The Governed Boundary
  • Structural Diagnosis
  • Governance Mandate
  • Governed Boundary
  • Structural Deliverables
  • Engagement Tracks
Legal

Privacy Policy

Effective: April 2026

This site is operated by Martin van der Linden, author of the three-book series Governance and Architecture for the Cyber-Physical Enterprise. This policy explains what personal information is collected when you use the site, why it is collected, how it is used, how long it is kept, and your rights under the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (UAVG).

It is written in plain language and describes what the site actually does, not a generic template.

1. What information is collected

When you submit one of the request forms on this site – the Introduction request, the three White Paper requests, or the publication notification – you provide an email address. That address is the only information you actively enter.

When any page or form on the site is accessed, the web server automatically records:

  • Your IP address
  • Your browser's user-agent string (the browser and operating system you are using)
  • The referring URL, if your browser sends one
  • A timestamp
  • Which form or paper the request concerns

This is standard web-server information and is the minimum needed to deliver the service and detect abuse.

2. How the information is used

Your email address is used for exactly two purposes, and no others:

  • To deliver the paper you requested. When you submit a request form, the site sends you an automatic reply with a time-limited download link. This is the service you asked for.
  • To notify you when the three books are published, if you signed up in the Publication section. You will only receive publication announcements, not general marketing.

Server-log information (IP, user-agent, referrer, timestamp) is used to:

  • Troubleshoot technical problems
  • Detect and prevent abuse, such as automated scraping or fraudulent download attempts
  • Maintain an audit trail of which papers were requested and delivered

Your email address is not sold, shared with advertisers, used for profiling, or fed into any analytics platform. There is no advertising on this site, no third-party tracking, and no automated decision-making.

3. Legal basis

Under Article 6 of the GDPR, the lawful basis for processing your data is:

  • Performance of a request (Article 6(1)(b)) – when you ask for a paper, processing your email address is necessary to send it to you.
  • Consent (Article 6(1)(a)) – when you sign up for publication notifications, your submission is the act of consent. You can withdraw this consent at any time by emailing [email protected].
  • Legitimate interest (Article 6(1)(f)) – logging technical information (IP, user-agent, referrer, timestamp) for security, abuse prevention, and troubleshooting is covered by the operator's legitimate interest in running a functional, secure website.

4. How long information is kept

  • Email addresses from paper requests are retained for up to 24 months after submission, then removed. This period exists so that the site operator has a record of who received which paper in case of questions or errata.
  • Email addresses from publication notifications are retained until the relevant books have been published and the announcement has been sent, or until you ask for your address to be removed, whichever comes first.
  • Server logs (IP, user-agent, referrer, timestamp) are retained for up to 12 months for security and abuse-prevention purposes.

If you ask for your data to be deleted before these periods expire, it will be deleted unless there is a legal reason to retain it.

5. Who else sees the information

The site is hosted by TransIP B.V., a Dutch company, which processes data on the operator's behalf in two roles:

  • Web hosting – all submission logs, download logs, and PDFs are stored on TransIP servers in the Netherlands.
  • Email delivery – outgoing emails (notifications to the operator and automatic replies to you) are sent through TransIP's mail infrastructure.

TransIP is an EU-based processor subject to the GDPR. No personal data is transferred outside the European Economic Area.

No other third party receives your data. Specifically, there is no Google Analytics, no Facebook Pixel, no advertising networks, no embedded tracking widgets, and no CRM or marketing-automation platform connected to this site.

6. Your rights

Under the GDPR and UAVG, you have the right to:

  • Access the personal data held about you
  • Rectify inaccurate data
  • Erase your data (the "right to be forgotten")
  • Restrict or object to processing
  • Receive your data in a machine-readable format (data portability)
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with the Dutch data protection authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated

To exercise any of these rights, email [email protected]. You do not need to provide a reason. Requests will be answered within 30 days.

7. Cookies

This site uses no cookies – no tracking cookies, no analytics cookies, no third-party cookies, no session cookies. You can verify this yourself by opening your browser's developer tools and inspecting the cookie storage for this domain.

Because no cookies are used, no cookie consent banner is shown. None is required.

8. Changes to this policy

If this policy is updated, the effective date at the top of the page will change. Material changes will be noted on the homepage for at least 30 days before taking effect.

9. Contact

Questions about this policy, or requests to exercise any of your data protection rights:

Martin van der Linden
[email protected]

Supervisory authority for complaints:
Autoriteit Persoonsgegevens
autoriteitpersoonsgegevens.nl

The Governed Boundary
  • Problem
  • Work
  • Introduction
  • Engagement Tracks