Privacy Policy

Privacy Policy

Last updated: 7 May 2026

ElectricCross.eu ("we", "us") respects your privacy and processes personal data in line with the EU General Data Protection Regulation (GDPR, EU 2016/679). This policy explains what data we collect, why, for how long and which rights you have.

1. Who we are

ElectricCross.eu is a brand focused on selling, demoing and leasing the NEON Forge ET7 (L1e-B, EU CoC e4*168/2013*10080*00) in the Netherlands and Belgium. For privacy-related questions, reach us at [email protected] or via WhatsApp.

2. What data we process

  • Test-ride request: name, phone, email, postcode, preferred date, preferred language and an optional comment.
  • Quote request: name, contact details, desired configuration and payment preference (cash / lease).
  • Customer data on purchase/lease: address, date of birth (for AM-licence verification), copy of ID (only during signature, not retained), IBAN, business numbers if applicable.
  • Technical data: only when you have accepted analytics cookies — anonymised IP-prefix, screen size, browser type and visited pages.
  • WhatsApp conversations: we keep chat history so we can follow up on the status of your request.

3. Purpose and legal basis

  • Performance of contract (art. 6(1)(b) GDPR): schedule demo, send quote, deliver, invoice, warranty.
  • Legal obligation (art. 6(1)(c) GDPR): tax retention (7 years) and EU vehicle registration.
  • Legitimate interest (art. 6(1)(f) GDPR): fraud prevention and one-shot follow-up after a demo.
  • Consent (art. 6(1)(a) GDPR): analytics cookies and optional newsletter — always revocable.

4. Retention

  • Non-converting leads: max 12 months.
  • Customer files: 7 years (tax obligation).
  • Server and consent logs: 12 months.
  • WhatsApp chats: 24 months unless you request deletion.

5. Sharing with third parties

Data is shared only with processors required to deliver our service (EU/EEA hosting provider, email platform, leasing company on lease applications, vehicle registration authority on plate request). Each processor is bound by an EU data-processing agreement (GDPR art. 28). We never sell data to advertisers.

6. Transfers outside the EU

Primary processing happens within the EU/EEA. Whenever a sub-processor (e.g. infrastructure provider) transfers data outside the EU, this is done under EU Standard Contractual Clauses (2021/914) or a European Commission adequacy decision.

7. Your rights

  • Access, rectification and erasure (GDPR art. 15-17).
  • Restriction and portability (GDPR art. 18 + 20).
  • Object to processing based on legitimate interest.
  • Withdraw previously granted consent.
  • Lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl) or the Belgian Data Protection Authority (gegevensbeschermingsautoriteit.be).

8. Security

Data is protected with TLS in transit, encryption-at-rest for sensitive fields, short-lived JWT sessions and role-based access control on the admin panel. ID copies are only accessible during contract signature and wiped immediately after.

9. Changes

We may update this policy to comply with new legislation or new product features. Changes are stamped at the top with a new "Last updated" date. For substantial changes we will re-prompt for consent.

10. Contact

Questions or requests? Email [email protected] or call/WhatsApp us. We respond within 30 days, usually faster.