Legal
Privacy Policy
Privacy Policy Findoori
Version: January 2026
Effective from: January 21, 2026
BLB Consultancy FZCO (trading under the name Findoori) respects the privacy of business customers (indoor golf centers), contact persons and website visitors. We process personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation. This Privacy Policy describes how we handle your data.
Article 1. Data Controller
BLB Consultancy FZCO
Trading name: Findoori
Legal form: FZCO (Free Zone Company)
Registered office: Dubai, United Arab Emirates
Address: DUQE Square Business Center, QEII
Registration number: 3369
Email: info@findoori.com
Website: www.findoori.com
BLB Consultancy FZCO is the data controller for the processing of personal data as described in this statement.
We have not appointed a Data Protection Officer (DPO). Questions about privacy can be directed to info@findoori.com.
Article 2. What personal data do we process?
We process the following categories of personal data, depending on your interaction with our Platform:
2.1 Business customers and contact persons
First and last name
Job title/role
Company name (indoor golf center)
Business email address
Business telephone number
Business address
Social media links (optional)
Profile information, photos, videos and other content you provide for your Premium Subscription
2.2 Website visitors
IP address
Browser and device information
Pages visited and click behavior
Time and duration of visit
Referring website (referrer)
2.3 Newsletter and event subscribers
Email address
Name (optional)
Preferences and interests
We do not process special categories of personal data as referred to in Article 9 GDPR (health data, biometric data, religious/political beliefs, sexual orientation) or criminal data.
We only collect data that is necessary for our services (data minimization).
Article 3. Purposes and legal grounds
We process personal data exclusively for the following purposes and based on these legal grounds (Article 6 GDPR):
Purpose | Legal ground (art. 6 GDPR) | Categories of data subjects |
|---|---|---|
Performance of Premium Subscription: profile management, content publication, reports | Performance of contract (art. 6.1.b GDPR) | Business customers/contact persons |
Standard listings and general platform management | Legitimate interest (art. 6.1.f GDPR): promotion of indoor golf sector and information provision | Public information, website visitors |
Communication, customer service and support | Performance of contract / Legitimate interest | Business customers/contact persons |
Website analytics and Platform improvement | Legitimate interest: optimization of services and user experience | Website visitors |
Newsletters, marketing and events | Consent (art. 6.1.a GDPR), freely revocable | Contact persons with opt-in |
Administration, invoicing and accounting | Legal obligation (art. 6.1.c GDPR): tax retention obligation | Business customers |
Article 4. Recipients of personal data
We only share your personal data with the following categories of recipients:
4.1 Internal recipients
Personnel of BLB Consultancy FZCO who require access for service provision, support and administration.
4.2 External processors
We engage external service providers who process personal data on our behalf (processors), with whom we have concluded data processing agreements (Article 28 GDPR):
Hosting providers (e.g., Google Cloud, AWS): storage and availability of Platform
Analytics tools (e.g., Google Analytics): website statistics
Payment services (e.g., Stripe): processing subscription payments
Email providers (e.g., Mailchimp, SendGrid): sending newsletters and transactional emails
4.3 Acquisition or sale
In the event of a (partial) sale, merger, acquisition or reorganization of Findoori, your personal data may be transferred to the acquiring party. See Article 10 for details.
4.4 Legal obligations
If legally required, we share data with government authorities, supervisory authorities or law enforcement agencies.
We do not sell personal data to third parties for marketing purposes.
Article 5. Retention periods
We do not retain personal data longer than necessary for the purposes for which they were collected:
Category | Retention period |
|---|---|
Contract data (Premium Subscription) | Duration of contract + 7 years (tax retention obligation) |
Communication and support | 2 years after last contact |
Newsletter/marketing | Until withdrawal of consent or after 2 years of inactivity |
Website analytics (cookies) | Maximum 26 months (Google Analytics standard) |
Backups | Maximum 12 months after deletion from production environment |
After termination of your Premium Subscription, we will remove your published content and profile from the Platform within 30 days, subject to legal retention obligations for administrative data.
Article 6. Your rights under the GDPR
You have the following rights regarding your personal data:
Right of access (art. 15): you can request which data we process about you
Right to rectification (art. 16): correction of inaccurate or incomplete data
Right to erasure (art. 17): under certain conditions (e.g., after withdrawal of consent, no legal retention obligation)
Right to restriction (art. 18): temporary blocking of processing
Right to object (art. 21): against processing based on legitimate interest
Right to data portability (art. 20): receipt of data in structured format
Right to withdraw consent (art. 7): without consequences for previous lawful processing
6.1 Exercising your rights
Send a request to info@findoori.com. We will respond within 1 month (extension to 3 months possible for complex requests, with justification).
6.2 Right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority in your country, for example:
Netherlands: Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl)
Article 7. Cookies and tracking
We use cookies and similar technologies on www.findoori.com:
7.1 Functional cookies
Necessary for the functioning of the Platform (login status, preferences). No consent required.
7.2 Analytical cookies
Google Analytics for visitor statistics (anonymized IP address, no advertising purposes). Legal ground: legitimate interest.
7.3 Tracking and marketing cookies
Only with your explicit consent via the cookie banner.
7.4 Cookie management
You can refuse or delete cookies via your browser settings. Please consult our separate Cookie Statement on the website for details.
Article 8. Security of personal data
We take appropriate technical and organizational measures to protect personal data against loss, unauthorized access, modification or disclosure:
Encryption: HTTPS/TLS for data transmission; encryption at rest for stored data
Access control: role-based access, two-factor authentication for administrator accounts
Logging and monitoring: registration of system activity, security audits
Data processing agreements: contractual obligations for all service providers
Incident response: procedures for reporting data breaches in accordance with Articles 33-34 GDPR
No method is 100% secure. In the event of a data breach, we will inform you and the supervisory authority in accordance with the legal deadlines.
