This Privacy Policy explains how Dotalpha V.O.F (trading as Generated Generation) (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit our website or contact us through our lead form. We handle personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Dutch privacy laws.

Who we are

Controller: Dotalpha V.O.F (Generated Generation)

Location: Hilversum, The Netherlands

Chamber of Commerce (KvK): 70197563

VAT number: NL858186354B01

Email: info@generatedgeneration.com

Dotalpha V.O.F is the “data controller” for the processing described in this policy.

What this policy applies to

This policy applies to:

• our website and any pages where this policy is displayed.

• our lead form used to request contact, a briefing, or a quote.

PERSONAL DATA WE COLLECT

We may collect the following categories of personal data:

Data you provide to us

• Identity & contact data: first name, last name, company name, email address.

• Briefing / project information: content you enter in free-text fields.

• Uploads: images, PDFs, moodboards, and other files you choose to provide.

• Billing data (if applicable): billing address and bank details (e.g., IBAN) for invoicing and administration.

Data collected automatically

When you use our website, we may collect:

• Technical data: IP address, device type, browser type, operating system.

• Usage data / analytics events: page views, clicks, session information and similar website interaction data.

Why we use your data

We use personal data for the following purposes:

• Contact and intake: responding to requests, questions, and briefings; preparing quotes.

• Project delivery and communication: producing and delivering services, coordinating feedback, and managing the relationship.

• Billing and administration: invoicing, accounting, and legal record-keeping.

• Marketing: sending updates or newsletters (where applicable), creating and promoting case studies (only where permitted), and running advertising campaigns (e.g., retargeting).

• Website improvement: analytics, performance measurement, and improving user experience.

Legal bases for processing (gdpr)

We process personal data under one or more of the following legal bases:

• Consent: for cookies and similar technologies (especially analytics/marketing cookies), and where otherwise required by law.

• Contract / steps before contract: to provide services, respond to requests, prepare proposals, and execute client work.

• Legitimate interests: to follow up on leads, operate and improve our website, maintain security, and run our business efficiently (balanced against your rights).

• Legal obligation: for administrative, accounting, and tax compliance requirements.

Cookies and tracking

We use cookies and similar technologies. A cookie banner/consent tool is used to obtain and manage consent where required.

We may use:

• Necessary cookies (required for core website functionality)

• Analytics cookies (e.g., Google Analytics)

• Marketing cookies (e.g., Meta and Google Ads) for measuring performance and/or retargeting

You can manage your cookie preferences at any time via the cookie banner (or your browser settings). Withdrawing consent does not affect processing carried out before consent was withdrawn.

Service providers and third parties

We may share personal data with trusted service providers (“processors”) to operate our website and services.

We only share data where necessary for the purposes described above and (where required) under appropriate contractual safeguards (e.g., data processing agreements).

Data retention

We keep personal data only as long as necessary for the purposes described in this policy, including:

• Leads without a client relationship: typically 12–24 months after last meaningful contact.

• Client and administrative data: typically 7 years (to meet legal and tax obligations).

• Uploads and briefing materials: retained as needed for project work and our business records, then deleted or anonymised where feasible.

AI, training and creative workflows

Because we are an AI production studio, we may use client-provided inputs (including briefings and uploads) to:

• produce the deliverables you request; and

• train or improve our workflows/models, as you indicated.

Where required by law or where appropriate for confidentiality, we can agree project-specific terms (for example, restricting training use, defining retention, and clarifying IP/usage). If you share sensitive or confidential information, please tell us in advance so we can apply additional safeguards or alternative workflows.

Security

We take reasonable technical and organisational measures to protect personal data, including:

• access controls and restricted permissions.

• multi-factor authentication (MFA) where available.

• encryption/HTTPS in transit.

• contractual measures with processors (data processing agreements).

• internal policies to reduce unnecessary access and retention.

No method of transmission or storage is completely secure, but we work to protect your data appropriately.

Your rights (gdpr)

You have the right to:

• access your personal data

• correct inaccurate data

• request deletion (where applicable)

• restrict or object to processing (in certain cases)

• data portability (where applicable)

• withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us at info@generatedgeneration.com

complaints

If you believe we have not handled your personal data properly, you can contact us first and/or file a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)

Children

Our website and services are not intended for children, and we do not knowingly collect personal data from children.

Changes to policy

We may update this Privacy Policy from time to time. The latest version will be published on our website and will be effective from the date shown at the top.