Last updated: 28 March 2026
1. Introduction
At Rotterdam Revealed, your privacy is important to us, and we’re committed to handling your personal data with care and transparency. This Privacy Policy explains how we collect, use, and protect your personal information when you:
- Visit our website.
- Book tickets for our guided walking tours in Rotterdam.
- Contact us via our contact or feedback form.
We process your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Dutch data protection laws.
2. Data Controller
The data controller responsible for processing your personal data is:
Legal Entity
Rotterdam Revealed
Please click here for contact information.
3. What Personal Data We Collect
We only collect data that’s necessary to operate our website and provide our guided tours.
3.1 Ticket Orders
When you book a ticket for one of our tours, we collect the following details:
- Full name
- Email address
- Billing address
- Country
- Order details (tour date, price)
- Payment status
- Combined Invoice and Ticket
We do not permanently store your payment details!
3.2 Payment Processing
Payments are securely processed through our payment partner Mollie. When you complete a payment, Mollie processes your payment data as an independent data controller.
We recommend reviewing Mollie’s Privacy Policy for information on how they handle your data.
3.3 Contact & Feedback Forms
If you contact us via our contact form or feedback form, we collect:
- Your name
- Your email address
- The content of your message
- Specific answers/survey feedback
We use this information solely to respond to your inquiry and to continously improve the quality of our walking tour.
3.4 Automatically Collected Data
Our website uses Medama analytics, hosted on our own servers, to collect anonymous and aggregate website usage statistics. This analytics tool does not track cookies, IP addresses, or personally identifiable information, and it cannot be used to identify individual visitors.
We also collect minimal server logs, including the User-Agent string of your web browser. Server logs are retained for a limited period, never exceeding two months, and are used solely for website security and performance monitoring.
We do not use any third-party marketing services, nor do we engage in any form of visitor profiling.
4. Legal Bases for Processing
We process your personal data based on the following legal grounds under the GDPR:
Performance of a contract
To process ticket orders and provide guided tours.
Legal Obligation
To retain invoice and financial records for tax and legal purposes.
Legitimate interest
To ensure website security and respond to inquiries.
Consent
Where required (if applicable).
5. Retention Periods
We keep your personal data only as long as necessary:
Invoice and financial data
Retained for the legally required period (typically 7 years under Dutch tax law).
Contact form messages
Retained as long as needed to handle your request.
Order data
Retained for administrative and legal purposes.
Once the retention period ends, your data will be securely deleted from both our servers as from our financial administration.
6. Data Sharing
We will never sell or rent your personal data.
We may share your data with the following parties, but only for the purposes stated above:
Mollie B.V
For payment processing.
Knab N.V.
Bank and Accounting partner
Tax authorities or regulators
https://www.belastingdienst.nl/
Where necessary, we ensure appropriate data processing agreements are in place.
7. International Transfers
We process your personal data within the European Economic Area (EEA). If we transfer data outside the EEA (e.g., via service providers), we ensure appropriate safeguards are in place in line with the GDPR.
8. Your Rights Under the GDPR
You have several rights regarding your personal data, including:
Right of access
Request information about the data we hold about you.
Right to rectification
Request corrections to inaccurate data.
Right to erasure
Ask us to delete your data (“right to be forgotten”), applies only to data not under legal retention obligation.
Right to restriction of processing
Request that we limit how we process your data.
Right to data portability
Request your data in a format that can be transferred to another provider.
Right to object
Object to how we process your data.
Right to withdraw consent
If we process your data based on your consent, you can withdraw that consent at any time.
To exercise any of these rights, please contact us using the contact details or using the contact form on that page.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
9. Data Security
We take appropriate technical and organizational measures to protect your personal data from:
- Unauthorized access
- Loss or misuse
- Unlawful processing
The infrastructure and software empowering our website is regularly updated with security patches and access controls are in place according to the Principle of Least Privilege.
10. Data of Children
Our tours are not specifically aimed at children under 16. We do not knowingly collect or process personal data from children without parental consent.
11. Changes to This Privacy Policy
We may update this Privacy Policy occasionally. The most recent version will always be available on our website on this page, with the updated date listed.
12. Contact
If you have any questions about this Privacy Policy or how we handle your personal data, please find the contact details at our contact page.