logo

Privacy Policy

Bright Spark B.V. – PFASDestructor.com
Last updated: 20 February 2026

1. Introduction

This Privacy Policy applies to the website www.pfasdestructor.com, operated by Bright Spark B.V.

Bright Spark B.V. processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), the Dutch GDPR Implementation Act (UAVG), and applicable Dutch and EU data protection laws.

2. Data Controller

Bright Spark B.V.
Smidsstraat 26A
8601 WB Sneek
The Netherlands
Email: info@pfasdestructor.com

Bright Spark B.V. is the data controller within the meaning of Article 4(7) GDPR.

3. Categories of Personal Data

3.1 Contact Information

  • First and last name
  • Company name
  • Job title
  • Email address
  • Telephone number
  • Business address (if provided)

3.2 Technical Inquiry Information

  • PFAS concentration data
  • Flow rates
  • Site characteristics
  • Treatment system descriptions

Such data may constitute confidential business information.

3.3 Technical and Usage Data

  • IP address
  • Browser type and version
  • Device type
  • Referring URL
  • Pages visited
  • Date and time of access
  • Server log files

4. Sources of Personal Data

We collect personal data directly from you (e.g., via contact forms or email), automatically through website interaction, or through professional communication in a business context.

5. Purposes of Processing

  • Responding to technical inquiries
  • Evaluating feasibility of PFAS treatment projects
  • Maintaining professional communication
  • Securing and maintaining website functionality
  • Complying with legal obligations

We do not use personal data for automated decision-making or profiling.

  • Article 6(1)(b) GDPR – Pre-contractual measures
  • Article 6(1)(f) GDPR – Legitimate interests
  • Article 6(1)(c) GDPR – Legal obligation
  • Article 6(1)(a) GDPR – Consent (where applicable)

7. Data Retention

Personal data is retained only as long as necessary:

  • Contact inquiries: up to 24 months after last contact
  • Project-related communication: duration of project + statutory retention period
  • Server logs: limited security retention period
  • Legal records: in accordance with Dutch statutory requirements

Data is deleted or anonymized when no longer required.

8. Data Sharing and Processors

We may share personal data with:

  • Website hosting providers
  • IT infrastructure providers
  • Professional advisors
  • Regulatory authorities where legally required

All processors act under data processing agreements in accordance with Article 28 GDPR. We do not sell personal data.

9. International Transfers

If personal data is transferred outside the EEA, appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions will be applied.

10. Security Measures

We implement appropriate technical and organizational measures including SSL/TLS encryption, secure hosting environments, and access control mechanisms. However, no internet transmission is entirely secure.

11. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent (where applicable)

Requests may be submitted to info@pfasdestructor.com.

12. Complaints

You have the right to lodge a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens
www.autoriteitpersoonsgegevens.nl

13. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Article 22 GDPR.

14. Cookies

The Website uses functional and analytical cookies. For more details, please refer to our Cookie Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The most recent version will always be published on this Website.