Below is a concise GDPR‑style Privacy Policy in English for Simhuis B.V. trading as M2Mdata and M2M Connectivity, based on your existing Dutch text and current GDPR guidance.

Privacy Policy (GDPR)
Simhuis B.V. (trading under the names M2Mdata and M2M Connectivity)

1. Who we are

Simhuis B.V. (trading under the names M2Mdata and M2M Connectivity) (“Simhuis”, “we”, “us”, “our”) is responsible for the processing of personal data as described in this Privacy Policy.

Company: Simhuis B.V. (trading under the names M2Mdata and M2M Connectivity)
Address: Poelsweg 12, 7256 AG Keijenborg, The Netherlands
Website: www.simhuis.nl
E‑mail: info@simhuis.nl

If you have any questions about this Privacy Policy or our data protection practices, you can contact us at the e‑mail address above.

2. What personal data we process

We process personal data that you provide to us and data generated when you use our services or visit our websites. Depending on your relationship with us (for example as a business customer, contact person, website visitor), we may process the following categories of personal data:

  • Identification and contact details: name, job title, business address, e‑mail address, telephone number.
  • Contract and billing data: customer number, SIM or device identifiers, contract details, invoices, payment status.
  • Usage data: information about the use of our connectivity services (such as data sessions, volume, time and location at a high level), configuration and status of SIM cards and devices, log data related to service usage.
  • Website and cookie data: IP address, browser type, pages visited, cookie identifiers and preferences.
  • Support and communication data: information you provide when you contact us by e‑mail, phone or via forms on our website.

We do not intentionally collect special categories of personal data (such as health data) or data about children for our IoT/M2M connectivity services.

3. For what purposes and on which legal bases we use personal data

We process your personal data only when we have a valid legal basis under the GDPR. Depending on the situation, we process your data for the following purposes and on these legal bases:

a) Performance of a contract (Art. 6(1)(b) GDPR)

  • To create and manage customer accounts and subscriptions.
  • To provide, manage and support our IoT/M2M connectivity services, SIM cards, platforms and related products.
  • To handle orders, deliveries, activations, suspensions and terminations of services.
  • To communicate with you about your contract, service status, incidents and support requests.

b) Compliance with legal obligations (Art. 6(1)(c) GDPR)

  • To comply with tax and accounting obligations.
  • To comply with applicable telecom and security regulations, including obligations to assist competent authorities, law enforcement and regulators where required by law.
  • To store data for periods required by law.

c) Legitimate interests (Art. 6(1)(f) GDPR)
We may process personal data where necessary for our legitimate interests, provided that your interests or fundamental rights and freedoms do not override those interests. These interests include:

  • Maintaining the security, integrity and availability of our networks, platforms and services.
  • Preventing misuse, fraud and security incidents.
  • Improving our products, services and customer experience (for example, through analytics and service quality monitoring at an aggregated level).
  • Direct marketing to existing business customers about similar products or services, within the limits of applicable law. You can object to such marketing at any time.

d) Consent (Art. 6(1)(a) GDPR)
In specific cases we may ask for your consent, for example for:

  • Certain cookies and similar technologies (as explained in our Cookie Notice).
  • Specific marketing activities where consent is required by law or by local guidance.

You may withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

4. How we obtain personal data

We obtain personal data in the following ways:

  • Directly from you: when you request a quote, conclude a contract, create an account, use our contact form, or communicate with us by e‑mail or phone.
  • Through the use of our services: when you or your devices use our SIM cards, platforms and connectivity services, we process technical and usage data necessary to provide the service and to ensure security and continuity.
  • Automatically via our website: using cookies and similar technologies when you visit our websites, as described in our Cookie Notice.
  • From third parties: for example, from our partners, resellers or providers when this is necessary to deliver our services or as part of a contractual relationship.

5. With whom we share personal data

We do not sell your personal data. We only share personal data with third parties when this is necessary for the purposes described above, when we have a legal obligation, or when you have given your consent.

