Onverwerkt Verdriet

Privacy

Privacy statement

How I handle your personal data. Short, honest, and no more than necessary.

1. Who is responsible

Mitchel Heitinga, trading as Onverwerkt Verdriet (Unprocessed Grief), is the data controller for the data processed through this website. Contact: iemtcoaching@gmail.com. Chamber of Commerce (KvK): [KvK number — to add]. Address: Karos 22, 1625 HM Hoorn, the Netherlands.

2. What I collect

  • When you make contact: your name, email address and your message. The server keeps technical logs (IP address, browser type, requested page) for security and proper functioning.
  • When you book an introductory call (via Cal.com): your name, email address and the chosen time.
  • During a programme: billing details and what you share yourself. Coaching notes are kept brief and separate.

3. Cookies and tracking

This website places no tracking or advertising cookies of its own and uses no analytics that follow you. When you open the calendar to book a call, Cal.com may set cookies under its own domain that are needed for the booking. You can clear stored data at any time via your browser settings.

4. Why I process this data (legal bases)

  • Performance of a contract — booking a call, running a programme and invoicing.
  • Legal obligation — keeping records for 7 years (tax law).
  • Legitimate interest — answering your enquiry and keeping the website secure.
  • Consent — only if you share something optional or ask me to liaise with another practitioner.

5. How long I keep data

  • Contact messages without follow-up: up to 6 months.
  • Coaching notes: up to 1 year after a programme ends.
  • Invoices and contract documents: 7 years (legal retention).

6. Who I share data with (processors)

I use a small number of processors, each under a data processing agreement:

  • Cloudflare — website hosting (EU option).
  • Google / Gmail — email.
  • Cal.com — booking introductory calls (EU option).
  • Moneybird — invoicing (Netherlands), where applicable.

Data stays within the European Economic Area. If a party processes outside the EEA, this is done only under EU standard contractual clauses or an adequacy decision. Beyond that, I only share data with a treating practitioner (with your written consent) or with legally required authorities (such as the tax authority, the Dutch DPA in case of a data breach, or a court order).

7. Security

Notes are stored encrypted, systems are protected with strong passwords and two-factor authentication, and in case of a data breach I follow the legal procedure (notification within 72 hours where required). Coaching content is never processed by AI tools.

8. Your rights

You have the right to access, rectification, erasure (subject to legal retention periods), restriction, portability and objection, and you can withdraw consent at any time.

Send a request to iemtcoaching@gmail.com. I may ask you to confirm your identity and will respond within four weeks. If you disagree with something, you can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Version 8 June 2026 — last updated.