Privacy Policy

Last updated: June 3, 2026

Welcome to the Privacy Policy of Sqrl, a trade name of Merkelijkheid B.V. (hereafter referred to as “Sqrl“, “we“, “us“, or “our“). We provide an Account-Based Marketing (ABM) Software-as-a-Service (SaaS) solution and pre-CRM platform through our website https://sqrl.nl/ (the “Service“).

We are committed to protecting your personal data and privacy in accordance with the General Data Protection Regulation (GDPR) and the Dutch Privacy Act (Algemene Verordening Gegevensbescherming – AVG). This Privacy Policy explains how we collect, use, share, and protect personal data when you visit our website, interact with our marketing, or buy and use our SaaS platform.

1. Identity and Contact Details of the Data Controller

For the processing activities described in this policy, Sqrl acts as the Data Controller:

  • Legal Entity Name: Merkelijkheid B.V. (trading under the name Sqrl)
  • Address: Suikersilo-West 8, 1165 MP, Halfweg, The Netherlands
  • Chamber of Commerce (KvK) Number: 71909885
  • Privacy Officer: Ties Morskate
  • Contact Email for Privacy Enquiries: ties at sqrl.nl

2. Scope: Our Dual Role (Controller vs. Processor)

It is important to distinguish between Sqrl’s role as a Data Controller and a Data Processor:

  • Sqrl as a Data Controller: We are the Controller for the data of our own website visitors, marketing leads, prospects we target for our own business, and the user account data (login details, names, business emails) of our SaaS subscribers. This Privacy Policy covers these activities.
  • Sqrl as a Data Processor: When our clients use our ABM platform, they might upload their own prospect lists and embed our tracking script on their own websites to monitor their visitors. In this context, our client is the Data Controller, and Sqrl is the Data Processor. We process that data solely on behalf of and according to the instructions of our clients, governed by a Data Processing Agreement (DPA / Verwerkersovereenkomst). If you are a visitor or prospect of one of our clients, please consult their respective privacy policies.

3. Personal Data We Collect, Purposes, and Legal Basis

We collect different types of data depending on how you interact with us.

A. Website Visitors & Inquiries

When you visit sqrl.nl, fill out a contact form, sign up for a demo, or interact with our website, we process your data.

  • Data collected: First name, last name, company name, business email address, IP address, and interaction data (pages visited, referral source).
  • Purposes: To respond to your requests, schedule product demos, send marketing communications, and manage user sign-ups.
  • Legal Basis: * Performance of a contract / Pre-contractual measures (Art. 6(1)(b) GDPR): Handling your specific request or demo sign-up.
    • Consent (Art. 6(1)(a) GDPR): For placing non-essential cookies, tracking pixels, or sending marketing newsletters.

B. Our Customers (SaaS Platform Users)

When you register an account to use the Sqrl SaaS platform, we process your data to maintain your account.

  • Data collected: First and last name, business email address, account login credentials, platform usage logs.
  • Purposes: To provide the platform functionality, grant access, monitor system performance, handle technical support, and ensure security.
  • Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR).

4. Cookies, Tracking Technologies, and B2B Identification

We use cookies and alternative online tracking scripts on sqrl.nl to optimize user experience, evaluate website traffic, and support our marketing.

  • Matomo Analytics: We use Matomo to gather analytics about website performance and visitor patterns. Depending on configuration, this data is either completely anonymized or processed based on your consent.
  • ProspectPro (B2B IP-Lookup): We use ProspectPro through our tracking script to identify corporate website visitors based on their company’s commercial IP addresses. This maps the public company data (e.g., KvK info, industry, corporate size) to the visit. It does not track or identify individual natural persons. The legal basis for processing company-level network data is our Legitimate Interest (Art. 6(1)(f) GDPR) in standard B2B lead generation.
  • Tracking Pixels & Fingerprinting (LinkedIn, Google, Reddit): With your explicit prior consent via our cookie banner, we use our proprietary tracking code and third-party pixels (LinkedIn Insight Tag, Google Tag, Reddit Pixel) alongside digital fingerprinting technologies. This allows us to map the customer journey, identify previous visits when a user subsequently submits a form, and deliver targeted advertising.

You can manage or withdraw your cookie and tracking consent at any time via the cookie settings on our website.

5. Data Sharing and Third-Party Tools (Sub-processors)

We do not sell your personal data. We only share your data with trusted service providers necessary to operate our business and deliver our SaaS solution:

  • Hosting Providers: Our application database and backups are securely hosted within the European Economic Area (EEA), primarily in the Netherlands, with secondary backups stored securely in Germany.
  • Email Delivery: We may use Brevo (an EEA-compliant provider) to manage and send transaction-related or marketing emails.
  • Advertising & Analytics Vendors: Google, LinkedIn, and Reddit (only if you consent to marketing tracking).

International Data Transfers

While our primary infrastructure is localized inside the EU/EEA, some third-party marketing tools (such as Google, LinkedIn, or Reddit) may transfer data to servers located in the United States. We ensure these transfers are lawful by relying on the EU-US Data Privacy Framework or standard contractual clauses (SCCs) approved by the European Commission.

6. Data Retention

We retain personal data no longer than necessary for the purposes for which it was collected:

  • Active SaaS Accounts: All data stored within a client account is kept indefinitely as long as the client’s subscription remains active.
  • Terminated Accounts: Upon termination of a SaaS subscription, all account data and related processed data are permanently and securely deleted within one (1) month.
  • Marketing & Form Leads: Data gathered via contact forms or marketing interactions is kept for as long as you actively engage with our communications, or until you object/unsubscribe.

7. Data Security

Under Article 32 of the GDPR, we implement appropriate technical and organizational security measures to protect your personal data against destruction, loss, alteration, or unauthorized disclosure. These measures include:

  • Full SSL/TLS encryption for all data in transit across our website and SaaS platform.
  • Encrypted server backups located across separate datacenters in the Netherlands and Germany.
  • Strict access controls for our personnel, ensuring only authorized employees handle your data.

8. Your GDPR Privacy Rights

Under the GDPR, you hold several rights regarding your personal data. You have the right to request:

  • Access: To view what personal data we hold about you.
  • Rectification: To correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): To have your data deleted, subject to legal retention obligations.
  • Restriction: To temporarily halt processing under certain conditions.
  • Data Portability: To receive your data in a structured, machine-readable format.
  • Objection: To object to our processing based on legitimate interests or direct marketing.
  • Withdrawal of Consent: To withdraw consent at any time for tracking, cookies, or newsletters.

To exercise any of these rights, please contact our Privacy Officer, Ties Morskate, at ties at sqrl.nl. We will respond to your request within one month.

If you believe we are processing your data unlawfully, you also have the right to lodge a formal complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): Website: https://www.autoriteitpersoonsgegevens.nl/

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our SaaS features, tracking methodologies, or legal requirements. The updated policy will be published on this page with a revised date.