This Privacy Policy describes the manner in which Puzzel.org collects, uses, maintains, discloses and otherwise processes personal data collected from its customers and website visitors (each, a 'User'). Puzzel.org is the 'controller' of the Users’ personal data, as defined in the European General Data Protection Regulation ('GDPR').

Users who have signed up for an account on our website ('Site') can create content on the Site, which content can be accessed and used by the Users’ participants ('Participants'). With regard to the personal data of the Participants, Puzzel.org is regarded as 'processor' as defined in the GDPR. Puzzel.org’ terms and conditions cover the processing by Puzzel.org of the Participants’ personal data.

What personal data do we collect?

We collect and use the following personal data about our Users:

  • First name (obligatory)
  • Your email address (obligatory)
  • Your password (obligatory, however we hash your password so that it is not legible for us or anyone else)
  • Payment information (transactions in case of paid subscriptions)
  • Preferred language
  • Your User data, including the activities in your account and the content you have created
  • Your correspondence with us

Are you obliged to provide certain personal data?

Yes, we require the obligatory personal data set out above to be able to conclude and perform the agreement with you and to fulfil our legal obligations for administration and tax purposes. If you do not provide this personal data, we cannot conclude the agreement with you.

What do we use the collected personal data for?

We use the personal data for the following purposes:

  • To enable you to sign up for, and maintain an account (first name, email address)
  • To enable you to see your account activities and the content you have created
  • To secure your account (password)
  • To process your order and payments
  • For administration and tax purposes
  • To be able to communicate with you and provide support
  • To know more about our website visitors and to improve the user friendliness of our website (we only use functional cookies and analytical cookies for which no consent is required)

On what legal grounds do we use your personal data?

We use your personal data to be able to conclude and perform the agreement we have with you, to fulfil our legal obligations and for our legitimate interests. These legitimate interests are set out in this Privacy Policy.

With whom do we share your personal data?

We do not sell, trade, or rent your personal data to others.

We use third party service providers to help us operate the services:

  • We use an internet service provider to host the Site and our email functionality
  • We use a mailing service provider to send mailings by email
  • We use an authentication provider to create, store and manage your account authentication
  • We use payment service providers to process customers’ payments (payment providers used by customers through their own account with such payment provider, are not our service providers)
  • We use a service provider for analyzing our customers’ use of the Service

Incidentally, we may be obliged pursuant to a legal obligations, to share certain personal data with government authorities or third parties.

Are your data transferred to outside the EEA?

Yes, we transfer your data to outside the European Economic Area (‘EEA’).

Our mail service, payment service and authentication provider are located in the United States of America. We ensure the protection of your personal data by adhering to the EU-U.S. Data Privacy Framework, which has been recognized by the European Commission as providing adequate protection for personal data transferred from the EU to the U.S. This framework ensures that your personal data is treated with a level of protection consistent with European standards. For more information, please visit the official EU-U.S. Data Privacy Framework website.

Our internet service provider is located in the Netherlands. If you want more information or documentation about the appropriate safeguards for transfer, please contact using the contact details at the end of this Privacy Policy.

If you are yourself located outside the EEA, when accessing and receiving your own personal data, it will be transferred to you for the purpose of concluding and performing the agreement we have with you or your company. 

How long do we store your personal data?

We store the personal data in your account as long as you have registered an account with us. The personal data in our financial administration is stored during a maximum term of 7 years. Our correspondence with you is stored during a maximum term of 7 years.

Incidentally, we may have to store your personal data for longer periods, for example if this is necessary in relation to legal proceedings involving you, or a legal obligation imposed on us. 

What rights do you have?

Pursuant to the GDPR, you have the following rights with regard to your personal data:

  • To ask for access and a copy of your personal data;
  • To receive information about the manner in which we process your personal data;
  • To have incorrect personal data corrected;
  • To have incomplete personal data completed, taking into account the purposes for which they were collected and/or used;
  • Under certain conditions to have your personal data deleted;
  • Under certain conditions to have your personal data restricted;
  • Under certain conditions to object to certain use of your personal data;
  • If you have given consent, to revoke your consent, without affecting the lawfulness of the earlier processing based on your consent;
  • If you have provided or created the personal data yourself and the processing is based on your consent or for the conclusion and/or performance of the agreement with you, and the personal data are processed by automated means: to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
  • To lodge a complaint with the competent data protection authority.

We may in some cases be entitled to refuse to comply with your request. We will then inform you of the reasons for the refusal. We will not be able to perform the agreement with you if we no longer have the obligatory personal data about you, which we will notify you of as well.

If you have questions, requests or complaints about your personal data, please use the contact details below. 

How to contact us

If you have any questions, requests or complaints about this Privacy Policy or your personal data, please contact us at:

Puzzel.org (Puzzel.org)
Sneekermeer 13
3825 XT Amersfoort 
The Netherlands

Changes to this Privacy Policy

  • 27-02-2024: Remove Privacy Shield reference, replace with EU-U.S. Data Privacy Framework

This document was last updated on the 27th of February 2024.

We reserve the right to update this privacy policy. We will notify you of important changes to the Privacy Policy by sending you a notification through the Site.