Skip to main content

Privacy Policy

Last Updated: March 18, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how Coup B.V. (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit this website and when you contact us about our innovation education, entrepreneurship training, professional development programmes, and organisational learning services offered to participants and organisations across Canada.

For the purposes of the General Data Protection Regulation (“GDPR”), Coup B.V. is the data controller for personal data processed through this website.

Controller details:

This site is intended for users aged 16 and over. If you are under 16, please do not submit personal data via our forms.

2. Personal Data We Collect

We collect personal data in a few straightforward ways: when you submit a form, when you communicate with us, and when you use the website (technical and usage data). The categories below describe what we may collect depending on how you interact with the site.

2.1 Identity and contact data

  • Name (for example, “Full name” in the contact form)
  • Email address
  • Phone number
  • Organisation name and role (only if you include it in your message)

2.2 Form content and communications

  • Your message content, including any project or learning context you provide
  • Programme selection or programme area interest
  • Follow-up correspondence by email or phone

2.3 Technical data

  • IP address (which may be used to infer approximate location)
  • Browser type and version
  • Device type and operating system
  • Language settings
  • Time zone and timestamps of requests

2.4 Usage data

  • Pages visited, time spent, scroll and interaction patterns
  • Referrer URL and traffic source information
  • Click paths and navigation behaviour

2.5 Cookies and identifiers

We use cookies and similar technologies for essential site functionality and, if you consent, for analytics and marketing. See Section 4 and our Cookie Policy for details.

2.6 Data we do not intentionally collect

Our services are educational. We do not intentionally collect special-category personal data (such as health data, religious or political beliefs), financial account details, or government identification numbers through this website. Please do not include such information in free-text fields.

3. Why We Process Personal Data & Legal Bases (GDPR Art. 6)

We process personal data only where we have a valid legal basis under GDPR. The basis depends on the specific processing activity.

3.1 Contact and enrolment requests

When you submit a contact or enrolment request, we use the information to respond, provide programme information, coordinate next steps, and maintain a record of the conversation.

  • Legal basis: Art. 6(1)(b) (steps prior to entering into a contract) and Art. 6(1)(a) (consent, where applicable via the form consent checkbox).

3.2 Website analytics

If you consent to analytics cookies, we process usage data to understand which pages are used, how visitors navigate, and where we can improve clarity and performance.

  • Legal basis: Art. 6(1)(a) (consent).

3.3 Marketing and remarketing

If you consent to marketing cookies, we may measure advertising effectiveness and show relevant messages to audiences who have interacted with the site. We do not make educational outcome promises, and marketing measurement is used only to understand performance of communications.

  • Legal basis: Art. 6(1)(a) (consent).

3.4 Security and fraud prevention

We process technical data and logs to protect the site, detect abuse (such as automated form submissions), and maintain the integrity of our services.

  • Legal basis: Art. 6(1)(f) (legitimate interests), namely protecting the website and preventing fraud.

3.5 Legal obligations

In limited circumstances, we may process personal data to comply with legal obligations (for example, responding to lawful requests from authorities).

  • Legal basis: Art. 6(1)(c) (legal obligation).

3.6 Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects within the meaning of GDPR Art. 22.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags. Some technologies are essential for the site to function; others are optional and depend on your consent.

4.1 Essential cookies (always active)

Essential cookies support basic site functionality, such as session continuity and remembering your cookie choices. These cookies do not require consent under EU rules.

  • Examples: _site_session (session continuity), cookie_consent (stores your consent choice).
  • Retention: session to 12 months (depending on cookie).

4.2 Analytics cookies (optional, consent)

If you opt in, we may use Google Analytics 4 (GA4) with IP anonymization to understand general website usage and improve content. Analytics data is aggregated and used to review patterns such as which pages are read and typical navigation paths.

  • Examples: _ga (2 years), _ga_XXXXXXXXXX (2 years), with analytics data retention typically 14 months.
  • Purpose: performance measurement and usability improvements.

4.3 Marketing cookies (optional, consent)

If you opt in, marketing cookies may be used to measure ad performance, build remarketing audiences, and attribute conversions (for example, contact form submissions). These cookies do not provide us with sensitive personal details; they typically store browser and campaign identifiers.

  • Examples: _gcl_au (Google Ads, 90 days), _fbp (Meta, 90 days), _fbc (Meta click ID, 90 days when set).
  • Purpose: measurement, remarketing, custom and lookalike audiences, and conversion attribution.

4.4 Beyond cookies

Some tracking can also occur through pixel tags and, where implemented, server-side measurement. If server-side signals are used for marketing measurement, identifiers may be hashed before transmission (for example, hashing an email address) to reduce direct identifiability.

For a detailed list of cookies and their retention, please read our Cookie Policy.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your choices are recorded in the cookie_consent cookie (stored for 12 months).

You can withdraw consent at any time by using “Manage cookie preferences” in the footer. You can also clear cookies in your browser. Withdrawal does not affect the lawfulness of processing based on consent before the withdrawal.

