Book a call

Privacy policy

How DR Administraties handles your personal data and your privacy rights.

Last updated: 17-03-2026

1. About this privacy policy

At DR Administraties B.V., we attach great importance to protecting personal data. In this privacy policy, we explain clearly which personal data we process, why we do this, how long we keep data, who we share data with, and which rights you have.

We process personal data carefully and in accordance with the General Data Protection Regulation (GDPR), Dutch implementation rules and other applicable legislation. We only process data that is needed, apply appropriate security measures, and use personal data only for clear and legitimate purposes.

What you can expect from us
  • We only use personal data for clearly defined purposes.
  • We do not process more data than necessary for service delivery, legal obligations, or legitimate business operations.
  • We protect personal data with suitable technical and organizational safeguards.
  • We do not sell personal data to third parties.
  • We respect your privacy rights and assist with access, correction or deletion requests where legally possible.
Who this policy applies to

This policy applies to website visitors, people who contact us, leads and prospects, clients, representatives of business clients, individuals for whom we provide tax services, and other persons whose personal data we receive in the context of our services.

For data we process exclusively on behalf of a client, for example in payroll administration or in processing staff or tax data of that client, DR Administraties may act as processor rather than controller. In that case, the client generally determines the purpose of processing.

2. Who we are and how to contact us

DR Administraties B.V. is responsible for processing personal data as described in this policy, insofar as we act as data controller.

Company details
  • DR Administraties B.V.
  • Chamber of Commerce: 90308476
  • Address: Albrechtkolk 45B01, 3025 HB Rotterdam
  • Email: info@dradministraties.nl
  • Phone: +31 6 1901 0257
  • Website: dradministraties.nl
Role of DR Administraties

For our own website, quotations, client communication, invoicing and relationship management, we generally act as controller.

Where we process personal data within a client accounting or payroll file, the client may be the controller and DR Administraties the processor. In such cases, we process personal data only according to agreements with that client and, where required, a data processing agreement.

3. Which personal data we process

We process personal data that you provide to us, that we receive while delivering services, or that is processed automatically when you visit our website. The exact data depends on the nature of your contact with us or the service you use.

Data from website visitors, leads and contacts
  • First and last name
  • Email address
  • Phone number
  • Company name and business type
  • Subject and content of your message
  • Appointment details when planning a call via our website
  • IP address, browser data, cookie preferences and technical website data
Data from business clients
  • Company name
  • Chamber of Commerce number
  • VAT number
  • Name of contact person or owner
  • Business address details
  • Email address and phone number
  • Bank account number
  • Invoice and payment data
  • Financial administration data required for bookkeeping, reporting and tax returns
Data from private clients and natural persons
  • First and last name
  • Date of birth
  • Address details
  • Email address and phone number
  • Bank account number
  • Citizen service number (BSN), only where required for tax or payroll-related services
  • Data needed for returns, advice, or other tax obligations
Additional data in specific services

In payroll administration, DGA payroll, or support with employer obligations, we may process additional personnel and payroll data such as personal details, BSN, date of birth, salary details, contract data, time/leave data, and information required for wage tax.

In expat and international tax services, we may process additional data needed for tax filings, migration-year returns, M-forms, international tax assessment or communication with competent authorities.

4. Why we process personal data and legal basis

We only process personal data when a valid legal basis applies. In most cases this is because processing is necessary for contract performance, legal obligations, legitimate interests, or because you provided consent.

Processing purposes

We process personal data, among other things, to:

  • answer questions, contact requests and quote requests;
  • plan and confirm appointments;
  • deliver accounting, bookkeeping, payroll and tax services;
  • process payments, invoices and debtor administration;
  • prepare reports, annual statements and tax returns;
  • comply with legal obligations, including tax administration and retention duties;
  • secure and improve our website, systems and services;
  • send newsletters or updates, where you gave consent or where legally permitted.
Legal bases we rely on
  • contract performance or pre-contractual steps;
  • compliance with legal obligations;
  • legitimate interests, such as relationship management, service delivery, security, quality improvement and abuse prevention;
  • consent, for example for non-essential cookies or marketing communications where required.
Automated decision-making

DR Administraties does not make decisions based solely on automated processing that produce legal effects or similarly significant effects for individuals. Decisions on services, acceptance, advice or tax processing are not made fully by automated systems without human review.

5. Website, forms, appointment planning and cookies

When you visit our website, submit a form, or plan an appointment, we process data needed to operate the website, handle your request and improve our online services.

Forms and appointment requests

Through our website, you can contact us or schedule an appointment. We may process your name, email, phone number, business type, subject, message and appointment details. We use this data to respond to your request, plan an introductory call and prepare service delivery.

If you schedule an appointment via our website calendar, your data may also be processed by the scheduling tool we use. Where third parties are involved, we make suitable arrangements or refer to their own privacy documentation.

