Privacy Policy

Last updated: March 2026

In brief

  • We only use your data to deliver our ERE registration, trading and settlement services.
  • We only share data with parties strictly necessary for service delivery (NEa, external auditor, bank, IT hosting).
  • You can opt out of marketing communications and request deletion of your data at any time (subject to legal retention obligations).
  • All data is encrypted at rest and in transit in accordance with industry standards.
  • We never sell or trade your data.

1. Who we are

Compliance2Cash B.V. (hereinafter "Compliance2Cash", "we" or "us") is the data controller responsible for the processing of personal data as described in this privacy policy. Compliance2Cash provides professional ERE registration services and a white-label SaaS platform to energy suppliers, charge point operators and other commercial parties in the Dutch energy sector.

Compliance2Cash B.V.
Korenmolen 2
2661 LE Bergschenhoek, The Netherlands
CoC: 98696211
Email: privacy@compliance2cash.nl

2. What data we process

We process the following categories of personal data:

  • Contact details: name, email address, telephone number, company name and job title of contact persons.
  • Account data: login credentials, user preferences and role-based access rights within our platform.
  • Consumption data: EAN codes, charging data, energy consumption figures and supporting evidence for ERE registrations with the NEa.
  • Financial data: bank details (IBAN), billing information and payment history.
  • Technical data: IP address, browser type and device information when using our platform.
  • Communication data: content of messages sent via our contact form or email correspondence.

3. Purpose of processing

We process your data for the following purposes:

  • Delivering our services: registering Renewable Energy Units (ERE's) with the Dutch Emissions Authority (NEa).
  • Managing your account on our platform.
  • Processing financial transactions, including settlement of ERE revenues.
  • Complying with legal and regulatory obligations, including audit requirements.
  • Communicating about our services, including service notifications and relevant market developments.
  • Improving our platform and services.

4. Legal basis

The processing of your personal data is based on the following legal grounds under the GDPR:

  • Performance of a contract: processing necessary for the performance of our services and the authorisation agreement.
  • Legal obligation: processing necessary to comply with legislation and regulations, including fiscal retention obligations and the Dutch Renewable Energy for Transport Regulation.
  • Legitimate interest: processing for the purpose of platform improvement, fraud prevention and maintaining business relationships.
  • Consent: where applicable, for sending marketing communications.

5. Retention periods

We do not retain your personal data longer than necessary for the purposes for which it was collected. We apply the following retention periods:

  • Contract data and evidence: 7 years after termination of the agreement, in accordance with fiscal retention obligations.
  • Account data: up to 12 months after termination of the business relationship, unless a legal retention obligation applies.
  • Contact form messages: up to 12 months after the last interaction.
  • Technical log data: up to 6 months.

6. Sharing with third parties

We only share your data with third parties when necessary for our service delivery:

  • Dutch Emissions Authority (NEa): for registering ERE's in accordance with the Renewable Energy for Transport Regulation.
  • External auditor: for the annual audit of registrations, as required by the NEa.
  • Payment service provider / bank: for executing financial transactions.
  • Hosting and IT service providers: for the technical operation of our platform (Amazon Web Services, EU region).

We enter into a data processing agreement with all processors in accordance with the GDPR. We never sell, rent or trade your personal data to third parties.

7. Your rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: you may request which personal data we process about you.
  • Right to rectification: you may request correction of inaccurate data.
  • Right to erasure: you may request deletion of your personal data, insofar as no legal retention obligation applies.
  • Right to restriction: you may request restriction of processing.
  • Right to data portability: you may request to receive your data in a structured, commonly used format.
  • Right to object: you may object to processing based on legitimate interest.

Requests can be sent to privacy@compliance2cash.nl. We will respond within 30 days.

8. Right to be forgotten

You may request us to delete all your personal data. We will comply with this request, except for data we are legally required to retain, such as invoices, evidence of charging data and audit documentation. After deletion, your account will no longer be accessible and we will no longer be able to provide our services.

9. Security

Compliance2Cash takes appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. These measures include:

  • Encryption of data at rest and in transit (TLS/SSL).
  • Role-based access control following the principle of least privilege.
  • Hosting within the European Union (AWS, region eu-west-1).
  • Regular security audits and monitoring.

10. Contact

For questions about this privacy policy or about the processing of your personal data, please contact us:

Compliance2Cash B.V.
Email: privacy@compliance2cash.nl
Address: Korenmolen 2, 2661 LE Bergschenhoek, The Netherlands

If you have a complaint about the processing of your personal data, you may contact the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).