legal — privacy

Privacy statement

Easyboeken works with your financial data every day. That's why we believe you should know exactly what we collect, why we collect it and what your rights are. No legal jargon where it isn't needed. This is a translation of our Dutch privacy statement — if the two ever differ, the Dutch version prevails.

data controller
Easyboeken (sole proprietorship)KvK 42090505 · VAT ID NL005487908B40 · 100% online
version
v 1.0First version
last updated
11 July 2026Changelog at the bottom
contact
privacy@easyboeken.nlReply within 5 working days

Who we are

Easyboeken is an online bookkeeping service. Easyboeken is the trade name of a sole proprietorship (eenmanszaak), registered with the Dutch Chamber of Commerce under number 42090505, with VAT identification number NL005487908B40. We work fully online. You can reach us via info@easyboeken.nl or by phone/WhatsApp on 06 44 64 10 80. For the data we process about you or your business, we are the data controller within the meaning of the General Data Protection Regulation (GDPR / AVG).

Where we process invoices, receipts or customer data on your behalf in our software, we also act as a processor. For that you conclude a data processing agreement with us; it's included in our general terms by default.

What data we process

Below you'll see, per category, which data we collect, what we use it for and how long we keep it. We don't collect more than strictly needed to keep your books.

category what & why legal basis retention
Account data
Name, email address, phone number, company name, KvK number, VAT number. To let you log in, invoice you and link your books.
art. 6(1)(b) — contract
Duration of subscription + 7 years
Bookkeeping data
Incoming & outgoing invoices, receipts, bank statements, ledger entries, VAT returns. So we can keep your books.
art. 6(1)(b) — contract
7 years (tax obligation)
Communication
Messages via WhatsApp, email or chat with our support and bookkeeping team, including any attachments.
art. 6(1)(b)/(f)
5 years after last contact
Usage data
Device and browser information, IP address (anonymised), click and session data. To find bugs and improve the app.
art. 6(1)(f) — legitimate interest
14 months
Payment data
IBAN, payment status and invoice numbers — needed to invoice your monthly fee and process payments.
art. 6(1)(b) — contract
7 years (tax obligation)
Marketing
Email address for our newsletter, preferences, open and click behaviour. Only if you explicitly signed up.
art. 6(1)(a) — consent
Until consent is withdrawn

In principle we process no special categories of personal data (such as health, religion or political preference). Please don't send these unsolicited in a receipt or invoice either; if it happens anyway, we delete them as soon as possible.

Why & on what legal basis

Under the GDPR we may only process personal data with a valid legal basis. We use four:

  • Performance of a contract. The largest part — doing your bookkeeping, invoicing, providing support — is needed to fulfil our agreement with you.
  • Legal obligation. The Dutch Tax Administration requires us to keep certain administrative records for 7 years (art. 52 AWR).
  • Legitimate interest. For example to prevent fraud, keep our app secure or build anonymised statistics. We always weigh your interests in doing so.
  • Consent. Only for optional things such as our newsletter or non-functional cookies. You can withdraw consent at any time.

WhatsApp & AI agent

Easyboeken offers an AI assistant that communicates with you via WhatsApp. We want to be transparent about this because it's something special.

what we do

  • Your messages and attachments are processed by a Large Language Model to understand your question and formulate an answer.
  • The AI has access to your own books only — never to that of other clients.
  • In case of doubt, or for questions with financial impact, the message is handed over to a human: your own bookkeeper.

what we don't do

  • We do not use your messages or invoices to train public AI models. Our AI suppliers (see below) process via their business APIs, which don't use your data for model training.
  • We don't share your content with WhatsApp / Meta for advertising purposes.

Keep in mind that WhatsApp itself processes metadata (sender, time, phone number) under its own privacy policy. Prefer not to communicate via WhatsApp? Email works just as well.

Who we share data with

We don't sell your data. We do work with a number of carefully selected partners who help us deliver the service. With all of these parties we have a data processing agreement and the necessary security measures in place.

