Privacy Policy:
Privacy Policy
Torre Vision — Nikola Tore
Last updated: April 2026
---
Torre Vision takes your privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, how long we keep it, and what your rights are. It applies to all visitors and customers of torre-vision.com and to all business contacts of Torre Vision.
---
1. DATA CONTROLLER
The data controller responsible for your personal data is:
Nikola Tore, operating as Torre Vision
Address: Admiraliteitskade 60-220, 3063ED Rotterdam, The Netherlands
Email: contact@torre-vision.com
KVK number: 42015425
Torre Vision does not have a Data Protection Officer (DPO). For all data protection queries and rights requests, please contact: contact@torre-vision.com.
---
2. PERSONAL DATA WE COLLECT
We collect the following categories of personal data:
Account and purchase data: name, email address, billing address, payment reference (not card details), purchase history, and programme enrolment status.
Communication data: email correspondence, form submissions, and coaching session notes (with your consent).
Usage data: pages visited, lessons completed, worksheets accessed, and time spent on the site (collected via analytics cookies with your consent).
Technical data: IP address, browser type, device type, and referral source (anonymised where possible).
Business contact data (B2B clients): company name, KVK and BTW numbers, contact person details, and contract information.
We do not collect special categories of personal data (sensitive data such as health, religious beliefs, or biometric data) unless you voluntarily provide such information during coaching, in which case processing is based on your explicit consent (Article 9(2)(a) GDPR).
---
3. WHY WE PROCESS YOUR DATA AND ON WHAT LEGAL BASIS
We process your personal data for the following purposes:
Delivery of programmes, digital products, and coaching sessions — legal basis: Article 6(1)(b) GDPR (performance of contract).
Payment processing and issuing invoices — legal basis: Article 6(1)(b) GDPR (performance of contract).
Sending order confirmations and access credentials — legal basis: Article 6(1)(b) GDPR (performance of contract).
Sending a welcome and nurture email sequence after you download a free resource — legal basis: Article 6(1)(a) GDPR (consent). You gave consent by subscribing voluntarily. You can withdraw consent at any time by clicking unsubscribe.
Sending commercial emails to existing customers about related products and services — legal basis: Article 6(1)(f) GDPR (legitimate interest), in accordance with Article 11.7 of the Dutch Telecommunications Act (soft opt-in rule for existing customers). You can opt out at any time.
Responding to enquiries and support requests — legal basis: Article 6(1)(f) GDPR (legitimate interest).
Maintaining invoice and financial records — legal basis: Article 6(1)(c) GDPR (legal obligation under Dutch tax law — 7-year retention obligation).
Analysing website usage to improve our services — legal basis: Article 6(1)(f) GDPR (legitimate interest), using anonymised analytics data only, and subject to your cookie consent where applicable.
Administering freelance and consulting contracts — legal basis: Article 6(1)(b) GDPR (performance of contract) and Article 6(1)(c) GDPR (legal obligation).
---
4. HOW LONG WE KEEP YOUR DATA
Purchase and invoice records: 7 years (statutory retention obligation under Dutch tax law).
Account and programme access data: for the duration of your access plus 2 years after account closure.
Email subscriber data: until you unsubscribe, plus 30 days for processing.
Coaching session notes: for the duration of the coaching relationship plus 1 year, then deleted.
Website analytics data: maximum 26 months (anonymised).
Consulting contract records: 7 years (Dutch Civil Code retention obligation).
Support correspondence: 2 years from the date of last contact.
---
5. WHO WE SHARE YOUR DATA WITH
We share personal data with the following service providers, who act as data processors on our behalf:
Systeme.io — course delivery, email marketing, CRM, and payment processing. Location: EU and international.
PayPal — payment processing. Location: EU and international.
Calendly — discovery call booking. Location: USA. Transfers are protected by Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR.
Google — website analytics (Google Analytics) and video hosting (YouTube). Location: USA and EU. Google applies adequate safeguards including SCCs and EU-US Data Privacy Framework certification.
Gekko — invoicing and accounting. Location: Netherlands (EU).
We do not sell personal data to third parties. Data is shared with processors only to the extent necessary for service delivery.
---
6. INTERNATIONAL TRANSFERS
Where personal data is transferred to countries outside the European Economic Area (EEA), such transfers are protected by appropriate safeguards in accordance with Chapter V GDPR, including Standard Contractual Clauses (SCCs) approved by the European Commission.
---
7. YOUR RIGHTS
Under the GDPR / AVG, you have the following rights regarding your personal data:
Right of access (Article 15 GDPR): You may request a copy of all personal data we hold about you.
Right to rectification (Article 16 GDPR): You may request correction of inaccurate or incomplete data.
Right to erasure (Article 17 GDPR): You may request deletion of your personal data, subject to legal retention obligations.
Right to restriction of processing (Article 18 GDPR): You may request that we restrict how we use your data in certain circumstances.
Right to data portability (Article 20 GDPR): You may request your data in a structured, machine-readable format.
Right to object (Article 21 GDPR): You may object to processing based on legitimate interest, including direct marketing. If you object to direct marketing, we will stop immediately.
Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
To exercise any of these rights, please contact: contact@torre-vision.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
Website: www.autoriteitpersoonsgegevens.nl
Address: Prins Clauslaan 60, 2595 AJ Den Haag, The Netherlands
---
8. COOKIES
We use cookies on torre-vision.com. For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy at www.torre-vision.com/cookies.
---
9. SECURITY
We implement appropriate technical and organisational security measures to protect your personal data, including HTTPS/TLS encryption for all data transmitted via torre-vision.com. Access to personal data is restricted to Torre Vision and authorised processors only.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the Autoriteit Persoonsgegevens without undue delay, in accordance with Article 33 GDPR.
---
10. AUTOMATED DECISION-MAKING
Torre Vision does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you, within the meaning of Article 22 GDPR.
---
11. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. The current version is always available at www.torre-vision.com/privacy. We will notify you of material changes by email where we hold your contact details.
For questions about this Privacy Policy: contact@torre-vision.com
---