Privacy policy

Version: February 2026 

Effective date: March 1, 2026 

 

1. Introduction

No Cap Agency (“agency”, “we”, “us” or “our”) places great importance on the protection of personal data and privacy of our clients, influencers, brand partners, and website visitors. 

This privacy policy explains how we collect, use, store, share, and protect personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Dutch Implementation Act GDPR, and other applicable privacy laws. 

 

Key Points: 

  • Personal data is collected only for the purpose of providing our services, managing contracts, and facilitating campaigns. 
  • You have rights to access, correct, delete, restrict processing, data portability, object, and withdraw consent. 
  • Personal data is retained no longer than necessary and securely stored. 
  • Data is shared with third parties only if necessary for the provision of services or legally required. 

By using our services or providing personal data, you acknowledge that you have read and understood this privacy policy. 

 

2. Data controller

The data controller responsible for your personal data is: 

 

No Cap Agency 

Address: Floraronde 17, 1911 VZ Uitgeest, The Netherlands 

Email: [email protected] 

Chamber of Commerce (KvK) number: 88201694 

For any questions regarding this privacy policy or the processing of your personal data, please contact us using the details above. 

 

3. Categories of personal data collected

3.1 Influencers 

  • Identity data: full name, date of birth, gender and photo, signature. 
  • Contact data: address and email phone number. 
  • Financial data: bank account, payment information and citizen service number (BSN, if legally required). 
  • Professional data: social media accounts, follower count, engagement metrics, portfolio and media kit. 
  • Contractual data: signed agreements, campaign briefings, deliverables and correspondence. 
  • Content data: photos, videos and other creative materials. 

 

3.2 Brand partners 

  • Business contact data: company name, contact person name, email, phone number and business address. 
  • Contractual data: agreements, campaign requirements, budgets and correspondence. 
  • Financial data: invoicing and payment records. 

3.3 Website visitors 

  • Technical data: IP address, browser type/version, device information, operating system and browsing behavior. 
  • Communication data: information submitted via contact forms or email. 

 

4. Legal bases for processing

We process personal data only on valid legal grounds in accordance with GDPR Article 6: 

Purpose of processing 

Legal basis 

Performance of contract (managing influencers and facilitating campaigns) 

Art. 6(1)(b) 

Communication about services and campaigns 

Art. 6(1)(b) 

Payments and financial administration 

Art. 6(1)(b) & 6(1)(c) 

Compliance with tax, accounting and legal obligations 

Art. 6(1)(c) 

Sharing profile/portfolio with potential brands 

Art. 6(1)(f) or consent Art. 6(1)(a) 

Use of content for agency promotion 

Consent Art. 6(1)(a) 

Marketing communications 

Consent Art. 6(1)(a) 

Service and website improvement 

Art. 6(1)(f) 

Legal protection & fraud prevention 

Art. 6(1)(f) 


  • Legitimate interest: a balancing test has been conducted; rights of data subjects are respected. 
  • Consent: can be withdrawn at any time; withdrawal does not affect the lawfulness of processing before withdrawal. 

 

5. How we use your personal data

5.1 Service provision 

  • Manage contractual relationships. 
  • Represent influencers in negotiations. 
  • Match influencers with campaigns. 
  • Coordinate campaign execution. 
  • Process payments and commissions. 

5.2 Communication 

  • Respond to inquiries regarding services or campaigns. 
  • Send service-related notifications. 

5.3 Marketing and promotion 

  • Present influencer profiles to potential brand partners. 
  • Use content for promotion (with consent). 
  • Send newsletters or marketing communications (opt-in required). 

5.4 Legal and administrative purposes 

  • Compliance with statutory obligations. 
  • Financial and tax administration. 
  • Establish or defend legal claims. 

5.5 Business operations 

  • Analyze and improve services. 
  • Ensure security and prevent fraud. 
  • Internal reporting and planning. 

 

6. Sharing data with third parties

6.1 Brand partners 

  • Name, contact details, professional profile, social media metrics, portfolio and rates. 
  • Sharing only with your knowledge or consent (opt-in required for exclusive agreements). 

6.2 Serviceproviders 

  • IT hosting, payment processors, communication platforms and analytics providers. 
  • Subject to a data processing agreement compliant with GDPR. 

6.3 Professional advisors 

  • Legal, tax and financial advisors for professional guidance. 

6.4 Legal and regulatory authorities 

  • Disclosed if legally required or to protect agency rights. 

6.5 Business transfers 

  • In case of mergers, acquisitions or sale of assets. 
  • Personal data will not be sold. 

 

7. International data transfers

  • Primarily within the European Economic Area (EEA). 
  • Transfers outside the EEA: adequacy decision, standard contractual clauses or other GDPR-compliant safeguards. 
  • Data subjects will be informed of transfers outside the EEA. 

 

8. Data retention

Data category 

Retention period 

Contractual and campaign data 

Duration of agreement + 7 years 

Financial data 

7 years from the end of the financial year 

Influencer profiles/portfolio 

Duration of management relationship + 12 months 

Content for promotion 

Duration of management relationship + 12 months 

Communication data 

3 years 

Website analytics 

26 months 

Marketing consent 

Until withdrawal + 3 years proof 

Data is securely deleted or anonymized after these periods. 

 

9. Your rights

  • Access, rectification, erasure, restriction, data portability, objection and withdrawal of consent. 
  • Exercise via: 
    • Email: [email protected] 
    • Post: No Cap Agency, Floraronde 17, 1911 VZ Uitgeest, The Netherlands 
  • Response time: 1 month; extendable by 2 months if complex. 
  • Complaints: Dutch Data Protection Authority (Autoriteit Persoonsgegevens), PO Box 93374, 2509 AJ The Hague, www.autoriteitpersoonsgegevens.nl.

 

10. Data securit

  • Secure storage systems and access controls. 
  • Encryption of sensitive data. 
  • Regular audits, updates, and staff training. 
  • Confidentiality obligations for employees and contractors. 
  • No absolute guarantee, but all reasonable measures taken. 

 

11. Children’s privacy

  • Services are not directed to children under 16. 
  • Personal data of children under 16 collected without consent will be immediately deleted. 

 

12. Links to third-party sites

  • We are not responsible for third-party privacy practices. 
  • Review third-party privacy policies when visiting external sites. 

 

13. Data Processing Agreements

  • We act as a processor under GDPR Article 28. 
  • Sub-processors are bound by the same contractual obligations. 

 

14. Changes to this privacy policy

  • Updates will be communicated via email or website notice. 
  • At least 30 days prior to taking effect. 

 

15. Contact

No Cap Agency 

Email: [email protected] 

Address: Floraronde 17, 1911 VZ Uitgeest, The Netherlands 

Privacy contact person: Quinsey van der Kleij 

 

Last updated: February 2026