Privacy Policy
ZeroNext BV is committed to protecting the privacy and personal data of all individuals who interact with our services, website, and digital tools.
1. Introduction
ZeroNext BV (“ZeroNext”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of all individuals who interact with our services, website, and digital tools. This Privacy Policy explains who we are, what personal data we collect, how we use it, with whom we share it, and what rights you have under applicable data protection law.
This Privacy Policy applies to all personal data processed by ZeroNext in its capacity as data controller, including data collected through zeronext.ai, the ZeroNext configurator, pricing tool, demo intake system, and all associated communications. Where ZeroNext processes personal data on behalf of a client (as data processor), a separate Data Processing Agreement governs such processing.
We are required to comply with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Dutch Implementation Act (Uitvoeringswet AVG, UAVG). If you have questions about this Policy or wish to exercise your rights, please contact us at privacy@zeronext.ai.
2. Data Controller Information
ZeroNext BV is the data controller responsible for the personal data described in this Policy. We are registered with the Dutch Chamber of Commerce (Kamer van Koophandel).
3. Personal Data We Collect
We collect personal data in the following categories, depending on how you interact with us:
3.1 Contact and Identity Data
- ›Full name and professional title
- ›Business name and registered address
- ›Email address
- ›Telephone number
- ›Website URL
3.2 Project and Business Data
- ›Product or service descriptions submitted through intake forms
- ›Target audience and industry information
- ›Budget ranges and project preferences
- ›Video usage intent and platform preferences
- ›Uploaded files, scripts, brand materials, and creative briefs
3.3 Communication Data
- ›Email correspondence and attachments
- ›Notes from consultations, calls, and meetings
- ›Feedback on Deliverables
3.4 Technical and Usage Data
- ›IP address and approximate geographic location
- ›Browser type and version, operating system
- ›Pages visited, time on page, and referral source
- ›Configurator interaction data (selections made, steps completed)
- ›Session identifiers and cookies (see Section 11)
3.5 Financial Data
- ›Invoice information (company name, VAT number, billing address)
- ›Payment status and transaction references (we do not store payment card details)
3.6 Special Categories of Personal Data
- ›In connection with our Custom Avatar Creation service, we may process biometric data in the form of video footage from which digital avatars are generated. This constitutes special category data under Article 9 GDPR.
- ›This processing is subject to our Avatar Consent and Usage Terms and requires explicit written consent.
- ›We do not process other special categories of personal data unless explicitly required for a specific project and consented to in writing.
4. How We Collect Personal Data
Directly from you: through completion of our configurator, pricing tool, custom demo intake form, contact form, or any other form on the Platform; through email or telephone communications; during consultations; and through materials you provide in the course of a project.
Automatically: through cookies and tracking technologies deployed on the Platform (see Section 11); through web analytics tools that record usage patterns and interaction data.
From third parties: where you interact with ZeroNext through a referral partner or agency; from publicly available business directories or LinkedIn where we conduct outreach in the context of legitimate business development.
5. Purposes and Legal Bases for Processing
We process personal data only where we have a valid legal basis under Article 6 GDPR (or Article 9 GDPR for special category data).
| Purpose | Personal Data Used | Legal Basis |
|---|---|---|
| Responding to enquiries and providing quotes | Contact, project, communication data | Legitimate interests / Pre-contractual steps |
| Delivering contracted Services | Contact, project, financial, communication data | Performance of contract |
| Invoicing and financial administration | Contact, financial data | Performance of contract / Legal obligation |
| Custom avatar creation | Biometric / video data | Explicit consent (Art. 9(2)(a)) |
| Marketing and portfolio promotion | Contact data, project outputs | Legitimate interests |
| Platform analytics and improvement | Technical and usage data | Legitimate interests / Consent |
| Legal compliance and dispute resolution | All relevant data | Legal obligation / Legitimate interests |
| B2B outreach and business development | Contact and identity data | Legitimate interests |
6. Legitimate Interests Assessment
Where we rely on legitimate interests as our legal basis, we have assessed that our interests are not overridden by your interests or fundamental rights. Our legitimate interests include operating and improving our business, maintaining client relationships, promoting our services, and ensuring the security of our systems. You may object to processing based on legitimate interests at any time (see Section 10).
