Home » Privacy


Cobraspen Groep Privacy Statement

  1. Introduction

In this privacy statement, the Cobraspen Groep outlines how it handles personal data supplied by customers, clients, website visitors, suppliers and other concerned parties. As the parent company, Cobraspen Groep B.V. is the controller in the sense of the provisions of the General Data Protection Regulation (Algemene Verordening Gegevensbescherming, AVG).

This privacy statement may be updated from time to time. The most recent version will be published on this page and on the website https://www.cobraspen.nl.

The following websites and the associated companies are part of the Cobraspen Groep:

This privacy statement is also applicable to the website that you are currently visiting.

SugarFactory is part of the Cobraspen Groep holding, through the subsidiary SugarCity Investments. This privacy statement is therefore also applicable to all concerned parties linked to SugarFactory.

  1. Controller contact information

Cobraspen Groep B.V., Elswoutslaan 20,
 2051 AE OVERVEEN +31 (023) 526 49 49 https://www.cobraspen.nl

Mr J. Deumens is the IT Specialist and Data Protection Officer for the Cobraspen Groep B.V. If you have any questions or requests, please contact him by sending an email to privacy@cobraspen.nl.

  1. Personal data that we process

Personal data is understood to be all data offering information about an identified or identifiable natural person. Cobraspen Groep B.V. and its subsidiaries process your personal data because you use our services and/or you have supplied us with this information. For example, in the process of renting property (a residence, office space, event location or hotel room).

We process the following personal data:

  • First and last name
  • Sex
  • Address information
  • Email address
  • Company name
  • Telephone number (mobile, direct and/or office),
  • Chamber of Commerce information
  • Bank account details
  • Company website
  • Position and department
  • Date of birth
  • Days at work
  • Dietary requirements/allergies/illnesses and physical conditions (pregnancy, disability, overstress).

If you stay as a guest at one of the Cobraspen Groep hotels, we also collect the following additional data:

  • Passport number
  • Credit card number + expiry date.
  1. Objectives and fundamentals

In accordance with privacy legislation, we are required to state the purposes for which we use your data and the legal grounds for us to do so. Your data is necessary to enable us to prepare and execute contractual agreements between you and Cobraspen Groep B.V. or one of the group’s subsidiary companies. Such an agreement cannot be realised without this information. This applies to:

  1. Renting an office space
  2. Selling or letting property
  3. Renting a hotel room or apartment
  4. Hiring an event location
  5. The use of other catering facilities (restaurant)
  6. Using internet services offered by our internet service provider during an event.

We can also use your personal data if there is a justified interest for us to do so. First and foremost, this interest concerns being able to offer all of our (potential) customers, clients, suppliers and other concerned parties the best and most personal service possible. Marketing activities are also a justified interest. Your privacy is always of the highest priority. The following activities are specific examples of cases of justified interest:

  1. Reviews & customer satisfaction research
  2. A visit to (one of) the Cobraspen Groep website(s)*
  3. Newsletter and email
  4. Personalised advice
  5. Campaigns
  6. Social media
  7. Security, Wi-Fi & cameras.

*cobraspen.nl; officehotel.nl; sugarcity.com; www.sugarfactory.nl; beachhouse.nl; aquaramabeachclub.nl; htelapartments.com; forestsuites.nl.

And finally, we are sometimes legally obliged to process your data, e.g. for financial purposes. In some cases, you will have given us permission to use your data, such as when you subscribe to the newsletter. We keep meticulous records and you can unsubscribe at any time.


  1. Retention periods

We will not store or use your data for longer than is strictly required. All of your data is subsequently deleted or anonymised for use in internal analyses or reports. It is impossible to trace such anonymised data back to individuals.

What does this mean in practice? We apply certain retention periods, after which we delete your data. Specifically:


  1. We delete inactive customer accounts after 7 years. After this period, we only use your data anonymously for internal reports.
  2. The Tax Office requires us to retain our administration with your invoice, payment and ordering information for 7 years. After this period, we only use this data anonymously for internal reports. It is important that you also retain copies of invoices from your agreements.
  3. If you have subscribed to the newsletter or given permission for us to send you personalised messages, we retain this permission in order to prove that you indicated your desire to receive these messages in a certain period. If you decide that you no longer wish to receive the newsletter or personalised messages, we also retain the withdrawal of your permission.
  4. We retain emails and contact requests for a maximum of 2 years, unless you request that they are deleted at an earlier time.
  5. We store CCTV recordings made of our buildings for a maximum of 4 weeks, unless we detect suspicious activity requiring further investigation or if the recordings need to be stored for longer in connection with an incident.
  6. The above stipulations do not alter the fact that we are at liberty to store data for a longer period of time in the case that this data is required for handling potential (legal) disputes.


