Privacy Policy


Last changed on 25 August 2022

This document explains:

  1. What kind of data may be collected when you using my services (detailed below),
  2. How this data is used, where I store it, and how I protect it,
  3. Your rights concerning this data.

If you have any questions, you can contact me at privacy [at]


1.1          I am Story Specialist, which is a company owned by Rémy van den Wijngaart, located in the Netherlands, that falls under European Union data protection legislation. You can contact me via email at privacy [at]


2.1          This Privacy Policy applies to: all my websites, email and telephone communication, and the services I provide to my clients. (Hereafter referred to as the term “services”)

2.2          Specifically, this Privacy Policy governs personal data (or, as called in the United States, “personally identifiable information”) and non-personal data (or, as in the United States, “non-personally identifiable information”), which I collect from you when you use my services.

2.3          I care about your right to privacy and will only process personal data in accordance with applicable legislation in the EU and other countries.


3.1          When you use my services, I may collect the following data if relevant (usage is described later in this document):

  1. Your name and surname,
  2. Your email address,
  3. Your telephone number,
  4. Your address,
  5. Your IP address,
  6. Technical website data (such as which browser you use),
  7. Social media data (governed by the privacy policies of said social media platforms),
  8. Your financial data and/or banking information (in case you are an actual client),
  9. Your VAT ID and Chamber of Commerce ID (in case you are an actual client),
  10. Any other data you supply.

3.2          I may also collect minimal data about you via cookies, because that’s how the internet works. Find out about my cookie policy for here:


4.1          I may collect data about you in the following ways:

  1. You supply it via my services,
  2. You supply it via contacting me,
  3. You supply it by visiting my website(s) or social media channels (this data is collected automatically by said social media channels and fall under their privacy policy),
  4. You supply it on a publicly accessible source (such as your own website).


5.1          When I process personal data about you, I do so to provide my services, to meet legal obligations (e.g. do my taxes), or for other cases described in the section “How I use your data”.

5.2          When I transfer your data outside the European Economic Area, I do so on the basis of a variety of legal mechanisms, as described in “Trusted Partners” (or their respective privacy policies).


6.1          Your data may be used for the following purposes:

  1. To carry out my obligations arising from any agreements between you and me,
  2. To provide you with products or services that you request from me,
  3. To make my website(s) function properly,
  4. For tax, legal, and accounting purposes,
  5. For the accountability purposes as defined by EU legislation (GDPR),
  6. To be able to contact you.

6.2          Automated decision making is the process of making decisions regarding data by computer programs or systems that impact you without the involvement of a human being. I do not use automated decision making in my services.


7.1          The data I collect from you is stored in several secured locations, including my personal computer, on-site back-up storage, or with Trusted Partners as described below. I take great care in protecting your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. I will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy. Measures include encryption, two-factor authentication, etc. Additional security measures, such as communication via encrypted channels, are possible upon request. Feel free to contact me at privacy [at] for more detailed information (see also section 12 on your rights).

7.2          I will retain your personal data for as long as you are a client or as needed in order to fulfill the purposes outlined in this Privacy Policy. When I no longer need your personal data, I will delete it. Additional information:

  1. I will retain your financial data for tax, legal, or accounting purposes as long as is required by law (currently up to 7 years).
  2. I will retain your contact information indefinitely unless you object (simply put: your email address will be in my address book for possible future contact) or for as long as you are my client.
  3. My web hosting provider will retain logs (which include your IP address) for 1 month. See Trusted Partners for more information.


8.1          Please remember that any communications you have with me may reveal details about you. Also, any data you post publicly (e.g. on social media channels or your own website) will be publicly available to me and others. I am not responsible for your use of personal data which you choose to give or make available to third parties.


9.1          My services may, from time to time, contain links to and from the websites or services of third parties. My Privacy Policy does not extend to these external sites or companies, so please refer directly to their respective privacy policies.


10.1        I may share your data with the following Trusted Partners, who help deliver my services and functionalities to you. Please rest assured that I always provide these partners with the minimum data necessary for them to achieve the purpose of their cooperation with me. They may have access to limited data about you and process it on my behalf for only the purposes set out below (they are formally called “Data Processors”):

  1. VDX Hosting – the provider of my website and email services;
  2. SpiderOak Inc. – a zero-knowledge, encrypted online storage provider; their servers are located in the United States; SpiderOak itself has no way of accessing what I store on their servers;
  3. Google Inc. – where I store my contact information;
  4. Professional advisors who assist with legal, tax, audit, or accounting matters (e.g. my accountant); they have access to my financial administration.

10.2        When required by law, I may also share your data with the police or other government authorities (including your IP address and details of suspected unlawful or fraudulent activity).

10.3        Your data may be processed, stored, and transferred to countries outside your country of residence and beyond the European Economic Area (EEA), such as the United States (in the case of SpiderOak and Google). Privacy laws in these countries may not offer the same level of protection as in your country or in the EEA. But whenever I share your personal data outside the EEA, I will do so on the basis of EU standard contractual clauses or the Privacy Shield Framework, which are lawful measures to transfer your data and establish adequate protection of your personal data.


11.1        Please be aware that I am subject to various laws and may be required to release personal data to comply with law enforcement and other legal requirements.

11.2        In the unlikely event of a reorganization or merger of Story Specialist, I may transfer personal data to an involved third party who will protect to at least the same level as I do in this privacy policy.


12.1        You have the right to object to the processing of your personal data in certain situations at any time. You can do so by contacting me on the email address: privacy [at]

12.2        You have the following additional rights:

  • You have the right to access data held about you;
  • You may contact me to request that I delete your personal data from my system;
  • You may ask me to rectify/correct your personal data, if appropriate;
  • You may ask me to restrict the processing of your data;
  • You have the right to transfer your data to another entity;
  • You have the right to file a complaint with a data protection authority;
  • You can exercise these rights by contacting me at privacy [at];
  • Please note that I cannot delete personal data if it prohibited by law.

12.3        In case of any concerns or questions about your privacy, please do contact me at: privacy [at] If, however, you feel I have not satisfactorily dealt with your concern, you can report it to your local data protection authority or the Dutch regulator – the “Autoriteit Persoonsgegevens” in the Netherlands.

12.4        If you object to anything stated in this Privacy Policy, you unfortunately cannot use my services.


13.1        I may change this privacy policy if I deem it necessary, such as for legal reasons or to reflect changes in my services. If I do so, I will make the altered Privacy Policy available online and update the “Last Updated” date.

13.2        Once I change the Privacy Policy, it will become legally binding on you 30 days after I post it online. During that period, you are welcome to contact me if you have specific questions about the changes.