Privacy statement for Dutch freelancers — template + checklist

See our article GDPR starter kit for freelancers. Mandatory privacy-statement elements (GDPR Art. 13): (1) Name + contact of controller (your sole proprietorship + KVK + email). (2) What data you collect (per service category). (3) Purposes + basis (Art. 6) per processing. (4) Retention periods (see storage limitation). (5) Recipients (processors + third parties). (6) International transfer if US cloud tools. (7) Customer rights (8 GDPR rights + complaint route). (8) Date of last update. For freelancer specifically: (a) Mailing list for client communication (consent). (b) Accounting SaaS as processor (DPA appoint). (c) Invoices 7 years (Dutch Tax Act basis). (d) Photos in portfolio (only with consent — see portfolio rules). Publication location: website footer "Privacy" + dedicated /privacy/ page. Free starting points: AP has model texts. ICTRecht, JouwPrivacy publish free freelancer templates. Don't copy-paste: every privacy statement is unique to your processing. Generic templates = often Art. 13 violation.