Privacy statement

This Privacy Policy was last updated on: 15 March 2024

Who are we?

We are Bash B.V. (Bash). Our address is Leidsegracht 38, 1016 CM Amsterdam. We are registered with the Chamber of Commerce (kamer van koophandel) under number 80666566.

What are you reading?

This policy explains: which data we collect, how we use, store and protect it and which privacy rights you can invoke (the Privacy Policy). We may modify this Privacy Policy. If we substantially modify the Privacy Policy, we shall place a notification on our website. In addition, we shall notify registered users in case of a substantial modification via email. 


If you have any questions regarding this Privacy Policy, do not hesitate to contact us by sending an email to:

  1. Applicability

This Privacy Policy applies to our website (the Website) and any other services or products we provide, most prominently the app (the Services). We process your Personal Data in order to provide our Website and Services to you. We treat your Personal Data in accordance with the General Data Protection Regulation (GDPR) and other relevant laws and regulations on the protection of personal data, such as the Telecommunications Act (Telecommunicatiewet) for the use of cookies (the Relevant Legislation).

  1. Data processing

We process personal data on the basis of the following grounds of the GDPR:  

  1. if you have given your consent;
  2. for the performance of the agreement with you;
  3. to fulfil a legal duty;
  4. for a legitimate interest of ours, after your interests have been weighed up;

We ensure that the processing of your personal data is adequate, relevant and limited to what we need for the purposes for which the personal data is processed.

The table below tells you (1) what personal data we process, (2) for what purposes, and (3) on what bases we process it. We will use your personal data for the purposes listed below or for a purpose that is related to these. Thus, your personal data will never be used by us in an unexpected way.

(Personal) Data


Legal basis

Contact Data:

  • Company name
  • First and/or last name
  • Email address
  • Address
  • Phone number
  • Chamber of Commerce number
  • VAT number
  • IBAN

We use these Data:

  • To contact you
  • For the delivery or performance of our Services to you

We process these Data on the basis of:

  • Performance of a contract

Payment Data:

  • Payment Data of the paying party
  • Invoices
  • An overview of the purchases of our Services

We use these Data:

  • To send invoices
  • To update our financial administration

We process these Data on the basis of:

  • Performance of a contract
  • Legal duty

Content Data related to the Services:

  • Correspondence or chats with you
  • Your questions about the Services
  • Results
  • Location data
  • IP address
  • Your interactions on our app

We use these Data:

  • Providing you with the best possible Service
  • Perform the agreement with you

We process these Data on the basis of:

  • Legitimate interest
  • Consent

Other Data:

  • Photos
  • Date of birth

We use these Data:

  • To optimise our Services

We process these Data on the basis of:

  • Consent

Application data:

  • Contact details
  • Date of Birth
  • Gender
  • E-mail address
  • Phone number
  • Curriculum vitae

We use these Data to:

  • Process your application

We process these Data on the basis of:

  • Consent
  • Legitimate interest

How do we receive your Personal Data?

We receive Personal Data directly from you when you submit information, log in, or interact on our Website or App.

  1. Data storage

We shall not store your Personal Data longer than the period in which we need them for the aforementioned purposes. We delete the Personal Data after we no longer need them for the purpose we process them for. Please be aware that all data that your input to and usage of our Services provides us with vital data to enhance our Services and use it in an integral and continuous manner. The following is a list of the categories of Personal Data and the (functionally defined) retention periods:

Category of Personal Data

Retention period

Contact Data

We retain your contact information for as long as necessary to provide our Services.

Payment Data

We retain your payment data for as long as necessary to meet our financial and tax requirements and obligations.

Partner and/or supplier Data

We retain partner or supplier data for as long as it is needed to provide our Services.

Content data related to our Services

We retain content data for as long as necessary to provide you with our Services in an integral and continuous manner.

  1. Data protection

We do our utmost to protect your personal data, by taking technical and organisational security measures to protect your data against manipulation, loss, destruction and access by unauthorised persons. These security measures are constantly improved in line with technological developments.

  • Secure network connections with Transport Layer Security (TLS), Secure Socket Layer (SSL), or a comparable technology;
  • The access to the Personal Data is strictly limited to the employees on a ‘need to know’ basis;
  • The access to the Personal Data is secured by two-step authentication.

We constantly check our security measures for effectiveness, and if necessary adjust our process. That way, your Personal Data is always protected and accessible in the event of a failure.

  1. Data sharing

We may share your Personal Data with other parties who process Personal Data for us. These are Processors within the meaning of Relevant Legislation. The Processors will only use your Personal Data in accordance with our instructions and not for their own purposes. We agree with the Processors in a processor agreement that they will treat your Personal Data with care and they will only receive the Personal Data necessary to provide their service to us. We share your Personal Data with the following categories of Processors:

Service Providers

Bash may share personal data with the following service providers, who contribute to our Website, App or Services: Mixpanel, Google Cloud Europe, Amplitude's EU Data Center, and Moneybird. They perform the following tasks for us: data analysis, storage, and processing financial transactions.

Competent Authorities

Bash discloses personal data to law enforcement authorities and other public authorities to the extent required by law or strictly necessary for the prevention, detection or prosecution of criminal offences and fraud.

Auditors and advisors

We may engage auditors and professional advisers to meet our legal, regulatory and statutory responsibilities. They have contractual arrangements and security mechanisms to protect data and meet our standards of data protection, confidentiality and security.

Data Transfer

We will only process your Personal Data within the European Economic Area (EEA). Outside the EEA, we will only process your Personal Data if that country provides an adequate level of protection for your Personal Data.

Without your consent, we will never transfer your Personal Data to countries or parties other than those listed above.


Our Services and website may contain links to other websites. We are not responsible for the content or privacy protection of these websites. We therefore advise you to always read the privacy policy of the website in question.

  1. Your privacy rights

You have the following rights, we will do our utmost to apply these rights within a reasonable time period:

  • you may ask us to inspect your Personal Data;
  • you may ask us to correct, limit or delete your Personal Data;
  • you may ask us for a copy of your Personal Data. We can also pass on this copy - at your request - to other parties so that you no longer have to do this yourself;
  • you may object to the processing of your Personal Data;
  • you can file a complaint with the Dutch Data Protection Authority, if you think we are processing your Personal Data unlawfully;
  • you can withdraw your consent to process your Personal Data at any time. From the moment you withdraw your consent, we may no longer process your Personal Data.
  1. Cookies

A cookie is a small text file that can be sent via the server of a website to the browser. The browser saves this file to your computer. Your computer is tagged with a unique number, which enables our site to recognize that computer in the future.

We use cookies to improve the user experience on our App. Moreover, cookies ensure that our App works faster, that you can visit our App safely and that we can track and solve errors on our App.

You can always delete or disable cookies yourself via the browser settings. No more cookies will be stored when you visit our App. However, please note that without cookies, our App may not function as well as it should. For more information you can read our cookie statement:

  1. Contact

In the event that you wish to exercise these rights, or in the event of other questions or remarks regarding our Privacy Policy, you can contact us via the following contact details.


Leidsegracht 38

1016 CM Amsterdam

KVK: 80666566