Privacy & Cookie Policy
1. Who we are
This website is operated by Dheeraj Ramchand, trading as RAMCHANDD, a consulting practice offering digital marketing and business consulting services to clients globally.
Data controller:
Dheeraj Ramchand / RAMCHANDD
Libellenstraat 20A01, Rotterdam, the Netherlands
KvK: 80096107
Email: dheeraj@ramchandd.com
As a business established in the Netherlands, RAMCHANDD is subject to the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Our lead supervisory authority is the Autoriteit Persoonsgegevens (AP), the Dutch Data Protection Authority.
2. What data we collect
We collect data in two ways: automatically when you visit the website, and directly when you choose to contact us.
Data collected automatically
When you visit ramchandd.com, our web server and analytics tool automatically record:
- Your IP address
- The pages you visit and how long you spend on each
- The browser type and device you are using
- How you arrived at the site (e.g. a search engine, a referral link, or typing the address directly)
- General geographic location inferred from your IP address (country and city level — not your precise physical location)
This data is generated automatically as a technical consequence of how the internet works. It is not data you actively provide; it is recorded by our systems when your device connects to our server.
Data you provide directly
If you fill in the contact form or send us an enquiry, we collect your name, email address, the content of your message, and any other personal details you choose to include.
Providing this information is voluntary. You are under no obligation to contact us. If you choose not to, the only consequence is that we cannot respond to your enquiry.
We do not collect payment information through this website. Any billing arrangements are handled separately and governed by the written terms of your individual engagement.
3. Legal basis and purpose of processing
We only process personal data when we have a valid legal basis under Article 6 of the GDPR.
| Processing activity | Purpose | Legal basis |
|---|---|---|
| Collecting and analysing website traffic data (IP addresses, page visits, device data) | To understand how the website is used and to make improvements | Legitimate interests — Art. 6(1)(f) |
| Responding to contact form enquiries | To reply to your message and discuss a potential engagement | Pre-contractual steps / legitimate interests — Art. 6(1)(b) and 6(1)(f) |
| Managing and delivering client engagements | To perform the consulting services you have contracted us for | Contract — Art. 6(1)(b) |
| Retaining financial and communications records | To comply with Dutch and EU tax and accounting obligations | Legal obligation — Art. 6(1)(c) |
| Placing analytics cookies on your device | To enable the website traffic analysis described above | Consent — Art. 6(1)(a) |
Legitimate interests: Our interest is in operating a functional, secure, and effective website and in responding to genuine business enquiries. We have assessed that this interest does not override your rights and freedoms as a data subject, taking into account the limited nature of the data, the reasonable expectations of website visitors, and the privacy-protective measures we have in place. You have the right to object to this processing at any time — see section 7.
Consent: Where we rely on consent (for analytics cookies), this is collected through our cookie banner when you first visit the site. You can withdraw consent at any time via the cookie settings link in the footer. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.
4. Cookies
A cookie is a small text file placed on your device when you visit a website. We use two categories of cookies.
Strictly necessary cookies store your consent preference and are required for the site to function. These do not require your consent under the Dutch Telecommunicatiewet (the national law implementing the ePrivacy Directive).
Analytics cookies are placed by PostHog and allow us to measure which pages are visited, how long visitors stay, and how they navigate the site. These are only set after you give your consent via the cookie banner.
We do not use cookies for advertising. We do not use cookies to track you across other websites.
| Cookie | Purpose | Duration |
|---|---|---|
cookie_consent | Stores your accept / decline choice | 12 months |
ph_* | PostHog session and user identification (analytics only, EU servers) | 1 year |
You can accept or decline analytics cookies when you first visit the site, and change your choice at any time via the cookie settings link in the footer. Declining analytics cookies has no effect on your ability to use the site.
5. How long we keep your data
We keep personal data only for as long as necessary for the purpose it was collected, or as required by law.
| Data | Retention period | Reason |
|---|---|---|
| Website analytics data (IP addresses, browsing behaviour) | 12 months from collection | Sufficient for performance analysis; deleted on a rolling basis thereafter |
| Contact form enquiries (no engagement) | 12 months from your last message | Allows us to follow up on outstanding enquiries; deleted thereafter |
| Client communications and project records | 7 years from end of engagement | Required under Dutch tax and accounting law (Belastingwet) |
| Cookie consent records | 12 months | To demonstrate compliance; renewed on your next visit |
Where we process data on the basis of legitimate interests, we stop processing and delete the data once that interest no longer applies or once you have successfully objected. After retention periods, data is either permanently deleted or irreversibly anonymised.
6. Who we share your data with
We do not sell your personal data. We do not share it with third parties for their own commercial or marketing purposes.
We use the following service providers who process personal data on our behalf as data processors. Each is bound by a data processing agreement.
