top of page

Privacy Statement

Privacy Statement — Stichting VRED (VR Cultuureducatie)


Date of last update: 27 October 2025

 

1. Data Controller Stichting VRED Postal Address:

Schellingwouderdijk 420,
1023 NM Amsterdam
Chamber of Commerce number: 91466903
VAT number: NL8656.62.447.B01
General email: info@vred.info 
Telephone: 0610158503​

​

Data Protection Officer: L. Landvreugd
Email DPO: ludwig@vred.info / Alternative contact email: info@vred.info


Stichting VRED is the controller responsible for processing personal data as described in this statement.

​

2. What data we process: Depending on your relationship with Stichting VRED (for example, as a participant, parent/guardian of a participant, client, partner, or subscriber to our newsletter), we may process the following categories of personal data:

 

  • Identification data: first name, last name;

  • Contact details: email address, phone number;

  • Organizational data: school/institution, position, department;

  • Financial/administrative data: billing address, payment details, and proof of payment (insofar as necessary for invoicing and administration);

  • Technical data: IP address and device information, and—only when relevant and with clear information/consent—anonymized usage statistics of our VR experiences;

  • Other data voluntarily provided by you.

​

3. Purposes and legal bases for processing: We process personal data only for specific, explicit, and legitimate purposes. The main purposes and corresponding legal bases are:

 

  • Performance of a contract: Contact, planning, and execution of educational projects, workshops, and services you purchase from us (legal basis: performance of contract, Article 6(1)(b) GDPR).

  • Communication and customer service: Responding to questions and communicating about our services (legal basis: performance of contract or legitimate interest, Article 6(1)(b) or (f)).

  • Invoicing and administration: Creating and storing invoices and administrative records (legal basis: legal obligation and performance of contract).

  • Newsletter and direct marketing: Sending newsletters or information about events and activities only when you have given consent or when another valid legal basis applies (legal basis: consent, Article 6(1)(a), or legitimate interest).

  • Security and fraud prevention: Securing premises and systems and investigating incidents (legal basis: legitimate interest, Article 6(1)(f)).

  • Service improvement and statistics: Anonymized analyses of usage data for quality improvement (legal basis: legitimate interest or consent if data is identifiable).

  • Compliance with legal obligations: Storing administrative data for tax or other legal purposes (legal basis: legal obligation).

​

4. Recipients and categories of recipients: Your personal data may, depending on the purpose, be shared with or processed by the following categories of third parties:

  • Processors: Suppliers who perform services on our behalf, such as accounting software, email and newsletter services, hosting providers, and VR platform or technical support providers.

  • Project partners: In joint projects or events, personal data may be shared with partners—only when necessary and based on an agreement or consent.

  • Government authorities: When required by law or court order.

  • External advisors: Lawyers or other advisors in the context of legal proceedings or advice.

​

We do not sell your personal data.


5. Retention periods: Personal data will not be retained longer than necessary for the purposes for which it was collected. Unless a legal retention period requires otherwise, we maintain a maximum retention period of 12 months after the end of the relationship or the last contact.


Exceptions (e.g., tax retention obligations for administrative documents) apply to documents subject to specific legal requirements; such documents are stored in accordance with those legal retention terms.

​

6. Processing data of minors: For participation in our educational activities involving minors, we request—where legally required—consent from a parent or legal guardian before processing a child’s personal data. Only necessary health information is collected and processed with the explicit consent of the parent/guardian.


7. Rights of data subjects: You have the following rights regarding your personal data:

  • Right of access: You may request confirmation of whether we process your personal data and access to those data.

  • Right to rectification: Have incorrect or incomplete data corrected.

  • Right to erasure: Request deletion of your personal data under certain conditions.

  • Right to restriction of processing: Request limitation of processing in specific circumstances.

  • Right to data portability: Receive your personal data in a structured, commonly used, and machine-readable format.

  • Right to object: Object to processing based on our legitimate interest or to direct marketing.

  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it; this does not affect the lawfulness of processing carried out before withdrawal.

​

To exercise your rights, contact us via info@vred.info, contact@vred.info, or by post at our mailing address. We will respond within one month. If necessary, this period may be extended by up to two additional months; you will be informed within one month of any such extension and the reasons for it.

​

8. Complaints: IIf you believe that our processing of personal data violates the GDPR, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
Website: https://autoriteitpersoonsgegevens.nl/

​

9. Security: We take appropriate technical and organizational measures to protect personal data against loss, unauthorized access, or unlawful processing. Examples include: access control, encryption where possible, password policies, regular backups, and processor agreements with third parties.

 

10. Data breaches: In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will report it to the Dutch Data Protection Authority within 72 hours, in accordance with the GDPR, and—if the risk is substantial—to the affected individuals. We will take appropriate measures to mitigate the impact where necessary.


11. Cookies en tracking: Our website may use cookies and similar technologies for essential functionality, analytics, and—with your consent—marketing purposes. See our cookie policy for details and cookie management options.


12. Changes to this privacy statement: We may update this privacy statement. Significant changes will be published on our website, and the date at the top of this document will be adjusted accordingly.


13. Contact: For questions about this privacy statement or about the processing of your personal data, please contact:


Stichting VRED
Postal address: Schellingwouderdijk 420, 1023 NM Amsterdam
Email: info@vred.info, contact@vred.info 
Telephone: 0610158503
Data Protection Officer: L. Landvreugd - ludwig@vred.info


End of statement.

bottom of page