Scope across the three Diatom variants
| Variant | Public description | Policy / terms coverage |
| Diatom Group B.V. | Group / umbrella entity for the Diatom business and website. | General website use, group communications, brand, marketing, enquiries, governance, group-wide commercial activity. |
| Diatom Consultancy B.V. | Marine biodiversity consultancy providing assessments, strategies, monitoring design, reporting, EIA/ESIA, CSRD/IFC-related support, Diatom Sound and Diatom Imaging services. | Consultancy enquiries, proposals, client engagements, field/project records, professional deliverables, client collaboration, partner/subcontractor coordination. |
| Diatom Blue Tech B.V. | Deep-tech marine biodiversity venture developing AI-powered MRV technology and related platform capabilities. | Platform/app access, accounts, AI/MRV workflows, uploads, ecological data, analytics, product feedback, pilot users, technical support and usage data. |
1. Who we are
This Privacy Policy explains how Diatom collects, uses, stores and shares personal data when you visit https://www.diatom.blue/; contact us; engage with Diatom Group B.V.; enquire about or receive services from Diatom Consultancy B.V.; or use, test or access technology, applications, prototypes, platforms or MRV tools provided by Diatom Blue Tech B.V.
In this policy, "Diatom", "we", "us" and "our" means the relevant Diatom entity responsible for the activity: Diatom Group B.V., Diatom Consultancy B.V. or Diatom Blue Tech B.V. The controller for a specific interaction will usually be the Diatom entity that operates the website, receives your enquiry, enters into the contract with you, or provides the relevant service or platform.
Controller details: DIATOM HOLDING B.V, Dutch Chamber of Commerce under number 90197763, having its registered office at Van Slingelandtstraat 24B, 2582 XR, The Hague
Privacy contact: alexandre@diatom.blue.
2. When this policy applies
This policy applies to personal data processed in connection with:
- the diatom.blue website and contact forms;
- business development, marketing, events, newsletters and direct communications;
- consultancy proposals, client projects, due diligence, assessments, monitoring, reporting and fieldwork;
- Diatom Sound, Diatom Imaging and other specialist marine biodiversity services;
- Diatom Blue Tech products, pilots, prototypes, user accounts, technical support, AI-enabled MRV tools and analytics platforms;
- supplier, partner, subcontractor, investor and professional adviser relationships; and
- recruitment or team enquiries submitted through the website or by email.
This policy does not replace a separate client agreement, data processing agreement, employee notice, recruitment notice or project-specific privacy notice where one applies. If there is a conflict, the more specific notice or signed agreement will apply for that processing activity.
3. Personal data we may collect
The personal data we collect depends on your relationship with Diatom.
| Category | Examples |
| Identity and contact data | Name, job title, employer, organisation, email address, phone number, country, LinkedIn or professional profile details where you provide them. |
| Business and relationship data | Enquiries, meeting notes, proposal details, procurement data, contract records, project role, client or partner status, event attendance and communication history. |
| Website and device data | IP address, browser, device type, pages visited, referring pages, approximate location, cookie identifiers, analytics data and site interaction data. |
| Account and platform data | Login details, user role, access permissions, organisation workspace, platform usage logs, audit logs, support tickets, preferences and security events. |
| Project and fieldwork data | Project contacts, stakeholder lists, site access records, field team records, annotations, images, video, acoustic data, sensor metadata, geospatial references and project notes, where these identify or can reasonably identify a person. |
| Client content and uploaded data | Files, datasets, reports, documents, images, comments and other content uploaded to Diatom systems or shared with Diatom for a project. |
| Financial and transaction data | Billing details, purchase orders, invoices, payment status and tax records. Diatom does not intend to store full card details; payment providers may process those separately. |
| Recruitment data | CV, work history, qualifications, portfolio, references, right-to-work information and interview notes, where submitted for a role or collaboration. |
| Marketing preferences | Your consent choices, newsletter preferences, event interests and unsubscribe records. |
Special category data. Diatom does not intentionally collect special category personal data through the website. Some consultancy or fieldwork contexts may incidentally involve sensitive information about individuals or communities, for example where stakeholder engagement, social performance, FPIC, safeguarding or access arrangements are part of a project. Where this occurs, Diatom will only process such data where a valid legal basis and Article 9 condition applies, and where appropriate safeguards are in place.
