How we handle security in our Joomla extensions, what to do if you find a vulnerability, and what you can expect from us in return.

Our commitment

Security is a core responsibility for us as a software publisher. Our extensions are installed on thousands of Joomla sites. We take that responsibility seriously and are committed to responding to security issues promptly and transparently.

In line with the EU Cyber Resilience Act (Regulation 2024/2847), we maintain a documented vulnerability response process, provide free security updates during the support period, and report actively exploited vulnerabilities to the Dutch NCSC when applicable.

Supported platforms

We follow a N / N-1 policy for Joomla: the current major version and the previous one receive active support. Security updates are always built against the latest supported release. Installations on end-of-life platforms cannot be actively maintained; we encourage customers on unsupported platforms to upgrade.

Report a vulnerability

If you believe you have found a security vulnerability in one of our extensions, please let us know. We ask you to report responsibly: do not publicly disclose the issue before we have had the opportunity to investigate and release a fix.

What to include in your report:

• The extension name and version number
• Joomla and PHP version of the affected installation
• A clear description of the vulnerability and its potential impact
• Step-by-step instructions to reproduce the issue
• Any proof-of-concept code or screenshots (if applicable)

Report a security vulnerability via the contact form.

Our response process

Once we receive a report, we follow a structured response process:

EU Cyber Resilience Act - conformity

All OnlineCommunityHub extensions are regular products with digital elements within the meaning of the EU Cyber Resilience Act (Regulation 2024/2847). As manufacturer, we perform a self-assessment conformity evaluation for each extension (Article 32(1) CRA).

This means we maintain a cybersecurity risk assessment, technical documentation, and a Software Bill of Materials (SBOM) for every extension we publish. Extensions are placed on the market with a CE marking and an accompanying EU Declaration of Conformity.

By purchasing, downloading or using any OnlineCommunityHub software extension, you confirm that you have read and accepted these Terms and Conditions in full. OnlineCommunityHub reserves the right to amend these Terms and Conditions at any time. The current version is always published on this page. Continued use of our extensions following any amendment constitutes acceptance of the revised terms.

OnlineCommunityHub is a trading name of J.L.R. van Lent Holding B.V., a company incorporated in the Netherlands. All legal matters are governed by Dutch law.

1. Purchasing an extension

Purchasing an extension gives you access to:

• the latest version of the extension at the time of purchase;
• all updates (feature, maintenance and security) released during the active subscription period;
• security updates as described in Section 3, including after subscription expiry;
• support via our forum for the duration of the active subscription.

Payment can be completed via Mollie (supporting iDEAL, credit card, Bancontact, bank transfer and other methods), PayPal, or Stripe. The available payment methods are shown at checkout. Subscriptions are activated after payment has been received and confirmed.

A purchase is linked to the customer account that completed the purchase, not to a specific website or server. Services are provided to the account holder, not to any third party who may later gain access to a website on which the extension is installed.

Although downloads are not limited in number, a purchase may not be shared. Sharing download keys or using methods that enable multiple simultaneous unauthorized downloads is strictly prohibited and may result in immediate termination of access.

2. Subscription, updates and support period

Our extensions are offered on a subscription basis. The subscription period is typically one year, as shown on the product page.

We distinguish between three types of updates:

After your subscription expires, you may continue to use the version of the extension you last downloaded, on any number of websites, without restriction. You will no longer receive maintenance or feature updates, or support, until you renew your subscription.

The support period, during which security updates are provided, is separate from the subscription period and is defined in Section 3.

3. Security updates and EU Cyber Resilience Act

Security update policy

Security updates are always made available free of charge to all license holders within the support period, regardless of whether the subscription is active or expired. When a security release is published, all eligible license holders receive:

• an email notification on the day of release;
• temporary download access for 30 days, activated automatically for all license holders including those with an expired subscription.

Support period

The support period for security updates is a minimum of five (5) years from the date of first purchase, or until the end of the support period published on the product page at the time of purchase, whichever is later.

The support end date is displayed on the product page and in your account. We communicate the support end date at the time of purchase.

Platform dependency

Security updates are built for supported platforms only (see Section 5). An extension cannot be kept secure when running on a platform, Joomla or PHP, that has itself reached end of life and no longer receives security updates from its respective maintainer. Installations on end-of-life platforms fall outside the security support period.