We may share personal data with:

  • Network operators and connectivity partners involved in providing IoT/M2M connectivity, roaming and related services.
  • Payment service providers and banks to process payments.
  • Logistics and fulfilment partners for the delivery of SIM cards and hardware.
  • IT and cloud service providers who host our systems, platforms and support tools.
  • Communication providers (such as e‑mail, SMS gateways, telephony services) needed to send notifications and service messages.
  • Marketing and analytics partners for limited purposes, such as sending e‑mail updates or analysing website usage, in line with our Cookie Notice and your choices.
  • Advisers and legal or tax consultants, where necessary to protect our rights or comply with obligations.
  • Public authorities, regulators and law enforcement, if we are legally required to share data.

Where third parties process personal data on our behalf, we conclude data processing agreements that include appropriate confidentiality, security and GDPR provisions.

Where possible, we use service providers located in the European Economic Area (EEA). If personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place (for example, EU Standard Contractual Clauses, adequacy decisions).

6. How long we keep personal data

We do not keep your personal data longer than necessary for the purposes for which we collected it, unless a longer retention period is required or permitted by law.

In general:

  • Contract and billing data are retained for the duration of the contractual relationship and for the number of years required by tax and accounting law (usually at least seven years in the Netherlands).
  • Technical and usage data are retained for a period that is necessary for service provisioning, troubleshooting, security monitoring and billing, and are then deleted or anonymised.
  • Contact and support records are kept for as long as necessary to handle your request and for a reasonable period thereafter for proof, training and quality purposes.
  • Cookie and website data are retained as specified in our Cookie Notice and/or browser settings.

When retention periods expire, we delete or anonymise the data, unless we are legally obliged to retain it for longer (for example in connection with legal claims or investigations).

7. Security of personal data

We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include, among others:

  • secure networks and encryption where appropriate;
  • access controls and logging, limiting access to personal data to authorised staff;
  • regular monitoring, backup, and security updates;
  • awareness and confidentiality obligations for employees and contractors.

Despite these measures, no system can be completely secure. If a data breach occurs that is likely to result in a high risk to your rights and freedoms, we will inform you and the competent supervisory authority in accordance with the GDPR.

8. Your rights under the GDPR

Under the GDPR you have a number of rights with regard to your personal data. Depending on the circumstances, you may have the right to:

  • Access: obtain confirmation as to whether we process your personal data and receive a copy of that data.
  • Rectification: have inaccurate or incomplete personal data corrected.
  • Erasure (“right to be forgotten”): request deletion of your personal data in certain cases (for example when the data is no longer necessary, or consent is withdrawn and there is no other legal basis).
  • Restriction: request restriction of processing, for example while we assess a request or objection.
  • Data portability: receive personal data you have provided to us in a structured, commonly used and machine‑readable format and/or have that data transmitted to another controller, where technically feasible.
  • Objection: object to processing based on our legitimate interests, including direct marketing. In such cases we will stop processing unless we can demonstrate compelling legitimate grounds.
  • Withdraw consent: where processing is based on consent, withdraw your consent at any time.

To exercise your rights, you can contact us at info@simhuis.nl. We may ask you to provide information to verify your identity, to protect your data against unauthorised access. We aim to respond to your request within one month, in accordance with the GDPR.

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

9. Automated decision‑making

We do not use personal data to make decisions that are based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you, in the sense of Article 22 GDPR, in the context of our IoT/M2M connectivity services.

If this changes, we will update this Privacy Policy and provide additional information as required by the GDPR.

10. Third‑party websites

Our websites may contain links to third‑party websites, services or platforms. We are not responsible for the privacy practices of these third parties. We recommend that you read the privacy policies of those third parties before providing them with personal data.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services or applicable laws. The most recent version is always available on our website and will indicate the date of the latest update.

If the changes are material, we will take reasonable steps to inform you (for example via our website or by e‑mail, where appropriate).