Skip to main content
Operator One
Book a Free Consultation
Legal · GDPR

Privacy Policy

How Operator One B.V. collects, uses and protects personal data across our EU + UK marketplace operations. We are the controller for data we hold as Merchant of Record.

Last updated: June 2026

Last updated: 14 June 2026

1. Who we are

This Privacy Policy explains how Operator One B.V. ("Operator One", "O1", "we", "us" or "our") collects and uses personal data.

Controller details
Operator One B.V.
Veluwezoom 32
1327 AH Almere
The Netherlands
Email: privacy@o1.eu
Website: o1.eu

If you have questions about this Privacy Policy or want to exercise your privacy rights, you can contact us using the details above.

Data Protection Officer / privacy contact
Operator One has not appointed a Data Protection Officer. For all privacy matters, please contact privacy@o1.eu.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed by Operator One in connection with:

  • contact requests, demo requests, downloads and other marketing interactions;
  • communication with prospective customers, customers, suppliers, service providers and other business contacts;
  • the negotiation, onboarding, delivery and support of our services;
  • recruitment activities, if applicable; and
  • visits to and use of our website; related business administration, compliance, security and legal processes.

This Privacy Policy is primarily intended for website visitors and business contacts.

Marketplace and end-consumer data

Where personal data is processed in connection with marketplace transactions, end-consumer sales, customer service, logistics, returns, payments, compliance, or platform-specific operations, additional or separate privacy information may be provided through the relevant marketplace, platform, checkout flow, customer communication, contractual documentation or service-specific notice.

This is relevant because Operator One works in different roles depending on the setup:

  • in some situations, Operator One determines the purposes and means of processing and acts as an independent controller;
  • in other situations, Operator One processes personal data on behalf of a client, brand, marketplace or other party, in which case that party may be the primary controller and its privacy notice may apply instead or in addition; and
  • some third parties involved in a transaction, such as marketplaces, payment providers, carriers or returns providers, may act as separate controllers for their own processing activities.

This Privacy Policy does not replace any privacy notice presented by:

  • a marketplace or platform;
  • a client or brand for whom we provide services;
  • a carrier, payment provider or other third party acting as its own controller; or
  • a dedicated customer-facing notice used for specific end-consumer processing activities.

Where Operator One processes personal data solely on behalf of a client or another controller, that party's privacy notice may apply instead or in addition.

3. The personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

a. Identity and contact data

  • name;
  • business email address;
  • telephone number;
  • company name;
  • job title;
  • postal address;
  • billing details.

b. Communication and relationship data

  • the content of emails, calls, meetings and messages;
  • contact requests, support requests and follow-up notes;
  • preferences, interests and communication history;
  • commercial and contractual information.

c. Website and technical usage data

  • IP address;
  • browser type and version;
  • device identifiers;
  • operating system;
  • referral URLs;
  • pages visited;
  • dates and times of access;
  • cookie and consent preferences;
  • other diagnostic, analytics and security-related website data.

d. Transactional and service-delivery data

Where relevant to our services, we may process business and operational data such as:

  • account and onboarding details;
  • invoicing and payment-related data;
  • order, shipment, return or support-related contact data;
  • records needed to provide, manage or improve our services.

e. Recruitment data

If you apply for a role with us, we may process:

  • CV or resume information;
  • application correspondence;
  • interview notes;
  • references, where lawfully obtained;
  • any other information you choose to provide.

We do not intentionally collect more personal data than is necessary for the purposes described in this Privacy Policy.

4. How we collect personal data

We collect personal data:

  • directly from you, for example when you contact us, submit a form, request a demo, enter into a contract, apply for a role, or otherwise communicate with us;
  • automatically, through cookies, server logs and similar technologies when you use our website;
  • from your employer or organisation, where you are acting as a representative, user or contact person;
  • from clients, partners, marketplaces, service providers or publicly available sources where relevant to our services, compliance obligations or business relationship; and
  • from third-party tools and systems we use to manage communications, marketing, operations and service delivery.

