Privacy
Policy.
Last updated: June 2026
1. Who we are
Skales IT ("Skales", "we", "us") is a managed IT services provider registered in the Netherlands and operating under Dutch law. We provide workplace IT management, identity governance, and compliance services to scale-up companies.
Contact: hello@skales.nl
Address: Amsterdam, Netherlands
For questions about this policy or your personal data, contact us at hello@skales.nl.
2. What data we collect and why
2.1 When you visit this website
We collect standard server logs (IP address, browser type, pages visited, referrer, timestamp) for security and analytics purposes. This data is retained for a maximum of 90 days and is not used for advertising or sold to third parties.
2.2 When you book an assessment
Our contact page embeds a Google Calendar appointment scheduling tool. When you book a meeting, the following data is processed by Google and Skales:
- Your name and email address
- The date and time you select
- Any notes you add to the booking
This data is used solely to arrange and conduct the scheduled call. Google's own privacy policy applies to data processed through Google Calendar. See policies.google.com/privacy.
2.3 When you become a client
In the course of providing managed IT services, we process personal data about your employees โ including names, email addresses, device identifiers, and access logs โ as a data processor acting on your behalf. A Data Processing Agreement (DPA) is signed with all clients prior to service commencement, in accordance with Article 28 of the GDPR.
3. Legal basis for processing
We process personal data on the following legal bases under GDPR Article 6:
- Legitimate interests (Art. 6(1)(f)) โ for website analytics and security logging
- Performance of a contract (Art. 6(1)(b)) โ for processing data necessary to arrange and deliver our services
- Consent (Art. 6(1)(a)) โ for non-essential cookies where you have provided consent via our cookie banner
- Legal obligation (Art. 6(1)(c)) โ where we are required to retain records under Dutch law
4. Cookies
This website uses the following types of cookies:
- Essential cookies โ required for the site to function. These cannot be disabled.
- Functional cookies โ set by Google Calendar to enable the booking embed on our contact page. These are loaded when you visit the /contact page.
You can withdraw cookie consent at any time by clearing your browser cookies. Our cookie banner will reappear on your next visit.
We do not use advertising, tracking, or third-party analytics cookies beyond what is described above.
5. Data sharing and sub-processors
We do not sell your personal data. We share data only with:
- Google LLC โ for Google Calendar appointment scheduling and, for clients, Google Workspace administration. Google is certified under the EU-US Data Privacy Framework.
- Cloudflare, Inc. โ this website is hosted on Cloudflare Workers. Cloudflare processes request metadata as part of its CDN and security services.
- Service-specific sub-processors for client engagements โ including Okta, JumpCloud, Iru, and Jamf, as applicable. A full list of sub-processors is provided in client DPAs.
Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
6. Data retention
- Website logs โ 90 days
- Booking and pre-sales correspondence โ 24 months from last contact
- Client engagement data โ duration of the contract plus 7 years for financial and legal records, in accordance with Dutch Burgerlijk Wetboek requirements
7. Your rights under GDPR
As a data subject, you have the following rights:
- Right of access โ request a copy of the personal data we hold about you
- Right to rectification โ request correction of inaccurate data
- Right to erasure โ request deletion of your data where there is no legitimate reason for continued processing
- Right to restriction โ request that we restrict processing of your data in certain circumstances
- Right to data portability โ receive your data in a structured, machine-readable format
- Right to object โ object to processing based on legitimate interests
- Right to withdraw consent โ where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at hello@skales.nl. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
8. Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encryption in transit and at rest, access controls, and regular security reviews โ the same standards we implement for our clients.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the website. The "last updated" date at the top of this page reflects the most recent revision.