Privacy Policy
The Boost Group B.V.
Last updated: March 2026 | Version 2.0

This Privacy Policy applies to all visitors of our website, prospective clients, existing clients, and individuals whose data we process in the course of providing our marketing services. It supersedes all previous versions.

1. Who We Are

The Boost Group B.V. is a digital marketing agency specialising in paid advertising, lead generation, and performance marketing services. We are responsible for the processing of personal data as described in this Privacy Policy.

Company	The Boost Group B.V.
Chamber of Commerce  (KvK)	87210843
VAT Number	NL003375941B11
Website	theboostgroup.io
Privacy contact	info@theboostgroup.io

2. Scope

This Privacy Policy applies to:

• all individuals who visit our website (theboostgroup.io)
• prospective and existing clients who contact us or engage our services
• employees, suppliers, and external relations of The Boost Group
• any individual whose personal data we process in the context of delivering advertising and marketing services on behalf of our clients

This policy also intersects with our internal Information Security Policy, which governs the confidentiality, integrity, and availability of all data processed by The Boost Group.

3. Personal Data We Collect

3.1 Data You Provide Directly

• Full name
• Email address
• Phone number
• Company name and job title
• Content of messages submitted through contact forms
• Any other information you voluntarily provide when contacting us

3.2 Data Collected Automatically

• IP address and approximate location
• Browser type, version, and device information
• Pages visited, time spent, and navigation behaviour
• Date and time of your visit
• Referral source (e.g. search engine or advertising platform)

3.3 Data Collected via Tracking Technologies

We use tracking technologies including but not limited to:

• Google Analytics — for website performance and visitor behaviour analysis
• Meta Pixel (Facebook Pixel) — for measuring the effectiveness of advertising campaigns and audience targeting
• Google Ads conversion tracking — for measuring advertising campaign results
• Other advertising platform pixels or tags as may be implemented from time to time

Important: When we provide services to clients, we may implement tracking pixels on their behalf. In such cases, the client remains the data controller for their own customers’ data. The Boost Group acts as a data processor and will enter into a data processing agreement (verwerkersovereenkomst) with the client as required under GDPR.

4. Purpose of Data Processing

We process personal data for the following purposes:

• Responding to inquiries and contact requests
• Providing, managing, and improving our marketing services
• Analysing website usage to improve user experience
• Measuring and optimising advertising campaign performance
• Marketing and commercial communications (with consent where required)
• Complying with legal and regulatory obligations
• Internal administration and business operations
• 
  

5. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), personal data may only be processed on a valid legal basis. We rely on the following legal grounds:

Legal Basis	When We Apply It
Consent (Art. 6(1)(a))	When you submit a contact form, accept cookies, or opt in to marketing communications.
Performance of a Contract (Art. 6(1)(b))	When providing services to clients under a signed agreement.
Legitimate Interest (Art. 6(1)(f))	For website analytics, service improvement, and marketing to existing clients.
Legal Obligation (Art. 6(1)(c))	For tax, administrative, and regulatory compliance obligations.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files placed on your device when you visit a website.

6.1 Types of Cookies We Use

• Functional cookies — necessary for the website to operate correctly. These cannot be disabled.
• Analytical cookies — help us understand how visitors use our website (e.g. Google Analytics). Require your consent.
• Marketing cookies — used to measure and optimise advertising campaigns (e.g. Meta Pixel, Google Ads conversion tracking). Require your consent.

6.2 Cookie Consent

When you first visit our website, you will be asked to consent to the use of non-functional cookies via our cookie consent banner. You may withdraw your consent at any time by adjusting your preferences through the cookie settings on our website or by modifying your browser settings.

Note: Disabling analytical or marketing cookies does not affect your ability to use our website, but it may limit our ability to measure campaign performance accurately.

7. Sharing Personal Data with Third Parties

We never sell personal data to third parties.

We may share data with carefully selected service providers who process data on our behalf under appropriate contractual safeguards, including:

• Hosting and infrastructure providers
• CRM and email marketing platforms
• Analytics providers (e.g. Google Analytics)
• Advertising platforms (e.g. Meta, Google Ads, TikTok Ads)
• IT and cybersecurity service providers
• Legal and financial advisors (where required)

All third-party processors are bound by data processing agreements and are required to implement appropriate technical and organisational security measures.

