modify, revise, or update this Policy at any time, with such revisions taking effect upon publication on www.90eight.com.

15.2 The headings and structure of this Policy are for convenience only and shall not affect interpretation.

15.3 No waiver of any term shall be deemed a further or continuing waiver of such term or any other term.

APPENDIX A — DEFINITIONS AND INTERPRETIVE CLAUSES

For clarity, references to “we,” “us,” or “the Company” denote 90EIGHT.
References to “you” or “your” refer to the individual Data Subject.
All capitalized terms not otherwise defined herein shall have the meanings assigned by the GDPR.

APPENDIX B — CONTACT INFORMATION

Data Protection Officer
90EIGHT
Amsterdam, The Netherlands
Email: privacy@90eight.com
Website: www.90eight.com

ADVERTISING, REIMAGINED FOR THE GAMING WORLD.

GET IN CONTACT

BUSINESS ENQUIRIES
HI@90EIGHT.COM
BUSINESS HOURS
MONDAY TO FRIDAY
08:00 AM - 01:00 AM
SATURDAY
08:00 AM - 03:00 AM
SUNDAY
10:00 AM - 03:00 AM

Privacy Policy

© 2025 90EIGHT. All rights reserved.

ADVERTISING, REIMAGINED FOR THE GAMING WORLD.

GET IN CONTACT

BUSINESS ENQUIRIES
HI@90EIGHT.COM
BUSINESS HOURS
MONDAY TO FRIDAY
08:00 AM - 01:00 AM
SATURDAY
08:00 AM - 03:00 AM
SUNDAY
10:00 AM - 03:00 AM

Privacy Policy

© 2025 90EIGHT. All rights reserved.

ADVERTISING, REIMAGINED FOR THE GAMING WORLD.

GET IN CONTACT

BUSINESS ENQUIRIES
HI@90EIGHT.COM
BUSINESS HOURS
MONDAY TO FRIDAY
08:00 AM - 01:00 AM
SATURDAY
08:00 AM - 03:00 AM
SUNDAY
10:00 AM - 03:00 AM

Privacy Policy

© 2025 90EIGHT. All rights reserved.