Privacy Policy

Effective date: 10/10/2025

Resilient Urban Futures Studio (“RUF Studio”, “we”, “us”, “our”) respects privacy and is committed to protecting personal data collected via the website https://resilienturbanfutures.com and in the course of providing consultancy, advisory, and research services. This Privacy Policy explains what data is collected, why it is used, how it is stored and shared, and how data subjects can exercise their rights.

1. Who we are / Contact

Controller: Resilient Urban Futures Studio
Address: Van Alkemadelaan 117, 2597 BM, The Hague, Netherlands
Email: info@resilienturbanfutures.com

For privacy questions, data access requests, or to exercise data subject rights, contact info@resilienturbanfutures.com.

2. Data collected

Website and communication data

  • Contact form entries: name, email, telephone, organisation, message.
  • Newsletter sign-ups and subscription data (if applicable).
  • Comments left on the site (comment text, name, email, website, IP address, user agent string). See Comments below.
  • Technical and usage data collected automatically: IP address, browser type and version, operating system, pages visited, time and date stamps, referral URL, and similar analytics.

Client and project data

When providing professional services, RUF Studio may collect and process:

  • Client contact and organisation details.
  • Project documentation, data provided by clients (research data, reports, spreadsheets) — this may include personal data of third parties where required for project delivery.
  • Records of communications (emails, meeting notes), invoices, and payment confirmations.

3. How and why personal data is used

Personal data is processed for the following lawful purposes:

  • To respond to enquiries and provide services (contract performance).
  • To manage client relationships and project delivery, produce deliverables, and invoice for services.
  • For website administration, analytics, and security (legitimate interest).
  • To comply with legal obligations (e.g., tax record-keeping).
  • With consent where required, e.g., optional marketing communications or non-essential cookies.

4. Comments (WordPress behaviour)

When visitors leave comments on the site, the following data is collected: the data shown in the comments form (name, email, website), the visitor’s IP address, and browser user agent string for spam detection.
An anonymised hash of the commenter’s email may be provided to the Gravatar service to check for an associated avatar. Gravatar’s privacy policy: https://automattic.com/privacy/. After approval, the profile picture is visible publicly next to the comment.

5. Media / image uploads

If images are uploaded to the website, avoid embedding GPS EXIF data. Visitors can download images and extract embedded metadata. RUF Studio is not responsible for embedded location data in user-supplied media.

6. Cookies and login cookies (WordPress defaults)

RUF Studio uses cookies for site functionality and analytics. Details of default WordPress cookie behaviour (used by the site) are:

  • If a visitor leaves a comment, the site may offer to save the commenter’s name, email, and website in cookies. These cookies last one year.
  • On the login page, a temporary cookie is set to determine whether the browser accepts cookies; it contains no personal data and is discarded when the browser is closed.
  • When logging in, several cookies are set to save login information and screen display choices: login cookies last two days, screen options cookies last one year. If “Remember Me” is selected, login persists for two weeks. On logout, login cookies are removed.
  • If a user edits or publishes an article, an additional cookie is set that includes the post ID of the article just edited; this cookie expires after 1 day.

Non-essential cookies (analytics, tracking) are only activated subject to user consent via the cookie consent mechanism.

7. Embedded content from other websites

Pages may include embedded content (e.g., YouTube, Vimeo, social embeds). Embedded content behaves as if the visitor visited the other website. Those third-party sites may collect data about users, use cookies or tracking, and monitor interactions with embedded content. RUF Studio does not control third-party privacy practices.

8. Who we share your data with

RUF Studio does not sell personal data. Data may be shared with:

  • Service providers (website hosting, analytics, email delivery, payment processors) under contractual confidentiality obligations.
  • External experts or collaborators for project delivery on a need-to-know basis; such parties will be bound by confidentiality and, when processing personal data on behalf of the client, a Data Processing Agreement (DPA).
  • Legal authorities where required by law.
  • Business transfers: if the business is sold, personal data may be transferred, with protections in place.

If a password reset is requested, the user’s IP address may be included in the reset email for security purposes.

9. Retention periods

  • Comments and metadata: retained indefinitely (or until removal by site administrator) to allow recognition of follow-up comments.
  • Contact form and enquiry data: retained for the duration of the correspondence and archived for up to 7 years where required for accounting/tax compliance.
  • Client/project data: retained for the duration of the engagement and then archived for statutory retention periods (typically 7 years for accounting and tax documentation in the Netherlands), unless a different period is specified in contract.
  • Analytics and logs: retained in anonymised/aggregated form for site improvement; raw logs are retained for security purposes for a limited period (e.g., 90 days) unless needed for investigation.

10. International transfers

Personal data may be processed or stored outside the EEA where necessary (for example, cloud services). Transfers outside the EEA will be subject to appropriate safeguards such as Standard Contractual Clauses, an adequacy decision, or explicit consent.

11. Security

Appropriate technical and organisational measures are in place: password-protected devices, up-to-date software, EU-based cloud providers where feasible, encrypted storage for sensitive files, secure file-sharing services, and limited access on a need-to-know basis. Any subcontractors engaged are required to implement equivalent security measures.

12. Rights of data subjects

Subject to applicable law, individuals may have the right to:

  • Access personal data held about them.
  • Rectify inaccurate or incomplete data.
  • Request erasure (“right to be forgotten”) where lawful.
  • Object to or restrict certain processing.
  • Request portability of personal data provided in structured form.
  • Withdraw consent where processing is based on consent.

To exercise rights, contact: info@resilienturbanfutures.com. Verified requests will be responded to within statutory timeframes (typically one month). RUF Studio may request identity verification before acting on requests.

13. Data breach notification

In the event of a personal data breach affecting data processed by RUF Studio, the Studio will notify the supervisory authority (Autoriteit Persoonsgegevens) and affected data subjects where required by law, within GDPR timeframes (where feasible within 72 hours of becoming aware).

14. Children

The website is not intended for persons under 16. RUF Studio does not intentionally collect data from minors. If personal data of a minor is discovered, measures will be taken to delete it unless necessary for a lawful purpose.

15. Changes to this policy

This Privacy Policy may be updated. The Effective Date at the top will be revised. Users are encouraged to review this policy periodically.

16. Further information & supervisory authority

Data protection enquiries may be submitted to info@resilienturbanfutures.com. The Dutch data protection authority (Autoriteit Persoonsgegevens) can be contacted for unresolved complaints. (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.