As of 14 August 2025

1. Controller and how to contact us

Bright Green Partners B.V. is the controller for the processing described in this notice.
Address: Arcenlaan 34, 5709 RA, Helmond, The Netherlands
Privacy contact: floor@brightgreenpartners.com
This section implements GDPR Article 13(1)(a) and 13(1)(b).

2. What data we process

Bright Green Partners collects, processes and uses personal data exclusively for purposes of operating and managing its expert network and related business activities.

This includes:

Identification and Contact Data

  • Name
  • Job title
  • Company affiliation
  • Professional biography
  • Email address
  • Telephone number
  • LinkedIn or other professional profile

Professional Information

  • Areas of expertise
  • Industry experience
  • Availability
  • Fee expectations
  • Conflict of interest disclosures

Consultation Data

  • Audio or video recordings of consultations conducted via Zoom
  • Transcripts generated from recordings
  • Summaries and internal notes
  • Analytical outputs
  • Materials generated using AI-assisted tools such as Microsoft Copilot
  • Metadata such as consultation date, duration, and project reference

Administrative and Financial Data

  • Expert Payment Details (EPD)
  • Invoices
  • Tax-related information

Technical Data

  • Email communications
  • Platform usage logs
  • IP address where relevant for security purposes

We do not intentionally collect special categories of personal data (Article 9 GDPR). If such data is provided without legal necessity, we will delete or restrict it.

3. Where we obtain data

We obtain personal data:

  • Directly from you during registration or communication
  • During consultations and project work
  • From publicly available professional sources (e.g. LinkedIn) where lawful
  • From referrals
  • From employers or colleagues where relevant to a project

Where we collect data from other sources, we provide information required under Article 14 GDPR.

4. Purposes and legal bases

We process personal data for the following purposes and rely on the legal bases listed below.

Managing the Expert Relationship
Including onboarding, matching experts with clients, facilitating consultations, and payment processing.
Legal basis: Article 6(1)(b) GDPR (performance of contract).

Recording and Documenting Consultations
Including recording consultations via Zoom, generating transcripts, using Microsoft Copilot for AI-assisted summaries, preparing client deliverables, quality assurance, compliance, and knowledge management.
Legal bases: Article 6(1)(b) (performance of contract), Article 6(1)(f) (legitimate interests), and where required Article 6(1)(a) (consent).

Operating and Improving the Expert Network
Including internal evaluation, service improvement, prevention of fraud or conflicts of interest, protection of our intermediary business model, and development of anonymised or aggregated industry insights.
Legal basis: Article 6(1)(f) (legitimate interests).

Our legitimate interests include operating and improving our expert network, protecting our intermediary model, ensuring quality and compliance, and developing industry insights derived from consultations on a non-attributable basis.

Business Communications
Including newsletters and updates where permitted by law.
Legal basis: Article 6(1)(f) or Article 6(1)(a) where consent is required.

Legal and Regulatory Compliance
Including tax, accounting, and audit obligations.
Legal basis: Article 6(1)(c).

Where we rely on legitimate interests, we have conducted a balancing test which you may request.

5. Recipients and processors

We may share personal data with:

  • Clients, where you participate in a project (typically in sanitised or non-attributable form unless otherwise agreed)
  • IT hosting providers
  • CRM and communication platforms
  • Zoom Video Communications (for hosting and cloud recording of consultations)
  • Microsoft Corporation (including Microsoft 365 and Microsoft Copilot services)
  • Professional advisers (legal, tax, accounting)

All service providers act as processors under Article 28 GDPR and are contractually bound to confidentiality and security obligations.

6. Security

We implement appropriate technical and organisational measures to protect personal data, including access restrictions, encryption where appropriate, secure cloud storage, and confidentiality obligations for personnel and processors.

7. Retention

We retain personal data only as long as necessary for the purposes described above and to comply with legal obligations.

Retention periods:

  • Expert network profiles and applications: for the period of your membership or evaluation and until you ask us to delete your data or we deactivate your profile after sustained inactivity.
  • Contract and project files: for the duration of the engagement and the time needed to handle queries or possible claims arising from the engagement.
  • Marketing contact data: until you opt out or we consider your contact inactive.
  • Security and web logs: for the period needed to ensure system security and investigate incidents.
  • Invoicing and tax records: for at least 7 years to meet Dutch tax retention duties.

Data will be deleted or anonymised when no longer required.

8. International data transfers

Where our use of Google Analytics or other providers involves transfers to the United States or other third countries, we rely on appropriate safeguards such as the EU-US Data Privacy Framework for Google LLC and, where required, the European Commission Standard Contractual Clauses.

9. Your rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Object to processing based on legitimate interests
  • Data portability
  • Withdraw consent (where processing is based on consent)
  • Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

Requests may be submitted to: floor@brightgreenpartners.com

The right to erasure does not apply where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.

10. Requirement to provide data

Where personal data is required to enter into or perform a contract or comply with legal obligations, failure to provide such data may prevent us from engaging you as an Expert.

11. Cookies and similar technologies

Our website uses cookies. Details and choices are set out in our Cookie Policy. Consent is required for non-essential cookies and most analytics or marketing cookies under Dutch rules.

12. Automated decision making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects concerning Experts.

We may use AI-assisted tools, including Microsoft Copilot, to generate transcripts, summaries, or draft documents. These tools support internal workflows and documentation but do not make automated decisions affecting your rights.

Download our 2026 FoodTech Trends Report

"*" indicates required fields

Name*
Would you like to schedule a brief introduction call with FoodTech Experts to explore how our expert network can support your business?*
*