Privacy Policy

This Privacy Policy applies to Ryzo Revenue Operations B.V. (“Ryzo”, “we”, “us”), registered at the Dutch Chamber of Commerce (Kamer van Koophandel) under number 72279370, with its registered office at Wijnsilostraat 8, 1019VM Amsterdam, the Netherlands.

Ryzo is the data controller for personal data collected through this website and in the course of providing its services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch law.

For questions or data requests, contact us at: hello@ryzo.nl

We collect the following categories of personal data:

Contact form and audit application submissions:

• First and last name
• Email address
• Company name and role/title
• Business information provided in application answers (ARR range, team size, GTM challenges, budget, timeline)

Website analytics (via Google Tag Manager / Google Analytics):

• Pages visited, time on page, referral source
• Browser type, device type, approximate geographic location (country/city level)
• IP address (anonymised in GA4 by default)

Communication data:

• Email correspondence, meeting notes, and records of communication related to service delivery

We do not collect sensitive personal data (special categories under GDPR Article 9).

We process personal data for the following purposes and on the following legal bases:

• Responding to audit applications and enquiries — Legal basis: Legitimate interest (Article 6(1)(f)) and pre-contractual steps (Article 6(1)(b)).
• Delivering contracted services — Legal basis: Performance of a contract (Article 6(1)(b)).
• Sending follow-up communications regarding our services — Legal basis: Legitimate interest (Article 6(1)(f)). You may opt out at any time.
• Website analytics and improving user experience — Legal basis: Legitimate interest (Article 6(1)(f)). Analytics data is processed in aggregated, anonymised form.
• Legal compliance and record-keeping — Legal basis: Legal obligation (Article 6(1)(c)).

We retain personal data for the following periods:

• Audit application data: Up to 12 months from the date of submission, or until you request deletion.
• Client data related to active engagements: For the duration of the engagement plus 7 years (in line with Dutch accounting and tax retention obligations).
• Marketing and communication data: Up to 2 years from last interaction, unless you opt out earlier.
• Analytics data: As configured in Google Analytics (default 14 months for user and event data).

After these periods, personal data is securely deleted or anonymised.

We share personal data with the following third-party processors as necessary to operate our business. All processors are contractually bound to process data only as instructed and to implement appropriate security measures:

• Airtable (Formagrid Inc.) — Used to store and manage audit application submissions. Data is stored on servers in the United States under EU Standard Contractual Clauses (SCCs).
• Resend (Resend Inc.) — Used to send transactional email notifications from our contact form. Data transferred under applicable safeguards.
• Google Analytics / Google Tag Manager (Google LLC) — Used for website analytics. Google is a certified participant in the EU-U.S. Data Privacy Framework. Analytics data is anonymised at collection.
• HubSpot (HubSpot Inc.) — Used for CRM and client relationship management in the course of service delivery. HubSpot participates in the EU-U.S. Data Privacy Framework.

We do not sell or rent personal data to third parties for marketing purposes.

Some of our processors operate outside the European Economic Area (EEA), including in the United States. Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or participation in recognised adequacy frameworks. You may request a copy of the relevant safeguards by contacting us at hello@ryzo.nl.

As a data subject, you have the following rights regarding your personal data:

• Recht op inzage (Right of access): You may request a copy of the personal data we hold about you.
• Recht op rectificatie (Right to rectification): You may request correction of inaccurate or incomplete data.
• Recht op verwijdering (Right to erasure): You may request deletion of your personal data where we no longer have a lawful basis to retain it.
• Recht op beperking (Right to restriction): You may request that we restrict processing of your data in certain circumstances.
• Recht op overdraagbaarheid (Right to data portability): You may request your data in a structured, machine-readable format.
• Recht van bezwaar (Right to object): You may object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds.
• Recht om toestemming in te trekken (Right to withdraw consent): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@ryzo.nl. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

Our website uses Google Tag Manager to load analytics scripts. Google Analytics 4 (GA4) is used to understand website traffic and user behaviour. GA4 uses first-party cookies and does not use third-party cookies for cross-site tracking.

We do not use advertising cookies or retargeting pixels on this website. If you wish to opt out of analytics tracking, you may use the Google Analytics opt-out browser add-on or adjust your browser's cookie settings.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include access controls, encrypted data transmission (HTTPS), and limiting access to personal data to personnel who require it for service delivery.

No method of transmission over the internet is completely secure. If you believe your data has been compromised, please notify us immediately at hello@ryzo.nl.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on this page with an updated date. For significant changes, we will notify affected individuals where reasonably possible.

For all privacy-related enquiries, data subject requests, or complaints, please contact:

We aim to respond to all data requests within 30 days.