6. Sharing With Advertising & Service Partners

We share personal data only when it is necessary to operate the website, provide requested information, or run optional analytics/marketing you have consented to. We do not sell personal data.

6.1 Google LLC

If enabled by consent, Google services may receive cookie identifiers, usage data, and conversion events for analytics and advertising measurement. Google’s privacy information is available at https://policies.google.com/privacy.

6.2 Meta Platforms

If enabled by consent, Meta services may receive page view events, conversion events, and audience signals to measure advertising effectiveness and build remarketing audiences. Meta’s privacy information is available at https://www.facebook.com/privacy/policy.

6.3 Cloudflare

We may use Cloudflare for content delivery and security. Cloudflare may process IP addresses and request metadata to detect threats and protect the site. Cloudflare’s privacy information is available at https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us, subject to their applicable terms and settings.

7. International Transfers

We are based in the Netherlands, but some of our service providers may process data outside the EEA/UK, including in the United States (for example, Google and Meta). Where international transfers occur, we rely on appropriate safeguards such as:

  • The EU–US Data Privacy Framework (where applicable, since July 2023), including the UK Extension and Swiss–US DPF where relevant
  • Standard Contractual Clauses (EU 2021/914) as a fallback mechanism
  • UK International Data Transfer Addendum/IDTA where applicable

You can request more information about our transfer safeguards by emailing [email protected].

8. Retention

We keep personal data only for as long as needed for the purposes described in this policy, unless a longer retention period is required by law. Typical retention periods are:

  • Contact and enrolment submissions: 2 years from the last interaction.
  • Email correspondence: for the duration of the relationship, then typically 1 additional year.
  • Server logs and security records: typically 90 days, unless required for incident investigation.
  • Analytics data: 14 months (typical GA4 retention setting), subject to configuration.
  • Marketing cookies: per cookie lifetime (commonly 90 days for some identifiers).
  • Consent records: we may retain a record of consent choices for up to 3 years for audit purposes.
  • Legal and tax records: as required by applicable law (often 6–10 years for invoice-related records where applicable).

If you request deletion, we will delete or anonymize data unless we must keep it for legal reasons.

9. Your Rights (GDPR & UK GDPR)

If GDPR applies to you, you may have the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We usually respond within 30 days. For complex requests, this can be extended by up to 60 additional days, and we will explain the reason for any extension.

If you are in the Netherlands, you can lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). Information is available at https://autoriteitpersoonsgegevens.nl.

For general EU guidance, see the European Data Protection Board: https://edpb.europa.eu.

10. Children

This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, please contact us and we will delete the information promptly.

11. Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. This website does not respond to DNT signals. Third-party providers may have their own DNT handling depending on their settings and policies.

12. Account & Data Deletion Requests

We do not provide user accounts on this website. If you would like us to delete personal data associated with your enquiry, email [email protected] with the subject line “Data Deletion Request”. We may ask for additional information to verify your identity before completing the request.

Where we cannot delete data immediately (for example, because it is required for legal compliance), we will restrict processing and retain it only for the minimum required period.

13. Business Transfers

If Coup B.V. is involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor entity as part of that transaction. If such a change materially affects how personal data is used, we will provide notice on the website.

14. California Privacy Notice (CCPA / CPRA)

This section applies to California residents to the extent the California Consumer Privacy Act (as amended by the CPRA) applies. In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers: name, email address, IP address, cookie identifiers.
  • Internet or network activity: page views, interactions, and usage patterns (if analytics is enabled by consent).
  • Inferences: general preferences inferred from site interactions for advertising measurement (if marketing is enabled by consent).

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioural advertising when marketing cookies are enabled through your cookie preferences. California residents may opt out by disabling marketing cookies using “Manage cookie preferences” in the footer.

California residents may have rights to know, delete, correct, and opt out of sale/sharing, and a right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We may need to verify your identity. Authorized agents must provide proof of authorization.

15. Virginia Privacy Notice (VCDPA)

To the extent the Virginia Consumer Data Protection Act applies, Virginia residents may have rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

Requests can be sent to [email protected] with the subject “Virginia Privacy Request”. If we decline a request, you can appeal by emailing “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If unresolved, you may contact the Virginia Attorney General.

16. Nevada Privacy Notice

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Canadian Privacy Considerations

Coup B.V. provides educational services for participants and organisations across Canada. When we handle personal data connected to Canadian participants, we aim to follow fair information principles consistent with Canadian privacy expectations, including:

  • Clear description of why data is collected (for example, responding to an information request)
  • Collection limited to what is needed for the stated purpose
  • Reasonable safeguards for confidentiality and integrity
  • Access and correction requests handled through our contact channel

For questions related to Canadian privacy requests, you can contact us at [email protected]. We will respond in a reasonable timeframe and may request verification to protect against unauthorized access.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or site features. If we make material changes, we will provide a notice on the homepage at least 14 days before the changes take effect, where practical. The “Last Updated” date at the top indicates the current version.

19. Contact

If you have questions about this Privacy Policy, cookie choices, or how we handle personal data, contact: