Privacy policy

Official Privacy Policy of SOTAB B.V. trading as Nerolead. The full text is below.

Privacy Policy

SOTAB B.V. trading as Nerolead

Last updated: 10/04/2026

SOTAB B.V., trading as Nerolead, respects your privacy and processes personal data with care. In this Privacy Policy, we explain how we collect, use, share, and protect personal data when you visit Nerolead.com, contact us, book a call, request information, download resources, subscribe to communications, or otherwise interact with us.

This Privacy Policy applies to the website www.nerolead.com and to personal data processed by SOTAB B.V. in connection with Nerolead’s own business operations as described below.

1. Who we are

SOTAB B.V. is the controller responsible for the processing of personal data described in this Privacy Policy.

SOTAB B.V.
Goudse Rijweg 17
3061 DA Rotterdam
The Netherlands

Chamber of Commerce number: 95623612
VAT number: NL867210096B01

For privacy-related questions or requests, you can contact us at:
[email protected]

For general contact, you can also reach us at:
[email protected]

SOTAB B.V. does not currently have a Data Protection Officer.

2. What this Privacy Policy applies to

This Privacy Policy applies to personal data that we process about:

  • visitors to our website;
  • people who contact us by form, email, or other communication channels;
  • people who book discovery calls, demos, or meetings with us;
  • leads, prospects, and business contacts;
  • newsletter subscribers, where applicable;
  • people who download resources, lead magnets, or other materials from us, where applicable;
  • client contact persons and other business contacts connected to our services;
  • people whose professional data we obtain from public sources, business databases, networking platforms, or enrichment tools for B2B outreach or business development, where permitted by applicable law.

This Privacy Policy does not apply to:

  • personal data that we process purely on behalf of clients as a processor under a separate data processing agreement;
  • internal employee or HR-related processing;
  • recruitment or applicant processing;
  • third-party websites, services, or platforms that have their own privacy policies.

3. How we collect personal data

We collect personal data in different ways.

3.1 Data you provide directly

You may provide personal data to us when you:

  • fill in a contact form;
  • fill in a booking or discovery-call form;
  • communicate with us by email;
  • subscribe to our newsletter, where applicable;
  • request or download resources or lead magnets, where applicable;
  • become a client or enter into a business relationship with us;
  • otherwise contact us or share information with us.

3.2 Data collected automatically

When you visit our website, we may automatically collect certain technical and usage data, for example through cookies, analytics tools, server logs, or similar technologies.

3.3 Data obtained from third parties or public sources

For our own business development, marketing, and B2B outreach activities, we may obtain professional contact data and business-related information from:

  • public business websites;
  • public registries;
  • networking platforms such as LinkedIn;
  • business databases;
  • prospecting or enrichment tools;
  • event or webinar registrations;
  • public company information sources;
  • other lawful public or third-party business sources.

We only use such data where permitted by applicable law.

4. What personal data we process

Depending on your interaction with us, we may process the following categories of personal data:

4.1 Contact and identity data

  • full name;
  • email address;
  • phone number;
  • company name;
  • job title;
  • business address or contact details.

4.2 Communication data

  • the contents of messages you send to us;
  • inquiry details;
  • meeting notes;
  • call notes;
  • transcripts or summaries where used in connection with calls, webinars, or support;
  • communication history.

4.3 Booking and form data

  • information submitted through contact forms, booking forms, or similar forms;
  • the purpose of your inquiry;
  • any information you voluntarily provide in your message.

4.4 Client and business administration data

  • company and contact details;
  • contract or proposal-related information;
  • invoicing details;
  • billing details;
  • payment and invoice-related data;
  • project-related administrative records.

4.5 Marketing and lead data

  • newsletter subscription data;
  • communication preferences;
  • lead magnet or download history;
  • CRM notes;
  • segmentation or lead labels;
  • interaction history with campaigns or communications;
  • public business information relevant to our services.

4.6 Website and technical data

  • website usage data;
  • browser and device data;
  • IP address where collected by the relevant tool or infrastructure;
  • pages viewed;
  • referral information;
  • cookie identifiers and similar online identifiers.

4.7 Event, webinar, and training data

  • registration details;
  • attendance information;
  • follow-up interaction data;
  • webinar participation data;
  • notes or recordings where made clear to participants.

4.8 AI chat data

  • information you submit through our AI chat or similar interactive tools;
  • technical interaction data necessary to operate or improve the tool;
  • chat content, to the extent relevant to your request and the operation of the service.

We do not intentionally collect:

  • special categories of personal data;
  • data about children;
  • government ID data such as passport details or similar identifiers,

unless this happens unexpectedly in information voluntarily provided to us and we have a lawful basis to handle it.

5. Why we process personal data and on what legal basis

We process personal data only where we have a valid legal basis to do so.

5.1 To respond to contact requests and inquiries

We process your personal data to answer your messages, assess your request, and communicate with you.

This may include:

  • name;
  • email address;
  • phone number;
  • company details;
  • message contents;
  • communication history.

Legal basis:

  • taking steps at your request prior to entering into a contract; and/or
  • our legitimate interests in communicating with people who contact us and handling business inquiries.

5.2 To schedule discovery calls, demos, and meetings

We process your data to manage call bookings, invite you to meetings, and prepare for conversations with you.

Legal basis:

  • taking steps at your request prior to entering into a contract; and/or
  • our legitimate interests in scheduling and managing business meetings.

5.3 To prepare proposals, scope work, and enter into business relationships

We process relevant contact and business data to assess opportunities, prepare proposals, and take pre-contractual steps.

Legal basis:

  • taking steps at your request prior to entering into a contract; and/or
  • our legitimate interests in assessing potential client relationships.

5.4 To provide services and manage client relationships

We process personal data where needed to deliver our services, communicate with client teams, manage projects, provide support, and maintain business records.

Legal basis:

  • performance of a contract; and/or
  • our legitimate interests in providing and managing professional services.

5.5 To handle administration, invoicing, and legal compliance

We process personal data for administration, billing, accounting, tax obligations, recordkeeping, and compliance with applicable legal requirements.

Legal basis:

  • performance of a contract;
  • compliance with legal obligations; and
  • our legitimate interests in maintaining proper business administration.

5.6 To send newsletters and similar communications

If you subscribe to our newsletter or similar updates, we process your data to send those communications and manage your preferences.

Legal basis:

  • your consent.

You can withdraw your consent at any time, for example by unsubscribing.

5.7 To share resources, lead magnets, and similar materials

We may process your data when you request downloadable materials, gated content, or similar resources from us.

Legal basis:

  • taking steps at your request prior to entering into a contract;
  • your consent, where applicable; and/or
  • our legitimate interests in providing business-related resources and following up on interest in our services.

5.8 To organize webinars, workshops, events, and trainings

We may process personal data to register participants, manage attendance, communicate practical details, provide follow-up information, and improve future events.

Legal basis:

  • performance of a contract, where applicable;
  • taking steps at your request prior to entering into a contract;
  • your consent, where applicable; and/or
  • our legitimate interests in organizing and following up on professional events and educational activities.

5.9 To operate and improve our AI chat and interactive tools

We may process data submitted through our AI chat or similar interactive tools to respond to requests, operate the feature, improve service quality, and maintain security.

Legal basis:

  • taking steps at your request prior to entering into a contract;
  • our legitimate interests in operating, improving, and securing our digital tools; and/or
  • your consent, where applicable.

5.10 To improve our website and understand usage

We may process technical and usage data to analyze website performance, measure engagement, improve content, and optimize user experience.

Legal basis:

  • your consent, where required for cookies or analytics; and/or
  • our legitimate interests in maintaining and improving our website, where privacy-friendly analytics or strictly necessary processing is used.

5.11 To carry out B2B outreach and business development

We may process professional contact data and public business information to identify relevant business contacts, assess potential fit, carry out B2B outreach, and maintain records of business interactions in connection with Nerolead’s business development activities, where permitted by applicable law.

This may include data sourced from public sources, networking platforms, company websites, databases, or enrichment tools.

Legal basis:

  • our legitimate interests in promoting and growing our business, conducting B2B business development, and contacting relevant professional contacts about our services, where this is balanced against the rights and expectations of the individuals concerned and permitted under applicable law.

Where required, we will offer an opt-out or objection route.

5.12 To segment leads and maintain CRM records

We may organize and label lead or contact data, keep business notes, and segment contacts based on interest, service category, prior contact, or business relevance.

Legal basis:

  • our legitimate interests in managing sales, communication, and business relationships in an efficient and relevant way.

5.13 To protect our rights, enforce agreements, and handle disputes

We may process personal data where necessary to defend legal claims, protect our rights, manage disputes, or respond to legal requests.

Legal basis:

  • compliance with legal obligations; and/or
  • our legitimate interests in protecting our legal and business position.

6. Cookies and similar technologies

Our website may use cookies and similar technologies to ensure proper website functioning, remember preferences, analyze traffic, understand usage, and support marketing activities.

Some cookies are strictly necessary for the functioning of the website. Other cookies, such as analytics, session replay, tracking, or marketing cookies, may require your consent before they are placed.

We intend to use or may use tools such as:

  • Google Analytics;
  • Google Tag Manager;
  • Microsoft Clarity;
  • and potentially advertising or remarketing tools such as Meta Pixel in the future.

We may also use embedded services or content, such as videos, maps, forms, booking features, or chat tools, that may place cookies or collect data.

You can find more detailed information in our separate Cookie Policy available at www.nerolead.com/en/cookie-policy (English) or www.nerolead.com/nl/cookie-policy (Dutch) and cookie banner/settings interface available in the footer of the website and with the button in the bottom right corner.

7. With whom we share personal data

We may share personal data with third parties where necessary for the purposes described in this Privacy Policy.

These recipients may include:

  • website hosting providers;
  • infrastructure and cloud providers;
  • website deployment providers;
  • database providers;
  • email and productivity providers;
  • calendar and booking infrastructure providers;
  • AI service providers;
  • analytics and website performance providers;
  • email delivery providers;
  • prospecting, enrichment, sales, or CRM-related providers;
  • payment, invoicing, or accounting service providers;
  • webinar, form, or communication tool providers;
  • legal, tax, or professional advisors;
  • public authorities, regulators, or courts where we are legally required to do so.

Based on your current setup, these providers may include or relate to services such as:

  • Strato;
  • Google Workspace;
  • Vercel;
  • Supabase;
  • Resend;
  • OpenAI;
  • Google Analytics / Google Tag Manager;
  • Microsoft Clarity;
  • and other prospecting, enrichment, or outreach tools used for SOTAB’s own business development where applicable.

We do not share personal data with affiliated ventures for unrelated purposes without an appropriate legal basis.

8. International transfers

Some of our service providers may process personal data outside the European Economic Area, or may allow access from outside the EEA.

Where personal data is transferred outside the EEA, we aim to ensure that appropriate safeguards are in place where required under applicable law. Depending on the provider and the country involved, this may include:

  • an adequacy decision by the European Commission;
  • Standard Contractual Clauses; or
  • another legally recognized transfer mechanism.

Even where we choose European hosting or European deployment regions where possible, some providers may still operate internationally or involve limited cross-border access.

You may contact us if you would like more information about the safeguards we rely on for relevant transfers.

9. How long we keep personal data

We do not keep personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is required or justified by law, legal claims, or legitimate business recordkeeping.

In general, we apply the following retention logic:

  • general inquiries and contact requests: up to 2 years after the last substantive contact;
  • leads and prospects that do not become clients: up to 2 years after the last meaningful interaction, unless a longer retention period is justified or the person objects earlier;
  • booking and discovery-call requests: generally up to 2 years after the last relevant interaction, unless they become part of an ongoing client or prospect relationship;
  • newsletter subscription data: until you unsubscribe or withdraw consent, plus limited records where needed to maintain suppression lists or demonstrate compliance;
  • lead magnet, resource download, and similar conversion data: generally up to 2 years after the last meaningful interaction, unless the relationship continues;
  • webinar, workshop, and event data: generally up to 2 years after the event, unless the relationship continues or longer retention is justified;
  • client contact and project-related business contact data: up to 5 years after the end of the business relationship, unless a longer period is needed for legal claims or legal obligations;
  • invoices, accounting records, and core business administration: as long as required under applicable tax, accounting, and legal retention obligations;
  • analytics and cookie-related data: according to the applicable tool settings, the type of cookie, and the choices you make through our cookie settings.

In some cases, we may keep data for longer if needed:

  • to comply with the law;
  • to establish, exercise, or defend legal claims;
  • to maintain records of objections or unsubscribes;
  • or where the data remains in backups for a limited period under ordinary business continuity processes.

10. Your rights

Subject to applicable law, you may have the following rights in relation to your personal data:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restriction of processing;
  • the right to data portability;
  • the right to object to processing;
  • the right to withdraw your consent at any time where we rely on consent;
  • the right to lodge a complaint with a supervisory authority.

If we process your personal data for direct marketing purposes, you have the right to object to that processing at any time.

11. How to exercise your rights

You can exercise your rights by contacting us at:

[email protected]

Please describe your request as clearly as possible so we can handle it properly.

We may ask for additional information to confirm your identity before responding to your request.

We will respond within the timeframe required by applicable law. In many cases, this is within one month, although this may be extended where legally permitted.

12. Complaints

If you have a complaint about how we handle your personal data, we would appreciate the opportunity to address it first.

You also have the right to lodge a complaint with the Dutch data protection authority.

13. Security

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, unauthorized disclosure, alteration, or destruction.

These measures are designed in light of the nature of the data, the context of the processing, and the relevant risks. They may include, where appropriate, measures relating to access control, limited internal access, secure service providers, system management, and incident handling.

No system can be guaranteed to be completely secure, but we take reasonable steps to protect the personal data we process.

14. Third-party websites and services

Our website may contain links to third-party websites, tools, platforms, or embedded content. Those third parties may process personal data under their own privacy policies.

We are not responsible for the privacy practices of third-party websites or services that are not controlled by us.

15. Children

Our website and services are not intended for children under the age of 16, and we do not knowingly collect personal data from children.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The most recent version will always be published on our website. If a change is significant, we may take additional steps to highlight it where appropriate.

17. Contact

If you have any questions about this Privacy Policy or about how we process personal data, you can contact us at:

[email protected]

or

[email protected]