GDPR & Data Protection at Cadence Crafters

Last updated: 24/11/2025

Cadence Crafters is a B2B outbound consultancy based in the Netherlands. We run targeted, multi-channel outreach for B2B SaaS companies and we take data protection very seriously.

This page explains how we approach GDPR, what roles we play (controller vs processor), how we source and use data, and what rights you have.

Important: This page is for transparency, not legal advice. If you need legal guidance, please speak to a qualified lawyer or privacy professional.

  • Cadence Crafters (“we”, “us”) is a sole proprietorship registered in the Netherlands.

    Registered address: Rietveld, Delft, Zuid Holland, Netherlands

    KvK number: 89644131
    VAT: NL337286930B01

    For GDPR purposes, Cadence Crafters is:

    • a data controller for data relating to our own marketing, website, prospects, clients and suppliers; and

    • a data processor when we process B2B contact data strictly on behalf of our clients, under their instructions, for their campaigns.

    Our main supervisory authority is the Autoriteit Persoonsgegevens (Netherlands).

    If you have any questions about this notice or how we handle personal data,
    email: Nathan@cadencecrafters.com

  • 2.1 Controller – our own data

    We act as a data controller when we:

    • run our own outbound and inbound marketing;

    • manage relationships with clients, partners and suppliers;

    • operate the Cadence Crafters website;

    • store and manage contact data in our own systems.

    In these cases, we decide what personal data is collected, for what purpose and for how long.

    2.2 Processor – client campaigns

    We act as a data processor when we:

    • receive B2B contact data from clients; or

    • build B2B target lists specifically for a client campaign; and

    • use that data solely to run outreach on that client’s behalf.

    In these cases:

    • the client is the controller;

    • we only process data according to the client’s written instructions (e.g. contract, statement of work, DPA);

    • we do not use that data for our own marketing;

    • we delete or return the data at the end of the contract, subject to legal retention requirements.

    We are happy to sign a Data Processing Agreement (DPA) with clients where needed.

  • We work only in a B2B context and use professional contact data, such as:

    • Name

    • Business email address

    • Job title / role and seniority

    • Company name and basic firmographics (size, industry, location)

    • Professional online profiles (e.g. LinkedIn URL)

    • Campaign engagement data (opens, clicks, replies, meetings booked, outcomes, opt-outs)

    We do not intentionally collect or process:

    • special category / sensitive data (health, religion, political opinions, etc.);

    • data about children;

    • private/non-business email addresses unless they are used in a clear business context (e.g. founder using a Gmail address on the company site).

    If you think we hold sensitive data about you, please contact us and we will address it.

  • To build precise, relevant campaigns, we may obtain B2B contact data from:

    1. Public business sources

      • Company websites

      • LinkedIn and other professional networks

      • Public trade directories and event websites

      • Press releases and company news

    2. Reputable B2B data providers

      • Where we use third-party data providers, we require them to comply with GDPR and only supply professional contact data.

    3. Our clients

      • Clients may provide existing prospect or customer lists for us to use in specific campaigns.

    4. Direct interactions

      • Data you share with us directly (e.g. through contact forms, booked calls, email or LinkedIn).


    We do not buy generic consumer email lists or scrape data from sources that forbid it.

  • For B2B outreach and most of our processing, we rely on legitimate interests under Article 6(1)(f) GDPR.

    We have carried out legitimate interest assessments (LIA) to ensure that:

    • the processing is necessary to pursue our legitimate interest (or our clients’), such as:

      • promoting B2B SaaS solutions to relevant decision-makers;

      • generating and qualifying sales opportunities.

    • the processing is targeted, limited and proportionate:

      • we only contact people in roles likely to be relevant to the product or service;

      • we use minimal data (core business details only);

      • we avoid excessive frequency and intrusive techniques.

    • the impact on the individual is balanced and mitigated:

      • we only contact people in a professional capacity;

      • every message includes a clear opt-out;

      • we respect “do not contact” and “opt-out” lists;

      • people can easily exercise their GDPR rights.

