Privacy Policy

At Prostrive BV, we are committed to ensuring the privacy, confidentiality, and security of all personal and project-related data we process. Our aim is to protect the confidentiality (unauthorized disclosure), integrity (unauthorized or accidental alteration), and availability (access when needed) of information to support business continuity, client trust, and compliance with applicable data protection laws.

This policy applies to all personal data we process in the course of delivering software development and outstaffing services, and to all employees, contractors, and service providers working on behalf of Prostrive BV.

We may collect and process the following types of personal data:

• Full name, email, and contact details • Company affiliation and job role • Technical usage data (e.g., IP address, browser type, device) • Any personal or project data submitted to us during client collaboration or service delivery

We use your data to:

• Fulfill service agreements or respond to inquiries • Manage projects and client relationships • Ensure secure access to tools and systems • Comply with legal and regulatory obligations • Improve service performance and security

• Management Oversight: This policy is reviewed and approved by senior management. • Information Security Manager: Responsible for day-to-day oversight, legal compliance (including GDPR), and continuous security improvement. • Employees & Providers: Everyone has a duty to protect the information and digital assets in their care. Any suspected data breach must be reported immediately. • Non-compliance: Failure to follow security protocols may result in disciplinary action or termination of engagement.

We may share your personal data with trusted third parties (e.g., infrastructure providers or project management tools) under strict contractual obligations, including:

• Use of Data Processing Agreements (DPAs) • Standard Contractual Clauses (SCCs) for transfers outside the EEA • Technical and organizational safeguards to maintain data protection

We comply with all applicable laws, including the EU General Data Protection Regulation (GDPR), and regularly review legal and regulatory updates that may impact data handling.

Personal data is retained only for as long as necessary to fulfill the purpose it was collected for, or as required by law or contractual obligations.

Under GDPR, you have the right to:

• Access and receive a copy of your data • Request correction or deletion • Restrict or object to processing • Withdraw consent at any time • File a complaint with the Dutch Data Protection Authority

A business continuity plan is in place and is regularly reviewed and tested.

This policy is reviewed periodically to ensure relevance, effectiveness, and legal compliance. Improvements are continuously implemented through our Information Security Management System (ISMS).