Privacy Policy

PRIVACY POLICY 1. Controller FDCL Defence B.V. Kluyverweg 1 2629 HS Delft The Netherlands Chamber of Commerce (KvK): 97131849 VAT number: NL867922977B01 Email: privacy@fdcl.nl FDCL Defence B.V., operating under the commercial name “Fiducial”, acts as data controller within the meaning of Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”) in respect of personal data collected through this website. 2. Categories of Personal Data 2.1 Data provided via the contact form We process personal data that you voluntarily provide when submitting a message through our website contact form, including: • Name • Company (if provided) • Email address • Message content This information is processed solely for the purpose of responding to your inquiry and, where applicable, communicating in relation to potential business matters. Where a message relates to potential employment, the information provided will be processed only to respond to that inquiry. 2.2 Technical data When you access the website, certain technical data may be processed automatically through our hosting and IT infrastructure for operational and security purposes. This may include: • IP address • Browser type • Device information • Date and time of access We do not engage in automated decision-making within the meaning of Article 22 GDPR, nor do we conduct systematic profiling of website visitors. 3. Purposes of Processing Personal data is processed for the following purposes: • Responding to contact requests; • Communicating regarding potential business relationships; • Responding to employment-related inquiries submitted via the contact form; • Ensuring the secure and proper functioning of the website; • Preventing misuse, spam, or abuse of the website; • Analyzing website performance and usage on an aggregated basis; • Complying with applicable legal obligations. Personal data is not processed for purposes incompatible with the above. 4. Legal Basis Depending on the context, processing is based on one or more of the following legal grounds under Article 6 GDPR: • Article 6(1)(b) GDPR — processing necessary to take steps at the request of the data subject prior to entering into a contract; • Article 6(1)(c) GDPR — processing necessary to comply with a legal obligation; • Article 6(1)(f) GDPR — processing necessary for the purposes of our legitimate interests, including secure website operation and handling business communications; • Article 6(1)(a) GDPR — consent, where required for the use of non-essential cookies or analytics technologies. Where processing is based on consent, such consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal. 5. Analytics and Website Technologies The website may use analytics or performance measurement tools to obtain insight into website usage and to improve functionality. Such tools may process technical data, including IP addresses and browsing information. Where required under applicable law, non-essential technologies are activated only after valid user consent. Analytics data is used exclusively for statistical and website optimization purposes and is not used for individual profiling. 6. Retention Personal data is retained only for as long as necessary in light of the purposes for which it was collected, unless a longer retention period is required by law. In general: • Contact requests are retained for up to 12 months after completion of the correspondence; • Employment-related inquiries submitted via the contact form are retained for up to 4 weeks after closure of the communication, unless further engagement follows; • Contract-related documentation is retained for the statutory fiscal retention period (currently seven years); • Technical or analytics data is retained in accordance with the configured retention settings of the relevant systems. Retention periods may be extended where necessary to establish, exercise, or defend legal claims. 7. Use of Processors For the technical operation, hosting, maintenance, and security of the website and related IT infrastructure, we engage service providers acting as processors within the meaning of Article 28 GDPR. Such processors may process personal data solely on our documented instructions and under contractual obligations ensuring confidentiality and compliance with applicable data protection law. Personal data is not disclosed to third parties for commercial exploitation or for any purpose incompatible with those set out in this Privacy Policy. Where personal data is transferred to or otherwise processed in a country outside the European Economic Area (EEA), FDCL Defence B.V. ensures that appropriate safeguards are in place in accordance with Chapter V GDPR. Such safeguards include, as applicable: Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Article 46(2)(c) GDPR (Commission Implementing Decision (EU) 2021/914 of 4 June 2021); or Transfers to countries that have received an adequacy decision from the European Commission pursuant to Article 45 GDPR; or Such other appropriate safeguards as are permitted under Chapter V GDPR. Where SCCs are used, a copy may be obtained upon written request to privacy@fdcl.nl, subject to any applicable confidentiality restrictions. 8. Security Measures We implement appropriate technical and organizational measures within the meaning of Article 32 GDPR to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access to personal data is restricted to people who require such access for legitimate operational purposes. 9. Rights of Data Subjects Subject to the conditions set out in the GDPR, data subjects have the right to: • Request access to their personal data (Article 15 GDPR); • Request rectification of inaccurate or incomplete data (Article 16 GDPR); • Request erasure of personal data (Article 17 GDPR); • Request restriction of processing (Article 18 GDPR); • Receive personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible (Article 20 GDPR — right to data portability); • Object to processing based on legitimate interests (Article 21 GDPR). Privacy-related requests may be submitted in writing to: privacy@fdcl.nl. We will respond within one month of receipt of the request, in accordance with Article 12 GDPR. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests, provided we inform the data subject of such extension within one month. Data subjects also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), Postbus 93374, 2509 AJ Den Haag, or via www.autoriteitpersoonsgegevens.nl. Limitations applicable in the context of defence and security activities Certain rights set out above - including in particular the right to access (Article 15 GDPR) and the right to data portability (Article 20 GDPR) - may be subject to limitations where their exercise would conflict with obligations arising under applicable national or European law, including but not limited to export control regulations, obligations of confidentiality under defence contracts, or requirements relating to national security within the meaning of Article 23 GDPR and the Dutch Uitvoeringswet Algemene verordening gegevensbescherming (UAVG). Where FDCL Defence B.V. invokes such a limitation, we will inform the data subject to the extent permitted by law and will not restrict rights beyond what is strictly necessary. 10. Cookies The website may use cookies or similar technologies necessary for its operation and performance. Where required under applicable law, non-essential cookies are used only after prior consent. 11. Scope of the Privacy Policy This Privacy Policy exclusively applies to personal data processed by FDCL Defence B.V. as a data controller in connection with the operation of its website and handling of contact requests. Personal data processed by FDCL in the context of commercial agreements with defence clients is governed by the data protection provisions of the relevant General Terms and Conditions and, where applicable, the data processing agreement (DPA) concluded between the parties. 12. Amendments We may amend this Privacy Policy from time to time. The most recent version will always be made available on our website. Last updated: v3, May 2026