Last updated: 31 May 2026
This Privacy Policy explains how YouthCommerce (“PhiFlow”, “we”, “us”) collects and uses personal data when you visit our website, request a demo, or contact us. PhiFlow is a brand operated by YouthCommerce.
This policy covers our website only. Personal data processed inside the PhiFlow platform on behalf of our clinic customers is governed by a separate document, the PhiFlow Platform Privacy Policy, and by the data processing agreement we conclude with each clinic.
1. Who we are (controller)
For the processing described in this policy, the data controller is:
- YouthCommerce (operating the PhiFlow brand)
- Breukelaarweg 4, 7051 DX Varsseveld, The Netherlands
- Chamber of Commerce (KvK): 75504014
- Privacy contact: [email protected]
Data Protection Officer / privacy contact: Owen Ebbers — [email protected]
2. What personal data we collect
We only collect data you provide or that is generated automatically when you use the website.
a. Contact and demo requests. When you fill in a form or email us: your name, business email, phone number (optional), clinic/company name, and the content of your message.
b. Technical and usage data. Our servers automatically log technical information on each request: IP address, browser type and version, operating system, referring page, pages viewed, and timestamps.
c. Cookies and analytics. See Section 5.
We do not intentionally collect special categories of data (such as health data) through this website. Please do not submit such information in free-text fields.
3. Why we use your data and on what legal basis
| Purpose | Personal data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Responding to your contact or demo request | Contact form data | Art. 6(1)(b) — pre-contractual steps / Art. 6(1)(f) — legitimate interest |
| Operating, securing and improving the website | Technical / log data | Art. 6(1)(f) — legitimate interest in security and a functioning site |
| Analytics and measuring website performance | Cookie / analytics data | Art. 6(1)(f) — legitimate interest in privacy-oriented website analytics |
| Complying with legal obligations | As applicable | Art. 6(1)(c) — legal obligation |
Where we rely on legitimate interest, we have weighed our interest against your rights and limited the processing accordingly. You can object to this processing at any time (see Section 8).
4. Who we share data with
We share personal data only with:
- Service providers (processors) who help us run the website and our outreach, such as our hosting provider and analytics providers. They process data only on our instructions under a data processing agreement.
- Public authorities, where we are legally required to do so.
A current overview of our key service providers:
| Provider | Purpose | Location |
|---|---|---|
| Hostinger International Ltd. | Website / database hosting and transactional email | Germany (Frankfurt) — EEA |
| Analytics & customer-data providers | Website / product analytics | United States |
We do not sell your personal data.
5. Cookies and similar technologies
We use cookies and similar technologies (including browser local storage) to operate the website and to measure how it is used.
- Essential cookies and storage are required for the site to function and are set automatically.
- Analytics. We use third-party analytics services, which set first-party identifiers (such as an anonymous ID) in your browser to recognise returning visitors and measure website usage. We do not use these tools for advertising.
You can block or delete cookies and clear local storage through your browser settings, and most browsers let you signal a “Do Not Track” preference. If you would like us to delete the analytics data associated with you, contact us using the details in Section 1.
6. International transfers
We aim to keep personal data within the European Economic Area (EEA). Some of our analytics providers process data in the United States. For these transfers we rely on an appropriate transfer mechanism, such as the European Commission’s Standard Contractual Clauses and/or the provider’s certification under the EU–US Data Privacy Framework. You can request more information using the contact details in Section 1.
7. How long we keep your data
| Data | Retention period |
|---|---|
| Contact / demo request data | Up to 24 months after our last contact |
| Server logs | Up to 12 months |
| Analytics data | Per analytics tool configuration |
After these periods we delete or anonymise the data, unless we are legally required to retain it longer.
8. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- rectify inaccurate or incomplete data;
- erase your data (“right to be forgotten”);
- restrict or object to processing;
- data portability — receive your data in a structured, machine-readable format;
- withdraw consent at any time, without affecting processing that already took place.
To exercise any of these rights, contact us at [email protected]. We will respond within one month.
You also have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or the authority in your country of residence.
9. Security
We take appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and regular review of our security practices. No method of transmission over the internet is fully secure, but we work to protect your data against unauthorised access, loss or misuse.
10. Automated decision-making
We do not make decisions about website visitors based solely on automated processing that produce legal or similarly significant effects.
11. Changes to this policy
We may update this policy from time to time. The “Last updated” date reflects the latest version. For substantive changes — for example a change in purpose or in how you can exercise your rights — we will provide notice where required.
12. Contact
Questions about this policy or about your personal data? Contact us at [email protected] or write to YouthCommerce, Breukelaarweg 4, 7051 DX Varsseveld, The Netherlands.