  1. Sharing personal data with third parties

We only share your data with third parties if this is strictly necessary for the services we offer. Such third parties are: suppliers, payment partners, IT service providers and parties that collect our reviews. Parties such as data management platforms, media and advertisement agencies and research agencies become involved when we want to offer you personalised advice or display targeted advertisements, e.g. tailored to your interest in certain products/services. In cases of suspicious circumstances, we are obliged to share customer data with the relevant authorities.

The parties that we grant access to your data are only permitted to use this information in order to supply you with a service on behalf of Cobraspen Groep B.V. or one or more of its subsidiaries, unless they are individually responsible for obtaining and protecting your data. Some cookie developers have access to the information collected by cookies on our website. More information on this subject is available in our cookie statement and in the privacy policies of these parties. We will never sell your data to third parties.

  1. Cookies and comparable technologies

Cookies are small text files that are saved in the browser of the user’s computer, tablet or smartphone when they visit a website for the first time. The SugarFactory website (and the other Cobraspen Groep websites as stated in article 1) uses functional and analytical cookies. When you first visited one of our websites, we informed you about these cookies and asked for your permission for these cookies to be placed.

Functional cookies:

So-called functional cookies are used to help us provide services or to save your preferences.

For example, for:

  • Remembering the preferences you indicated during your visit to the website;
  • Saving and forwarding information you entered into a contact form on various pages of the website, so that you do not have to repeatedly enter the same details when you next visit the website;
  • Saving your preferences;
  • Helping us detect misuse of our websites.

The basis for placing these cookies is: justified interest.

Analytical cookies:

These cookies are used to analyse your visit to our websites. We analyse, for example, how many people visit our websites, how long they spend on the websites, the order in which they visit pages and whether we need to adjust website pages. We use the results to help make our websites more user-friendly. These cookies are also used to solve potential technical problems on the websites.

The basis for placing these cookies is: justified interest.


Tracking cookies:

We will only use tracking cookies for commercial purposes if you have given your permission in advance. These cookies, often placed by third parties, help us to make you personalised offers. The collected information is shared with third parties, and they can use tracking cookies to track your internet behaviour.

The basis for placing these cookies is: justified interest.

Adjust cookie settings

You can change your cookie settings in your browser at any time.

Current cookies

Some cookies (so-called third-party cookies) are placed by third parties with the consent of Cobraspen Groep in order to draw your attention to certain products or services, or to offer you direct access to social media and other services: Twitter, LinkedIn, Facebook, Hotjar, LiveChat, Google Maps, and Google AdWords.

For information on the cookies placed by these external parties, the information that the cookies collect and the purpose of collecting the information, please refer to the privacy statements of the party in question (available on their website). These statements can be frequently revised and Cobraspen Groep B.V. has no influence whatsoever over such revisions.

To measure the business use of our website, we use the Leadinfo service from Rotterdam. This service shows us company names and addresses based on the IP addresses of our visitors. The IP address is not stored.

Most internet browsers allow you to block cookies, in which case the cookies will no longer be saved. You can also delete all cookies and previously collected information from your computer. Check your browser settings for more information.

For more information about managing cookies, see:

  1. Viewing, amending or deleting data

You have the right to view your personal data and to request that we amend or delete this data. We will take the necessary action if the associated legal requirements are satisfied and no exceptions apply upon which grounds we are required to store the data. You also have the right to retract your permission for the data to be processed and (in certain circumstances) to object to your personal data being processed by the Cobraspen Groep. You also have the right to temporarily restrict the processing of your data and to data transferability. This means that you can submit a request to us for us to send you all personal data we have stored about you in a computer file, insofar as this is within the constraints of the available technology and does not violate the privacy of others.

If you would like to view your data, to have us amend or delete data, transfer your personal data, withdraw permission for the use of your data or lodge an objection against the processing of your personal data, please send an email to privacy@cobraspen.nl.

In order to ensure that the request was submitted by you, we may ask you to submit proof of your identity. We will respond to your request as soon as possible, in any case within one month. In the case of a highly complicated request, we may extend this period by two months (if so, we will inform you of this within one month).

  1. Complaint procedures

If you have a complaint regarding compliance with this privacy statement or regarding a violation of your legal rights, please contact the Cobraspen Groep Data Protection Officer (Mr J. Deumens) by sending an email to privacy@cobraspen.nl.

You can also submit a complaint to the national supervisory body, the Dutch Data Protection Authority. Complaints can be submitted using the following page (in Dutch): https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/privacyrechten/klacht-indienen-bij-de-ap.

  1. Personal data security
    The Cobraspen Groep will always do its utmost to protect your data and takes appropriate technical, physical and organisational measures to avoid misuse or loss of data, as well as unauthorised access, unwanted publication or unlawful adjustments. These measures include the IT Security Policy, staff training and using secure connections and storage.

If you are concerned that your data is not sufficiently protected or have indications that your data is being misused, please contact us by sending an email to privacy@cobraspen.nl.

Overveen, November 2018



Organise your own event

Our site is the perfect venue for your event. Feel free to contact us for ideas and suggestions.

contact us