Cookies and similar technologies

We may use the following cookie categories:

  • Necessary cookies: for technical operation and basic website security.
  • Analytical cookies: to understand website usage and improve performance and user experience.
  • Preference cookies: to remember settings or preferences.
  • Marketing cookies: only if enabled and with your consent where required, for example for ad measurement or remarketing.
Analytics and consent

Based on our current setup, the website may use analytics tooling such as Google Analytics. We aim to use privacy-friendly settings, including limiting unnecessary data sharing and, where appropriate, IP anonymization.

If marketing or social cookies are used, we only place them where legally allowed and, where needed, after you have given consent via cookie settings. You can always change your preferences or withdraw consent.

Managing cookies

You can manage cookies via our cookie banner or cookie settings where available. You can also delete stored cookies or block new cookies via your browser. Please note this may affect how parts of the website function.

6. How long we keep personal data

We do not retain personal data longer than needed for the purpose it was collected, unless we must retain data longer by law or where this is necessary to substantiate our services or legal position.

Main retention principles
  • Administrative core data, invoices and tax administration records: generally 7 years, or longer where a specific legal exception applies.
  • Data related to real estate or specific international VAT schemes may require longer retention if the law prescribes this.
  • Client files and relationship data: while the client relationship is active and afterwards as long as reasonably needed for aftercare, file integrity, dispute handling or legal duties.
  • Prospect and contact request data: no longer than needed to handle contact or assess a commercial relationship.
  • Newsletter or marketing consents: until you unsubscribe or withdraw your consent.
How we apply retention periods

We periodically assess whether personal data is still needed. Once data is no longer necessary and there is no legal retention obligation, we delete or anonymize it where possible.

The exact retention period can differ per file. This depends on the type of service, applicable tax rules, contractual agreements and the nature of the data.

7. Who we share personal data with

We do not sell personal data to third parties. We only share personal data where needed for service delivery, to comply with legal obligations, or with your permission.

Categories of recipients

We may share personal data with:

  • tax authorities or other competent authorities where required for filings, legal duties or correspondence on your behalf;
  • software providers for bookkeeping, administration, payroll or reporting systems used in our services;
  • IT service providers, cloud/hosting providers and email providers for system management, security and continuity;
  • payment and invoicing service providers for payment processing and administrative handling;
  • appointment or communication tools when you request an appointment via our website or contact us;
  • external advisors or professionals where needed for a specific assignment and within applicable confidentiality and privacy safeguards.
Processors and contractual safeguards

If third parties process personal data on our behalf, we ensure appropriate contractual safeguards, such as data processing agreements, so data is handled carefully and confidentially.

If personal data is processed outside the European Economic Area, we apply appropriate safeguards where required by GDPR, such as standard contractual clauses or transfers to countries with an adequate level of protection.

8. Your rights under the GDPR

If we process your personal data, you have several privacy rights. The exact rights depend on the situation and legal basis.

You may invoke, among others
  • the right of access to personal data we process about you;
  • the right to rectify or complete incorrect/incomplete data;
  • the right to erasure where we are no longer required to retain data;
  • the right to restrict processing in specific cases;
  • the right to object to processing based on legitimate interest or direct marketing;
  • the right to data portability where legally applicable;
  • the right to withdraw previously given consent.
How to submit a request

You can submit a request via info@dradministraties.nl. To prevent misuse, we may ask you to verify your identity before handling a request.

We generally respond within 1 month. If a request is complex or if we receive many requests at once, this period may be extended in exceptional cases. We will inform you in time.

When a request cannot be fully executed

In some cases, we cannot fully execute a request. For example, when we still need to retain data under tax law, to perform a contract, or to defend ourselves in a legal dispute. In that case, we explain which limitation applies and why.

9. How we secure personal data

We take the security of personal data seriously. We implement appropriate technical and organizational safeguards to prevent loss, misuse, unauthorized access, unwanted disclosure and unlawful modification.

Examples of measures
  • Use of secure connections such as SSL/TLS
  • Need-to-know access controls for systems and files
  • Strong passwords and additional access security where suitable
  • Regular backups and update management
  • Security software and system monitoring
  • Confidentiality and data-handling agreements with staff and relevant suppliers
Data breaches and incidents

If a security incident involving personal data occurs despite our safeguards, we assess whether this qualifies as a data breach and take all legally required steps. Where needed, we report to the competent supervisory authority and inform affected persons.

Do you suspect data is not properly secured or has been misused? Please contact us as soon as possible via info@dradministraties.nl.

10. Complaints, contact and policy updates

If you have questions about this privacy policy or how we process personal data, please contact us. We always aim to resolve questions and complaints carefully and directly with you first.

Contact details

DR Administraties B.V.
Albrechtkolk 45B01, 3025 HB Rotterdam
E-mail: info@dradministraties.nl
Phone: +31 6 1901 0257
Website: dradministraties.nl

Complaints

If we cannot resolve the matter together, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Changes

We may update this policy from time to time, for example if legislation changes, our services change, or we start using new systems. The most recent version is always published on our website.