Privacy & Cookies Policy

Your privacy is important to us. Learn how we collect, use, and protect your data.

Last updated: April 2026

Quick Navigation

Compliance & Your Rights

First Time Right ("we," "us," "our," or "Company") is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and all applicable EU data protection laws. This Privacy & Cookies Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at firsttimeright.net (the "Website") and related services.

As an EU-based company, we are legally required to:

  • Obtain your explicit consent before processing your personal data
  • Clearly inform you what we will do with your information
  • Store data only for limited, specified time periods
  • Use data only for the stated purpose (no marketing, profiling, or secondary uses without consent)
  • Delete all your data upon your request

Please read this Privacy & Cookies Policy carefully. By accessing and using the Website, you acknowledge that you have read and understood this policy. We will not process any personal data without your explicit consent.

Your Control: You have full control over your data. You can withdraw consent, request access, correct information, or request deletion at any time by contacting info@firsttimeright.net.

Data Collection, Purpose & Storage Duration

We only collect data that you explicitly provide. We will NOT process any data without your consent and will NOT use data for any purpose other than what is stated below.

1. Contact Form & Project Inquiry Data

What we collect: Name, email address, phone number, company name, message content

Why (Purpose): To respond to your inquiry and provide project quotes/information

How long we keep it: 30 days after final response. After this period, your data is automatically deleted unless you request otherwise.

Your consent: By submitting a contact form, you consent to us processing this data solely for responding to your inquiry.

What we DON'T do: We do NOT use this data for marketing, will NOT add you to mailing lists without explicit separate consent, and will NOT share it with third parties without your permission.

2. Email Newsletter Subscription

What we collect: Email address

Why (Purpose): To send you project updates and company information (only if you explicitly opt-in)

How long we keep it: Until you unsubscribe. You can unsubscribe at any time with a single click in any email.

Your consent: You must explicitly check a box and confirm your subscription (double opt-in). We will send a confirmation email.

What we DON'T do: We do NOT sell or share your email with third parties. We do NOT profile you or make automated decisions based on your subscription.

3. Website Analytics (Google Analytics)

What we collect: IP address, pages visited, time spent, device type, browser type, referral source

Why (Purpose): To understand how visitors use our website and improve user experience

How long we keep it: 13 months (Google's default). After this, analytics data is automatically deleted.

Your consent: You control this via cookie consent banner. Essential cookies cannot be disabled, but you can reject analytics tracking.

What we DON'T do: We do NOT use analytics data to profile you or create marketing lists. We anonymize and aggregate data.

4. Marketing Cookies & Retargeting

What we collect: Browsing behavior on our site

Why (Purpose): To show you relevant ads on other websites (only if you consent)

How long we keep it: 90 days maximum from your last visit

Your consent: OPTIONAL - YOU DECIDE. You must explicitly accept marketing cookies. We will never use them without your consent.

What we DON'T do: We respect "Do Not Track" signals. If your browser has DNT enabled, we will NOT set marketing cookies even if you initially consented.

Data Retention Summary:
- Contact form data: 30 days then deleted
- Newsletter: Until you unsubscribe
- Analytics: 13 months then deleted
- Marketing cookies: 90 days then deleted

All data is deleted upon your written request within 14 days.

Lawful Basis for Processing (Article 6 GDPR)

We only process your data based on one of these legal grounds:

  • Your Explicit Consent (Article 6(1)(a)): Contact forms, newsletter subscriptions, marketing cookies - all require you to say YES
  • Legitimate Interest (Article 6(1)(f)): Website analytics to improve user experience
  • Legal Obligation (Article 6(1)(c)): Compliance with tax and security laws

You can withdraw consent at any time without providing a reason or any penalty.

Cookies & Explicit Consent

What Are Cookies?

Cookies are small files stored on your device that enable websites to remember information about your visit. Under GDPR, we must obtain your explicit consent before storing cookies (except for essential cookies that are strictly necessary for the website to function).

