legal · gdpr

Privacy Statement — Murmur | Works

1. Who we are

Murmur | Works is the trade name of Murmur Works B.V. (Chamber of Commerce number 42094950), with its registered office in Spijkenisse (Ohmweg 12A, 3208 KE) and an office at Stationsplein 14, 3818 LE Amersfoort. Murmur Works B.V. is the data controller for personal data collected via murmurworks.nl.

Contact: hallo@murmurworks.nl
Data Protection Officer: Paul van Heel — privacy@murmurworks.nl

2. What data we collect

Via the contact form

  • Name (required)
  • Organisation (required)
  • Role / function (optional)
  • Subject of the conversation (optional, free text field)
  • Email address (when using your email client to send)

Automatically on page visit

We use no tracking cookies and no third-party analytics (Google Analytics, Facebook Pixel, etc.). Our server only logs standard technical data (IP address, timestamp, requested URL) for security and debugging purposes. This data is anonymised after 7 days.

3. What we use this data for

Purpose Basis (GDPR art. 6)
Responding to your contact requestLegitimate interest (art. 6(1)(f)) — business communication
Scheduling a demo or exploratory conversationPerformance of contract at your request (art. 6(1)(b))
Securing and optimising the websiteLegitimate interest (art. 6(1)(f))

4. How long we retain your data

  • Contact data: up to 12 months after your request, unless the exchange leads to a business relationship
  • Server logs: up to 7 days in identifiable form, then anonymised
  • Business relationships (partners, clients): see separate data processing agreement — retention periods are set per deployment

5. Do we share your data with others

No, we do not sell your data. Within Murmur | Works, only employees who need it to respond can see your contact request.

For infrastructure we work with the following processors:

  • Hetzner Online GmbH — hosting of the website and the contact-form endpoint (Germany, EEA; data processing agreement)
  • Postmark — transactional email delivery of contact-form messages to our own @murmurworks.nl address (United States; with data processing agreement and EU standard contractual clauses)
  • Murmur font — self-hosted on our own server (no third-party relationship, no IP sharing)

6. Your rights

Under GDPR you have the right to:

  • Access (art. 15) — what data do we hold about you?
  • Rectification (art. 16) — is something inaccurate?
  • Erasure / "right to be forgotten" (art. 17)
  • Restriction (art. 18)
  • Data portability (art. 20)
  • Objection (art. 21)

To exercise these rights: send an email to privacy@murmurworks.nl. We reply within 2 business days and handle the request within 30 days (art. 12(3)).

7. Filing a complaint

Do you have a complaint about how we handle your data? We prefer to hear about it directly (hallo@murmurworks.nl), but you also have the right to file a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl.

8. Security

We take appropriate technical and organisational measures to protect your data — see also the Trust Center:

  • TLS 1.3 for all website connections
  • AES-256 encryption for stored data
  • Role-based access control, audit log per access moment
  • No sensitive personal data (L2/L3) in website systems; these belong with platform deployments (separate data processing agreement)

9. Cookies and external sources

See the cookie statement for details on which (functional) cookies we use.

External sources our page loads are self-hosted: the Murmur font runs via our own server, so no IP addresses are sent to Google or third parties.

10. Changes

We may amend this privacy statement when our processing changes. We publish important changes here with a date. Last updated: 1 July 2026.