4. How we collect personal data
Directly from you: when you complete forms, email us, join meetings, create an account, upload content, request support or submit information for a project.
From your organisation: where your employer, client, project sponsor, partner or supplier provides your details for business or project purposes.
Automatically: through cookies, analytics, server logs, security tools and platform telemetry when you use our website or systems.
From third parties: such as partners, subcontractors, public professional profiles, conference organisers, CRM enrichment tools, procurement platforms, project data providers or publicly available registers.
From project sources: including surveys, monitoring programmes, geospatial data, fieldwork records, sensors, imagery, soundscape data, eDNA-related workflow metadata and research/project documentation, where these contain personal data.
5. Why we use personal data and our lawful bases
| Purpose | Examples | Likely lawful basis under GDPR |
| Respond to enquiries and manage relationships | Contact forms, emails, meetings, proposals, CRM records. | Legitimate interests; steps before contract; contract. |
| Provide consultancy services | EIA/ESIA support, monitoring design, MRV plans, CSRD/IFC-related deliverables, Diatom Sound and Diatom Imaging services. | Contract; legitimate interests; legal obligations where applicable. |
| Operate Diatom Blue Tech platforms | Accounts, authentication, user permissions, uploads, dashboards, workflows, support and audit logs. | Contract; legitimate interests; legal obligations. |
| Develop and improve services and technology | Product feedback, quality assurance, bug fixing, research and development, de-identified analytics, AI model evaluation where appropriate. | Legitimate interests; consent where required; contract where relevant. |
| Use AI-enabled features | Automated classification, image or acoustic analysis, MRV workflow support, pattern detection and report assistance. | Contract; legitimate interests; consent where required for specific data types. |
| Marketing and communications | Newsletters, events, updates, thought leadership, direct B2B communications. | Consent where required; legitimate interests for relevant B2B outreach; soft opt-in where applicable. |
| Security and fraud prevention | Access logs, abuse detection, incident response, account protection. | Legitimate interests; legal obligations. |
| Comply with law and enforce rights | Tax, accounting, regulatory compliance, dispute management, legal claims. | Legal obligation; legitimate interests; legal claims. |
| Manage suppliers, partners and recruitment | Supplier onboarding, subcontractor coordination, candidates, professional advisers. | Contract; steps before contract; legitimate interests; legal obligations. |
Diatom will not use personal data for solely automated decisions that produce legal or similarly significant effects on individuals unless this is permitted by law and appropriate safeguards are provided.
6. Cookies, analytics and similar technologies
Diatom may use cookies, pixels, local storage, analytics tags and similar technologies to operate the website, remember preferences, measure usage, improve content, protect security and support marketing. Non-essential cookies should only be used where permitted by law, usually after consent from visitors in the European Economic Area or United Kingdom.
Before publication, Diatom should complete a cookie table listing: cookie name, provider, purpose, type, duration, whether it is first-party or third-party, and how users can withdraw consent.
7. AI, analytics and model-related processing
Diatom Blue Tech and some consultancy workflows may use AI, statistical analysis, image analysis, acoustic analysis, geospatial analysis and other computational methods to support marine biodiversity assessment, monitoring and MRV. Where these systems process personal data, Diatom will seek to minimise personal data, apply access controls, use de-identification or aggregation where practical, and avoid using client confidential data or personal data to train general-purpose models unless agreed with the client and permitted by law.
AI outputs may support scientific and operational workflows but should be subject to appropriate human review, scientific validation and client/project governance. Diatom does not intend AI outputs to be used to make decisions about individuals without human involvement and an appropriate lawful basis.
