Privacy Policy..
PRIVACY POLICY
Nelleke de Vries
Effective date: May 9, 2026
Prelaunch version
WHO WE ARE
Nelleke de Vries is a privacy conscious and security focused commercial service provider in prelaunch.
For this website, its contact channels, pre contract enquiries, client intake, quotations, invoices, service delivery, recordkeeping and related business operations, the controller is Edward Nevada Hirschfeld, operating under the name Nelleke de Vries.
This applies unless a written agreement expressly identifies a different legal entity or states that we act only as a processor or service provider for a business client.
LEGAL OPERATOR AND PRIVACY CONTACT
Edward Nevada Hirschfeld
Public business mailing address and United States contact address:
3251 E Independence
Springfield, MO 65804
United States
Privacy email:
deltreeios@proton.me
Website:
www.nellekedevries.com
Private residential addresses, recovery locations and safe locations are not public business addresses. They are withheld for safety and privacy reasons.
SCOPE OF THIS POLICY
This Policy applies to personal information processed through our website, email, messaging, intake forms, quotes, invoices, statements of work, service records and related business administration.
If you do not provide information reasonably necessary for scope review, safe communication, billing, identity verification or service delivery, we may be unable to respond, contract or provide the requested service.
SCOPE AND SERVICE BOUNDARIES
We provide paid practical support related to digital privacy, IT organisation, safer communication habits, account and device structure, documentation, household technology, low stimulus setups, archive support, family support planning, public communication support and other lawfully scoped practical services.
Some engagements may involve sensitive context, such as disability, sensory needs, family vulnerability, online harassment, crisis exposure or regulated cannabis route preparation.
Our services are practical and administrative in nature.
WHAT WE DO NOT PROVIDE
We do not provide medical care, therapy, psychiatric treatment, legal advice, tax advice, pharmacy services, emergency response, law enforcement services, licensed private investigation or licensed security services.
An exception only applies if a separate written agreement with a properly licensed professional expressly says so.
Cannabis related support, if offered at all, is strictly non medical, non transactional and non supply.
PERSONAL INFORMATION WE COLLECT
Depending on how you interact with us, we may collect identifiers and contact details, communication preferences, records of enquiries, quotes, invoices and payment references.
We may also collect service related notes and instructions, website and security logs, and the device, account or network information reasonably needed for an authorised task.
We may receive documents, screenshots, exports, correspondence or records that you choose to send us for a defined service purpose.
RESTRICTED OR SENSITIVE INFORMATION
Where relevant and necessary for the requested service, we may process restricted information.
This may include health related context, disability or sensory information, child related or vulnerable person information, home safety details, identity or authority evidence, or regulated cannabis route information.
We do not ask for passwords, private keys or recovery codes through ordinary forms.
We do not need full medical records unless a specific lawful and documented reason has been agreed in advance.
HOW WE COLLECT INFORMATION
We collect information directly from you when you contact us, submit a form, request a service, enter into a contract, send documents, communicate with us, receive an invoice, make a payment or use the website.
We may also receive information from an authorised parent, guardian, caregiver, representative, professional, contractor or business client.
In limited cases, we may receive information from public sources where reasonably necessary for identity checks, fraud prevention, safety review, impersonation response or documenting a requested service.
INFORMATION RECEIVED FROM OTHERS
If we receive personal information about you from someone else and applicable law requires us to notify you, we will do so unless a lawful exemption applies.
HOW WE USE PERSONAL INFORMATION
We use personal information to respond to enquiries, assess scope, verify authority, provide requested services, configure technology, document work, prepare quotes and invoices, collect payment and maintain records.
We may also use personal information to protect clients and vulnerable people, investigate misuse, preserve evidence where appropriate, defend legal rights and comply with legal obligations.
We may send service messages about appointments, safety instructions, invoices, account actions, privacy matters or scope changes.
NO SALE OR ADVERTISING USE OF SENSITIVE DATA
We do not sell personal information.
We do not share sensitive personal information for cross context behavioral advertising.
We do not use sensitive personal information to infer characteristics for unrelated advertising or profiling.
If California law applies, we intend to keep our use of sensitive personal information within service, safety, fraud prevention, payment processing, quality assurance and other legally permitted operational purposes unless and until a separate notice says otherwise.
LEGAL BASES AND SENSITIVE INFORMATION
Where EEA or UK data protection law applies, we rely on one or more lawful bases under Article 6.
These may include contract, legitimate interests, legal obligation, consent and, where genuinely relevant, vital interests.
If we process special category data such as health, disability or similar sensitive information, we also identify an Article 9 condition.
SPECIAL CATEGORY DATA
In most client led cases, the Article 9 condition will be explicit consent for the agreed purpose.
Another lawful condition may apply where clearly appropriate, such as protecting vital interests or establishing, exercising or defending legal claims.
We do not process sensitive information just because it is available.
We limit sensitive information to what is necessary and proportionate for the agreed service.
LEGITIMATE INTERESTS
If we rely on legitimate interests for ordinary personal data, we assess the impact on the individual.
We apply stronger safeguards where sensitive context exists.
CHILDREN AND VULNERABLE PEOPLE
Our website is not directed to children under 13.
We do not knowingly collect personal information online from a child under 13 without the consent required by law.
Services involving children, autistic minors, vulnerable adults or people with high support needs must be requested by a parent, legal guardian or another person with lawful authority.
If authority, consent, safety or responsibility is unclear, we may pause, limit or refuse the work.
WEBSITE LOGS, COOKIES AND ANALYTICS
We use the minimum website and security logging needed to operate, secure and improve the site.
This may include IP address, browser or device type, pages visited, referring pages, time stamps and security logs.