7. Data Sharing and Third-Party Recipients
We do not sell personal data to third parties. We may share personal data with the following categories of recipients, solely to the extent necessary for the stated purpose:
7.1 Service Providers and Sub-processors
Cloud hosting and infrastructure providers (e.g., hosting platforms, CDN services); AI model and API providers used in production workflows; email and communication tools; project management and CRM platforms; payment processors (who receive only the data necessary for transaction completion); analytics and web tracking tools. All service providers acting as sub-processors are bound by data processing agreements in compliance with Article 28 GDPR.
7.2 Professional Advisors
We may share personal data with legal advisors, accountants, and auditors as required in the ordinary course of business, subject to professional confidentiality obligations.
7.3 Legal and Regulatory Authorities
We may disclose personal data where required to do so by law, regulation, court order, or at the request of competent authorities, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
7.4 Business Transfers
In the event of a merger, acquisition, or sale of ZeroNext's business or assets, personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.
8. International Data Transfers
ZeroNext operates internationally and may transfer personal data to countries outside the European Economic Area (EEA) in connection with the use of third-party service providers or in serving international clients.
Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:
- ›Adequacy decisions by the European Commission
- ›Standard Contractual Clauses (SCCs) as approved by the European Commission under Article 46(2) GDPR
- ›Other transfer mechanisms permitted under GDPR
You may request information about the specific safeguards applicable to international transfers of your personal data by contacting privacy@zeronext.ai.
9. Data Retention
We retain personal data for no longer than is necessary for the purposes for which it was collected, taking into account our legal obligations, the nature of the contractual relationship, and applicable statutory limitation periods.
- Client project data7 years from project completion (Dutch statutory accounting requirements)
- Enquiry and pre-contractual data (non-clients)Up to 12 months from the date of last contact
- Marketing dataUntil consent is withdrawn or an objection is received
- Technical and usage dataUp to 24 months
- Avatar source video and biometric dataOnly for the duration required to produce the avatar; deleted thereafter unless a longer retention period is explicitly agreed in writing
At the end of the applicable retention period, personal data is securely deleted or anonymized.
10. Your Rights Under GDPR
Under the GDPR and the Dutch UAVG, you have the following rights in respect of your personal data:
Right of Access (Art. 15)
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data together with supplementary information about our processing activities.
Right to Rectification (Art. 16)
You have the right to require us to correct inaccurate personal data and to complete incomplete personal data.
Right to Erasure (Art. 17)
You have the right to require us to delete your personal data in certain circumstances, including where the data is no longer necessary, where you withdraw consent, or where you object and we have no overriding grounds to continue.
Right to Restriction (Art. 18)
You have the right to require us to restrict processing of your personal data in certain circumstances, such as while a dispute about accuracy is resolved.
Right to Data Portability (Art. 20)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object (Art. 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
To exercise any of the above rights, please contact us at privacy@zeronext.ai. We will respond within one (1) month of receipt.
11. Cookies and Tracking Technologies
Our Platform uses cookies and similar tracking technologies to operate the Platform, analyze usage, and improve user experience. We use the following categories of cookies:
- ›Strictly necessary cookies: required for the Platform to function (e.g., session management, form continuity); these do not require consent.
- ›Analytics cookies: used to understand how visitors interact with the Platform, including configurator step completions and page engagement; these require consent.
- ›Marketing/preference cookies: used to remember preferences and, where applicable, support remarketing; these require consent.
On your first visit to the Platform, you will be presented with a cookie consent banner. You may withdraw cookie consent at any time through your browser settings or our cookie management tool.
12. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include access controls, encryption in transit (TLS/SSL), secure hosting infrastructure, and restricted internal access on a need-to-know basis. We regularly review and update our security measures. In the event of a personal data breach likely to result in a high risk to your rights, we will notify you without undue delay in accordance with Article 34 GDPR.
13. Children's Privacy
Our Services are directed exclusively to business professionals and are not intended for use by individuals under the age of sixteen (16). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact privacy@zeronext.ai and we will delete it promptly.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated to registered users and clients by email with at least thirty (30) days’ notice before the new policy takes effect. The current version will always be available at zeronext.ai/privacy. Continued use of our Services after the effective date of any update constitutes acceptance of the revised Policy.
15. Contact and Complaints
For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please contact:
If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), Hoge Nieuwstraat 8, 2514 EL Den Haag, www.autoriteitpersoonsgegevens.nl.
Reach out to our privacy team directly. We respond to all requests within 30 days.