8. Sharing personal data
We may share personal data with:
- other Diatom entities where necessary for group administration, client delivery, platform operation, business development, finance, governance and support;
- hosting, cloud, analytics, security, CRM, email, payment, accounting, document management, collaboration and customer support providers;
- project partners, scientific collaborators, laboratories, subcontractors, fieldwork providers, vessel operators, sensor providers, eDNA partners, bioacoustics specialists, imaging providers, remote-sensing providers and other technical partners where needed for project delivery;
- clients, project sponsors and authorised users within your organisation or project workspace;
- professional advisers, auditors, insurers, banks and investors where reasonably necessary;
- regulators, courts, law enforcement or public authorities where required by law or to protect rights, safety and security; and
- a buyer, investor or successor in the event of a merger, acquisition, financing, restructuring or sale of all or part of Diatom, subject to appropriate confidentiality obligations.
Diatom does not sell personal data. If Diatom uses third-party AI, analytics or cloud services, Diatom should maintain a current list of subprocessors or key vendors and make it available on request or by website link.
9. International transfers
Diatom may work with clients, partners, suppliers and service providers outside the Netherlands, the European Economic Area and the United Kingdom. Where personal data is transferred internationally, Diatom will use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Agreement or Addendum, transfer impact assessments, or another lawful transfer mechanism.
10. Retention
Diatom keeps personal data only for as long as reasonably necessary for the purposes described in this policy, including to provide services, operate platforms, comply with legal obligations, resolve disputes, enforce agreements and maintain appropriate business records.
| Data type | Indicative retention approach - verify before publication |
| Website analytics | 14 months or as configured in analytics tool. |
| Enquiries and CRM records | duration of relationship plus 2-3 years, unless longer needed. |
| Client contract and financial records | 7 years or local statutory retention period. |
| Project files and deliverables | as agreed in client contract or project data management plan. |
| Platform account and audit logs | duration of account plus defined security/audit retention period. |
| Recruitment records | e.g. 6-12 months unless consent for longer talent pool retention. |
11. Security
Diatom uses reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These may include access controls, role-based permissions, authentication, encryption in transit, secure cloud infrastructure, backup practices, logging, vendor due diligence, staff confidentiality obligations and incident response processes. No system is completely secure, and Diatom cannot guarantee absolute security.
12. Your privacy rights
Subject to applicable law, you may have rights to:
- request access to your personal data;
- request correction of inaccurate or incomplete data;
- request deletion of your data;
- request restriction of processing;
- object to processing based on legitimate interests or direct marketing;
- withdraw consent where processing is based on consent;
- request data portability where applicable;
- complain to a supervisory authority.
To exercise your rights, contact alexandre@diatom.blue. We may need to verify your identity before responding. You may also complain to the Dutch Data Protection Authority, Autoriteit Persoonsgegevens, or your local supervisory authority.
13. Marketing choices
You can unsubscribe from marketing emails using the unsubscribe link in the message or by contacting us. We may still send non-marketing communications, such as service, contract, security, account or project-related messages.
14. Children
The website, consultancy services and Diatom Blue Tech platforms are intended for business and professional users. They are not directed at children. Diatom does not knowingly collect personal data from children through the website or platform without appropriate consent or lawful authority.
15. Third-party websites and services
The website and Diatom systems may contain links to third-party websites, services, tools, maps, datasets or platforms. Diatom is not responsible for the privacy practices of third parties. You should review their privacy notices before using them.
16. Changes to this Privacy Policy
We may update this policy from time to time. The effective date at the top of the page shows when it was last updated. Material changes may be notified through the website, by email, within the platform or by another appropriate method.
17. Contact
Questions about this Privacy Policy or Diatom privacy practices can be sent to:
DIATOM HOLDING B.V
Van Slingelandtstraat 24B, 2582 XR, The Hague
Email: alexandre@diatom.blue
Website: https://www.diatom.blue/
Get to know our experts through a 15 minute call
Lets discuss your goals and ambitions, and we will introduce our service offering as well as build a low commitment business relationship