When we run advertising campaigns for clients, advertising platforms such as Meta and Google may process personal data as independent data controllers under their own terms and privacy policies. We recommend clients review the relevant platform policies.

8. International Data Transfers

Some service providers used by The Boost Group are located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognised by the European Commission
• Other legally recognised transfer mechanisms under GDPR Chapter V
• 
  

9. Data Retention

We do not retain personal data for longer than is necessary for the purposes for which it was collected, or as required by applicable law.

Data Category	Retention Period
Website contact requests	Up to 12 months
Marketing and lead data	Up to 24 months, or until consent is withdrawn
Client service data	Duration of contract plus 7 years (tax obligation)
Cookie and analytics data	Up to 14 months (per Google Analytics defaults)
Employee data	As required by Dutch employment law

10. Data Security

The Boost Group implements a comprehensive Information Security Policy covering the confidentiality, integrity, and availability of all data we process. Appropriate technical and organisational measures are in place to protect personal data against:

• Unauthorised access or disclosure
• Accidental loss or destruction
• Unlawful processing

Access to personal data is restricted to authorised personnel only, based on a strict need-to-know principle. All employees receive regular training and awareness on data protection and information security.

10.1 Incident Reporting

All data security incidents and potential data breaches can be reported to info@theboostgroup.io. The Boost Group maintains a structured incident handling process that includes procedures for GDPR data breach reporting obligations to the Autoriteit Persoonsgegevens where required.

11. Advertising Platforms and Client Responsibilities

As a digital advertising agency, The Boost Group works with advertising platforms and client data. The following provisions clarify responsibilities:

11.1 Advertising Account Ownership

Clients remain the sole owners of all advertising accounts used for campaigns, including but not limited to accounts on Meta, Google Ads, TikTok, LinkedIn, or similar platforms. The Boost Group may be granted access solely for campaign management purposes. The client remains fully responsible for compliance with the terms, policies, and rules of the respective advertising platforms.

11.2 Tracking and Pixels

The Boost Group may implement tracking tools such as pixels, tags, or analytics software to measure campaign performance on behalf of clients. The client remains responsible for ensuring that the use of such tracking technologies on their own website or platforms complies with applicable data protection laws, including GDPR, and that appropriate user consent mechanisms are in place.

The Boost Group shall not be liable for inaccuracies in tracking data caused by third-party platforms, browser restrictions, ad blockers, or privacy settings.

11.3 Data Processing Agreements

Where The Boost Group processes personal data on behalf of a client (acting as a data processor), a data processing agreement (verwerkersovereenkomst) will be entered into as required by Article 28 GDPR. Clients who have not yet signed such an agreement should contact us at info@theboostgroup.io.

12. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of access: You may request a copy of the personal data we hold about you.

Right to rectification: You may request correction of inaccurate or incomplete data.

Right to erasure (‘right to be forgotten’): You may request deletion of your personal data, subject to legal retention obligations.

Right to restriction: You may request that we restrict the processing of your data in certain circumstances.

Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.

Right to data portability: You may request to receive your data in a structured, commonly used, machine-readable format.

Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@theboostgroup.io. We will respond within one month as required by Article 12 GDPR. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl

13. Governance and Compliance

Information security and privacy at The Boost Group is a continuous process reviewed at least annually by management. This review considers:

• The overall status of information security and privacy compliance
• Effectiveness of current technical and organisational measures
• Changes to applicable laws, regulations, or platform requirements
• Incidents, near-misses, and lessons learned

Compliance oversight operates at three levels:

• Strategic — guidance on organisational structure and GDPR compliance goals
• Tactical — translating strategy into operational standards and evaluation methods
• Operational — day-to-day adherence to policy across all teams

All employees, contractors, and external relations with access to systems or personal data are expected to adhere to this policy and The Boost Group’s Code of Conduct. Non-compliance may result in disciplinary action.

14. Links to External Websites

Our website may contain links to external websites. The Boost Group is not responsible for the privacy practices or content of such third-party websites. We recommend reviewing the privacy policy of any external website you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices. The most recent version will always be published on our website with an updated ‘Last updated’ date.

If significant changes are made that materially affect how we process your data, we will communicate these changes clearly — for example by email (for existing clients) or via a prominent notice on our website.

The Boost Group B.V. | KvK: 87210843 | VAT: NL003375941B11 | info@theboostgroup.io
Version 2.0 — February 2026