As soon as you visit our website WPoptic.com or contact us, we receive information about you. In this privacy statement we explain what we do with that information. We always handle your information with care and store it securely. If you have any questions or want to know what information we have on you, please contact us. We may amend this privacy statement if necessary. We recommend that you regularly review this privacy statement so that you are aware of these changes.

This privacy statement was last modified on 7 May 2026.

1. When do you apply this privacy statement?

This privacy statement applies to all personal data that we process and to all domains related to us. This concerns the personal data of everyone who has ever had contact with us or visited our website, such as visitors, customers and business contacts.

It also applies to the business contact information that may appear in our lead lists and datasets. A separate section (section 17) covers our role as a B2B data provider.

Personal data is all data that can be traced back to you as an individual, such as your name, telephone number, IP address, customer number or surfing behavior. If you want to know more about personal data, please visit the website of the Dutch Data Protection Authority.

2. Who uses your data?

WPoptic is responsible for the website WPoptic.com and therefore the responsible organisation for the use of your personal data as described in this privacy statement. The full details are:

WPoptic Akkerweg 19-B 1779GJ Den Oever The Netherlands VAT ID: NL868485597B01 CoC: 98415530

3. Whose data do we use?

We process the personal data of everyone who has had contact with us or visited our website. These include visitors, private customers, business customers and contact persons of our partners. We also process publicly available business contact information about websites that may appear in our datasets — see section 17 for details.

4. How do we get your data?

We receive the data directly from you as soon as you:

• Create an account (with email/password or via Google, X, or GitHub)
• Fill in data on our website
• Subscribe to our newsletter
• Make a purchase
• Contact us by mail, chat, or other means
• Use our browser extension

We also automatically collect limited technical data when you visit our website, such as your IP address and pages viewed. For our datasets, we collect publicly available business information from the internet (see section 17).

5. What data of you do we use?

Depending on how you interact with us, we may use the following data:

• Name
• Email address
• Company name and billing details (for paying customers)
• VAT number (where applicable)
• Authentication data when you sign in via Google, X, or GitHub
• Communication you send us (emails, chat messages, support requests)
• IP address, browser type, device type, pages visited, referrer (technical data)
• Payment information (processed by our payment provider, not stored by us)

6. What do we use your data for?

We only use your personal data for purposes for which we have a lawful basis:

• We have received your permission (for example, for our newsletter)
• We need your data to perform a contract with you (your account, your purchase, our service)
• We have a legitimate interest (for example, securing our website, preventing fraud, or running anonymous analytics)
• We use your data to comply with the law, such as keeping data for the tax authorities

7. How long do we keep your data?

We keep your personal data for as long as we are required to do so by law and for as long as necessary for the purpose for which we use your data. As a guide:

• Account data — while your account is active, then deleted within 12 months of account closure
• Billing and tax records — 7 years (Dutch tax law obligation)
• Newsletter subscription — until you unsubscribe
• Support communications — up to 3 years after our last contact
• Anonymized analytics — indefinitely (cannot be traced back to individuals)

If you want to know more about how long we store specific data about you, please contact us.

8. Who do we share your data with?

We work with carefully selected third parties (processors) who help us operate our service. We have data processing agreements in place with all of them. They are:

We do not sell your personal data.

9. Where do we store your data?

We process your data primarily within the European Economic Area (EEA). In some cases, your personal data will be processed outside the EEA, including the United States and Singapore. The rules in those countries do not always offer the same protection of personal data as in the Netherlands. That is why we have ensured that your personal data in that case is just as well protected as it is here, by relying on:

• The EU-US Data Privacy Framework (where applicable)
• Standard Contractual Clauses approved by the European Commission
• Additional safeguards where required

If you have any questions about this, please feel free to contact us.

10. How safe is your data with us?

We have done a lot to protect your data as well as possible, both organisationally and technically. We have secured our systems and various means of communication to ensure that your data does not end up in the hands of others. We use encryption in transit (HTTPS/TLS), access controls, and regular security updates. Only people with a need to know have access to personal data. If you have any questions about the specific method of securing, please contact us.

11. What are your rights?

Because we use your personal data, you have various rights. We have listed these rights for you below.

Right to information We must explain to you in an understandable and clear manner what we do with your data and what control you have over it. That is why we explain in detail in this privacy statement what data we collect from you and how we handle your data.

Right to access You may always ask us to view the data we hold about you.

Right to correction You may ask us to have your data corrected if it is incorrect or incomplete.

Right to object You may object to the processing of your data if you do not agree with the way we handle your personal data. This right applies to the data we use for direct marketing. You can indicate to us that you no longer wish to receive e-mails from us. This also applies to personalized recommendations on our website.

Right to data portability If you are a customer of ours or if you have given permission for the use of your data, you may ask us to send you the digital data we have about you. This way you can transfer that data to another organisation if you wish.

Right to restriction You may ask to limit the use of your data. This means that in certain cases we may only store your data but not use it.

