Privacy Policy

Last updated: June 14, 2026

This privacy policy explains how AIVI Amsterdam collects, uses, stores, and shares personal data when you browse our website, place a booking, rent a Pocket WiFi Router, contact us, or otherwise use our services.

1. Controller and Scope

AIVI Amsterdam is the controller of the personal data described in this notice unless this page states otherwise. This notice applies to our website, booking flow, customer communications, rental operations, fraud prevention, payment handling, and related support activities.

2. Personal Data We Collect

Depending on how you use our service, we may collect:

• identity and contact data such as name, email address, phone number, and booking details;
• rental data such as pickup date, return date, plan selected, booking reference, and support history;
• payment-related data processed through payment providers such as Stripe, including payment status and limited card metadata, but not full card numbers stored by us;
• technical data such as IP address, browser information, device type, timestamps, and server or security logs;
• communication data such as emails, contact form messages, and customer support exchanges;
• fraud, risk, and recovery information where needed to verify bookings, prevent abuse, recover unpaid amounts, or recover unreturned devices.

3. How We Use Personal Data and Legal Bases

We use personal data for the following purposes and legal bases:

• to take steps before entering into a rental and to perform the rental contract, including processing bookings, payments, confirmations, pickup, return, and support;
• to comply with legal obligations such as accounting, tax, fraud prevention cooperation, and lawful requests from authorities;
• to pursue our legitimate interests in securing our business, preventing fraud, protecting and recovering company property, defending legal claims, improving operations, and maintaining service reliability;
• where required, based on consent, for example if we introduce optional marketing communications or non-essential cookies.

4. Sources of Data

We collect data directly from you when you use the website or place a booking. We also receive limited data from service providers involved in payment processing, hosting, analytics, communications, and infrastructure support.

5. Sharing of Personal Data

We share personal data only where necessary, including with:

• payment providers such as Stripe to process payments and manage payment risk;
• hosting, infrastructure, and database providers such as Vercel and Supabase;
• email and communications providers such as Resend;
• professional advisers, insurers, accountants, collection partners, or legal counsel where reasonably necessary;
• public authorities or law enforcement where we are legally required to do so or where necessary to protect our rights, property, or customers.

6. International Transfers

Some service providers may process personal data outside your country or outside the European Economic Area. Where required, we rely on appropriate safeguards such as contractual protections, adequacy decisions, or other lawful transfer mechanisms.

7. Retention

We keep personal data only for as long as needed for the purpose for which it was collected, including to perform the contract, maintain records, resolve disputes, enforce agreements, and comply with legal obligations. Retention periods may differ depending on the data category, for example booking and accounting records may be kept longer than routine support messages.

8. Security

We take appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, misuse, or unlawful processing. However, no internet-based service can be guaranteed to be completely secure.

9. Cookies and Similar Technologies

We may use essential cookies and similar technologies that are necessary for core site functionality, such as language preferences, session continuity, and security. If we introduce non-essential analytics, advertising, or personalization cookies, we will update this notice and, where required, request consent before using them.

10. Your Rights

Depending on your location and applicable law, including the GDPR, you may have the right to request access to your personal data, correction of inaccurate data, erasure, restriction of processing, objection to certain processing, portability where applicable, and withdrawal of consent where processing is based on consent.

You may also have the right to lodge a complaint with a supervisory authority in your place of residence, work, or where the alleged infringement occurred.

11. Children

Our rental service is intended for adults who can enter into a binding contract. We do not knowingly collect personal data directly from children for standalone use of the service.

12. Changes to This Notice

We may update this privacy policy from time to time to reflect operational, legal, or technical changes. The latest version will always be published on this page.

13. Contact

For privacy inquiries, contact us at hello@amsterdamwifi.com.

This privacy policy is a practical first-pass launch draft and should be reviewed against your actual business entity details, retention schedule, cookie usage, and provider setup before production launch.