How does Zeppa process your personal data

In certain situations, Zeppa will encounter and use your personal data. This privacy statement describes the ways in which we collect this information, where we store it and for what purposes we use it. Additionally, you will find a description of your rights with regard to your data as well as a description of the way you can make use of these rights.

This privacy statement is subject to change, for example as a result of a change in the law. We therefore recommend to consult the statement from time to time.

Do you have any questions or comments? Please feel free to contact us.

Contact us


Zeppa collects personal data for several purposes:

1 – Contact

When contacting Zeppa by mail or telephone, we collect your data in order to be able to successfully carry out your assignment or request. However, we only collect information that is strictly necessary, such as your name, company name, e-mail address, telephone number and project description.

2 – Analytics on our website

The Zeppa website collects data using Google Analytics. This information is anonymous and not bound to your personal information. Your IP address is also masked. The data collected is not used for additional (commercial) google services. We do use this date to improve our website, for example by assessing the duration of your website visit or the pages that you visit frequently.

3 – Sending newsletters

Zeppa sends out newsletters via e-mail. These newsletters have both a commercial intent as well as a focus on sharing information. Your name and e-mail address are collected through the form on our Zeppa website. Sometimes we ask for a verbal agreement to sign you up for our newsletter.


The data received and processed by Zeppa are managed at the following companies:

1 – Microsoft

The e-mail from Zeppa is hosted on a Microsoft exchange server. Microsoft is based in the United States, but is certified by the EU-US Privacy Shield. If you contact us through forms or e-mail, those e-mails will be stored on Microsoft’s servers, which in our case are located in Austria, Finland, Ireland and the Netherlands.

2 – Oxilion

The website and back-ups of our website are hosted at Oxilion. Information is collected through our website and is stored on Oxilion’s servers in the Netherlands.

3 – Mailchimp

Our newsletters are sent with Mailchimp. This company is based in the United States, but is certified by the EU-US Privacy Shield. The moment you sign up for the newsletter, your name and e-mail address is automatically saved in the appropriate list within Mailchimp.


Zeppa stores your data for a longer period of time, but never longer than necessary for carrying out assignments.

Unless we have to keep your data longer because of a statutory regulation.

1 – Contacting

The moment you contact Zeppa through email, the data you include, such as name, company name, and e-mail address, will be stored on the mail server. Those mails are kept for up to three years.

2 – Analytics

The data that Analytics collects on our website is anonymous, so it is not linked to your name, company or e-mail address. This data is stored indefinitely within Google Analytics.

3 – Sending newsletters

Your name and e-mail address are stored in Mailchimp. The storage of your data is for an indefinite period of time. You can unsubscribe at any time via the link at the bottom of the newsletters.


Zeppa never makes physical copies of your personal data.

Your data is only managed in the earlier mentioned systems and software. Personal data that is managed by Zeppa or by the third parties can only be accessed through the above software and are protected by a password and where possible with two-step verification.

In case of two-step verification, a code is generated from the software and sent to Zeppa. We use this code during the log-in process.

The devices that contain your data are also locked with a password and / or fingerprint recognition. We limit the number of devices that have access to your data to only the strictly necessary devices.

In addition, your visit to our website is secured by an SSL certificate, which means that your connection to the Zeppa website is private. You recognize this security certificate by the green lock in front of the url. In addition, the domain of Zeppa has been signed with DNSSEC. This is an extra tool that makes the ‘signposting’ of the website safer and more familiar.


1 – Right of access

You have the right to request your data that are recorded and stored at Zeppa at all times. You can do this by sending an e-mail to or by contacting Zeppa by phone. You will then receive an overview of your data.

2 – Right to rectification

Are your data not correct or have your data been changed? You have the right to have this rectified by Zeppa. You can adjust your data about the newsletter yourself via the appropriate url at the bottom of every newsletter sent by e-mail.

3 – Right to transfer

If you need the data stored at Zeppa in case you switch to another party or service, then you have the right to transfer. Here Zeppa must transfer all your data to the other party.

4 – Right to data deletion

Do you no longer want your data to be stored with Zeppa? Then you have the right to have your data deleted.

5 – Right to submit a complaint

You have the right to submit a complaint to the Dutch Data Protection Authority if you feel that Zeppa does not handle your data correctly. This can be done via this link.

6 – Right to stop data use (objection)

Do not you want Zeppa to use your data? Then you have the right to stop using your personal data. The use of these rights can be done via with the sending of a copy of ID-proof whereby the passport photo, the numbers at the bottom of the passport, ID-proof number and BSN are made illegible. We strive to respond within a week.


Zeppa processes personal data on the basis of a commercial interest, namely the provision of services and products (design). Zeppa only collects the data that are strictly necessary for this purpose, such as your e-mail address or telephone number. If this information is not provided, Zeppa can not offer the requested services. Your data will never be sold to third parties.

If it is necessary to share data that you have shared with Zeppa with other parties (for example, to deliver printed matter to a printing company or a design to a web developer), then your permission will first be requested, provided that this has not been done before. In addition, we work with processing agreements to ensure that these parties also handle your data in the right way.

Zeppa reserves the right to disclose the information when legally required or when Zeppa deems it justified to comply with a legal request / process or to protect the rights, property or safety of Zeppa. It is always our aim to respect your right to privacy as much as possible.

V 1.1 / March 2019