Siddiq Digital Solutions (hereinafter: "Siddiq Digital", "we" or "us") attaches great importance to the protection of your personal data. In this Privacy Policy we explain which personal data we process, why we do so, how long we retain it, and what rights you have.
This policy applies to all personal data we process through our website siddiqdigital.com and its associated services, including the developer sign-up form and the company intake form.
Siddiq Digital Solutions acts as the data controller within the meaning of the GDPR (Regulation (EU) 2016/679).
Contact details
For questions or requests regarding your personal data, please contact us at:
- Organisation: Siddiq Digital Solutions
- Email: privacy@siddiqdigital.com
- Phone: [phone number]
- Website: siddiqdigital.com
We are not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR. For any questions about our data processing practices, please contact us directly via the email address above.
Personal data we process
We process personal data that you actively provide to us through our website. Below is an overview per category of data subject.
2.1 Developers (sign-up form)
| Data | Purpose |
|---|---|
| First and last name | Identification and communication |
| Email address | Contact and correspondence |
| Phone number / WhatsApp | Direct communication |
| Primary role and experience level | Matching with client companies |
| Technical skills (tech stack) | Matching and profiling |
| Availability and expected day rate | Capacity planning and matching |
| LinkedIn or portfolio URL | Profile verification |
| Additional remarks (free text) | Contextual information for matching |
2.2 Companies / clients (intake form)
| Data | Purpose |
|---|---|
| Company name | Identification of the client |
| Contact person's name | Identification and communication |
| Email address | Contact and correspondence |
| Phone number | Direct communication |
| Contact person's job title | Contextual information |
| Company size and industry | Matching profile |
| Required developer type and tech stack | Targeted matching |
| Engagement type, budget, and timeline | Assignment scoping |
| Project description (free text) | Basis for substantive matching |
2.3 General website visitors
We do not process additional personal data from general website visitors beyond the form data described above, unless you contact us directly.
Legal basis for processing
We process your personal data solely on the basis of one or more of the following legal grounds (Article 6 GDPR):
- Consent (Art. 6(1)(a) GDPR): By completing and submitting a form on our website, you consent to the processing of your data for our matching services. You may withdraw this consent at any time.
- Performance of a contract (Art. 6(1)(b) GDPR): When we enter into a cooperation or placement agreement with you, we process your data to fulfil that agreement.
- Legitimate interests (Art. 6(1)(f) GDPR): We may process data on the basis of our legitimate interests, such as securing our systems and preventing fraud, provided your interests do not override ours.
- Legal obligation (Art. 6(1)(c) GDPR): In some cases we are legally required to retain data, for example for tax and accounting purposes.
Retention periods
We do not retain your personal data for longer than is necessary for the purpose for which it was collected, or for as long as the law requires. The retention periods we apply are as follows:
| Category | Retention period | Reason |
|---|---|---|
| Developer profile data (active) | For the duration of the active profile + 12 months | Active matching service |
| Developer profile data (rejected / inactive) | 6 months after rejection or inactivity | Potential future opportunities |
| Client intake data (active engagement) | Duration of the engagement + 24 months | Relationship management and follow-up |
| Client intake data (not converted) | 12 months after receipt | Legitimate business follow-up interest |
| Financial and contractual records | 7 years | Statutory retention obligation (Art. 2:10 DCC) |
After the retention period has expired, your data will be securely deleted or anonymised so that it can no longer be attributed to you.
Sharing with third parties
We never sell your personal data to third parties. We may share your data in the following situations:
5.1 Processors
We use third parties that process data on our behalf (processors). We conclude a data processing agreement with all processors in accordance with Article 28 GDPR. Our current processors include:
- Supabase Inc. — database hosting and authentication (servers within the EU / EEA)
- Vercel Inc. / hosting provider — website hosting
5.2 Client companies
When you are a developer being considered for a placement, we will share your relevant profile data (name, role, skills, experience, rate) with prospective client companies. We will only do so with your prior consent or within the framework of the matching agreement.
5.3 Legal obligation
We may disclose data to competent authorities where we are legally required to do so, for example pursuant to a court order or a request from a supervisory authority.
5.4 Transfers outside the EEA
We endeavour to process your data within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards in accordance with Chapter V GDPR, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
How we secure your personal data
We implement appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, disclosure, or alteration (Article 32 GDPR). Our security measures include, among others:
- Encrypted connections: All communication between your browser and our servers is transmitted over HTTPS (TLS encryption).
- Access control: The dashboard is accessible only via authenticated login with email address and password; passwords are stored in hashed form.
- Minimal data access: Only authorised Siddiq Digital staff have access to your personal data, strictly on a need-to-know basis.
- Secure storage: Data is stored with Supabase, a platform that complies with recognised security standards (SOC 2 Type II).
- Software updates: We regularly update our systems and dependencies to patch known vulnerabilities.
- Data breach procedure: We maintain an internal protocol in the event of a data breach. In the event of a breach posing a high risk to data subjects, we will notify the Dutch Data Protection Authority (AP) within 72 hours and inform you as soon as reasonably possible.
Despite our security measures, no digital data transmission is 100% secure. We cannot guarantee the absolute security of data transmitted over the internet.
Your rights as a data subject
Under the GDPR, you have the following rights with regard to your personal data:
You have the right to know which personal data we hold about you.
You may request that inaccurate or incomplete data be corrected.
You may request that your data be deleted ("right to be forgotten").
You may request that the processing of your data be temporarily restricted.
You may receive your data in a structured, machine-readable format.
You may object to processing based on our legitimate interests.
To submit a request, please contact us at privacy@siddiqdigital.com. We will respond within one month of receiving your request (pursuant to Art. 12 GDPR). We may ask for a valid proof of identity for verification purposes.
Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
Cookies
Our website uses functional cookies that are strictly necessary for the correct operation of the site, such as maintaining a session after logging into the admin dashboard. These cookies do not require consent under Article 11.7a of the Dutch Telecommunications Act (Tw).
We do not place tracking, marketing, or analytical third-party cookies without your prior consent. Should this change in the future, this policy will be updated and your consent will be requested.
Complaints
If you have a complaint about the way in which we handle your personal data, please contact us first at privacy@siddiqdigital.com. We will do our best to resolve your complaint to your satisfaction.
If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens — AP):
- Website: www.autoriteitpersoonsgegevens.nl/en
- Postal address: P.O. Box 93374, 2509 AJ The Hague, the Netherlands
- Phone: +31 88 – 1805 250
Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy, for example as a result of changes to our services, applicable legislation, or decisions by supervisory authorities. The most up-to-date version is always available at siddiqdigital.com/privacy.html.
For material changes that affect your rights, we will notify you by email or via a prominent notice on our website. We recommend reviewing this policy periodically.
Version: 1.0 — Date: 3 June 2026