Privacy Policy

Your privacy is important to us

  • Careful handling of your personal data is of great importance to us. This means we:
  • specify our purposes before we process your personal data; 
  • limit our collection of your personal data to only needed for these purposes;
  • first, ask for explicit and specific permission to process your personal data in cases where your consent is required;
  • take appropriate security measures to protect your personal data, and we demand the same from parties who process personal data on our behalf;
  • respect your right to access, correct, object or delete your personal data held by us



1. Who We Are

We are UXinsight (Userproof), registered at the Chamber of Commerce with number  55536956. Our office is located at Minister Nelissenstraat 6, 4818 HT Breda, The Netherlands. If you have questions or concerns about this Privacy Statement, please contact Debbie Slijpen at debbie@uxinsight.org. 



2. Personal Data We Collect

Depending on how you interact with UXinsight (for example visiting our website, registering for an event, subscribing to our newsletter, or contacting us), we may process the following categories of personal data:


2.1 Personal Data provided by you

2.1.1 Identification and contact data

  • First name and surname
  • Email address
  • Telephone number
  • Organisation and job title

2.1.2 Registration and event-related data

  • Event registrations and attendance information
  • Badge information (name, organisation)
  • Session participation and online meeting details

2.1.3 Financial and transactional data

  • Invoicing details (such as VAT number, organisation address)
  • Payment information (bank account number, payment status)

2.1.4 Communication data

  • Email correspondence with us
  • Questions, feedback, tips, or comments you submit

2.1.5 Marketing and preference data

  • Newsletter subscription status
  • Communication preferences
  • Event interests

2.1.6  Visual and audiovisual data

  • Photographs and video recordings made during our events
  • Audio recordings of speakers and participants (where applicable)

Source: Collected during in-person or online events. We inform participants in advance about event recordings and provide the opportunity to object or indicate that they do not wish to appear in photographs or videos.

2.2 Collected automatically when you use our website or online services

  • Aggregated website usage data (such as pages visited, interactions, and session duration)
  • General location data (country or region level)
  • Device and browser information

Note: This data is aggregated and not used by us to identify individual visitors.

Purpose of processing Categories of personal data Legal basis
Event registration and participation Identification and contact data; registration and event-related data Performance of a contract
Payment processing and invoicing Financial and transactional data; identification and contact data Performance of a contract; legal obligation
Event organisation and delivery Registration and event-related data; communication data Performance of a contract
Badge creation Identification and contact data Legitimate interest
Event photography and video recordings for communication and promotional purposes Visual and audiovisual data Legitimate interest
Responding to enquiries and communications Communication data; identification and contact data Legitimate interest
Sending event-related communications Identification and contact data; registration data Performance of a contract
Newsletter and marketing communications Identification and contact data; marketing and preference data Consent
Website analytics and improvement Technical and usage data Legitimate interest (privacy-friendly, aggregated analytics); consent where required
Legal, financial, and administrative obligations Financial and transactional data; identification data Legal obligation


4. Sharing personal data with third parties

We share personal data with third parties only when necessary for the provision of our services or to comply with legal obligations. We do not sell personal data to third parties.

4.1 Categories of recipients – Depending on the service used, we may share personal data with the following categories of recipients:

  • Payment processing and financial services – For payment processing, we use WooCommerce in combination with third-party payment service providers (Mollie) and related plugins. These parties process personal data only to the extent necessary to handle payments and refunds.
  • Accounting and invoicing – Our accounting and invoicing software providers (such as WeFact) are for financial administration and tax compliance.
  • Event management and communication tools – Online event platforms and communication tools (such as Google Meet and RingCentral Events) used to organise and deliver online or hybrid events.
  • Email and newsletter services – Email marketing and newsletter platforms (such as Mailblue / ActiveCampaign) are used to manage subscriptions and send communications.
  • Website analytics and technical services – Analytics and website service providers (such as Google Analytics) are used to understand website usage and improve our services.
  • Badge printing and event materials – These suppliers are contractually required to use the data solely for the production and delivery of event materials and to delete it after completion of the service.
  • Cloud storage and collaboration tools – Cloud-based productivity tools (such as Google Workspace) used for secure storage of emails and documents.


4.2 International data transfers – Some of the third parties we use are located outside the European Economic Area (EEA) or may have access to personal data from outside the EEA (for example, Google and RingCentral Events).
Where personal data is processed or accessed outside the EEA, we ensure appropriate safeguards are in place in accordance with applicable data protection law, including the use of Standard Contractual Clauses approved by the European Commission and, where required, additional technical and organisational measures.

4.3 Legal disclosure – We may disclose personal data to public authorities or other third parties where we are legally obliged to do so, for example, in response to a lawful request from law enforcement authorities.
We will not share personal data with any third parties unless required by law or necessary to provide our services.


5. Data Retention

We do not retain personal data longer than necessary for the purposes for which it is collected and processed, unless a longer retention period is required or permitted by law.
The retention period depends on the nature of the data and the purpose for which it is processed, as outlined below.

