Privacy Policy

1. Data controller

Pronize Europe B.V. is the data controller responsible for the personal data described in this policy. The Website is published under the brand name Khiwa.

2. What personal data we collect

We collect personal data only to the extent necessary for the purposes described below. The categories of personal data we may process are:

2.1 Contact form data

When you submit an enquiry via our contact form, we collect:

• Full name
• Business email address
• Company / brand name
• Free-text message (which may contain additional personal data you choose to include)

2.2 Communications data

If you contact us directly by email, we process the content of those communications, including your name and email address as provided.

2.3 Website usage data (analytics)

If you have given consent, we collect pseudonymous data about how you interact with the Website through Google Analytics 4. This includes pages visited, time spent on each page, referring source, device type, browser type, and approximate geographic region (country/city level). We configure Google Analytics with IP anonymisation; full IP addresses are not stored.

If you do not consent to analytics, no analytics data is collected and no analytics cookies are set.

2.4 Cookie consent records

We store your cookie consent preference locally in your browser (localStorage). This is strictly necessary to avoid asking for consent on every page load.

3. Purposes and legal bases

4. Third-party processors

We engage the following third-party data processors. All processors are bound by data processing agreements and are required to process personal data only on our documented instructions.

Google LLC (Google Analytics 4)

Google Analytics is used to analyse Website usage. Google acts as a data processor on our behalf. Data may be transferred to the United States. Google LLC is certified under the EU–US Data Privacy Framework (DPF). We have also entered into Google's Standard Contractual Clauses (SCCs) as an additional transfer safeguard. Google's privacy policy is available at policies.google.com/privacy.

Analytics processing occurs only when you have given explicit consent. We use Google Consent Mode v2; without consent, no personal data is transmitted to Google and no analytics cookies are set.

Netlify, Inc. (Website hosting)

This Website is hosted on Netlify. Netlify processes server logs and form submissions. Netlify acts as a data processor. Data is processed within the EU/EEA or under Standard Contractual Clauses. See Netlify's privacy policy.

Calendly LLC (Appointment scheduling)

If you use the "Book a call" feature, you are directed to Calendly, which operates as a separate data controller for data you provide during booking. Please review Calendly's privacy policy.

5. International data transfers

Our primary data processing takes place within the European Economic Area (EEA). Where data is transferred to third countries (in particular the United States, in connection with Google Analytics and Netlify), we ensure that an adequate level of protection exists through:

• The EU–US Data Privacy Framework (DPF) adequacy decision (for Google LLC and Netlify).
• Standard Contractual Clauses (SCCs) adopted by the European Commission under Article 46(2)(c) GDPR.

6. Your rights under GDPR

As a data subject under the GDPR, you have the following rights in relation to your personal data:

• Right of access (Art. 15) - You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of that data.
• Right to rectification (Art. 16) - You have the right to have inaccurate personal data corrected without undue delay.
• Right to erasure (Art. 17) - You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent.
• Right to restriction of processing (Art. 18) - You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability (Art. 20) - Where processing is based on consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format.
• Right to object (Art. 21) - You have the right to object at any time to the processing of your personal data where it is based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Right to withdraw consent (Art. 7(3)) - Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at info@pronize.com. We will respond within one month (Article 12 GDPR). In complex cases, we may extend this by a further two months, in which case we will inform you within the first month.

We may request proof of identity before fulfilling a request to ensure we do not disclose personal data to unauthorised persons.

7. Right to lodge a complaint

If you believe we are not handling your personal data in accordance with the GDPR, you have the right to lodge a complaint with the Dutch supervisory authority:

You may also lodge a complaint with the supervisory authority in your country of residence if you are located in another EU/EEA member state.

8. Data security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include HTTPS encryption, access controls, and regular review of our data processing practices.

No method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we take all reasonable steps to protect your personal data.

9. Children's data

Our Website and services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected personal data from a child, we will delete it promptly.

10. Changes to this Privacy Policy

We may update this Privacy Policy periodically. Material changes will be reflected in a new effective date at the top of this page. Where required by law, we will notify you of significant changes by email or by a prominent notice on the Website.

11. Contact and data protection enquiries

For any questions about this Privacy Policy, to exercise your data subject rights, or to raise a concern about our data processing practices, please contact:

This is a legal document. The English version is the binding version. Pronize Europe B.V. is registered in the Netherlands. This Privacy Policy is governed by Dutch law and EU data protection legislation.