Essential cookies may be used for basic website operation, security and consent preferences.
NON ESSENTIAL TOOLS
If we later use non essential analytics, advertising tools, pixels or similar technologies, we will provide the notice and choices required by law before activating them where consent is required.
Where California law applies, our website and intake flow are intended to work together with any required notice at collection.
MARKETING AND SERVICE MESSAGES
We may send operational or service communications about active enquiries, appointments, documents, invoices, privacy matters, security issues or contractual steps.
These are service messages, not marketing.
If we later send newsletters or promotional messages, we will do so only where permitted by law, with consent or another lawful basis where required, and with a clear opt out method.
AI ASSISTED TOOLS AND AUTOMATION
We may use carefully selected AI assisted or automated tools for drafting, formatting, transcription, summarisation, translation, redaction support or internal workflow support.
We use data minimisation and human review, especially where sensitive information is involved.
We do not intentionally use client secrets, full medical files, child safety details, identity documents or recovery codes in public AI prompts.
AUTOMATED DECISIONS
We do not currently make solely automated decisions that produce legal or similarly significant effects on individuals.
If that changes, we will update this Policy and provide the information and safeguards required by law.
SHARING AND SERVICE PROVIDERS
We may share personal information with providers who support hosting, email, cloud storage, payments, accounting, communications, security, scheduling, transcription or document handling.
We only share information to the extent reasonably necessary for the relevant purpose.
We may also share information with authorised representatives, professionals or business clients where you have instructed us to do so or where the law permits or requires it.
SAFETY AND LEGAL DISCLOSURE
We may disclose information if reasonably necessary to protect life, safety, children, vulnerable persons, legal rights, property or systems, or to comply with legal process.
We do not sell personal information.
We do not share sensitive intake data for cross context behavioral advertising.
INTERNATIONAL TRANSFERS
Because our work may involve the United States, the Netherlands and service providers in other countries, personal information may be processed outside your home jurisdiction.
Where EEA or UK transfer rules apply, we use a lawful transfer mechanism.
This may include an adequacy decision, the EU Standard Contractual Clauses, the UK International Data Transfer Agreement, the UK Addendum, or another lawful safeguard or derogation where applicable.
Data Controller
Edward Nevada Hirschfeld, operating under the name Nelleke de Vries
Data Controller details als er extra velden zijn
Edward Nevada Hirschfeld
Nelleke de Vries
3251 E Independence
Springfield, MO 65804
United States
Privacy email: deltreeios@proton.me
Website: www.nellekedevries.com
RETENTION
We keep personal information only for as long as it is reasonably needed for the purpose for which it was collected.
We may keep information longer where a legal, accounting, tax, evidential, safety or dispute resolution reason requires it.
Quotes, invoices, contracts and core accounting records may be retained for the period required by applicable law.
For Dutch tax and VAT administration, core records are commonly kept for seven years, and some records longer where the law requires it.
DELETION AND BACKUPS
When information is no longer needed, we delete, anonymise, archive or restrict it as appropriate.
Deletion from live systems may not immediately remove information from encrypted backups or provider logs.
YOUR PRIVACY RIGHTS
Depending on the law that applies to you, you may have the right to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or information about the categories, sources, uses and disclosures of your personal information.
California residents may also have rights to know, delete, correct, limit certain sensitive personal information uses, opt out of sale or sharing, and use an authorised agent where applicable.
We do not discriminate against you for exercising lawful privacy rights.
HOW TO EXERCISE YOUR RIGHTS
To exercise a right, contact us at:
deltreeios@proton.me
We may ask for information reasonably necessary to verify identity and authority before acting on a request.
If you are in the EEA or UK, you also have the right to lodge a complaint with the supervisory authority where you live, work or believe the issue occurred.
HEALTH INFORMATION, HIPAA AND HEALTH BREACH RULES
We are not a healthcare provider, health plan, pharmacy or emergency service.
We do not claim HIPAA covered entity status.
If a future engagement makes us a HIPAA business associate, that engagement must be covered by a written business associate agreement and any applicable HIPAA terms.
CONSUMER HEALTH DATA
We do not currently operate a personal health record app or consumer health data platform.
If we later offer a service that triggers a health breach notification law, we will update this Policy and comply with any applicable notice duties.
REGULATED CANNABIS INFORMATION
If you choose to share cannabis related notes, symptom logs, route preparation information or compliance questions with us, we treat that information as restricted and sensitive.
We use it only for the limited, non medical, non transactional purpose for which it was provided.
This may include organising notes, preparing questions for licensed professionals, documenting experience or drafting privacy safe wording.
We do not use that information to sell, source, broker, prescribe, dose, transport, import, export or otherwise facilitate cannabis transactions.
SECURITY
We use reasonable administrative, technical and organisational safeguards designed to protect personal information.
These may include role based access, strong authentication, secure storage, minimisation, controlled sharing, logging, restricted handling of sensitive information and documented procedures.
No system can be guaranteed to be perfectly secure, and we do not make that claim.
SECURITY INCIDENTS
If we become aware of a security incident involving personal information, we will assess, contain, document and respond to it.
We will notify affected people or authorities where law requires.
CHANGES TO THIS POLICY
We may update this Policy as our registration, services, vendors, website tools and legal obligations develop.
The current version posted on the website controls unless a signed written agreement says otherwise.
CONTACT
Privacy contact:
Edward Nevada Hirschfeld
Privacy email:
deltreeios@proton.me
Public business mailing address and United States contact address:
3251 E Independence
Springfield, MO 65804
United States
Website:
www.nellekedevries.com
END OF PRIVACY POLICY