Right to be forgotten You may ask us to delete all data we have about you. We will then delete all data that can be traced back to you. In some cases we cannot or may not yet delete your data. For example, we have to keep some data for 7 years for the tax authorities.

Right to withdraw consent Where we rely on your consent, you can withdraw it at any time.

Right to submit a complaint You may submit a complaint about the way in which we handle your data. If you have a complaint, we will be happy to resolve it for you. To do so, please contact us. You may also submit your complaint to the Dutch Data Protection Authority. Of course we hope that it does not come to that, but if it’s necessary you can also go to court. In that case, the court in the place of business of WPoptic is the one which will handle your complaint.

How do I submit a request or complaint?

You can submit your request or complaint to us by sending a mail to [email protected]. We process every request or complaint within 30 days. If you submit multiple applications or complaints or if you submit a complex request or complaint, this may take more time. In that case, we will contact you within 60 days at the latest. We may ask you to identify yourself. In that case, we will ask you to submit certain information to ensure that you are the correct person whose personal data is concerned.

If your business contact information appears in our datasets and you want it removed, the fastest way is via our data removal page.

12. What rules apply to this privacy statement?

Our privacy statement must meet several conditions. These conditions can be found in particular in the EU General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (UAVG). In addition, the general rules that apply under Dutch law apply to our privacy statement.

13. Which cookies do we use?

We use as few cookies as possible. Because we do not use marketing or analytics cookies that require consent, we do not display a cookie consent banner.

Strictly necessary cookies (no consent required):

These cookies are strictly necessary for the website to function and fall under the exemption in article 11.7a of the Dutch Telecommunications Act.

Analytics — Ahrefs Web Analytics: We use Ahrefs Web Analytics for aggregated visitor statistics. This tool does not use cookies and does not store any personal or identifiable information. IP addresses are processed using a one-way hash with a daily-rotating salt and are never stored. More information: ahrefs.com/web-analytics.

Live chat — Tawk.to: Our live chat is provided by Tawk.to. The chat software is not loaded when you visit our website. It only loads when you actively click the chat button. By clicking the chat button, you consent to Tawk.to loading and placing the cookies it needs to operate the chat. More information: tawk.to/privacy-policy.

No marketing or advertising cookies: We do not use Google Analytics, Facebook Pixel, advertising cookies, or other cross-site tracking technologies.

14. What do we do with data of minors?

We do not target minors with our website or as an organisation. This means that if you are under the age of 16, you need permission from a parent or guardian to use our website. If you are a minor when you visit our website, we assume that you have received this permission before your visit.

15. What do we do with data of the extension?

No personal information is required to download or use the WPoptic browser extension.

We do not track your browsing behaviour or collect any information that can personally identify you.

The WPoptic browser extension may periodically send website data to our servers, including domain names and plugin information detected on WordPress sites. This data is anonymized and may be shared with third parties.

16. Do you have a question about this privacy policy?

If you have a question about our privacy policy, please feel free to contact us on [email protected]. We are happy to help.

17. WPoptic as a B2B data provider

In addition to providing services to our own customers, WPoptic operates as a B2B data provider. This section describes how we deal with personal information that may appear in our lead lists and datasets.

17.1 What data we provide

WPoptic collects publicly available business information about websites and combines this with publicly available business contact information to provide B2B lead lists. Our datasets may include:

• Website URLs and information about technologies and WordPress plugins detected on those sites
• General business contact information published on company “Contact” or “Team” pages, such as generic business email addresses
• Publicly listed company information (company name, social media URLs, telephone numbers)

We do not include:

• Personal email addresses (e.g. Gmail, Hotmail) of private individuals
• Personal home addresses or phone numbers
• Information about consumers
• Information that is not publicly accessible

17.2 How we collect this data

We collect data from publicly accessible sources, including public website content, public business directories and registers, and aggregated data from our browser extension users (technical website fingerprints only — no personal browsing data).

17.3 Legal basis

We process this data on the basis of our legitimate interest (Article 6(1)(f) GDPR) in operating a B2B sales intelligence service that helps businesses identify relevant prospects, paired with the legitimate interest of our customers in finding qualified business contacts. We have conducted a Legitimate Interest Assessment (LIA) weighing our interests against the rights of data subjects.

17.4 Your rights

If your business contact information appears in our datasets, you have the same rights as set out in section 11. In particular, you have the right to know whether we hold data about you, the right to access that data, the right to have your data corrected or deleted, and the right to object to processing.

17.5 How to remove your data

The fastest way to have your data removed is via our dedicated removal page:

wpoptic.com/removal

You can also email [email protected] with the subject line “Data removal request”. Please include the website URL or business email you want removed so we can identify the correct record. We process removal requests within 30 days. Once removed, we add the relevant identifiers to our suppression list to ensure the data is not re-collected.

17.6 Customers of our datasets

When customers purchase a lead list or dataset, they become independent data controllers for the data they receive. Our terms of use require them to comply with applicable privacy laws (GDPR, CCPA, ePrivacy), to honour opt-out requests they receive directly, and not to re-sell or further distribute the data.