Golden Years
Contact Us

Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your personal information in compliance with Netherlands and EU data protection laws.

Last updated: August 20, 2025

Our Data Protection Commitment

Golden Years Academy is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, and safeguard data when you interact with our educational services, particularly focusing on our advertising platform integrations with Google, Facebook, and Microsoft.

We operate in compliance with the General Data Protection Regulation (GDPR), Netherlands Personal Data Protection Act, and other applicable data protection laws. Your personal data is processed lawfully, fairly, and transparently.

Data Controller: Golden Years Academy, Netherlands education provider specializing in retirement planning courses.

Data Collection by Advertising Platforms

Google Services Data Collection

Google Analytics Data Points:

  • • Page views, session duration, bounce rates, and user flow patterns
  • • Device information including browser type, operating system, screen resolution
  • • Geographic location data derived from IP address (country, region, city)
  • • Referral sources and search terms used to find our website
  • • User interactions with forms, buttons, and content sections

Google Ads Conversion Data:

  • • Form submissions and contact inquiries tracking
  • • Course page visits and engagement measurements
  • • Remarketing audience creation for targeted advertising
  • • Cross-device tracking through Google Account linking
  • • Interest category assignments based on content consumption

Retention Period: Google Analytics retains data for 26 months by default. Google Ads data retention varies by data type, typically 18-24 months.

Facebook/Meta Data Collection

Facebook Pixel Tracking:

  • • Page view events and session tracking across website visits
  • • Form submission events including contact form completions
  • • Custom event tracking for course interest and engagement
  • • User behavior patterns and content interaction metrics
  • • Device fingerprinting for cross-platform user identification

Custom Audiences and Targeting:

  • • Website visitor segmentation for remarketing campaigns
  • • Lookalike audience creation based on user profiles
  • • Interest and behavior-based advertising optimization
  • • Cross-platform tracking across Facebook family of apps
  • • Demographic and psychographic profile development

Retention Period: Facebook retains website custom audience data for 180 days. Advertising data may be retained longer for campaign optimization.

Microsoft Data Collection

Bing Ads UET Tracking:

  • • Conversion tracking for goal completion and lead generation
  • • User action tracking including page views and form interactions
  • • Remarketing list creation for Bing search advertising
  • • Cross-device user identification through Microsoft accounts
  • • Search query correlation with website behavior patterns

Microsoft Advertising Integration:

  • • Demographic information integration from Microsoft services
  • • Interest targeting based on search and browsing history
  • • Campaign performance optimization using user data
  • • Location-based advertising personalization
  • • Competitive intelligence and market analysis data

Retention Period: Microsoft retains UET data for up to 390 days. Some advertising optimization data may be retained longer.

How We Use Your Personal Data

Purposes of Processing

Service Delivery

Processing inquiries, providing course information, delivering educational content, and maintaining your account.

Marketing Optimization

Personalizing advertising content, measuring campaign effectiveness, and optimizing marketing strategies.

Analytics & Insights

Understanding website usage patterns, improving user experience, and measuring educational content effectiveness.

Security & Fraud Prevention

Protecting against malicious activities, ensuring platform security, and preventing unauthorized access.

Legal Basis for Processing

Consent (Article 6(1)(a) GDPR)

For marketing communications, advertising cookies, and non-essential data processing activities.

Legitimate Interest (Article 6(1)(f) GDPR)

For website analytics, security measures, fraud prevention, and business development activities.

Contract Performance (Article 6(1)(b) GDPR)

For delivering requested services, processing payments, and fulfilling educational service agreements.

Legal Obligation (Article 6(1)(c) GDPR)

For tax record keeping, regulatory compliance, and legal documentation requirements.

Data Sharing with Third Parties

Advertising Partners

We share specific data types with advertising platforms to deliver relevant educational content and measure campaign effectiveness:

Google
Analytics, Ads, Tag Manager
Facebook
Pixel, Conversions API
Microsoft
Bing Ads, Clarity

Service Providers and Processors

Technology Providers

  • • Web hosting and content delivery networks
  • • Email service providers and communication platforms
  • • Cloud storage and backup services
  • • Customer support and help desk systems

Professional Services

  • • Payment processing and financial services
  • • Legal and compliance consulting
  • • Marketing and advertising agencies
  • • Data analytics and reporting services

International Data Transfers

Safeguards for International Transfers

  • • EU-US Data Privacy Framework compliance for certified organizations
  • • Standard Contractual Clauses (SCCs) with third-party processors
  • • Adequacy decisions recognition for approved countries
  • • Additional technical and organizational security measures

Your Rights and How to Exercise Them

GDPR Rights (EU/UK Residents)

Right to Access

Request a copy of personal data we hold about you, including processing purposes and data recipients.

Right to Rectification

Request correction of inaccurate or incomplete personal data in our records.

Right to Erasure

Request deletion of personal data when no longer necessary for processing purposes.

Right to Restrict Processing

Limit how we process your data while disputes or accuracy issues are resolved.

Right to Data Portability

Receive personal data in machine-readable format for transfer to another service.

Right to Object

Object to processing for direct marketing or legitimate interest grounds.

Platform-Specific Privacy Controls

Google My Ad Center
Manage Google advertising data
Facebook Privacy Center
Control Facebook data usage
Microsoft Privacy Dashboard
Manage Microsoft account privacy
Contact Form
Submit privacy requests directly

How to Exercise Your Rights

To exercise any of your privacy rights, you can:

  1. 1. Use our contact form: Submit requests through our website contact form with "Privacy Request" in the subject
  2. 2. Platform controls: Use direct privacy controls on Google, Facebook, and Microsoft platforms
  3. 3. Browser settings: Manage cookies and tracking through your web browser preferences
  4. 4. Cookie preferences: Adjust settings using our cookie management tools

Response timeframe: We will respond to privacy requests within 30 days, as required by GDPR.

Data Retention and Deletion

Data Retention Periods

Data Type Retention Period Legal Basis
Contact Form Data 3 years from last interaction Legitimate interest
Analytics Data 26 months (Google default) Legitimate interest
Marketing Data 2 years or until consent withdrawn Consent
Legal Records 5-7 years as required by law Legal obligation
Security Logs 90 days Legitimate interest

Data Deletion Procedures

Automatic Deletion

  • • Scheduled deletion after retention periods expire
  • • Automatic anonymization of analytics data
  • • Regular backup system purging (30-90 days)
  • • Third-party platform data expiration coordination

Manual Deletion

  • • Upon request through privacy rights exercise
  • • When consent is withdrawn for marketing data
  • • Account deletion and associated data removal
  • • Legal hold removal after litigation resolution

Exceptions to Deletion

Data may be retained longer when required by legal obligations, for freedom of expression, public interest research, or to establish, exercise, or defend legal claims.

Data Security Measures

Technical Safeguards

  • SSL/TLS encryption for all data transmissions
  • Database encryption at rest for sensitive information
  • Multi-factor authentication for system access
  • Regular security audits and penetration testing

Organizational Measures

  • Limited data access on need-to-know basis
  • Comprehensive staff privacy training programs
  • Confidentiality agreements for all personnel
  • Incident response and breach notification procedures