Privacy Policy 

Last updated: January 2026

​

OAZE respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, store and protect personal information when you visit our website, interact with OAZE or engage with our certification services.

​

This Privacy Policy is drafted in accordance with the General Data Protection Regulation (GDPR / AVG) and applicable Dutch data protection laws.

OAZE is a platform that recognises, certifies and supports offline-friendly environments.

Data Controller: OAZE

OAZE acts as data controller for its own services and communications. OAZE is not responsible for personal data processed by certified locations or third parties outside its own operations.

We may process personal data relating to the following categories:

• Website visitors

• Business contact persons (B2B)

• Certification applicants and representatives of applicant organisations

• Certified locations and partners

• Newsletter subscribers and individuals contacting OAZE

Personal Information

• Name

• Email address

• Company or organisation name

• Role or function

• Business address and location details (where applicable)

• Contact details provided via forms or correspondence

Certification & Application Data

• Information submitted as part of certification or re-certification applications

• Descriptions of locations, concepts and operational practices

• Assessment-related communication and documentation

Technical & Usage Data

• IP address

• Browser and device information

• Website usage data (pages visited, session duration)

OAZE does not intentionally collect special categories of personal data.

Personal data is processed for the following purposes:

• Responding to enquiries and requests

• Processing certification and re-certification applications

• Managing relationships with certified locations and partners

• Providing updates about OAZE services, policies or activities

• Improving website performance and user experience

• Complying with legal and regulatory obligations

OAZE processes personal data based on one or more of the following legal grounds:

• Consent

• Performance of a contract or pre-contractual steps

• Legitimate interests (such as communication, certification administration, brand protection and service improvement)

• Legal obligations

All content on this website, including text, visuals, logos, certification marks, badges, frameworks, methodologies, certification language and assessment principles, is the intellectual property of OAZE unless stated otherwise and is protected by applicable intellectual property and unfair competition laws.

​

You may:

• View and share content for personal or informational use

You may not:

• Copy, reproduce or distribute content for commercial purposes without prior written permission

• Use OAZE branding, certification marks, badges, certification language or frameworks without explicit authorisation

• Falsely claim, imply or suggest certification, affiliation or endorsement by OAZE

Unauthorised use, imitation or misrepresentation of OAZE certification, branding or status,  including by non-certified entities, constitutes infringement and may result in immediate legal action, including claims for injunctive relief, damages and recovery of legal costs.

OAZE uses functional and analytical cookies to ensure proper website operation and to gain insight into website usage.

​

Where required by law, consent will be requested before placing non-essential cookies. Detailed information about cookies and analytics tools may be provided in a separate Cookie Policy.

OAZE shares personal data only where necessary and only with:

• Trusted service providers (e.g. hosting, email, analytics)

• Professional advisers (legal, accounting) where required

• Authorities where legally obligated

All third parties are required to process personal data securely and confidentially.

Personal data is retained only for as long as necessary for the purposes described in this Policy.

• Contact and communication data: retained for the duration of the relationship or as long as relevant

• Certification and assessment data: retained for the duration of certification and a reasonable period thereafter to support re-certification, audits or dispute resolution

• Marketing data: retained until consent is withdrawn or objection is raised

OAZE implements appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access.

​

In the event of a personal data breach, OAZE will act in accordance with applicable data breach notification obligations under the GDPR.

Where personal data is processed outside the European Economic Area, OAZE ensures appropriate safeguards in accordance with GDPR requirements.

Under the GDPR, you have the right to:

• Access your personal data

• Rectify inaccurate data

• Request erasure of personal data

• Restrict or object to processing

• Withdraw consent at any time

• Request data portability

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch supervisory authority:

Autoriteit Persoonsgegevens
www.autoriteitpersoonsgegevens.nl

OAZE may update this Privacy Policy from time to time. The most recent version will always be published on the website.