When a supported platform approaches end of life, we notify affected customers by email and advise them to upgrade.

Security vulnerabilities

To report a security vulnerability in one of our extensions, please use the form on our Security & vulnerability disclosure page or email security@onlinecommunityhub.nl. We operate a coordinated disclosure policy and commit to acknowledging reports within 48 hours.

4. Download keys and server authorization

Each subscription is associated with a unique download key. This key is used by Joomla's built-in update mechanism to authenticate download requests and verify that your subscription is active.

Server authorization (2FA)

To prevent unauthorized use of download keys, we operate a server authorization system. When a server or environment makes a download request using your download key for the first time, you will receive an email notification. You must approve the request in your account before the download proceeds.

Within your account under My Account > My Devices you can at any time view, add, edit or remove authorized servers associated with your download key.

IP addresses of servers making download requests are stored as described in our Privacy Policy. Approved servers remain stored until you remove them or your account is closed. Denied or pending requests are retained to prevent repeated notification emails.

5. Joomla! and PHP compatibility

We maintain a N / N-1 support policy for Joomla: we actively support the current major version (N) and the previous major version (N-1). Feature updates, maintenance updates and security updates are built for supported Joomla and PHP versions only.

The currently supported versions are published on each product page and on our Security & vulnerability disclosure page. The table below reflects the current policy:

We cannot guarantee compatibility with all third-party Joomla extensions. Our extensions are built to Joomla! Coding Standards and do not require the Joomla Backward Compatibility plugin.

When a Joomla or PHP version reaches end of life, we notify affected customers and update the compatibility tables on our website.

6. Pricing and VAT

All prices are shown excluding VAT. VAT at the applicable rate (currently 21% for Netherlands residents) is added at checkout where applicable.

VAT is not charged to EU residents outside the Netherlands who provide a valid VIES-registered VAT number, in accordance with European Directive 2008/8/EU and applicable national implementations.

If incorrect information is provided at the time of purchase, for example: a VAT number that cannot be verified, resulting in VAT not being charged when it should have been, we reserve the right to issue a corrective invoice for the outstanding VAT amount. An administration fee of €1.21 may be added to cover transfer costs. The subscription period will be adjusted until the corrective invoice is settled.

We reserve the right to change prices at any time without prior notice. The price applicable to your purchase is the price shown at the time your order is confirmed.

7. Software license: GNU/GPL v2

All OnlineCommunityHub software extensions are licensed under the GNU General Public License v2.0. The full license text is available at https://www.gnu.org/licenses/old-licenses/gpl-2.0.html.

You are authorized to modify the extensions for your own purposes. Any redistribution, of the original or a modified version, must be made in accordance with the terms of the GNU GPL v2. You must not remove or alter the copyright notices in the source code files.

After your subscription expires, you retain the right to continue using the version of the extension you last downloaded, without restriction, in accordance with the GPL license.

8. Additional terms, trademarks (Section 2 GNU/GPL v2)

"OnlineCommunityHub" and all non-generic extension names are trademarks of OnlineCommunityHub (J.L.R. van Lent Holding B.V.). The GPL license does not grant any trademark rights. All rights, title and interest in our trademarks remain entirely with OnlineCommunityHub.

Licensees are granted a limited, non-exclusive right to use the OnlineCommunityHub name and logo solely in connection with unmodified copies of the extensions, to identify their origin.

If you distribute modified copies of any extension, you must:

• replace or remove all references to "OnlineCommunityHub" and any extension name from all files, images and visual outputs (front-end and back-end);
• remove any code that initiates a connection to servers managed by OnlineCommunityHub;
• give the modified extension a new name that is not confusingly similar to the original;
• leave all copyright notices within source code files fully intact.

The name "OnlineCommunityHub" and any extension name may not be used to endorse or promote products derived from our extensions without prior written permission.

If any provision of these Terms is held to be unenforceable, it does not excuse you from the conditions of the GNU GPL license. If you cannot distribute the extension in a way that satisfies both these Terms and any other applicable obligations, you may not distribute the extension at all.

9. Support

Customers with an active subscription may request support via our public support forum. Support is provided in English. Community support (best-effort, no guaranteed response time) is available to users of free extensions or free versions of our extensions.

We reserve the right to limit or cancel support in the following situations:

• unreasonable behavior by the customer, including abusive or offensive language;
• persistent server-side issues that are outside our control or scope of responsibility;
• the customer is not cooperative in providing information necessary to investigate the issue.

Support does not cover modifications made to the extension by the customer or a third party.

10. Refund policy

We offer a 30-day money-back guarantee. If you are not satisfied with an extension for any reason, contact us within 30 days of purchase via our contact page, stating the extension name and your order number. We will process a full refund within 3 business days, excluding any transaction costs charged by the payment provider.

We welcome feedback on the reason for your return, this helps us improve our products, but providing a reason is not required to receive a refund.

11. Warranty and liability

OnlineCommunityHub software extensions are provided "as is", without warranty of any kind, either expressed or implied, including but not limited to warranties of merchantability or fitness for a particular purpose.

To the maximum extent permitted by applicable law, J.L.R. van Lent Holding B.V. shall not be liable for any direct, indirect, incidental, special, consequential or other damages arising from the use of or inability to use our software extensions, even if advised of the possibility of such damages.

We cannot guarantee compatibility with all third-party extensions or configurations. We cannot guarantee that extensions will continue to function without modification following future Joomla or PHP releases outside our stated support matrix.

12. Termination

We reserve the right to terminate your access to any or all of our extensions at any time, without prior notice, in the event of a material breach of these Terms and Conditions, including but not limited to unauthorized sharing of download keys.

We may discontinue an extension, the website or any service at any time. In the event of discontinuation of an extension during an active subscription period, we will provide a pro-rata refund for the remaining subscription period.

Termination of your subscription does not affect your right to continue using the version of the extension you last downloaded under the GPL license.

13. Copyright and ownership

All OnlineCommunityHub software extensions are and remain the intellectual property of J.L.R. van Lent Holding B.V., except where ownership clearly lies with third parties (such as included open-source libraries). The customer does not acquire any ownership rights to the extensions by purchasing a subscription.

OnlineCommunityHub respects the intellectual property rights of others. If you believe that content on our website or within our extensions infringes your copyright, please contact us via the contact form.

14. Acceptable use

Our extensions may not be used on websites that contain or facilitate:

• adult or sexually explicit content;
• illegal gambling;
• illegal content of any kind under applicable law;
• harassment, hate speech or content that incites violence.

We reserve the right to terminate access without refund if we become aware of use in violation of this section.

15. Governing law and jurisdiction

These Terms and Conditions are governed by the laws of the Netherlands. Any disputes arising from or in connection with these Terms and Conditions shall be submitted to the exclusive jurisdiction of the competent court in the Netherlands.
OnlineCommunityHub is a trading name of J.L.R. van Lent Holding B.V., registered with the Dutch Chamber of Commerce (Kamer van Koophandel).

16. Changelog

• May 20th, 2026 - Version 2.0: Full revision. Updated responsible party name to reflect trading name structure (OnlineCommunityHub / J.L.R. van Lent Holding B.V.); updated payment methods (added Mollie and Stripe, removed iDEAL-only reference); introduced update type table distinguishing security, maintenance and feature updates; added Section 3 on security update obligations under the EU Cyber Resilience Act (CRA); added Section 4 on download key security and server authorisation; revised Joomla! compatibility section to reflect N/N-1 major version policy (Joomla 5 and 6); updated warranty section with CRA carve-out; added pro-rata refund provision on discontinuation; added acceptable use section; added this changelog.
• December 17, 2021: Minor updates.
• June 2, 2016: Initial version.

"Be the change you wish to see in the world" - Ghandi

In dit artikel:

• Organisatiedroom - Onze 'Why'
  • Visie en Missie
• Organisatie principes - Onze 'How'
  • Wij leven van toegevoegde waarde
  • Wij denken Plus-sum
  • Vertrouwen is onze grondhouding
• Tot slot

Organisatiedroom - Onze 'Why'

Communities zijn al zo oud als dat mensen samen moeten werken om doelen te bereiken. Ergens in de loop van de geschiedenis hebben we het community denken los gelaten en zijn we individueler gaan acteren. Wij van Onlinecommunityhub zijn ervan overtuigd dat deze manier van denken zijn langste tijd heeft gehad en dat community denken nodig is om morgen nog te kunnen 'floreren' met je bedrijf.

Wij willen met onze community daar een initiërende en faciliterende rol in spelen.

"Never doubt that a small group of thoughtful committed citizens can change the world. Indeed, it’s the only thing that ever has"- Margaret Mead

Visie en Missie

"It's all about the community..." - Wij hebben de ambitie om de grootste online 'Community Denken' community te worden met als doel om Community Denken binnen het DNA van organisaties te implementeren. Hierdoor leveren wij een positieve bijdrage aan het welzijn van mensen binnen deze organisaties en hun omgeving: een bijdrage die een (wezenlijk) verschil gaat maken in het voortbestaan van en het welzijn binnen deze organisaties

Organisatie principes - Onze 'How'

Wij leven van toegevoegde waarde

"Wij willen niet dat klanten blijven omdat ze niet weg kunnen. Wij streven er continue naar dat klanten blijven omdat ze niet weg willen" - Ruud van Lent {user avatar_mini 935}

De software die wij gebruiken is niet uniek, is vrij beschikbaar en kan door iedereen gebruikt en aangepast worden. Aangebrachte verbeteringen en aanpassingen aan de software komen weer ten goede van iedereen omdat deze vrij beschikbaar gemaakt moeten worden... Je hebt geen beperkende (gebruiks)licentie, er zijn geen gepatenteerde onderdelen etc. geïnstalleerd.
Dat betekent echter ook (en hier implementeren wij community denken in het DNA onze eigen organisatie) dat ons bestaansrecht 100% afhankelijk is van hoe wij onze relaties bedienen: geen vendor-lockin bij ons, het software platform is van jou en blijft van jou.

Wij denken Plus-sum

Wat ons nog meer onderscheidt is dat wij dus niet transactie gebaseerd zijn (u koopt, wij leveren) maar dat door met ons een relatie aan te gaan je een relatie aangaat met al onze klanten (onze community). Dat betekent dus dat wijzigingen voor klant x gedeeld worden met klant y, dat als klant z expert ervaringen opbouwt over hoe b.v. mailings te versturen, deze expert kennis gedeeld wordt met andere klanten en vice versa.
De relatie met ons aangaan is dus een echte win-win. Klant a wordt beter als hij klant b helpt om beter te worden: dat is win-win-win denken > wij noemen dat plus-sum denken.

Vertrouwen is onze grondhouding

Wij zijn transparant: in wat we doen, in hoe we het doen en in wat we aanbieden. Transparantie komt voort uit vertrouwen, openheid en een dialoog. Vertrouwen is voor ons randvoorwaardelijk: op het moment dat het vertrouwen ontbreekt gaan we energie spenderen aan de verkeerde dingen.

Tot slot

Zoals je wellicht merkt zijn wij niet een 'normaal' bedrijf maar worden wij gedreven door een manier van denken en werken waarvan wij ècht geloven dat de wereld daar beter van wordt.

Voel je dat ook, dan worden we graag uitgenodigd voor een gesprek. Voel je het niet, even goede vrienden, maar dan zijn wij waarschijnlijk op dit ogenblik niet de geschikte partij om een relatie mee aan te gaan: wij leveren dan geen toegevoegde waarde maar een transactie... en daar zijn andere bedrijven veel beter in.

1. An overview of data protection 

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, we may collect anonymous statistical data to improve our services. No third-party analytics services are currently in use.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

OnlineCommunityHub
Trading name of J.L.R. van Lent Holding B.V.
Varenmos 18
3994 KD Houten
Nederland

Telephone: +31 (0) 646220315
Email: info@onlinecommunityhub.nl

J.L.R. van Lent Holding B.V. is registered with the Dutch Chamber of Commerce (Kamer van Koophandel). The responsible party is the legal person who alone or jointly with others decides on the purposes and means of processing personal data.

