Privacy Policy

Effective Date:

This Privacy Policy explains how Idlist (“Idlist”, “we”, “us”), operated by Fringe Studio B.V. (Snelliuslaan 10, 1222 TE Hilversum, Netherlands), collects and processes your personal data when you use our B2B procurement platform (the “Platform”). For terms of use, see our Terms & Conditions. For privacy questions or requests, contact info@idlist.co.

1) Data Controller

The data controller is Fringe Studio B.V., Snelliuslaan 10, 1222 TE Hilversum, Netherlands. We have not appointed a Data Protection Officer. Please direct all privacy inquiries and data subject requests to info@idlist.co.

2) What Data We Collect

We collect the minimum necessary data to operate the Platform:

  • Account Data: name, email address, authentication identifiers (including OAuth provider IDs), password (hashed), role (buyer/supplier/service provider), company profile details (company name, website, VAT/tax number where provided).
  • Profile & Platform Content: item requests, project titles/descriptions, uploaded images/files, bids, quotations, invoices, messages, and activity metadata (timestamps, status).
  • Transaction & Billing Data: payment intent IDs, payout references, amounts, currency, invoice metadata, and status processed via our payment provider (we do not store full card numbers or CVC).
  • Technical & Usage Data: IP address, device/browser type and version, language, referral source, pages viewed, session events, cookies, and logs for security and reliability.
  • Communications: support tickets, email content you send to us, and notification preferences.
  • Supplier Verification Data (where applicable): business details, references, and links you provide to assess eligibility.

3) Purposes & Legal Bases (GDPR)

  • Provide and operate the Platform (account creation, posting items, bidding, messaging, quotations, invoices) — Contract (Art. 6(1)(b)).
  • Payments and billing (processing payments/payouts, invoicing, fraud checks with the payment provider) — Contract and Legitimate interests (Art. 6(1)(b), 6(1)(f)).
  • Supplier verification and access control — Legitimate interests (Art. 6(1)(f)).
  • Security, abuse prevention, auditing, and service integrityLegitimate interests (Art. 6(1)(f)).
  • Legal and regulatory compliance (tax, accounting, responding to lawful requests) — Legal obligation (Art. 6(1)(c)).
  • Service communications (transactional emails, policy updates, incident notices) — Contract / Legitimate interests.
  • Optional analytics and performance measurementConsent (Art. 6(1)(a)), where required.
  • Optional marketing (newsletters, product updates) — Consent (Art. 6(1)(a)). You can opt out any time.

4) Cookies & Similar Technologies

We use essential cookies to authenticate users, keep sessions secure, and enable core functionality. Where we use non-essential cookies (e.g., analytics or marketing), we ask for your consent via a cookie banner and provide controls to change your choices at any time. You can also manage cookies in your browser settings. Disabling essential cookies may impair the Platform.

5) How We Share Personal Data

We share personal data only as necessary to operate and improve the Platform, with appropriate contractual safeguards:

  • Payment Processing: Our payment provider (e.g., Stripe) processes payments, payouts, and anti-fraud checks. They act as an independent controller for payment data they collect.
  • Hosting & Infrastructure: Cloud hosting, databases, storage, content delivery, and monitoring providers used to run the Platform reliably and securely.
  • Communications: Email and notification services to send transactional or support emails.
  • Professional Advisors & Authorities: Legal, tax, or accounting advisors; law enforcement or regulators where required by law.

We do not sell your personal data.

6) International Data Transfers

Your data may be processed outside the EEA. When we transfer personal data internationally, we rely on appropriate safeguards, such as adequacy decisions, the European Commission’s Standard Contractual Clauses (SCCs), and supplementary measures where needed.

7) Data Retention

We retain personal data only for as long as necessary for the purposes described above, or as required by law:

  • Account & Platform Content: kept while your account is active and for a reasonable period thereafter (e.g., up to 24 months) for recordkeeping, dispute handling, and to maintain transaction history visible to counterparties.
  • Invoices & Financial Records: retained in accordance with Dutch tax/accounting laws (typically up to 7 years).
  • Security Logs: retained for a limited period (typically 90–365 days) to detect, investigate, and mitigate incidents.

8) Your Rights (EEA/UK)

Subject to applicable law and certain exceptions, you have the right to: (i) access your personal data; (ii) request rectification; (iii) request erasure; (iv) restrict processing; (v) data portability; and (vi) object to processing based on our legitimate interests. Where processing is based on consent, you may withdraw consent at any time (this does not affect prior lawful processing).

To exercise your rights, contact info@idlist.co. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

9) How to Delete Your Account & Data

You can request deletion of your account by emailing info@idlist.co from the email address associated with your account. Upon verification, we will deactivate your account and delete or anonymize personal data that we are not legally required or permitted to retain (e.g., invoices and financial records).

10) Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, least-privilege practices, and monitoring for abuse. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

11) Children

The Platform is intended for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to remove such data.

12) Third-Party Links

The Platform may contain links to third-party websites or services. Their data practices are governed by their own policies. We are not responsible for third-party content or privacy practices.

13) Automated Decision-Making

We do not engage in automated decision-making that produces legal effects concerning you or similarly significantly affects you, within the meaning of GDPR Article 22.

14) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the Effective Date above. For material changes, we may also notify you via the Platform or email. Your continued use of the Platform after the Effective Date constitutes acceptance.

15) Contact

Email: info@idlist.co
Postal: Fringe Studio B.V., Snelliuslaan 10, 1222 TE Hilversum, Netherlands

If you’re looking for information about cookies and consent choices, please see Section 4 above and any cookie banner or “Cookie Settings” link available in the footer of the Platform.