Legal
GDPR Protocol
Last updated June 2026
Scope & Controller
Trade Alliance Europe B.V. is the Data Controller for all personal data processed via the Platform. Contact: info@trade-alliance.eu.
Lawful Bases
Contract (membership), Legitimate Interest (matching), Consent (events & marketing). Each processing activity is documented with its lawful basis.
Categories of Personal Data
Identity (name, email, phone), Professional (company, VAT, role), Behavioural (log-ins, RSVPs), Audit (verification notes by AD).
Data Subject Rights
Right of access (Art. 15), rectification (Art. 16), erasure / right to be forgotten (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and to withdraw consent at any time.
Sub-Processors
Lovable Cloud (EU hosting, Supabase), Google Workspace (email), LinkedIn (limited verification only). Each is bound by a DPA.
International Transfers
All processing is within the EU/EEA. No transfers to third countries without Standard Contractual Clauses.
Retention
Active member data: until 12 months after membership ends. Audit records: 5 years (legal retention). Marketing consent: until withdrawn.
Breach Notification
We notify the supervisory authority within 72 hours of becoming aware of a personal-data breach, and affected data subjects without undue delay where required.
How to Exercise Your Rights
Email info@trade-alliance.eu with the request. We respond within 30 days. If you are not satisfied with the response, you may complain to your national supervisory authority (in NL: the Autoriteit Persoonsgegevens).