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities: https://autoriteitpersoonsgegevens.nl/

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

TLS encryption

This site uses TLS encryption (Formerly known as SSL) for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If TLS encryption is activated, and you have checked that the certificate is ours, then the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, and you have checked that the certificate is ours, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use are stored pursuant to Art. 6 paragraph 1, letter f of GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

(Support) Forum

The Forum can be used to comment on blogs, start discussions, request new functionality or ask questions. Any personal information that you share on the forum that are not placed within the {confidential} tags will be availiable to the public. We will process any data you enter onto the forum only with your consent per Art. 6 (1)(a) GDPR.

We will retain the data you provide on the forum until you request its deletion or delete the data yourself, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us. This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transmitted when entering into a contract with online service

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your explicit permission to do so. Your data will not be disclosed to third parties for advertising purposes without your explicit consent.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Data transferred when signing up for services and digital content

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.

Your data will not be transmitted for any other purpose unless you have given your explicit permission to do so. Your data will not be disclosed to third parties for advertising purposes without your explicit consent.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Download key security - server authorization

To protect download keys from unauthorized use, our website operates a server authorization system. When a new server or environment makes a download request using your download key for the first time, the following data is collected:

• The IP address of the requesting server
• The date and time of the request
• The download key used

You will be notified by email that a new server has attempted to use your download key. You can then approve or deny the request via your account. Until approved, the download request will not be fulfilled.
Once approved, the IP address is stored in association with your download key and account. Within your account ("My Accounts" → "My Devices (2FA)") you can at any time:

• View all IP addresses authorized for your download key
• Add a description to identify each server
• Add additional authorized servers manually
• Remove authorized servers

This data is processed on the basis of Art. 6 (1) (b) GDPR (performance of a contract - protecting the integrity of your license) and Art. 6 (1) (f) GDPR (legitimate interest - preventing unauthorized use of download keys and protecting the rights of other license holders).
IP addresses of authorized servers are retained for as long as your account exists or until you remove them. IP addresses of denied or pending requests are retained indefinitely. This is necessary to prevent repeated authorization requests from the same server, which would otherwise result in repeated email notifications to you.

4. Analytics and advertising

Newsletter analytics

The collected usage information of the (automated) newsletters sent out by our website is tracked anonymous. We use this information to improve our newsletter (content). Usage information can not be traced back to you.

5. Newsletter

Newsletter data

If you would like to receive our newsletter, we require your name and a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. We store your IP address as technical measure to protect our service. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter or on our website will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

Unsubscribing from a newsletter that is linked to a free subscription automatically terminates that free subscription and the services linked to that subscription.

6. Plugins and tools

Social Sharing buttons

Our website makes use of Social Sharing buttons. When displaying the buttons no information will be shared with the relevant Social Media platforms. When you choose to share a page via one of the buttons, the Social Media platform’s server will be informed on which page you are visiting (the page you are sharing). It is possible that the Social Media platform will add that information to to your personal profile with that Social Media platform. This is beyond our control.

Social Sharing is used to help make our website better findable and to help you share valuable content with your followers. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Vimeo

Our website uses plugins from Vimeo, which is operated by Vimeo. The operator of the pages is Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. If you're logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account. Vimeo is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found in the data protection declaration of Vimeo under https://vimeo.com/privacy.

Prezi

Our website uses plugins from Prezi, which is operated by Prezi. The operator of the pages is Prezi Inc, Karen Tang, 450 Bryant Street, San Francisco, CA 94107, USA. If you visit one of our pages featuring a Prezi plugin, a connection to the Prezi servers is established. Here the Prezi server is informed about which of our pages you have visited. If you're logged in to your Prezi account, Prezi allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Prezi account. Prezi is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found in the data protection declaration of Prezi under https://prezi.com/privacy-policy/.

7. Third-Party Websites

There are a number of places on our website or through our services where you may click on a link to access other websites that do not operate under this Privacy Policy. For example, if you click on an advertisement or a search result on our website, you may be taken to a website that we do not control. These third-party websites may independently solicit and collect information, including personal information, from you and, in some instances, provide us with information about your activities on those websites. We recommend that you consult the privacy statements of all third-party websites you visit by clicking on the "privacy" link typically located at the bottom of the webpage you are visiting.

8. Payment service providers

Mollie

Our website accepts payments via payment processor Mollie. The payment provider is Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands.