5. Why we process personal data and on what legal basis

We process personal data only where we have a valid legal basis under applicable data protection law.

a. To operate and secure our website

We process technical and usage data to operate the website, maintain availability, prevent misuse, troubleshoot issues, and protect our systems.

Legal basis: legitimate interests, and where required by law, consent for non-essential cookies or similar technologies.

b. To respond to enquiries and manage business communications

We process contact and communication data to answer questions, arrange meetings, provide requested information, and manage our relationship with prospective and existing business contacts.

Legal basis: steps prior to entering into a contract, contract performance, and/or legitimate interests.

c. To onboard customers, suppliers and partners and to deliver our services

We process relevant business, operational and contact data to negotiate, conclude and perform agreements, provide support, manage projects, administer services and maintain business records.

Legal basis: contract performance and legitimate interests.

d. To handle administration, finance and compliance

We process personal data where necessary for invoicing, accounting, tax, legal compliance, audits, dispute management, fraud prevention and the exercise or defence of legal claims.

Legal basis: legal obligation, legitimate interests, and where relevant the establishment, exercise or defence of legal claims.

e. To send service communications and business updates

We may use contact details to send operational updates, important service notices, contract-related communications and similar business messages.

Legal basis: contract performance and legitimate interests.

f. To send marketing communications

Where allowed by law, we may send newsletters, insights, invitations or other marketing communications.

Legal basis: consent where required, and otherwise legitimate interests in promoting our services to relevant business contacts.

You can unsubscribe from marketing communications at any time.

g. To improve our services, website and business operations

We may analyse interactions, feedback, usage patterns and business data to improve our website, services, content, internal processes, security and commercial offering.

Legal basis: legitimate interests, and consent where legally required.

h. To recruit and assess candidates

If you apply for a role with us, we use your personal data to review your application, communicate with you and manage the recruitment process.

Legal basis: steps prior to entering into an employment contract, legitimate interests, and consent where required.

i. To manage marketplace-related or customer-facing operations where applicable

Where Operator One acts in connection with marketplace operations, customer support, logistics, returns, compliance, payments or similar activities, we may process personal data where necessary to perform those activities.

Legal basis: contract performance, legal obligation, legitimate interests, and/or any other lawful basis applicable to the relevant processing context.

Where a separate or platform-specific privacy notice applies, that notice should also be consulted.

6. If you do not provide personal data

Where we need personal data to respond to a request, enter into a contract, provide a service, or comply with a legal obligation, and you do not provide that data, we may be unable to respond fully, enter into the relationship, or provide the relevant service.

7. Recipients of personal data

We may share personal data, where necessary and appropriate, with the following categories of recipients:

  • our employees and authorised personnel on a need-to-know basis;
  • affiliated companies within our group, where relevant and lawful;
  • hosting, website, cloud, IT, CRM, email, communications and software providers, including providers such as Vercel, HubSpot and TransIP where relevant;
  • analytics, cookie and website service providers, including providers such as Google Analytics, LinkedIn and Meta where relevant;
  • accountants, auditors, insurers, banks, payment service providers and professional advisers;
  • logistics, fulfilment, returns, support and operational partners;
  • marketplace, platform and integration partners involved in the relevant services;
  • public authorities, regulators, law enforcement agencies and courts where required by law or necessary to protect our rights; and
  • any buyer, investor, lender or professional adviser involved in a corporate transaction, subject to appropriate confidentiality and data protection safeguards.

Where third parties process personal data on our behalf, we require them to act only on our instructions, keep the data secure, and comply with applicable data protection law.

8. International data transfers

Operator One stores and processes personal data primarily within the EU/EEA. Where transfers to third countries occur (for example, HubSpot CRM in the United States), we rely on European Commission adequacy decisions where available, and on Standard Contractual Clauses (Module 2 — controller to processor) supplemented by transfer impact assessments otherwise.

Where we transfer personal data internationally, we will do so only where a lawful transfer mechanism is in place, such as:

  • an adequacy decision by the European Commission;
  • the European Commission's Standard Contractual Clauses (or the UK equivalent where applicable);
  • supplementary measures where required; or
  • another valid transfer mechanism permitted by law.