Types of Cookies We Use

Essential Cookies (Always Active)

Required: Yes - We do not need your consent for these
Purpose: Keep the website functioning (navigation, login, security)
Can you refuse? No, the website will not work without these
Who sets them? First Time Right only

Analytics Cookies (You Choose)

Required: No - Optional, you must give explicit consent
Purpose: Understand how visitors use the website (Google Analytics)
Data collected: Pages visited, time spent, device type
How long: 13 months
Can you refuse? Yes, you can reject this at any time
Benefit to you: Helps us improve the website

Your consent status: You will see a cookie banner when you first visit. Choose "Accept Analytics" or "Reject Analytics"

Marketing Cookies (You Choose)

Required: No - Optional, you must give explicit consent
Purpose: Show you relevant ads on other websites (retargeting)
Data collected: Pages you visited on our site
How long: 90 days maximum
Can you refuse? Yes, and you should if you don't want ad targeting
Your choice: You will see a cookie banner. Choose "Accept Marketing" or "Reject Marketing"

Important: We NEVER use marketing cookies without your explicit consent

Cookie Preferences & Your Control

  1. On first visit: You will see a cookie consent banner explaining each type of cookie
  2. You choose: You can accept or reject each type of cookie independently
  3. Change your mind: You can change your cookie preferences at any time in the cookie settings
  4. Contact us: Email info@firsttimeright.net to request manual deletion of processed cookie data

Do Not Track (DNT)

We respect browser "Do Not Track" (DNT) signals. If you enable DNT in your browser:

  • We will NOT set marketing cookies
  • Essential cookies will still be used (to keep the site working)
  • Analytics cookies may be used, but in a more privacy-respecting way
Your Privacy Settings: You are in control. Visit our Cookie Settings page to review and change your preferences at any time. No cookies can be set without your consent.

Third-Party Services & Data Sharing

Service Providers

We share your information with third-party service providers who perform services on our behalf, including:

  • Analytics Providers: Google Analytics for understanding Website usage patterns
  • Email Service Providers: For sending newsletters and notifications
  • Hosting & Cloud Services: For Website infrastructure and data storage
  • Security & Compliance Tools: For protecting against fraud and ensuring legal compliance

All service providers are contractually obligated to use your information solely for the purposes we specify and to maintain the confidentiality and security of your data.

Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties for marketing purposes. However, we may disclose your information in the following circumstances:

  • With your explicit consent
  • To comply with legal or regulatory requirements
  • To enforce our Terms of Service and other agreements
  • To protect the security or integrity of the Website
  • In connection with a business transaction (e.g., merger, acquisition)

International Data Transfers

If your information is transferred to countries outside the EU/EEA, we implement appropriate safeguards in compliance with GDPR, including Standard Contractual Clauses.

Your Privacy Rights (GDPR Article 15-22)

Most Important: Right to Erasure (Right to be Forgotten)

You can request the deletion of ALL your personal data at any time, for any reason. We will delete all data within 30 days of your request. There are very limited exceptions (e.g., if we have a legal obligation to keep data).

How to request deletion: Email info@firsttimeright.net with subject "REQUEST DATA DELETION" and we will confirm delete all your information.

Your Full Rights as an EU Data Subject (GDPR)

1. Right of Access (Article 15)

You have the right to request and receive a copy of ALL personal data we hold about you. We will provide this in a clear, accessible format within 30 days of your request.

How: Email info@firsttimeright.net with subject "DATA ACCESS REQUEST"

2. Right to Rectification (Article 16)

If any of your personal data is inaccurate or incomplete, you can request that we correct it immediately.

How: Email info@firsttimeright.net with subject "DATA CORRECTION REQUEST" and specify what needs to be corrected

3. Right to Erasure - "Right to be Forgotten" (Article 17)

This is your strongest right. You can demand the deletion of your personal data. We must delete it within 30 days unless we have a legal reason to keep it.

When you can use this:

  • You withdraw your consent
  • Your data is no longer needed for the purpose collected
  • You object to the processing
  • The data was collected unlawfully
  • For any reason - you don't need to explain

Limitations: We may need to keep data if required by law (e.g., tax records for 10 years).

How: Email info@firsttimeright.net with subject "DELETE MY DATA" and we will confirm deletion within 30 days

4. Right to Restrict Processing (Article 18)

You can ask us to stop processing your data temporarily (e.g., while you contest its accuracy).

How: Email info@firsttimeright.net with subject "RESTRICT DATA PROCESSING"

5. Right to Data Portability (Article 20)

You can request your data in a machine-readable format (e.g., CSV) and transfer it to another service provider. We will provide this within 30 days.

How: Email info@firsttimeright.net with subject "DATA PORTABILITY REQUEST"

6. Right to Object (Article 21)

You can object to how we use your data (e.g., for analytics or marketing). We will stop processing unless we have a compelling legal reason.

How: Email info@firsttimeright.net with subject "OBJECT TO DATA PROCESSING"

7. Right to Withdraw Consent

If you consented to something (cookies, newsletters, contact forms), you can withdraw that consent at any time. It's as easy as clicking "unsubscribe" in an email or changing your cookie settings.

