Last updated: [26-01-2026]

Choose to Reflect attaches great importance to the protection of personal data and handles privacy-sensitive information with care. In this privacy statement, we explain which personal data we process, for what purposes, on what legal basis, and what rights data subjects have.

This privacy statement has been prepared in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy legislation.

1. Data Controller

Choose to Reflect

General Partnership (VOF)

Buitenhof 115

1354 GS Almere

Netherlands

Email address: info@choosetoreflect.com

Website: www.choosetoreflect.com

Choose to Reflect is the data controller within the meaning of the GDPR.

2. What personal data do we process?

We only process personal data that is necessary for offering and performing our service. This includes:

• Name
• Email address
• Payment and billing information
• Questionnaire responses
• Technical data (such as IP address, browser type, device information)
• Communication data (email correspondence)

We do not process special personal data as defined in Article 9 of the GDPR (e.g., medical records or diagnoses).

3. Purposes of Processing

Personal data is processed for the following purposes:

1. Creating and managing a user account
2. Offering and completing the questionnaire
3. Preparing and delivering the personal Self-Reflection Report
4. Administrative processing and invoicing
5. Customer service and communication
6. Improving our services and product development
7. Marketing purposes (only after explicit consent).

   4. Legal Bases

We process personal data solely on the basis of one or more of the following GDPR bases:

• Performance of the agreement (Article 6, paragraph 1(b) GDPR)
• Consent (Article 6, paragraph 1(a) GDPR), in particular for marketing
• Legitimate interest (Article 6, paragraph 1(f) GDPR), such as improving our services

Consent can be withdrawn at any time.

5. Use of AI and Automated Processing

The Self-Reflection Report is (partly) generated using automated systems and AI support. There is no automated decision-making or profiling with legal consequences as referred to in Article 22 of the GDPR.

The report is a reflective tool and not a binding judgment, advice, or decision.

6. Completed Questionnaire & Progress

• The questionnaire does not need to be completed all at once.
• Answers are saved individually and automatically in the interim.
• The questionnaire does not need to be fully completed to be saved.
• The customer has up to three (3) months from the purchase date to complete and submit the questionnaire. After this period, access may expire.
• “By (partially) completing the questionnaire, the customer explicitly consents to the processing of personal data in the context of the performance of the agreement, as described in the General Terms and Conditions. This moment constitutes the commencement of the service.”

  7. Retention Periods

• Completed questionnaires and reports are retained for a maximum of 12 months.
• Administrative data is retained in accordance with tax retention obligations.
• Marketing data is retained until consent is withdrawn.

After the retention period expires, data will be deleted or anonymized.

8. Anonymized Use of Data

Anonymized and non-personally identifiable data may be used for:

• Statistical analyses
• Product improvement
• Knowledge development and publications

This data cannot be traced back to individuals.

9. Minors

Our service is intended exclusively for persons aged 18 and over.

If it appears that personal data of a minor has been processed, this data will be deleted as soon as possible.

10. Processors and Third Parties

We use carefully selected processors to provide our services, including:

www.onderzoekdoen.nl (technical implementation of the questionnaire)

Data processing agreements have been concluded with all processors in accordance with Article 28 of the GDPR.

Personal data will not be sold or shared with third parties for commercial purposes.

11. Hosting and Data Location

Personal data will only be processed and stored on servers within the European Economic Area (EEA).

12. Security

We take appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access, including:

• Encrypted connections (SSL)
• Restricted access rights
• Regular security update
  
  13. Marketing and Communications

Marketing communications (such as newsletters or offers) will only be sent after explicit opt-in.

You can unsubscribe at any time via the unsubscribe link or by email.

14. Rights of Data Subjects

Data subjects have the right to:

• Request access to their personal data
• Have data corrected or deleted
• Restrict processing
• Object to processing
• Transfer data (data portability)
• File a complaint with the Dutch Data Protection Authority or other competent EU supervisory authorities
• “The right to access and receive an initial copy of personal data is provided free of charge. For additional service requests, such as resubmitting an already provided report outside the regular process, a fee may be charged in accordance with the Terms and Conditions.”

Requests can be submitted via info@choosetoreflect.nl.

15. Complaints and Limitation of Liability

For questions, concerns, or complaints about privacy or the use of the report, please contact us via info@choosetoreflect.nl.

The Self-Reflection Report is not a substitute for medical, psychological, or therapeutic guidance. Choose to Reflect accepts no liability for decisions or actions the client takes based on the report.

16. Changes

Choose to Reflect reserves the right to change this privacy statement.

The most current version is always available on the website.