    Other legal bases we use (depending on context) include:

    • Consent – for non-essential cookies or where you explicitly sign up for marketing.

    • Pre-contractual steps / contract – when you ask us for a proposal or become a client.

    • Legal obligation – for invoices, tax and accounting records.

  • When we run outbound campaigns (for ourselves or clients), we:

    • use business email addresses and professional platforms (email and LinkedIn);

    • clearly identify who is contacting you and why;

    • limit outreach to roles for whom the message is likely to be relevant;

    • always include a straightforward way to opt out or unsubscribe;

    • honour opt-outs promptly and keep a record so we don’t contact you again by mistake.

    If you have received a message from Cadence Crafters and you’d prefer not to be contacted:

    • use the unsubscribe / opt-out link in the email; or

    • reply with a simple request such as “Please remove me from your list”; or

    • email Nathan@cadencecrafters.com.

  • Under GDPR you have a number of rights over your personal data, including:

    • Right of access – know whether we process your data and obtain a copy.

    • Right to rectification – have inaccurate or incomplete data corrected.

    • Right to erasure – ask us to delete your data in certain circumstances.

    • Right to restriction – ask us to limit how we use your data.

    • Right to object – especially to direct marketing based on legitimate interests.

    • Right to data portability – receive your data in a structured format and transmit it to another controller.

    • Right to complain – to your local data protection authority.

    How to exercise your rights

    To exercise any of your rights, or to object to processing, please email:

    Nathan@cadencecrafters.com

    Please specify:

    • who you are;

    • how we have contacted you (if applicable); and

    • which right you wish to exercise.

    We may need to verify your identity before acting on your request. We aim to respond within one month, as required by GDPR.

    If you are not satisfied with our response, you can lodge a complaint with the Autoriteit Persoonsgegevens or your local supervisory authority.

  • We take appropriate technical and organisational measures to protect personal data, including:

    • using reputable, secure cloud providers with access controls;

    • role-based access and strong authentication (e.g. strong passwords, 2FA where available);

    • limiting access to data to those who need it for their role;

    • regular updates and patching of software and devices;

    • secure disposal of data when it is no longer required;

    • encrypting data in transit where supported by our tools (e.g. TLS for email/web).

    No system is 100% secure, but we work to keep risks proportionate and monitored.

    If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will take appropriate steps, including notifications where required.

  • We keep personal data only as long as necessary for the purposes described and in line with legal requirements.

    Typical retention periods:

    • Prospect data used in campaigns – kept for the duration of the campaign and usually no more than 24 months after the last meaningful interaction or until you opt out, whichever is sooner (unless a client contract requires a different period).

    • Client and contract data – kept for the term of the contract and then normally up to 7 years for tax and legal record-keeping.

    • Website and analytics data – typically kept between 14–24 months, depending on our analytics tool settings.

    • Opt-out / suppression lists – retained as long as needed to ensure we honour your request not to be contacted.

    When data is no longer needed, we delete it or anonymise it.

  • Some of our service providers are located outside the European Economic Area (EEA) or may store data on servers outside the EEA (for example, email, analytics, calendar or CRM tools based in the US).

    Where this happens, we ensure that transfers are protected by one or more of the following:

    • an adequacy decision by the European Commission (e.g. EU–US Data Privacy Framework);

    • Standard Contractual Clauses (SCCs) approved by the European Commission;

    • additional safeguards where required.

    You can contact us if you’d like more detail about specific tools or transfer mechanisms.

  • This GDPR page explains our approach to compliance and your rights in more detail. It should be read together with our:

    • Privacy Policy – which explains in more detail what data we collect, for what purposes and on what legal basis.

    • Cookie Policy (or cookie section) – which explains how we use cookies and similar technologies.

    If there is any conflict between documents, the legally required elements of the Privacy Policy and relevant law will take precedence.

  • If you have any questions about GDPR, how we handle personal data, or this page, please contact:

    Cadence Crafters
    Email: Nathan@cadencecrafters.com

    We’re a hands-on company, so you’ll get a real human response, not an auto-generated one.