Legal

Privacy Policy

Version June 2026 — effective 11 June 2026

Jenny Bhasin attaches great importance to the protection of your privacy and personal data. This privacy policy explains which data we process, why, on what legal basis and what rights you have. This policy applies to the website jennybhasin.com and all activities associated with it.

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Jenny Bhasin

KvK (Chamber of Commerce): 42078298

Website: jennybhasin.com

Email: info@jennybhasin.com

Country: Netherlands

2. What personal data do we process and why?

2.1 Contact form

When you fill in the contact form on our website, we process the following data:

  • First and last name
  • Email address
  • The content of your message

Purpose: responding to your question, enquiry or collaboration proposal.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR). Responding to a message you submitted is necessary for our business operations and is proportionate to your reasonable expectation of receiving a reply.

2.2 Server logs (automatic data)

When you visit our website, our hosting provider (Vercel, Inc.) automatically records technical data, including:

  • IP address
  • Date and time of visit
  • Browser type and operating system
  • Pages visited

Purpose: technical operation and security of the website.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

2.3 Google Fonts

This website uses fonts provided by Google Fonts. When you visit our website, your IP address is automatically transmitted to Google LLC servers in the United States, solely for the purpose of loading the fonts. We do not store this data ourselves.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

3. Retention periods

  • Contact form messages: a maximum of 1 year after the last contact or after the enquiry has been resolved.
  • Server logs:a maximum of 30 days in accordance with Vercel's policy, unless longer retention is required for security investigations.
  • Google Fonts: no storage by us; the IP address is processed per request by Google.

4. Sharing data with third parties

We only share your personal data with third parties to the extent necessary for the provision of our services. The parties we work with are:

Partij / PartyRol / RoleLand / CountryGrondslag / Basis
Resend, Inc.Email delivery serviceUSData processing agreement + SCCs
Vercel, Inc.Hosting providerUSData processing agreement + SCCs
Google LLCGoogle FontsUSSCCs (legitimate interests)

We never sell your personal data to third parties and do not provide it to other parties without your explicit consent, unless we are legally obliged to do so (e.g. at the request of a competent authority).

5. Transfers outside the EEA

Resend, Vercel and Google are based in the United States, a country outside the European Economic Area (EEA). The transfer of personal data to these countries takes place on the basis of Standard Contractual Clauses (SCCs) established by the European Commission, which ensure an adequate level of protection for your data in accordance with the GDPR.

6. Your rights as a data subject

Under the GDPR, you have the following rights regarding your personal data. You can exercise them by contacting us at info@jennybhasin.com. We will respond to your request within four weeks.

  • Right of access: you have the right to know which personal data we process about you and to receive a copy (Art. 15 GDPR).
  • Right to rectification: you can have incorrect or incomplete data corrected (Art. 16 GDPR).
  • Right to erasure ("right to be forgotten"): you can request that we delete your data, unless we have a legal obligation to retain it (Art. 17 GDPR).
  • Right to restriction of processing: you can request that we temporarily restrict the processing of your data (Art. 18 GDPR).
  • Right to data portability: you have the right to receive your data in a structured, commonly used and machine-readable format (Art. 20 GDPR).
  • Right to object: you can object to the processing of your data on the basis of our legitimate interests (Art. 21 GDPR).

We may ask you to verify your identity before processing your request, to prevent data from being disclosed to the wrong person.

7. Filing a complaint with the supervisory authority

If you believe that we are not processing your personal data correctly, you have the right to file a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens

Website: autoriteitpersoonsgegevens.nl

Phone: +31 88 – 1805 250

8. Security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, unwanted disclosure and unauthorised modification. Our website is secured with HTTPS encryption (TLS). Access to contact messages is restricted to the data controller only.

9. Cookies

This website does not place third-party tracking cookies and does not use analytical cookies (such as Google Analytics or similar services). The website may use technically necessary cookies required for the proper functioning of the site; these cookies do not store personally identifiable information.

10. Automated decision-making

We do not use automated decision-making or profiling based on your personal data.

11. Changes to this privacy policy

We may periodically update this privacy policy, for example due to changes in our services or new legislation. The most current version is always available on this page. In the event of material changes that affect the way we process your data, we will announce this on our website.

Date of last update: June 2026

Back to home