Article 9. Data transfers outside the European Economic Area (EEA)
9.1 Establishment outside the EEA
BLB Consultancy FZCO (Findoori) is established in Dubai, United Arab Emirates (UAE), a country outside the European Economic Area (EEA). This means that personal data of business customers and contact persons in the EEA (e.g., the Netherlands, Belgium) are transferred to Dubai for processing.
9.2 Safeguards for transfer to the UAE
The UAE does not currently have an adequacy decision from the European Commission. To comply with the GDPR, we apply the following safeguards for the transfer of personal data to Dubai (Article 46 GDPR):
Standard Contractual Clauses (SCC): we use the model clauses for data transfers between the EEA and third countries approved by the European Commission (Decision 2021/914). These are included in our agreement with business customers or available upon request.
Additional technical and organizational measures:
End-to-end encryption of data during transmission (TLS 1.3)
Encryption of data at rest (AES-256)
Access restriction: only authorized personnel
Pseudonymization where possible
Regular security audits and penetration testing
Transfer Impact Assessment (TIA): we have assessed that the legislation and practice in the UAE do not pose disproportionate risks to the protection of your personal data, considering:
The nature of our service (business platform for indoor golf centers)
The limited categories of data (no sensitive/special data)
The technical security measures
The UAE privacy legislation (Federal Decree-Law No. 45 of 2021) which applies similar principles to the GDPR
9.3 Sub-processors outside the EEA
We use external service providers who may process data in countries outside the EEA:
Service provider | Country | Safeguard |
|---|---|---|
Google Cloud / Google Analytics | United States | EU-U.S. Data Privacy Framework (DPF) certification + SCC |
Stripe (payments) | United States | EU-U.S. Data Privacy Framework (DPF) certification + SCC |
[Others] | [Country] | Adequacy decision / SCC / BCR |
Future service providers will only be engaged with appropriate safeguards in accordance with Articles 44-49 GDPR.
9.4 Access to safeguards
You can at any time request a copy of the Standard Contractual Clauses and the Transfer Impact Assessment by contacting info@findoori.com.
9.5 Data protection in the UAE
The UAE has its own privacy legislation (Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data) which applies similar principles to the GDPR, including lawfulness, transparency, data minimization, security and data subject rights. Findoori complies with both the GDPR (for data subjects in the EEA) and UAE legislation.
Article 10. Transfer in case of sale or acquisition
In the event of a (partial) sale, merger, acquisition or reorganization of Findoori, your personal data may be transferred to the acquiring party.
10.1 Conditions
The acquiring party may only process the data for the same or compatible purposes as described in this Privacy Policy.
The acquiring party must apply the same technical and organizational security measures.
Your rights under the GDPR remain fully in force.
10.2 Duty to inform
We will inform you in a timely manner (before or immediately after the transfer) about:
The identity of the new data controller
Any changes in the processing
Your rights and contact details
10.3 Legal ground
The transfer is based on:
Legitimate interest (art. 6.1.f GDPR): continuation of service provision and contractual relationship
Consent (art. 6.1.a GDPR): if required for marketing data or if the new party substantially changes the service
Article 11. Representative in the EEA (Article 27 GDPR)
11.1 No representative appointed
BLB Consultancy FZCO is established outside the European Economic Area (EEA), namely in Dubai, UAE. Article 27 of the GDPR requires non-EEA organizations in certain cases to appoint a representative in the EEA as a contact point for data subjects and supervisory authorities.
Findoori has not appointed a representative in the EEA because we rely on the exception of Article 27(2)(a) GDPR.
11.2 Why the exception applies
This exception applies because:
We do not process special categories of personal data as referred to in Article 9 GDPR (no health data, biometric data, religious/political beliefs, sexual orientation) or criminal data (Article 10 GDPR);
Our processing is not on a large scale: we target a specific business audience (indoor golf centers in the Netherlands, Belgium and surrounding countries);
The risk to the rights and freedoms of natural persons is low, considering:
The nature of the data (business contact details, no sensitive personal information)
The context (transparent B2B platform for business information)
The purposes (profiling, communication, service provision)
The technical security measures (see Article 8)
11.3 Direct contact
Nevertheless, you can always contact us directly for questions, requests or complaints:
Email: info@findoori.com
Post: BLB Consultancy FZCO, DUQE Square Business Center, QEII
We will respond within the legal deadlines of the GDPR (1 month, possibly extendable by 2 months for complex requests, with justification).
11.4 Right to lodge a complaint with supervisory authority
If you are not satisfied with our response or wish to complain, you have the right to lodge a complaint with the supervisory authority in your Member State:
Netherlands: Dutch Data Protection Authority – autoriteitpersoonsgegevens.nl
Belgium: Data Protection Authority – gegevensbeschermingsautoriteit.be
Other EU countries: consult the list at edpb.europa.eu
Article 12. Changes to this Privacy Policy
12.1 Updates
We may update this Privacy Policy from time to time, for example in case of new services, legislation or regulations, or technological developments.
12.2 Notification
In case of significant changes, we will inform you via:
A notice on the website (banner or pop-up)
Email (if you have an account or subscription)
The date at the top of this document indicates the last update.
12.3 Review
We recommend that you review this Privacy Policy regularly. The most recent version is always available at www.findoori.com/privacy.
Article 13. Contact and questions
For questions, comments or requests regarding this Privacy Policy or the processing of your personal data, you can contact:
BLB Consultancy FZCO (Findoori)
Email: info@findoori.com
Post: BLB consultancy, DUQE Square Business Center, QEII
We aim to provide an initial response within 5 working days and a full response to your request within 1 month (in accordance with Article 12(3) GDPR).
Last update: January 2026