privacy policy
last updated · 29 may 2026
MOOV Rotterdam is a student-run moving and storage service in Rotterdam. We take your data seriously and only collect what we need to move your stuff and run the referral deal.
This policy explains what we collect, why, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Dutch Algemene Verordening Gegevensbescherming (AVG).
who is responsible
MOOV Rotterdam is the data controller for the personal data described here. You can reach us at bookings@moovrotterdam.nl for any privacy question or request.
what we collect
| Data | When | Why |
|---|---|---|
| Name, email, password | When you create an account | To run your account and contact you about your move. Your password is stored and hashed by Firebase Authentication — we never see it. |
| Move details — building, box count, big items, move date, tier & price, referral credit | When you book | To plan and price your move. |
| Referral code & who referred you | Sign-up & booking | To apply the €10 referral credit to both people. |
| Email address only | If you submit the "secure my spot" form on the homepage | To add you to our early-access list (optional, consent-based). |
| Technical data — IP address, basic security/usage logs | Automatically when you visit | Generated by our hosting and security providers to keep the service running and prevent abuse. |
We do not collect payment card details on the website — you pay the operator on move day.
our legal basis
- Running your account & move — performance of our contract with you (GDPR Art. 6(1)(b)).
- The early-access email list — your consent (Art. 6(1)(a)); you can withdraw it any time by emailing us.
- Security, fraud prevention & record-keeping — our legitimate interest, and where applicable our legal obligations such as tax records (Art. 6(1)(f) and 6(1)(c)).
who we share it with
We never sell your data. We use a small set of trusted providers ("processors") to run the service:
- Google Firebase (Authentication, Firestore database, hosting) — stores your account and booking data. Provided by Google Ireland Ltd / Google LLC.
- Formspree — delivers homepage email-list submissions to us (US-based).
- Behold — powers the live Instagram feed on our homepage. This only loads if you click "load instagram feed" — nothing is sent to Behold or Instagram before then.
Some of these providers are based in the United States. Where data leaves the EU, the transfer is covered by Standard Contractual Clauses and/or the EU–US Data Privacy Framework.
cookies & local storage
We keep things minimal. Firebase Authentication uses your browser's local storage to keep you logged in — this is strictly necessary for the account to work. We use no advertising or analytics cookies. The Instagram feed may set its own cookies, but only after you click to load it.
how long we keep it
We keep your account and booking data while you have an account and for as long as we need it for our records and legal obligations (e.g. tax records for paid moves). The early-access email is kept until you ask us to remove it. When data is no longer needed, we delete it.
your rights
Under the GDPR you have the right to access, correct, delete, restrict, or export your data, to object to certain processing, and to withdraw consent at any time. To exercise any of these, email bookings@moovrotterdam.nl and we'll handle it.
You also have the right to lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens.
children
MOOV is intended for university students. It is not directed at children under 16, and we do not knowingly collect their data.
changes to this policy
If we change how we handle your data, we'll update this page and the date at the top. Material changes affecting your account will be communicated by email.