1. Who we are
Veratlas is a brand name operated by MPM ICT Services B.V., registered in the Netherlands (Tusolaan 43, 3772WP Barneveld, Netherlands). We provide security and compliance managed services for B2B SaaS companies. When we say "Veratlas," "we," "us," or "our" in this policy, we mean MPM ICT Services B.V.
We are the data controller for the personal data described in this policy. You can reach us at hello@veratlas.com.
2. What data we collect and why
2.1 Contact form and enquiries
When you submit our contact form or send us an email, we collect:
- Your name and email address
- Your company name and approximate headcount
- The platform you use (Microsoft 365 or Google Workspace)
- Your compliance goals and any message you include
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — to respond to your enquiry and assess whether we can help you. Where you submit a form with the intent to purchase services, processing is necessary for pre-contractual steps (Art. 6(1)(b) GDPR).
2.2 Service delivery
If you become a client, we process personal data necessary to deliver the contracted services, including:
- Contact details of your staff and administrators
- Credentials and access tokens needed to conduct assessments or manage security controls (processed under your instructions as your data processor where applicable)
- Audit logs and compliance evidence on your behalf
Legal basis: Contract performance (Art. 6(1)(b) GDPR) and, where we act as processor, your documented instructions.
2.3 Website analytics
We may use privacy-respecting analytics to understand how visitors use our website. Where any analytics tool sets cookies or processes personal data, we will obtain your consent before doing so (Art. 6(1)(a) GDPR). Currently, we do not load any third-party analytics scripts without consent.
2.4 Cookies
Our website uses only technically necessary cookies by default. Analytics cookies (Google Analytics) are only loaded after you give explicit consent via our cookie banner. We do not use advertising cookies or cross-site tracking cookies. For full details, see our Cookie Policy.
3. How we use your data
- To respond to your enquiry and schedule a Fit Call
- To deliver and improve our security and compliance services
- To meet our legal obligations (e.g., invoice retention under Dutch tax law)
- To protect our legitimate business interests (e.g., fraud prevention)
We do not sell your personal data. We do not use your data for automated profiling that produces legal or similarly significant effects.
4. Who we share data with
We may share your personal data with:
- Sub-processors: Cloud infrastructure and tooling providers (e.g., email, CRM, scheduling tools) under appropriate data processing agreements
- Professional advisors: Accountants and lawyers, subject to confidentiality obligations
- Legal authorities: Where required by law or court order
We do not transfer your personal data to countries outside the European Economic Area (EEA) without ensuring adequate safeguards (e.g., EU Standard Contractual Clauses).
5. Retention
We retain personal data only as long as necessary for the purpose it was collected:
- Enquiries: Up to 12 months from last contact if no engagement follows
- Client data: For the duration of the contract plus 7 years (Dutch legal retention requirement for financial records)
- Website logs: Up to 30 days
6. Your rights under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Right of access — You may request a copy of the personal data we hold about you.
- Right to rectification — You may request correction of inaccurate or incomplete data.
- Right to erasure — You may request deletion of your data where we have no lawful basis to retain it.
- Right to restriction — You may request that we limit processing while a dispute is resolved.
- Right to data portability — Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
- Right to object — You may object to processing based on legitimate interest at any time.
- Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at hello@veratlas.com. We will respond within one month. You also have the right to lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens.
7. Security
We apply technical and organisational measures appropriate to the risk, including encryption in transit (TLS), access controls, and periodic review of data handling practices. As a security services company, security is not an afterthought — it is our core competency.
8. Changes to this policy
We may update this policy from time to time. We will post the revised version on this page with an updated date. For material changes affecting your rights, we will notify you directly where we have your contact details.
9. Contact
For any questions about this Privacy Policy or your personal data, please contact:
MPM ICT Services B.V. (Veratlas)
Email: hello@veratlas.com
Tusolaan 43, 3772WP Barneveld, Netherlands
Netherlands