Privacy Policy
Last updated: 15 November 2025
This Privacy Policy describes how we collect, use, share and protect your personal data when you visit or use our websites, funnels, applications and services (collectively, the “Service”). It also explains your privacy rights under the General Data Protection Regulation (GDPR) and relevant Dutch law.
By using the Service, you acknowledge that you have read this Privacy Policy.
1. Who we are (Data Controller)
For the purposes of the GDPR, the data controller is:
The Smart Value Group B.V., trading as “Xponential Ecosystem”
Registered office: Witteweg 4T, 6586 AE Plasmolen, The Netherlands
Chamber of Commerce (KvK): 34128410
Website: https://xponentialecosystem.io
Email: [email protected]
This Privacy Policy applies to all processing of personal data carried out by us as controller, including via websites, landing pages, forms and automations hosted on our white-label GoHighLevel platform.
In some projects we may also act as processor for our business clients. In those cases, our clients remain the controller and their privacy notices apply in addition to this one.
2. Scope of this Privacy Policy
This Privacy Policy applies when you:
- Visit or use our websites, funnels or landing pages
- Subscribe to newsletters, waitlists or events
- Download content (e-books, tools, templates, etc.)
- Book calls or coaching sessions
- Interact with our CRM, forms or surveys powered by our GoHighLevel-based platform
- Communicate with us by email, phone, messaging apps or social media
It does not apply to:
- Third-party websites or platforms that we do not control and that you may access via links from our Service
- Processing we perform strictly as a processor on behalf of our clients (in which case our client’s privacy notice governs)
3. Definitions
For the purposes of this Privacy Policy:
- “Personal Data” means any information relating to an identified or identifiable natural person.
- “Processing” means any operation performed on Personal Data (such as collection, storage, use, disclosure, erasure, etc.).
- “Service” means our websites, platforms, funnels, content and related online services.
- “Device” means any device that can access the Service (computer, smartphone, tablet, etc.).
- “Country” refers to The Netherlands, as part of the European Union.
4. Categories of Personal Data we collect
Depending on how you interact with us, we may collect the following categories of Personal Data:
4.1 Data you provide to us directly
When you fill in a form, schedule a call, send us an email or otherwise interact with us, we may collect:
- First and last name
- Email address
- Phone number
- Company name, role and sector
- Country and city
- Billing details (where relevant for paid services)
- Any other information you choose to share in free text fields or messages
4.2 Usage Data (automatically collected)
When you use the Service, we automatically collect certain technical and usage data, such as:
- IP address
- Browser type and version
- Device type and operating system
- Pages visited, time and date of visit, time spent on pages
- Clicks, scrolls, form submissions and other interaction data
- Referring URLs and campaign parameters (UTM tags, etc.)
4.3 Data from cookies and similar technologies
We use cookies, pixels and similar tracking technologies to:
- Make the Service function (essential cookies)
- Remember your preferences (functional cookies)
- Analyse traffic and usage (analytics cookies)
- Support our marketing and retargeting (marketing cookies, if you consent)
For more detail, we may provide a separate Cookie Policy and/or cookie banner where you can manage your preferences.
4.4 Data from third-party sources
We may receive additional information about you from:
- Social media platforms (if you interact with us there or use social login)
- Our implementation partners and resellers
- Publicly available sources (e.g. LinkedIn profile data for B2B outreach)
- Our clients, if we act as processor on their behalf
5. Purposes and legal basis for processing
Under the GDPR, we must have a lawful basis to process your Personal Data. We use your data for the purposes and legal bases below.
5.1 To provide and maintain the Service
Examples: hosting websites and funnels, managing your account, delivering digital products or programs, scheduling calls.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR) or steps at your request prior to entering into a contract.
5.2 To communicate with you
Examples: responding to your questions, sending confirmations, service-related messages, reminders and updates.
Legal basis: Performance of a contract or our legitimate interest in responding to enquiries (Article 6(1)(b) and 6(1)(f) GDPR).
5.3 Marketing, newsletters and nurturing
Examples: sending you emails about content, events, services and offers; retargeting campaigns; lead nurturing sequences.
Legal basis:
- Your consent (Article 6(1)(a) GDPR) where required (e.g. newsletter opt-in, non-essential cookies), and/or
- Our legitimate interest in promoting and growing our business (Article 6(1)(f) GDPR), balancing this with your rights.
You can unsubscribe at any time via the link in our emails or by contacting us.
5.4 Analytics, service improvement and security
Examples: analysing usage to improve UX, content and funnels; monitoring performance; detecting and preventing abuse or fraud.
Legal basis: Our legitimate interest in operating a secure and effective Service (Article 6(1)(f) GDPR).
5.5 Legal obligations
Examples: complying with tax, accounting, consumer and other legal requirements; responding to lawful requests by authorities.
Legal basis: Compliance with a legal obligation (Article 6(1)(c) GDPR).
5.6 Vital and legitimate interests
In rare cases we may need to process data to protect someone’s vital interests or our legitimate interests, for example in the context of legal claims (Article 6(1)(d) and 6(1)(f) GDPR).