Website hosting provider: Our website is hosted on EU-based servers. The hosting provider processes IP addresses and server logs as a technical necessity of delivering the website.
PostHog (analytics): PostHog processes IP addresses and browsing behaviour to produce aggregated usage reports. We use PostHog's EU Cloud — all data is stored and processed within the European Union. No data is transferred outside the EU. PostHog's privacy policy →
Email provider: Enquiries submitted via the contact form are delivered to our business email inbox. Our email provider's servers are located within the EU.
Legal disclosure: We may disclose personal data to competent authorities if required by applicable law, court order, or regulatory obligation. Where legally permitted, we will notify you before doing so.
International transfers: All personal data we collect is stored and processed within the European Union. We do not transfer personal data to third countries outside the EU or EEA. If this changes, we will update this policy before any transfer takes place and ensure an appropriate safeguard is in place, such as Standard Contractual Clauses approved by the European Commission.
7. Your rights
Under the GDPR, you have the following rights in relation to your personal data. We will assess every request carefully and respond within 30 days.
Right to be informed (Articles 13–14): You have the right to receive clear information about how we use your personal data. This policy fulfils that obligation.
Right of access (Article 15): You can ask us to confirm whether we hold personal data about you and, if so, to provide a copy along with details of how and why we process it.
Right to rectification (Article 16): If data we hold about you is inaccurate or incomplete, you can ask us to correct or complete it.
Right to erasure — "right to be forgotten" (Article 17): You can ask us to delete your personal data. We will do so unless we have a legal obligation to retain it or another legitimate ground that overrides your request.
Right to restriction of processing (Article 18): You can ask us to restrict how we use your data — for example, while you dispute its accuracy or while we consider an objection.
Right to data portability (Article 20): Where we process data you have actively provided (such as contact form submissions) on the basis of consent or contract, and the processing is automated, you can ask us to provide that data in a machine-readable format (such as CSV or JSON), or to transmit it directly to another controller where technically feasible.
Right to object (Article 21): Where we process your data on the basis of legitimate interests, you can object at any time. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to object to direct marketing (Article 21(2)): If we ever use your personal data for direct marketing purposes, you have an unconditional right to object at any time. We will stop without requiring a reason.
Rights related to automated decision-making (Article 22): We do not make decisions about you using solely automated processing. We do not carry out profiling that produces legal or similarly significant effects.
Right to withdraw consent (Article 7(3)): Where we rely on consent (analytics cookies), you can withdraw it at any time via the cookie settings link in the footer. Withdrawal does not affect the lawfulness of processing before withdrawal.
How to exercise your rights
Email your request to dheeraj@ramchandd.com. We will respond within 30 days. In complex cases we may extend this by a further two months, in which case we will let you know within the initial 30-day period. We do not charge a fee for reasonable requests. We may ask you to confirm your identity before acting on a request.
Right to lodge a complaint
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with a supervisory authority. As a business established in the Netherlands, our lead supervisory authority is:
Autoriteit Persoonsgegevens (AP)
Website: autoriteitpersoonsgegevens.nl
Post: Postbus 93374, 2509 AJ Den Haag, the Netherlands
If you are based in another EU member state, you may also lodge a complaint with your local supervisory authority. A full list is at edpb.europa.eu.
If you are based in the United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk.
8. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These include HTTPS encryption across all pages, access controls limiting who can view collected data, use of GDPR-compliant processors bound by data processing agreements, EU-based data storage, and regular review of the tools and configurations we use.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we are legally required to notify the Autoriteit Persoonsgegevens within 72 hours. Where the breach poses a high risk to you personally, we will also notify you directly without undue delay.
If you have reason to believe your personal data has been compromised in connection with our services, contact us immediately at dheeraj@ramchandd.com.
9. Children
This website is directed at business professionals. It is not intended for, and we do not knowingly collect personal data from, anyone under the age of 16. Under Dutch law, children under 16 require parental or guardian consent for the processing of their personal data. If you believe a child under 16 has submitted data through this site, contact us and we will delete it promptly.
10. Changes to this policy
We may update this policy from time to time — for example, when we adopt new tools, change how we process data, or when applicable law changes. When we make a material change, we will update the "Last updated" date at the top of this page. If you have an active client relationship with us at the time of a significant change, we will notify you directly by email before the change takes effect.
11. Contact
For any questions, requests, or concerns about how we handle your personal data:
Dheeraj Ramchand / RAMCHANDD
Email: dheeraj@ramchandd.com
Address: Libellenstraat 20A01, Rotterdam, the Netherlands
KvK: 80096107
We aim to acknowledge all privacy-related requests within 5 working days and to resolve them within 30 days.
This policy applies to personal data collected through ramchandd.com and through direct business communications with RAMCHANDD. It does not apply to third-party websites linked from this site, which operate under their own privacy policies.