Privacy Policy

Privacy Policy

Last updated: June 2, 2026

CommBrix ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit www.commbrix.com or use our services, in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

1. Data Controller

The data controller responsible for your personal data is:

CommBrix
Website: www.commbrix.com
Email: info@commbrix.com
Registered in the Netherlands (EU)

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: name, job title, company name
  • Contact data: email address, phone number, business address
  • Transaction data: purchase history, order details, invoices, payment records
  • Technical data: IP address, browser type, device information, cookies and usage data
  • Communication data: enquiry forms, emails, and messages you send us
  • Marketing preferences: your preferences for receiving marketing communications

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): To process your orders, manage your account, and deliver our services.
  • Legal obligation (Art. 6(1)(c)): To comply with applicable laws, including tax, accounting, and EU regulations.
  • Legitimate interests (Art. 6(1)(f)): To improve our platform, prevent fraud, and communicate relevant business information.
  • Consent (Art. 6(1)(a)): For marketing communications and non-essential cookies, where we have obtained your explicit consent.

4. How We Use Your Data

We use your personal data to:

  • Process and fulfill your orders and procurement requests
  • Manage your account and business relationship with us
  • Respond to your enquiries and provide customer support
  • Send transactional communications (order confirmations, invoices, shipping updates)
  • Send marketing communications (only with your consent)
  • Improve our website and services through analytics
  • Comply with legal and regulatory obligations
  • Prevent fraud and ensure platform security

5. Cookies

We use cookies and similar tracking technologies on our website. These include:

  • Essential cookies: Required for the website to function. No consent needed.
  • Analytics cookies: Help us understand how visitors use our site (e.g., Google Analytics). Requires consent.
  • Marketing cookies: Used to deliver relevant advertising. Requires consent.

You can manage your cookie preferences at any time via our cookie consent banner or your browser settings.

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with trusted third parties only where necessary:

  • Service providers: Hosting, payment processing, logistics, and IT services (acting as data processors under GDPR)
  • Suppliers and partners: To fulfill your sourcing and procurement requests
  • Legal authorities: Where required by law or to protect our legal rights

All third-party processors are bound by data processing agreements ensuring GDPR compliance.

7. International Data Transfers

Some of our suppliers and service providers are located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission

8. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy, or as required by law. Typical retention periods:

  • Customer account data: Duration of the business relationship + 5 years
  • Transaction records: 7 years (legal/tax obligation)
  • Marketing consent records: Until consent is withdrawn
  • Website analytics data: Up to 26 months

9. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restriction (Art. 18): Request that we limit how we use your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at info@commbrix.com. We will respond within 30 days as required by GDPR.

10. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is:

Autoriteit Persoonsgegevens (AP)
Website: www.autoriteitpersoonsgegevens.nl

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, in accordance with GDPR Article 32.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We encourage you to review this policy periodically.

13. Contact Us

For any questions or concerns about this Privacy Policy or how we handle your data, please contact:

CommBrix – Data Privacy
Email: info@commbrix.com
Website: www.commbrix.com/pages/contact-us