Sub-processors are listed in our Data Processing Agreement, available on request. You may contact us at privacy@o1.eu for more information about the safeguards used for relevant international transfers.

9. Data retention

We retain personal data only as long as needed for the purposes set out in this policy:

  • contact-form submissions are retained for 24 months for sales follow-up, unless deleted on request;
  • transactional and commercial records are retained for 7 years per Dutch tax law (article 52 Algemene wet inzake rijksbelastingen); where records relate to OSS / Union Scheme or Import Scheme obligations, the retention period may be 10 years;
  • marketing-consent data is retained until consent is withdrawn or 24 months of inactivity, whichever comes first;
  • technical logs (website, server, security) are retained for 90 days;
  • recruitment data: retained only for as long as necessary for the recruitment process. If an applicant is not hired, we generally delete the application data no later than 4 weeks after the end of the recruitment process, unless the applicant has consented to a longer retention period permitted by law;
  • dispute, legal claim and compliance records: retained for as long as necessary to handle the matter and satisfy applicable limitation or retention requirements.

After retention periods expire, personal data is deleted or anonymised. Where a longer retention period is required or permitted by law, we will retain the data for that longer period.

10. Cookies and similar technologies

Our website may use cookies, pixels, local storage and similar technologies for:

  • website functionality;
  • security and performance;
  • analytics;
  • personalisation; and
  • marketing, where applicable.

We currently use or may use technologies and providers such as HubSpot, Meta, LinkedIn and Google Analytics, as well as cookies or similar tools required for the operation of our website hosted or supported via Vercel and TransIP.

Where required by law, we request your consent before placing non-essential cookies or similar technologies on your device.

You can manage your preferences through our cookie banner or browser settings.

For more detailed information about the cookies and technologies we use, including providers, purposes and retention periods, please see our cookie settings tool available on our website and any separate Cookie Policy we may publish from time to time.

11. Third-party websites, platforms and services

Our website and services may contain links to third-party websites, platforms, marketplaces or tools. Those third parties have their own privacy notices and practices. We are not responsible for the content, security or privacy practices of third-party services acting as independent controllers.

12. Data security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures may include access controls, authentication, least-privilege permissions, contractual safeguards, secure hosting, monitoring, encryption where appropriate, backup procedures and internal governance measures.

However, no system is completely secure. If you believe your interaction with us is no longer secure, please contact us immediately.

13. Your privacy rights

Subject to applicable law, you may have the right to:

  • request access to your personal data;
  • request rectification of inaccurate or incomplete personal data;
  • request erasure of your personal data;
  • request restriction of processing;
  • object to processing carried out on the basis of legitimate interests;
  • withdraw consent at any time, where processing is based on consent;
  • request data portability, where applicable; and
  • not be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects, where applicable.

To exercise your rights, please contact us at: privacy@o1.eu.

We may ask for reasonable proof of identity before acting on a request.

We will respond in accordance with applicable data protection law.

Complaints

If you believe that our processing of your personal data violates applicable law, you also have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is generally the Autoriteit Persoonsgegevens.

14. Children

Our website and services are not directed to children, and we do not knowingly collect personal data from children through our website unless this is specifically required and lawful in the relevant operational context.

If you believe that a child has provided personal data to us unlawfully, please contact us so that we can take appropriate action.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our processing activities, or our services.

We will publish the updated version on this page and update the "Last updated" date above. Where required by law, we will provide additional notice.

16. Contact us

For privacy questions, requests or complaints, please contact:

Operator One B.V.
Veluwezoom 32
1327 AH Almere
The Netherlands
Email: privacy@o1.eu
Website: o1.eu

17. Version and policy updates

This policy was last updated: 14 June 2026.

We may update this Privacy Policy from time to time to reflect changes in law, our processing activities, our services, or our sub-processor relationships. Where we make material changes, we will notify affected individuals through this website or via direct communication where appropriate. The current version is always available on this page, with the "Last updated" date above reflecting the latest revision.

For data subject requests, privacy questions or complaints, please contact us via our contact form or by emailing privacy@o1.eu. We will respond within the timeframes required by applicable data protection law.