Legal
GDPR Statement
Our commitment
7MILLS Equity Partners B.V., trading as BuildExitReady, is committed to protecting the personal data of everyone who interacts with us — whether as a prospective client, existing client, website visitor, or business contact. This statement explains how we meet our obligations under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch implementation thereof (UAVG).
As a controller established in the Netherlands, we are directly subject to GDPR. We take our responsibilities seriously and have implemented appropriate technical and organisational measures to ensure lawful, fair, and transparent data processing.
Data controller
7MILLS Equity Partners B.V.Ooldselaan 11, 7245PP Laren
The Netherlands
Chamber of Commerce 98530828
[email protected]
Principles we follow
We process personal data in accordance with the six data protection principles set out in Article 5 GDPR:
- Lawfulness, fairness, and transparency — we always have a legal basis for processing and are open about how we use data
- Purpose limitation — data is collected for specified, explicit, and legitimate purposes and not processed in ways incompatible with those purposes
- Data minimisation — we collect only what is necessary for the purpose
- Accuracy — we take reasonable steps to ensure data is accurate and kept up to date
- Storage limitation — data is retained only as long as necessary
- Integrity and confidentiality — we apply appropriate security measures to protect personal data against unauthorised access, loss, or destruction
Legal bases we rely on
We rely on the following legal bases under Article 6 GDPR to process personal data:
- Article 6(1)(a) — Consent: for marketing communications and non-essential cookies
- Article 6(1)(b) — Contract: for processing necessary to deliver advisory services
- Article 6(1)(c) — Legal obligation: for retaining records required under Dutch tax and accounting law
- Article 6(1)(f) — Legitimate interests: for responding to enquiries, improving our services, and communicating with prospective clients
Data subject rights
Under GDPR, you have the following rights with respect to your personal data:
- Right of access (Art. 15) — obtain a copy of your personal data and information about how it is used
- Right to rectification (Art. 16) — have inaccurate or incomplete data corrected
- Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten") where there is no overriding legitimate reason to retain it
- Right to restriction of processing (Art. 18) — limit how we use your data in certain circumstances
- Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interests, including direct marketing
- Rights related to automated decision-making (Art. 22) — we do not use automated decision-making or profiling that produces legal or similarly significant effects
To exercise any of these rights, email [email protected]. We will respond within one month of receiving your request (extendable by a further two months for complex or multiple requests, with notice).
International transfers
Where we use third-party service providers that process data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place as required by Chapter V GDPR. These may include:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs) as approved by the European Commission
- Binding Corporate Rules, where applicable
We will provide further information about the safeguards in place on request.
Data security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encryption of data in transit and at rest where applicable
- Access controls limiting data access to authorised personnel only
- Regular review of our data processing activities and supplier security
- Documented procedures for responding to data breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and, where required, inform affected individuals without undue delay.
Complaints
If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Dutch supervisory authority:
Autoriteit PersoonsgegevensPostbus 93374
2509 AJ Den Haag
autoriteitpersoonsgegevens.nl
We would, however, appreciate the opportunity to address your concerns directly before you contact the authority. Please reach out to us first at [email protected].
Further information
For full details of what data we collect, how long we retain it, and the third parties we share it with, please read our Privacy Policy.