— privacy
Privacy policy
We value your privacy. This policy explains what personal data we process, why, for how long, and what rights you have under GDPR.
Data controller
Villa Aurelia, Bosruiterweg 25, 3897 LV Zeewolde. Privacy questions: info@aurelia-zeewolde.nl.
What data we process
Name, email, phone, address, language preference, booking details (dates, villa, price), payment status, marketing preferences, audit log of your own actions (login, changes, export requests).
Legal basis
Bookings are processed on the basis of contract performance (Art. 6(1)(b) GDPR). Marketing emails only with your explicit consent (Art. 6(1)(a)). Retention periods for financial records based on legal obligation (Art. 6(1)(c), Dutch Tax Act).
Retention periods
Booking and invoice data: 7 years (Dutch Tax). Account after deletion: personal data anonymized within 30 days. Audit log: 12 months. Marketing consent: until withdrawn.
Your rights
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), objection (Art. 21) and data portability (Art. 20). Exercise these via your account or by emailing info@aurelia-zeewolde.nl.
Processors
We share only the minimum necessary with trusted processors within the EU.
- Mollie B.V. — Betalingsverwerking (NL)
- SMTP-provider — Verzending van transactionele e-mails (EU)
- Hosting — Servers & database (EU)
Cookies
We use only an essential session cookie (NextAuth) to keep you logged in. No tracking or marketing cookies. See also /cookies.
Complaints
You have the right to file a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).
Version: privacy-2026-04-28