How: Use the unsubscribe link in emails, or email info@firsttimeright.net

8. Right to Lodge a Complaint

If you believe we have violated your privacy rights, you can file a complaint with your national data protection authority:

  • Netherlands: Autoriteit Persoonsgegevens (AP)
  • Other EU countries: Find your supervisory authority at EDPB website

How to Exercise Your Rights

To exercise ANY of these rights, contact us:

Email: info@firsttimeright.net
Subject Line: Clearly state your request (e.g., "DELETE MY DATA", "DATA ACCESS REQUEST")
Response Time: We will respond within 30 days (or 60 days for complex requests)
Verification: We may ask for identification to verify your request

No Penalty for Exercising Your Rights: You will NEVER be penalized, charged fees, or treated differently for exercising your data protection rights. We will never demand payment to delete data or fulfill your requests.

Contact Us & File a Complaint

Questions About Your Data?

If you have questions, concerns, or requests regarding this Privacy & Cookies Policy or our privacy practices, please contact us:

Email: info@firsttimeright.net
Website: www.firsttimeright.net
General Inquiries: info@firsttimeright.net
Response Time: Within 30 days for data requests, 14 days for other inquiries

Your Right to File a Complaint

If you believe we have violated your data protection rights, you have the right to file a formal complaint with your local data protection authority (supervisory authority). You do NOT need to contact us first.

For residents in the Netherlands:
Autoriteit Persoonsgegevens (AP)
www.autoriteitpersoonsgegevens.nl

For residents in other EU countries:
Find your supervisory authority at: European Data Protection Board (EDPB)

Important: Filing a complaint with a supervisory authority does not cost you anything and does not prevent you from seeking other remedies (such as civil court action).

Company Details & GDPR Compliance

About First Time Right (Data Controller)

Name: First Time Right
Location: Netherlands (EU)
Data Protection Officer / Privacy Contact: info@firsttimeright.net
Regulatory Framework: GDPR and Dutch Data Protection Laws

We are classified as a "Data Controller" under GDPR. This means we are responsible for how your data is processed and must ensure compliance with all GDPR requirements.

Data Processing Principles (GDPR Article 5)

We commit to these six principles:

  1. Lawfulness, Fairness & Transparency: We only process data with your consent, for stated purposes, and inform you clearly
  2. Purpose Limitation: Data is used ONLY for the purpose described to you. NO secondary use without new consent
  3. Data Minimization: We collect only the minimum data necessary for our purpose
  4. Accuracy: We keep data up-to-date and allow you to correct inaccurate information
  5. Storage Limitation: We delete data after the specified retention period expires
  6. Integrity & Confidentiality: We use encryption, secure servers, and strong access controls

Sub-Processors & Third Parties

We use the following approved sub-processors (service providers) who are bound by Data Processing Agreements:

  • Google Analytics: Website analytics (via cookie, which you can refuse)
  • Email service provider: For newsletter delivery (only if you subscribed)
  • Web hosting provider: For server infrastructure

Important: All sub-processors are contractually required to protect your data and can ONLY use it for the service they provide. We perform regular audits to ensure compliance.

Children's Privacy

Our website is not directed to children under 16 years old (or the applicable age in your country). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

Parents/Guardians: If you believe we have processed a child's data without parental consent, please contact us immediately at info@firsttimeright.net.

Data Security & Breach Notification

We implement industry-standard security measures:

  • SSL/TLS encryption for all data transmission
  • Secure server infrastructure with firewalls
  • Access controls and multi-factor authentication
  • Regular security audits and penetration testing
  • Employee data protection training

If a data breach occurs: We will notify you within 72 hours as required by GDPR Article 33, explaining what happened and what steps we're taking to protect you.

Third-Party Links

Our website may contain links to third-party websites and social media. We are NOT responsible for their privacy practices. We urge you to review their privacy policies before providing personal information.

Automated Decision-Making & Profiling

We do NOT use automated decision-making or profiling. We will never:

  • Score or rank you based on your data
  • Make significant decisions about you using only automated means
  • Create detailed profiles about your behavior or interests

We treat you as an individual, not an algorithm.

Policy Updates & Your Notification Rights

We may update this Privacy & Cookies Policy periodically. When we make changes, we will:

  • Post the updated policy on this page
  • Update the "Last Updated" date at the top
  • If changes are significant, notify you via email (if you have an account with us)

Continued use of the website after updates = acceptance of the new policy. If you disagree with changes, you can contact us to delete your data.