When you select a payment method processed by Mollie (such as iDEAL, credit card, Bancontact, or bank transfer), the payment data you provide will be supplied to Mollie based on Art. 6 (1) (b) GDPR (processing for contract purposes). Mollie processes this data to execute and verify your payment.

The current list of payment methods available via Mollie is shown at checkout. We do not store your full payment details on our servers; these are handled exclusively by Mollie.

You have the option to revoke your consent at any time with future effect. This does not affect the processing of data previously collected. For more information, please refer to Mollie's privacy policy at https://www.mollie.com/en/privacy.

PayPal

Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.

If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Stripe

Our website accepts payments via Stripe. The payment provider is Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.

If you select payment via Stripe, the payment data you provide will be supplied to Stripe based on Art. 6 (1) (b) GDPR (processing for contract purposes). Stripe processes this data to execute and verify your payment and to comply with applicable legal obligations, including fraud prevention.

We do not store your full card details on our servers; these are handled exclusively by Stripe and are subject to PCI DSS compliance standards. Stripe may transfer data outside the European Economic Area. Stripe participates in the EU–US Data Privacy Framework, providing an adequate level of data protection.

You have the option to revoke your consent at any time with future effect. This does not affect the processing of data previously collected. For more information, please refer to Stripe's privacy policy at https://stripe.com/en-nl/privacy.

9. Software licenses, invoices and legal retention periods

License and subscription data

When you purchase a software extension or subscription, we collect and store the following data to manage your license and provide access to downloads and updates:

• Name and email address
• Billing address
• Subscription type, start date and expiry date
• Download keys linked to your license
• Download history
• Payment reference (not full payment details — see Section 8)

This data is processed on the basis of Art. 6 (1) (b) GDPR (performance of a contract). It is used solely to manage your subscription, verify your license entitlement, and provide you with access to software downloads and security updates.

Invoice and financial records

Invoices and associated financial records are subject to a statutory retention obligation under Dutch tax law (Wet op de omzetbelasting / Algemene wet inzake rijksbelastingen). We are required to retain these records for a period of seven (7) years from the end of the financial year in which the transaction took place. This obligation is based on Art. 6 (1) (c) GDPR (compliance with a legal obligation).

After expiry of the statutory retention period, invoice data is deleted.

Security update obligations under the EU Cyber Resilience Act

OnlineCommunityHub publishes software extensions that fall within the scope of the EU Cyber Resilience Act (Regulation 2024/2847). As manufacturer, we are required to provide security updates for our extensions for a minimum period of five years and, where applicable, to notify license holders of security-relevant releases.

For this purpose, we retain your email address and license information for the duration of the support period applicable to your extension, even if your subscription has expired. This processing is based on Art. 6 (1) (c) GDPR (compliance with a legal obligation) in conjunction with the obligations imposed by the CRA.

We will use this data exclusively to notify you of security updates. You will not receive commercial communications on this basis unless you have separately consented to our newsletter.

Further information about our security obligations and support periods can be found on our Security & vulnerability disclosure page.

10. Location of Data

Our website and database run on a Virtual Private Server (VPS) managed by Vultr. Vultr is operated by The Constant Company, LLC, 319 Clematis Street, Suite 900, West Palm Beach, FL 33401, USA.
The server is located in Amsterdam, The Netherlands, Europe. Your data is therefore stored within the European Economic Area (EEA).
Vultr is GDPR compliant through the Data Processing Agreement we have in place with them. Vultr Privacy Notice.

11. Changelog

We may periodically modify or amend this privacy statement.

When this happens we will change the date on the top of the page and keep a change log at the end of this page. We do not have the technical means to notify our clients about any changes. We recommend that you re-examine this statement periodically so that you are always updated on the way we process and protect your personal information.

• May 20th, 2026: Updated responsible party to reflect trading name structure (OnlineCommunityHub / J.L.R. van Lent Holding B.V.); revised Mollie section (removed outdated payment methods list); added Stripe as payment provider; added Section 9 on licence data retention, statutory 7-year invoice retention, and CRA security update obligations; removed Google Analytics, Google reCAPTCHA and Facebook Like box sections (no longer in use); added reference to Security & vulnerability disclosure page.
• June 6th, 2018: added Google reCAPTCHA
• June 5th, 2018: Initial version