Privacy Policy – Design Narrative

Last updated: 3 December 2025

1. Who we are

Design Narrative
Knight Interactive B.V.
Frits Koolhovenweg 49
3769TR Soesterberg, The Netherlands
Chamber of Commerce (KvK): 73071218
VAT number: NL859342864B01
Email: rick@design-narrative.co

In this Privacy Policy we explain what personal data we collect, why we collect it and how we handle it. This policy applies to our website design-narrative.co, our services, and any other interactions you may have with Design Narrative.

2. Personal data we collect

We may process the following categories of personal data:

2.1 Data you provide directly

For example, when you contact us via a form, email, or schedule a call:

  • Name
  • Company name
  • Job title/role
  • Email address
  • (Optional) Phone number
  • Website URL or product URL
  • Any information you share in free text fields (e.g. description of your challenge, project details, goals)

2.2 Data when you become a client

When we enter into an agreement and perform work for you, we may collect:

  • Billing details (company address, VAT number, purchase order details)
  • Contact details of relevant stakeholders
  • Project-related information (briefings, documentation, research and analytics you choose to share with us)
  • Communication history (emails, meeting notes, call summaries)

2.3 Automatically collected data (website usage)

When you visit our website, certain data may be collected automatically, for example through cookies or similar technologies:

  • IP address (where possible, stored in an anonymised form)
  • Browser type and device information
  • Pages visited and time spent on those pages
  • Referring website or source
  • General interaction data (clicks, scroll behaviour, etc.)

The exact data depends on your cookie settings and the tools we use (e.g. analytics, A/B testing).

3. Why we process personal data

We process personal data only for specific, explicit and legitimate purposes: 

1. To respond to your enquiries

  • Handling contact form submissions and email enquiries.
  • Scheduling calls, demos or audits.
     

2. To perform and manage our agreements

  • Preparing proposals and offers.
  • Executing UX/design/audit/consulting work.
  • Providing deliverables such as reports, analyses, prototypes or designs.

3. For administration and legal obligations

  • Invoicing and financial administration.
  • Complying with tax and legal retention requirements.

4. To improve our website and services 

  • Analysing how visitors use our website.
  • Improving content, user experience and performance.
  • Securing our services and preventing misuse.

5. For marketing and relationship management (where allowed) 

  • Sending relevant updates about our services, content or case studies.
  • Following up after a contact request, call or project.
  • You can always object to or unsubscribe from such communications.

4. Legal bases for processing

We process personal data based on one or more of the following legal grounds:

  • Performance of a contract – where processing is necessary to enter into or perform a contract with you or your company.
  • Consent – for example when you actively submit a form or explicitly subscribe to updates. You can withdraw consent at any time.
  • Legal obligation – such as our duty to keep certain financial records for tax authorities.
  • Legitimate interests – such as improving our services, maintaining client relationships, securing our systems, and marketing to existing clients. When we rely on this basis, we carefully balance our interests against your privacy rights.

 

5. Retention periods

We do not keep your personal data longer than necessary for the purposes for which we collected it, unless we are required by law to keep it longer.
Indicative retention periods: 

  • Contact requests / intake forms: up to 2 years after the last interaction, unless you become a client.
  • Client and project data: up to 7 years after the end of the financial year in which the project or contract ended (to comply with legal and tax obligations).
  • Financial records (invoices, payment records): at least 7 years, as required by law.
  • Analytics and cookie data: according to the retention settings of the specific tool (for example 14–26 months for typical analytics tools), unless you delete or block cookies earlier.

We may store anonymised or aggregated data for a longer period if it does not contain personal data.

6. Sharing personal data with third parties

We do not sell your personal data to third parties.
We only share your data in the following situations:

1. Service providers (processors)

We may engage third parties to process data on our behalf, for example: 

  • Website and hosting providers
  • Email and communication tools
  • Cloud storage and documentation tools
  • Analytics or A/B testing tools
  • Online accounting and invoicing systems
  • Form and survey tools (such as Tally, Typeform, or similar)
     

These parties act as processors and may only process your data according to our instructions. Where required, we sign Data Processing Agreements (DPAs) with them.

2. Professional advisors and legal obligations

We may share necessary data with our accountant, legal advisors, or tax authorities where required by law.

3. Business transfers

In the unlikely event of a merger, acquisition or sale of (part of) our business, personal data may be transferred to a third party as part of that transaction. In such a case we will inform you where reasonably possible.

We ensure that any third party that processes your data provides adequate safeguards for your privacy. 

7. International transfers

Where possible, we aim to store and process data within the European Economic Area (EEA). 

If we work with service providers outside the EEA, we will ensure an adequate level of protection for your data, for example by:

  • Using providers in countries with an adequacy decision from the European Commission; or
  • Concluding Standard Contractual Clauses (SCCs) issued by the European Commission; and
  • Assessing whether additional measures are needed to protect your data.

8. Cookies and similar technologies

Our website may use cookies or similar technologies to:

  • Ensure the website functions properly (functional cookies).
  • Analyse usage and performance (analytical cookies).
  • Support marketing activities or embedded content (marketing/third-party cookies).

Where required, we ask for your consent for non-essential cookies via a cookie banner or similar mechanism. You can withdraw or adjust your consent at any time.

You can also configure your browser to block or delete cookies. Please note that this may affect the functioning of the website.

For more details, please see our separate Cookie Policy, if available.

9. Security of your data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or disclosure.

Examples of such measures include:

  • Secure connections (HTTPS/SSL) on our website.
  • Access to systems and data limited to people who need it for their work.
  • Strong passwords and, where possible, two-factor authentication.
  • Regular updates and maintenance of software and systems.
  • Backups of important data.

Although we strive for a high level of security, no system can be guaranteed to be 100% secure. If you suspect misuse or a data breach, please contact us immediately.

10. Your rights

Under applicable data protection laws (including the GDPR), you have the following rights regarding your personal data:

  • Right of access – to know what data we hold about you and to receive a copy.
  • Right to rectification – to have incorrect or incomplete data corrected.
  • Right to erasure – to request that we delete your data, where legally permitted.
  • Right to restriction of processing – to ask us to limit the processing of your data in certain situations.
  • Right to data portability – to receive your data in a structured, commonly used and machine-readable format, or have it transmitted to another controller where technically feasible.
  • Right to object – to object to certain processing activities, such as direct marketing or processing based on our legitimate interests.

You can exercise these rights by contacting us at:

Email: rick@design-narrative.co

We may ask you for additional information to verify your identity before fulfilling your request.

If you are not satisfied with the way we handle your request, you also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is:

Autoriteit Persoonsgegevens

Website: https://www.autoriteitpersoonsgegevens.nl

11. Links to other websites

Our website or communications may contain links to third-party websites, tools or services. We are not responsible for the privacy practices of these third parties. We recommend that you read their privacy policies before providing any personal data.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example when our services change or when regulations require it.

The most recent version is always available on our website. If the changes are substantial, we will notify you where reasonably possible, for example by email or a notice on our website.

13. Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

Design Narrative
Knight Interactive B.V.
Frits Koolhovenweg 49
3769TR Soesterberg, The Netherlands
Email: rick@design-narrative.co

We aim to respond to your request or question as soon as reasonably possible.