Skip to Content

Privacy Policy

Resilient Path Consulting & Training – Privacy Policy

Effective date: 14 October 2025

1. Introduction

First of all — welcome, and thank you for taking a moment to read this!

At Resilient Path Consulting & Training, we value your trust and take your privacy seriously.

This Privacy Policy explains which personal data we collect, why we collect it, and how we protect it. We make sure your information stays safe and is only used for the purposes we describe here.


This Privacy Policy applies to all personal data we collect through our website https://rpct.odoo.com

and in connection with our training, consultancy, and related services — whether you’re a visitor, a course participant, or a professional partner.


We process personal data in compliance with the General Data Protection Regulation (GDPR), the Dutch Data Protection Act (AVG), and other applicable privacy laws.

By using our website, purchasing our services, or contacting us, you agree to this Privacy Policy.


2. Who we are

Resilient Path Consulting & Training

Registered in the Netherlands

Chamber of Commerce (KvK): 97317845

Data controller: Thirza Loffeld, operating as an independent consultant under the name Resilient Path Consulting & Training.

We act as the data controller for all personal data we collect directly from you.

For questions or requests, please contact us via our contact form. Messages are delivered directly to the data controller.


3. What personal data we collect

We collect only the data necessary to deliver our services and maintain communication.

This may include:

  • Name and contact details (e.g. email address, organisation, role)
  • Billing and payment details (processed securely via Stripe)
  • Account information (login details for Odoo-based learning or client portals)
  • Communications you send to us (for example, messages submitted via our contact form or Google forms used for course feedback, or reflection assignments)
  • Course participation data (e.g. progress tracking, feedback)

We do not collect sensitive data such as health, ethnicity, or political views.


4. How we use your data

We process your data for the following purposes:

  • To deliver and manage your training, workshops, or consultancy projects
  • To handle payments and invoicing
  • To send essential service communications (confirmations, updates, invoices)
  • To improve our content and customer experience
  • To comply with legal and tax obligations

Google Forms submissions

Information submitted via Google Forms is used solely for managing course participation, collecting feedback, or supporting reflection assignments. Such information is not shared outside our organisation and is deleted once no longer required for the stated purpose.


Feedback and testimonials

If you choose to provide feedback through a Google Form or other channel, you may be invited to give explicit consent for your words (and, if applicable, your name or organisation) to be published on our website or in outward-facing communication materials such as newsletters or promotional posts.

We will use this feedback only when you have given clear consent for that purpose. You may withdraw your consent at any time by contacting us through our contact form, after which your testimonial will be removed from public use.

If you subscribe to our newsletter or updates, we will only send emails based on your consent. You can unsubscribe at any time via the link included in every email.

We do not sell or rent your data to any third party.


5. Legal basis for processing

Our processing is based on one or more of the following lawful grounds:

  • Contractual necessity – to provide services you have purchased or requested
  • Legitimate interest – to maintain client relationships and ensure service quality
  • Legal obligation – to retain necessary business records for tax or accounting
  • Consent – where you voluntarily subscribe to newsletters or optional communications (you can withdraw this at any time)

6. Data sharing and third-party processors

We only share data with trusted providers essential for our operations:

Purpose

Provider

Safeguards

Website hosting, CRM, and e-learning

Odoo S.A. (Belgium)

GDPR-compliant, hosted in the EU

Payment processing

Stripe, Inc. (Ireland / USA)

Certified under EU–US Data Privacy Framework

Course feedback, or reflection forms

Google LLC (Google Forms) (Ireland / USA)

Hosted in the EU or under the EU Standard Contractual Clauses; GDPR-compliant under the Google Workspace Data Processing Terms

Each processor handles your data under strict confidentiality and data-protection agreements consistent with EU standards.

For more information, please see:


7. International transfers

Where data is transferred outside the European Economic Area (EEA), we ensure it is protected under one of the following safeguards:

  • An adequacy decision by the European Commission (e.g. EU–US Data Privacy Framework); or

  • Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Data retention

We retain your personal data only as long as necessary for the purposes stated above or as required by law.

Typically:

  • Financial records: 7 years (Dutch tax law)
  • Course and consultancy records: up to 3 years after completion
  • Contact and newsletter information: until you unsubscribe or request deletion
  • Data submitted through Google Forms is retained only as long as necessary to manage course participation or feedback and is then securely deleted.

9. Automated decision-making

We do not use automated decision-making or profiling that produces legal effects or significantly affects individuals.

All decisions about course access, participation, or communication are made with human oversight.


10. Your rights

You have the right to:

  • Access, correct, or delete your personal data
  • Restrict or object to certain processing
  • Request data portability
  • Withdraw consent (where applicable)

To exercise these rights, please use our contact form
We will respond within 30 days in accordance with GDPR Article 12.

You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) if you believe your data has been mishandled.


11. Data security

We implement appropriate technical and organisational measures to protect personal data against loss, misuse, or unauthorised access.
This includes encrypted payment processing via Stripe, secure HTTPS hosting via Odoo, and restricted access to personal information.


12. Cookies

This website uses functional cookies to enable secure login and essential features.

Analytical cookies may also be used to understand website usage in aggregated form.

We use a cookie consent banner that allows visitors to set their preferences when first visiting the site.

Functional cookies are always active because they are necessary for website operation.

Analytical cookies are placed only with consent and are anonymised wherever possible.

You can adjust your browser settings to decline cookies if you prefer; doing so will not affect your access to paid content or course materials.


13. Updates to this policy

We may update this Privacy Policy from time to time to reflect operational or legal changes.

The latest version will always be available on our website with an updated effective date.


14. Contact

For any questions, requests, or concerns regarding our services, data protection, or policies, please contact us via our contact form at https://rpct.odoo.com/contactus.

Messages sent through this form are delivered directly to the data controller at Resilient Path Consulting & Training (KvK 97317845).