Privacy Policy

Last updated: October 2025

1. Who I am

My name is Danique Hooijschuur, the owner of Girls Gone Business and www.girlsgonebusiness.com.
I operate as a one-person company based in the Netherlands. You can contact me at info@girlsgonebusiness.com

This Privacy Policy explains how I handle your personal data when you visit my website or purchase my digital products. I process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Dutch Algemene Verordening Gegevensbescherming (AVG).

2. What data I collect and why

When you visit my website I automatically collect certain information about your device and how you use my website through cookies and similar technologies.

This may include:

  • IP address

  • Browser type and version

  • Pages visited and time spent

  • Source of traffic (e.g. social media or ads)

Purpose:
To analyse website traffic, improve user experience, and measure the effectiveness of marketing campaigns.

Legal basis:
Legitimate interest (Article 6(1)(f) GDPR) for improving my services and website performance.
Consent (Article 6(1)(a) GDPR) for placing marketing or tracking cookies.

When you purchase a product

When you purchase a digital product (like a course or template), I collect:

  • Your name

  • Email address

  • Billing information

  • Payment details (processed securely by Stripe)

  • Product purchased and order date

Purpose:
To process your payment, deliver your product, and comply with legal accounting obligations.

Legal basis:
Performance of a contract (Article 6(1)(b) GDPR) and legal obligation (Article 6(1)(c) GDPR).

Note:
I never store or have access to your full payment card details — these are processed securely by Stripe through SamCart.

When you join my email list

If you subscribe to my newsletter, I collect:

  • Your email address

  • First name (optional)

Purpose:
To send updates, inspiration, marketing messages, and product information related to Girls Gone Business.

Legal basis:
Consent (Article 6(1)(a) GDPR).
You can unsubscribe at any time by clicking the link in any email I send.

Provider:
My email list is managed via Kit, which acts as my email processor under a Data Processing Agreement (DPA).

3. Cookies and tracking

I use cookies and tracking technologies for:

  • Basic site functionality (Squarespace cookies)

  • Analytics and performance (e.g. Squarespace Analytics, Google Analytics)

  • Marketing (e.g. Meta Pixel for ads)

When you first visit my website, you’ll see a cookie banner that allows you to give or refuse consent for non-essential cookies. You can change or withdraw consent at any time through your browser settings.

For more details, see my [Cookie Policy] (if applicable, you can link or include it below).

4. How long I keep your data

I retain your personal data only as long as necessary for the purposes stated above or to comply with Dutch tax law.

  • Invoices and payment data: kept for 7 years (as required by tax law).

  • Email subscribers: kept until you unsubscribe.

  • Analytics data: kept for up to 14 months (depending on tool settings).
    After these periods, your data is securely deleted or anonymised.

5. Sharing of data with third parties

I only share your data with third parties when necessary to provide my services, and only under GDPR-compliant agreements.

These include:

  • Stripe – payment processing

  • SamCart – checkout and delivery platform

  • Squarespace – website hosting

  • Kit – email marketing

  • Meta (Facebook/Instagram) – advertising and conversion tracking

  • Google – analytics and website performance

These processors are bound by strict confidentiality and data protection terms. I never sell or rent your personal data to third parties.

6. International data transfers

Some of my service providers (like Stripe or Kit) may process data outside the European Economic Area (EEA), such as in the United States.In those cases, I ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your personal data.

7. Your rights under GDPR

You have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion of your data (“right to be forgotten”)

  • Limit or object to processing

  • Withdraw consent at any time (for marketing emails or cookies)

  • Data portability (receive your data in a readable format)

To exercise these rights, email me at info@girlsgonebusiness.com. I’ll respond within 30 days, as required by law.

If you believe your data is not handled properly, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via www.autoriteitpersoonsgegevens.nl.

8. Security

I take appropriate technical and organizational measures to protect your data from unauthorized access, loss, misuse, or disclosure.
This includes using secure connections (SSL), encrypted platforms, and limited access to personal data.

9. Changes to this policy

I may update this Privacy Policy occasionally to reflect changes in my practices or legal requirements. The most recent version will always be available on my website, and the “last updated” date at the top will show when it was last revised.

Contact

If you have any questions about this Privacy Policy or your personal data, please contact me at: info@girlsgonebusiness.com