Last updated: 28 February 2026
This privacy and cookie policy ("Policy") describes how SUE | Behavioural Design and SUE | Behavioural Design Academy (hereinafter: SUE) collects personal data from its clients, prospects, students, alumni, (website) visitors and other contacts. We do this to serve the above-mentioned audiences as well as possible and to achieve our objectives. In this Policy, we explain why and how we use your data.
All personal data is processed in accordance with the provisions of the GDPR (General Data Protection Regulation).
Do you have questions about this Policy? Please contact us at security@sueamsterdam.com.
We are a training institute specialising in behavioural psychology and behavioural design. This Policy applies to all personal data we process – including data we collect in collaboration with third parties (for example, at large-scale events). SUE is responsible for the processing of your data.
A small part of our data processing is required by law. This primarily concerns personal data necessary to fulfil our fiscal obligations.
In our student administration, we maintain an overview of prospects, students and alumni in order to deliver the requested services. For example, when you request a service, we use the personal data you provide to communicate with you.
In addition, we process personal data for the general purpose of entering into business agreements and fulfilling our obligations under those agreements.
We may use your personal data to improve and maintain our services and website. For example, to provide students or alumni with information, updates, schedules, practical details or additional training programmes.
We may also use personal data to prevent or detect fraud, misuse, illegal use or violations of our terms and conditions, and to comply with court orders, government requests or applicable legislation.
You can reach us through various channels: by phone, post, email, LinkedIn or Facebook. To make this possible, we process personal data.
You can subscribe to various newsletters. Some of these are personalised, others are not. If you no longer wish to receive these emails, you can unsubscribe via the opt-out link at the bottom of each email.
In order to be certified or audited, we process personal data.
SUE actively recruits new students, sponsors, partners, trainers, speakers and employees. In doing so, we process contact details and areas of interest to stay in touch. For SUE campaigns, we also process personal data such as IP address, cookie ID, social ID and/or browsing behaviour. We do this to show targeted advertisements in relevant places. We also make use of targeting and differentiation within social media platforms.
To improve our services, we also collect personal data. This includes click behaviour on our website (which articles are popular?) or open rates of newsletters and emails (which messages are valued?).
SUE only processes personal data that can be traced to an identified or identifiable person. Personal data includes, among others:
SUE does not process personal data relating to:
Under the GDPR, you have certain rights as a data subject. We commit to handling these rights with due care.
You can always request which personal data we process about you and for what purpose.
Do you believe we hold incorrect data about you, or would you like us to update your data? Let us know and we will make the changes as soon as possible.
You can request us to delete your data at any time.
If you believe we are processing your data incorrectly or unlawfully, you can ask us to restrict the processing.
You can always object to the processing of your data. If the objection concerns marketing purposes, we will cease processing as soon as possible.
You have the right to have your data transferred to another party.
For example, for receiving emails. If you wish to withdraw other forms of consent, please let us know.
You can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). We appreciate it if you contact us first so we can work together to find a solution.
You will not be disadvantaged in any way by exercising your privacy rights. You can send your request to security@sueamsterdam.com. We ask you to indicate as clearly and precisely as possible which right you wish to exercise and on what grounds. As a rule, you will receive a response within one month of receipt. Should more time be needed, we will inform you within that same month — with a maximum extension of two months.
We do not retain your personal data longer than necessary for the purpose for which it was collected, and we do not use it for other purposes.
When we process your data on the basis of the preparation or performance of an agreement, we retain it for up to one year after completion of the last agreement.
When we process your data on the basis of a legal obligation or legitimate interest, we apply the retention periods as determined by law.
In the event of a dispute or legal claim, we process your data solely for that purpose and for the period necessary to do so.
The processing of your personal data takes place on the basis of the following legal grounds:
When we process personal data on the basis of your consent, you may withdraw that consent at any time.
We may have a legitimate interest in processing your data, for example for direct marketing, handling emergencies, legal proceedings, security surveillance, acquisition, relationship management, and recruitment and selection.
In addition, we may be legally or contractually obliged to process certain personal data. The processing may also be necessary to enter into an agreement with you. In those cases, we can only continue our relationship with you if you provide the necessary data.
We sometimes use external service providers. These include payment providers, shipping services, IT suppliers, email or messaging services and marketing companies.
These carefully selected parties may only process your data insofar as necessary to carry out their work on our behalf, and always in accordance with our instructions.
We may share your data with external parties that support us in offering our products and services, or in creating, managing and maintaining our website. We only grant these parties access to the data necessary for their specific task.
We have procedures and agreements in place to ensure that these processors and service providers handle your privacy with due care.
In some cases, we are legally required to share your data with third parties, for example in the event of a court order or government request.
In all other cases, we do not share your personal data with third parties without your explicit consent.
On our website, we use social media buttons that link to Facebook, LinkedIn, Instagram and X. You can use these buttons to view information about SUE or to share our content via your own social media.
We are not responsible for the privacy policies of Facebook, LinkedIn, Instagram and X, as we have no influence over how these social media buttons function. When you use such a button, these platforms place a 'social media cookie' that allows them to recognise you when using their services.
On the SUE websites, you may find links to websites of other organisations. SUE is not responsible for how these organisations handle personal data. For more information, please consult the privacy policy of the relevant organisation.
SUE does not process personal data in a manner that constitutes automated decision-making or profiling, as defined in the GDPR.
Our website uses analytical cookies (Google Analytics) to analyse visits to our website and improve the user experience. On your first visit, we ask for your consent via a cookie banner. You can refuse cookies or adjust your preferences at any time by changing your browser settings.
We reserve the right to amend this Policy at any time. This policy was last updated on 28 February 2026.