๐Ÿ“AmsterdamThingsToDo

Page

Privacy Policy

Updated: 17 March 2026

Last updated: March 2026

AmsterdamThingsToDo.nl ("the Site") is published by Prebo Digital, a performance marketing agency registered in Johannesburg, South Africa. This privacy policy explains what personal data we collect, why we collect it, how we use it, and what rights you have.

We comply with the European General Data Protection Regulation (GDPR), the Dutch GDPR Implementation Act (Uitvoeringswet AVG), and South Africa's Protection of Personal Information Act (POPIA).

Who is responsible for your data

The data controller for this Site is: editor@amsterdamthingstodo.nl

For any questions about this policy or to exercise your privacy rights, contact us at the email address above.

What personal data we collect

Data you provide directly: If you contact us by email, we collect your name and email address for the purpose of responding to your enquiry. We do not require you to create an account or submit any personal data to use this Site.

Data collected automatically: When you visit the Site, we may collect technical data through cookies and similar technologies, including your IP address, browser type, device type, operating system, referring URL, pages visited, time spent on pages, and approximate geographic location derived from your IP address.

We do not collect: financial information, government-issued identification numbers, health information, biometric data, or any special categories of personal data as defined under GDPR Article 9 or POPIA.

Why we collect data and our legal basis

We process personal data for the following purposes:

Website analytics โ€” to understand how visitors use the Site and improve our content. Legal basis: legitimate interest (GDPR Article 6(1)(f)) or your consent where required by the Dutch Telecommunications Act for non-essential cookies.

Responding to enquiries โ€” when you email us, we use your contact details to reply. Legal basis: legitimate interest or performance of a pre-contractual step at your request (GDPR Article 6(1)(b)).

Affiliate link tracking โ€” when you click a TripAdvisor affiliate link, our affiliate partner CJ Affiliate may place a cookie to attribute the referral. Legal basis: your consent via our cookie banner.

Cookies and tracking technologies

We use the following categories of cookies:

Strictly necessary cookies: These are required for the Site to function and cannot be switched off. They include session cookies and security cookies. No consent is required for these.

Analytics cookies: We use analytics tools to measure Site traffic and understand which content is most useful to visitors. These cookies are only placed after you give consent via our cookie banner.

Affiliate and advertising cookies: When you click an affiliate link to TripAdvisor, CJ Affiliate may place a tracking cookie to record that you were referred from our Site. This cookie is used solely for commission attribution and is placed only after you give consent or upon clicking the affiliate link.

You can withdraw cookie consent at any time by clearing your browser cookies or adjusting your preferences via our cookie settings. Most browsers also allow you to block or delete cookies through their settings.

Third parties we share data with

We may share limited personal data with the following categories of third parties:

Analytics providers โ€” to process website usage data on our behalf. These providers act as data processors under GDPR and are contractually required to protect your data.

CJ Affiliate (Conversant LLC) โ€” our affiliate network partner. When you click an affiliate link, CJ may process your IP address and browser information to track the referral. CJ Affiliate is based in the United States and participates in the EU-US Data Privacy Framework.

Hosting provider (Xneelo) โ€” our web hosting provider stores server logs that may contain IP addresses. Xneelo is based in South Africa.

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

International data transfers

Our Site is hosted in South Africa and may use service providers based in the United States and other countries outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

โ€” Standard Contractual Clauses (SCCs) approved by the European Commission, or
โ€” Transfers to countries or organisations covered by an adequacy decision, or
โ€” The EU-US Data Privacy Framework for US-based providers that have certified under the framework.

Under POPIA, we ensure that any cross-border transfer of personal data from South Africa is to a country with adequate data protection or is subject to a binding agreement that provides sufficient safeguards.

How long we keep your data

We retain personal data only as long as necessary for the purpose it was collected:

โ€” Email correspondence: retained for up to 12 months after the last communication, then deleted.
โ€” Analytics data: aggregated and anonymised within 26 months. Raw data containing IP addresses is deleted or anonymised within 14 months.
โ€” Server logs: retained for up to 90 days for security and troubleshooting purposes.

Your rights

Depending on your location, you have the following rights regarding your personal data:

Under GDPR (if you are in the EU/EEA or Netherlands):

โ€” Right of access โ€” you can request a copy of your personal data.
โ€” Right to rectification โ€” you can request correction of inaccurate data.
โ€” Right to erasure โ€” you can request deletion of your data where there is no compelling reason for continued processing.
โ€” Right to restrict processing โ€” you can request that we limit how we use your data.
โ€” Right to data portability โ€” you can request your data in a structured, machine-readable format.
โ€” Right to object โ€” you can object to processing based on legitimate interest, including profiling.
โ€” Right to withdraw consent โ€” where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Under POPIA (if you are in South Africa):

โ€” Right to be notified of the collection of personal information.
โ€” Right to request access to your personal information.
โ€” Right to request correction or deletion of your personal information.
โ€” Right to object to the processing of your personal information.
โ€” Right to submit a complaint to the Information Regulator.

To exercise any of these rights, email us at editor@amsterdamthingstodo.nl. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Children's privacy

This Site is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption for data in transit, access controls, and regular security reviews.

Changes to this policy

We may update this privacy policy from time to time. The "last updated" date at the top of this page indicates when the latest revision was made. We encourage you to review this page periodically. Continued use of the Site after changes are posted constitutes acceptance of the revised policy.

Contact

For any privacy-related questions or requests:
editor@amsterdamthingstodo.nl