Netlifywebsite hosting
Hosting of this website. Processes visitor traffic (such as IP addresses) in server logs in order to serve the site.
USglobal CDN · SCCs
n8n Cloudautomation
The automation platform Eefje runs on: receives your WhatsApp question and fetches the answer from your books.
EUGermany · DPA
OpenAI (Ireland) Ltd.AI model
LLM for understanding your questions and formulating answers. Via the business API — your data is not used to train models.
EUDublin · SCCs
Meta (WhatsApp Business API)messaging
Processing incoming and outgoing WhatsApp messages via the official WhatsApp Business API.
EU/USDublin · SCCs
Moneybirdbookkeeping software
Your own Moneybird environment where we do your books on your behalf — it stays yours.
EUNetherlands
Cal.comagenda
The appointment agenda on our contact page. Processes your name, email address, the chosen time slot and optionally your chosen plan to schedule an intro call.
USSCCs
Web3Formsforms
Forwards contact form and tax check submissions to our mailbox. Processes what you fill in (name, email, phone, message) and your IP address for spam filtering.
USAWS hosting

Transfers outside the EU only take place for suppliers where this is unavoidable, and always on the basis of the European Commission's model contracts (Standard Contractual Clauses) plus additional technical measures.

How long we keep data

We don't keep data longer than necessary. The main retention periods:

  • Bookkeeping data — 7 years after the end of the financial year (Dutch tax retention obligation, art. 52 AWR).
  • Account data — duration of the subscription plus 7 years where it forms part of your records; otherwise 6 months after cancellation.
  • Support communication — 5 years, so we can look up what we agreed earlier.
  • Usage data & logs — 14 months, then automatically deleted.
  • Marketing — until you unsubscribe, plus 30 days for our suppression list.

After these periods expire, data is automatically deleted or anonymised. Want to be deleted sooner? Read about your rights further down.

Security

We do everything we can to protect your data. Among other things:

  • Encryption. All traffic — website, WhatsApp, email — runs over encrypted connections.
  • Certified suppliers. Your books live in Moneybird: ISO 27001-certified, encrypted storage and daily backups.
  • Access control. One bookkeeper, no rotating team: only your own bookkeeper can access your books, always with two-factor authentication.
  • Strict separation per client. Eefje works with a separate, isolated access key for each client that can only reach your books — requesting someone else's figures is technically impossible.

Should something go wrong despite all measures and result in a data breach, we will report it within 72 hours to the Dutch Data Protection Authority and — if there is a high risk to you — to you personally as well.

Cookies & tracking

Our website uses as few cookies as possible. We distinguish three kinds:

  • Functional. Strictly needed to make the site and the app work (session, language, security). We always set these, without consent.
  • Analytics. We use Simple Analytics — a privacy-friendly, Dutch and EU-hosted analytics tool without cookies and without personal data.
  • Marketing. We don't use any: this site sets no marketing or tracking cookies. That's also why there's no cookie banner — there's nothing to choose. Should that ever change, we'll ask for your consent first.

Your rights

You decide what happens to your data. Under the GDPR you have the following rights — and we will never hold it against you that you use them.

right_01

Access

Request a copy of all the data we hold about you.

right_02

Rectification

Have incorrect data corrected or completed.

right_03

Erasure

Have data deleted — insofar as no tax retention obligation applies.

right_04

Restriction

Temporarily pause the processing, e.g. during a dispute.

right_05

Data portability

Request your data in a common format (UBL/CSV/XML).

right_06

Objection

Object to processing based on legitimate interest.

We respond to your request within one month (for complex requests we may extend this by two months — we'll let you know in time). Requests are free of charge, unless they are clearly unreasonable or excessive.

Filing a complaint

Do you have a complaint about how we handle your data? Please email privacy@easyboeken.nl first — we'd rather sort it out together. If that doesn't work, you can always file a complaint with the supervisory authority:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Postbus 93374, 2509 AJ Den Haag
autoriteitpersoonsgegevens.nl

Changes

We update this statement when our service or the regulations require it. For material changes we'll email you in advance, at least 30 days before the change takes effect.

  • v 1.0 — 11 July 2026 — First version.

Contact & DPO

Given our size, we have not appointed a mandatory Data Protection Officer. Privacy matters are handled personally by Artur Kazibajevs — founder and your bookkeeper.

A question about your privacy? Email us.

We usually respond within 2 working days, and within 5 at the latest. Prefer to call or WhatsApp? You can, on 06 44 64 10 80.

email privacy@easyboeken.nl →