5.1 Event participation and ticketing – Personal data relating to event registrations, ticket purchases, and attendance is retained for as long as necessary to organise and deliver the event and to handle any follow-up communication.
After the event, this data is retained for 24 months to handle administrative matters, such as invoicing, refunds, or responding to enquiries.

5.2 Communications and enquiries – Personal data contained in communications with us (such as emails) is retained for as long as necessary to handle the enquiry and for our legitimate business purposes, for example, maintaining records of communications, handling follow-up questions, or dealing with disputes. We periodically review whether older communications are still needed.

5.3 Marketing communications – Personal data used for newsletters or other marketing communications is retained until the individual withdraws consent or unsubscribes.

5.4 Website usage and analytics – When you visit our website, we collect technical and usage data via analytics tools to understand how the website is used and to improve its performance. In our analytics tools, event-level data is retained for 2 months and user-level data for 14 months, after which it is automatically deleted.
Where possible, analytics data is processed in an aggregated or anonymised form. Aggregated statistical data that no longer allows identification of individuals may be retained for longer periods for analytical and reporting purposes.

5.5 Legal and financial obligations – Certain personal data must be retained for longer periods to comply with legal obligations, such as tax and accounting requirements. In such cases, data is retained for the legally required period and not used for other purposes.

5.6 Deletion and anonymisation – When personal data is no longer required for the purposes described above, it is securely deleted or anonymised in accordance with our internal procedures and applicable law.

  • Event data: Retained for up to 2 years after the event for administrative and reporting purposes.
  • Newsletter data: Retained until you unsubscribe; unsubscribers are deleted every 2 months.
  • Payment data: Retained for 7 years to comply with legal obligations.


6. Security measures

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction, taking into account the nature of the data, the risks involved and the state of the art.

6.1 Technical measures – These measures may include, where applicable:

  • encryption of data in transit (for example via SSL/TLS);
  • secure authentication mechanisms, including strong passwords and multi-factor authentication where supported;
  • role-based access controls, ensuring that only authorised personnel have access to personal data;
  • regular software updates and security patches;
  • secure hosting environments provided by professional service providers.

6.2 Organisational measures – Our organisational measures include:

  • limiting access to personal data to staff who require it for their role;
  • confidentiality obligations for employees, volunteers and contractors;
  • internal policies and procedures relating to data protection and information security;
  • working with processors and service providers that offer appropriate security guarantees.

6.3 Data breaches – We have procedures in place to detect, investigate and respond to personal data breaches. Where required under applicable data protection law, we will notify the competent supervisory authority and affected individuals without undue delay.


7. Your Rights

Under applicable data protection law, you have the following rights in relation to your personal data:

  • Right of access – to request access to the personal data we hold about you;
  • Right to rectification – to request correction of inaccurate or incomplete data;
  • Right to erasure – to request deletion of your personal data, where legally permitted;
  • Right to restriction – to request that we limit the processing of your data in certain circumstances;
  • Right to object – to object to processing based on our legitimate interests or for direct marketing purposes;
  • Right to data portability – to receive your personal data in a structured, commonly used format, where applicable;
  • Right to withdraw consent – where processing is based on consent, to withdraw that consent at any time.

To exercise any of these rights, you can contact us using the contact details provided in this privacy statement. We will respond to your request without undue delay and in any event within one month, unless an extension is permitted under applicable law. If you believe that we have not handled your personal data in accordance with the law, you also have the right to lodge a complaint with your local supervisory authority.


8. Cookies

Our website uses cookies and similar technologies to ensure it functions properly and to gain insight into how it is used. A cookie is a small text file that is stored on your device when you visit a website. Cookies help us recognise your browser and remember certain preferences or settings.

8.1 Necessary cookies – Necessary cookies are required for the basic functioning of the website, such as page navigation and access to secure areas. These cookies are placed on the basis of our legitimate interest and do not require your consent.

8.2 Analytics cookies – We use analytics cookies to understand how visitors use our website, for example, which pages are visited and how the site is navigated. These cookies are configured in a privacy-friendly manner and process data in aggregated and anonymised form, so that individual visitors cannot be identified.
Where consent is required under applicable cookie regulations, analytics cookies will only be placed after such consent has been obtained.

8.3 No marketing cookies – We do not use marketing, advertising, or tracking cookies that follow you across websites or are used for profiling or targeted advertising.

8.4 Managing cookies – You can manage or delete cookies via your browser settings. Please note that disabling certain cookies may affect the website’s functionality.

9. Updates to This Privacy Statement

We may update this Privacy Statement to reflect changes in our practices or legal requirements. Please check this page regularly for updates. Significant changes will be communicated via email or on our website.

Stay ahead in UX research

Stay on top of upcoming UX research conferences, events & trainings. Get latest articles and templates from UXinsight in our monthly updates.

  • This field is for validation purposes and should be left unchanged.