What personal data does Arcatype collect?

Arcatype collects email addresses and optionally phone numbers for newsletter signups, name and email for contact requests and event communications, device and usage data including pages viewed and approximate location, and cookie data for preferences and analytics. We also process publicly available business contact information for our brand database.

How does Arcatype use personal data?

We use personal data to operate the website, send newsletters and updates to subscribers, communicate about events, analyze website performance, maintain and enrich the Brand Index, and prevent abuse and security incidents.

What are the legal bases for processing under GDPR?

Under GDPR, Arcatype relies on consent for optional cookies and marketing communications, legitimate interests for site operations and analytics, contract for paid services or event tickets, and legal obligation where required by law.

Does Arcatype share personal data with third parties?

Arcatype shares data with service providers including Webflow for hosting, Google Analytics for analytics, Substack for newsletters, and ticketing providers for events. We do not share identifiable attendee data with brands or sponsors unless you explicitly consent, and we do not sell personal data.

How long does Arcatype retain personal data?

Newsletter data is retained until unsubscribe, event attendee data for up to 24 months after the event, contact emails for up to 24 months after last interaction, analytics data according to settings (commonly 2 to 14 months), and brand database records as long as relevant with periodic review.

What rights do users have under GDPR?

Under GDPR, you have the right to access, correct, delete, restrict or object to processing, data portability, withdraw consent, and lodge a complaint with the Dutch supervisory authority Autoriteit Persoonsgegevens. Contact info@arcatype.co to exercise your rights.

How can I unsubscribe from marketing communications?

You can unsubscribe at any time via the unsubscribe link in emails or by contacting info@arcatype.co. All marketing communications are sent on an opt-in basis only.

Privacy Policy

30 JAN 2026

Summary of what we collect and why

We collect limited data to:

Run the website and measure performance (analytics, cookies).
Send newsletters and updates to subscribers.
Organize events (ticketing, attendee communications).
Improve and enrich our brand database (including using AI assisted tools).

Personal data we collect

Data you provide directly

Newsletter or waitlist signup: email address and optionally phone number.
Contact requests: name, email, and message content (if you email us).
Event related communications: name and email address (typically collected via the ticketing provider, and/or via our communications list).

Data we collect automatically when you use the website

Device and usage data: pages viewed, clicks, referral source, approximate location (derived from IP), browser and device info.
Cookie and similar tracking data: identifiers that help remember preferences and measure usage.
Note: you indicated no session replay or heatmaps are used at this time.

Brand database enrichment‍

We may process business contact information and publicly available information about Brands (for example brand name, website, social links, public statements, and other public descriptors). Where that information includes personal data (for example a named founder or contact email published publicly), we may process it for database integrity and editorial operations.

What we do not intentionally collect

We do not intend to collect sensitive personal data (special category data) such as health data.
We do not knowingly collect data about children.

How we use personal data

We use personal data to:

Provide the Services and operate the website.
Send newsletters and updates to subscribers (opt in only).
Communicate about events, including invitations and updates.
Analyze website performance and improve content.
Maintain and enrich the Brand Index and internal workflows.
Prevent abuse, spam, and security incidents.

Legal bases for processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

Consent: for optional cookies and for sending marketing communications to subscribers.
Legitimate interests: for basic site operations, analytics (where permitted under applicable cookie rules and your consent choices), improving the Services, and maintaining the Brand Index, provided our interests are not overridden by your rights.
Contract: where needed to provide paid services or event tickets (often handled by the ticketing provider).
Legal obligation: where we must comply with applicable laws (for example tax or accounting if payments apply later).

Note: cookie consent requirements vary by jurisdiction, and EU ePrivacy rules can require opt in consent for analytics cookies in many cases. Your cookie banner configuration should reflect this.

Cookies and consent

We use cookies and similar technologies for:

Essential site functionality.
Analytics to understand how the site is used (for example via Google Analytics).
Cookie preferences and consent management.

Cookie banner‍

We use a cookie consent tool to request and record consent where required.

How to manage cookies
You can manage cookie preferences through the cookie banner and your browser settings. If you disable cookies, parts of the Services may not function properly.

Sharing of personal data

Service providers (processors)
We use third parties to help operate the Services, including:

Webflow for website hosting
Google Analytics for analytics
Substack for newsletter distribution
A ticketing provider for ticket purchase and attendee management.

Brands and sponsors‍

We do not share identifiable attendee personal data with Brands or sponsors unless you explicitly consent or it is clearly disclosed for a specific event.

No sale of personal data
We do not sell personal data.

Legal and safety
We may share data if required by law, to respond to lawful requests, or to protect rights, safety, and security.

International data transfers

Some service providers may process data outside the European Economic Area. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses and related measures.

Note: your vendor list should be reviewed and documented to confirm transfer mechanisms and roles (controller vs processor).

Data retention

You indicated “standard” retention. The following is a reasonable default baseline, which you can adjust:

Newsletter subscriber data: retained until you unsubscribe, then suppressed on a minimal basis to honor opt out (for example email in a suppression list).
Event attendee data (if held by Arcatype): retained for up to 24 months after the event for operational follow up and analytics, unless legal obligations require longer.
Contact emails: retained up to 24 months after last interaction.
Analytics data: retained according to your analytics settings (commonly 2 to 14 months for identifiable analytics signals, depending on configuration).
Brand database records: retained as long as relevant to the Brand Index, with periodic review.

Your rights

Where GDPR applies, you may have the right to:

Access your personal data.
Correct inaccurate data.
Delete your data (subject to legal exceptions).
Restrict or object to certain processing.
Data portability (in some cases).
Withdraw consent at any time (does not affect processing already done).
Lodge a complaint with the Dutch supervisory authority Autoriteit Persoonsgegevens.

To exercise rights, email info@arcatype.co. We may ask for verification to protect your data.

Marketing communications

We send newsletters and marketing communications only on an opt in basis.

You can unsubscribe at any time via the unsubscribe link in emails or by contacting info@arcatype.co.

‍25. Profiling and automated decision making

We do not make decisions with legal or similarly significant effects solely by automated means.

Security

We take reasonable technical and organizational measures to protect personal data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Contact

For privacy questions or rights requests: info@arcatype.co
Postal address: Herenmarkt 93A, 1013EC Amsterdam, The Netherlands

‍