Data Privacy Statement
Last updated: July, 2026
Who we are
This Privacy Statement explains how Noticehub Software Licensing B.V. ("Noticehub", "we", "us"), collects, uses, and protects personal data.
We act as controller for the personal data described in this Statement - primarily account and contact information of the people who use our website and our NoticeHub platform. Where we process personal data *on behalf of* our business clients (for example, data contained within tax notices uploaded to the platform), we act as processor, and that processing is governed by our Data Processing Addendum ("DPA"), which forms part of our Terms of Service and is available upon request. If you are an individual whose data appears in content uploaded by one of our clients, please contact that client directly regarding your rights - see Section 6 below for why.
If you have questions about this Statement, contact us at [email protected]
2. What data we collect
Depending on how you interact with us, we may collect:
- Account and user data: first name, last name, business email address, and login/authentication metadata, collected when you or your employer sets up access to the Service.
- Website and contact data: information you provide via contact forms, demo requests, or newsletter sign-ups (e.g. name, email, company).
- Billing data: information necessary to invoice our clients (typically business contact and payment details, not consumer payment card data).
- Usage and technical data: access logs, device/browser information, and similar metadata generated through use of our website or Service.
We do not intentionally collect special categories of personal data (such as health, religious, or biometric data) as defined in Article 9 GDPR.
3. Why we process this data, and on what legal basis
Providing and maintaining the Service (account setup, authentication, support)
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
Billing and invoicing
Legal basis: Performance of a contract / legal obligation (Art. 6(1)(b) and (c))
Responding to inquiries, demo requests
Legal basis: Legitimate interest in responding to prospective clients (Art. 6(1)(f))
Sending product or marketing communications
Legal basis: Consent, where required (Art. 6(1)(a)), or legitimate interest for existing business contacts
Security monitoring and fraud prevention
Legal basis: Legitimate interest in protecting our systems and clients (Art. 6(1)(f))
Compliance with legal obligations (e.g. tax, accounting records)
Legal basis: Legal obligation (Art. 6(1)(c))
4. How we use your data
Your data is used solely to deliver, maintain, and improve our services, and to communicate with you about your account or our business relationship.
- We do not sell your personal data.
- We do not share your personal data with third parties for their own marketing purposes.
- We do not use your personal data to train third-party or foundation AI models. Where our Service uses AI functionality (for example, AI-assisted data extraction), this operates on your data only to deliver that specific feature to you, and is not used to train underlying models.
5. Who we share data with
We share personal data with a limited number of sub-processors who support the delivery of our Service, including hosting, communications, and platform providers. Our current sub-processor list, including where each is located and the safeguards applied to any transfer outside the EEA, is available upon request.
Where a sub-processor is located outside the EEA (including in the United States), we rely on Standard Contractual Clauses to ensure your data continues to receive an equivalent level of protection.
6. If your data appears in a tax notice or client-uploaded content
If you are a client, employee of a client, or third party whose personal data appears within tax notices or other content uploaded to the NoticeHub platform by one of our business clients, that client is the controller of your data and is responsible for responding to your rights requests. We process that data only as a processor, under our client's instructions, as described in our DPA. Please direct any requests regarding that data to the relevant client organization.
7. Data retention
We retain personal data only for as long as necessary for the purposes described above:
- Account and usage data: for the duration of the applicable subscription, and for a limited period afterward to support account recovery, security, and legal or audit requirements. Retention periods are determined by our internal Data Management Policy and reviewed annually.
- Billing records: We retain billing and invoicing records for as long as required by Dutch tax and accounting law.
- Marketing/contact data: We retain this data until you unsubscribe, object to processing, or your data is no longer needed for the purpose it was collected - whichever comes first.
8. Data security
We protect personal data using technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, and regular security testing. Our practices are aligned with ISO/IEC 27001:2022, and further detail on our security program is available in our Trust Center.
9. Your rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Request erasure of your data, subject to legal retention obligations
- Restrict or object to certain processing
- Request data portability, where applicable
- Withdraw consent at any time, where processing is based on consent
To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by law.
You also have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl).
10. Changes to this Statement
We may update this Privacy Statement from time to time to reflect changes in our practices or legal requirements. We will post any changes here and update the "Last updated" date above. For material changes, we will provide additional notice where required by law.
This Privacy Statement is provided alongside, and does not replace, our Data Processing Addendum and Terms of Service, which govern our processing of personal data on behalf of business clients.