6. How we share your Personal Data
We do not sell your Personal Data. We may share your Personal Data with:
6.1. Service providers / processors
- Our white-label CRM and marketing platform, powered by GoHighLevel (HighLevel Inc.), which acts as a data processor under a written Data Processing Agreement and appropriate transfer safeguards (see section 7).
- Email service providers, calendar and meeting tools, payment processors, cloud storage, analytics tools, and similar vendors.
6.2. Professional advisers
- Lawyers, accountants and consultants, where necessary to protect our rights and comply with our obligations.
6.3. Business partners and subcontractors
- Implementation partners, associates and subcontractors who help deliver our services to you, under confidentiality and data protection obligations.
6.4. Authorities and legal proceedings
- Competent authorities if required by law, court order or to protect our rights, users and the public.
If we are involved in a merger, acquisition or other corporate transaction, your Personal Data may be transferred as part of that transaction, subject to appropriate safeguards.
7. International Data Transfers
Our company is based in The Netherlands, but some of our service providers (including GoHighLevel) are located outside the European Economic Area, in particular in the United States.
When Personal Data is transferred outside the EEA, we ensure that:
- The country has an adequacy decision from the European Commission; or
- We use Standard Contractual Clauses (SCCs) or other appropriate safeguards; and/or
- The recipient is certified under the EU–US Data Privacy Framework or equivalent mechanisms, where applicable.
You can contact us for more information about the specific transfer safeguards used for your data.
8.Data Retention
We retain Personal Data only for as long as reasonably necessary for the purposes set out in this Privacy Policy, including to:
- Provide the Service and maintain our relationship with you
- Comply with legal, accounting and reporting obligations
- Resolve disputes and enforce our agreements
Retention periods may vary depending on the context (e.g. statutory retention of invoices vs. marketing contacts). If you unsubscribe from marketing, we will keep minimal data to respect your opt-out.
9. Your rights under the GDPR
As an individual in the EU/EEA, you have several rights regarding your Personal Data. These include:
1. Right of access – to obtain confirmation whether we process your data and to receive a copy.
2. Right to rectification – to have inaccurate or incomplete data corrected.
3. Right to erasure (“right to be forgotten”) – to request deletion of your Personal Data in certain circumstances.
4. Right to restriction of processing – to request that we limit processing in certain cases.
5. Right to data portability – to receive the data you provided in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
6. Right to object –
- to processing based on our legitimate interests, for reasons relating to your particular situation; and
- at any time to processing for direct marketing (including profiling for such marketing).
7. Rights related to automated decision-making – we do not use automated decisions with legal or similarly significant effects on you.
How to exercise your rights
You can exercise your rights by contacting us at:
Email: [email protected]
Postal address: The Smart Value Group B.V. (trading as “Xponential Ecosystem”), Witteweg 4T, 6586 AE Plasmolen, The Netherlands
We may need to request additional information to verify your identity before we can act on your request. We aim to respond within one month, as required by the GDPR.
Right to lodge a complaint
You also have the right to lodge a complaint with your local data protection authority. In The Netherlands, this is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
PO Box 93374, 2509 AJ Den Haag, The Netherlands
Website: autoriteitpersoonsgegevens.nl
10. Cookies and Tracking Technologies
As noted above, we use cookies and similar technologies on our websites and funnels. These may be placed by us or by third parties (e.g. analytics, ad networks).
Where required by law, we will:
- Show you a cookie banner on your first visit;
- Ask for your consent for non-essential cookies (analytics, marketing);
- Allow you to change or withdraw your consent at any time.
For more details, please refer to our separate Cookie Policy (if available) or the cookie information displayed in our banner.
11. Children’s Privacy
Our Service is intended for adults and business users and is not directed at children.
In line with GDPR and Dutch law, children under 16 years cannot validly consent to data processing for information society services without parental permission.
We do not knowingly collect Personal Data from children under 16. If you believe a child has provided us with Personal Data without parental consent, please contact us and we will delete such data.
12. Security of your Personal Data
We take appropriate technical and organisational measures to protect your Personal Data against unauthorised access, loss, misuse, alteration or destruction. These measures include:
- Access controls and role-based permissions
- Encryption in transit (HTTPS/SSL) and, where appropriate, at rest
- Regular backups and monitoring
- Use of reputable service providers with strong security and compliance practices (including GoHighLevel)
However, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.
13. Third-party Websites and Services
Our Service may contain links to third-party websites, plug-ins or services that we do not control. If you click on those links or enable those connections, third parties may collect or share data about you.
We are not responsible for the privacy practices of such third parties and encourage you to read their privacy policies before using their services.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example to reflect changes in our services, applicable law or best practices. When we do, we will:
- Post the updated version on our website with a new “Last updated” date; and
- Where appropriate, notify you by email or via a notice on the Service.
We encourage you to review this Privacy Policy periodically.
15. Contacts
If you have any questions about this Privacy Policy or our data protection practices, please contact us at:
The Smart Value Group B.V., trading as “Xponential Ecosystem”
Attn: Privacy / Data Protection
Witteweg 4T
6586 AE Plasmolen
The Netherlands
Email: [email protected]
© Copyrights 2025 | Xponential Ecosystem |