Privacy Statement

Privacy Company B.V.
Maanweg 174
2516 AB The Hague
info@privacycompany.nl
+31 70 820 96 90

‍

1. General explanation

Privacy statement, what is this?

A privacy statement is simply put a short explanation of how we handle your personal data and what rights you have regarding this. It is to ensure you that everything is in good hands and that if you have questions, you know how to contact us.

Alright, so what do you do with my personal data?

We collect:

personal data that you provide to us yourself, when you email us, call us, or when you enter contact information through our website;
only very limited personal data when you visit our website (we describe this in more detail below and in our cookie statement); and
personal data when you become a customer of Privacy Company.

We use personal data for the following purposes:

If you are a visitor to our website, we use your personal data:

for the (technical) maintenance and improvements of our website;
to contact you by phone or email in response to requesting a demo; or
to contact you by phone or email in response to a query via our contact form.

If you are a customer of our product Privacy Nexus, we use your personal data:

for sharing updates on Privacy Nexus and related tools;
to manage our customer base;
for regular business operations (such as sending invoices); and/or
to provide you access to, and for you to be able to use Privacy Nexus.

We do not:

process special categories of personal data;
collect information about you from other organizations; or
engage in automated decision-making or profiling.

And why are you doing all this with my personal data?

Simply because it is necessary for:

the things you want us to do;
the things we are obliged to do; or
a legitimate interest.

And how are you processing my personal data?

We adhere to the following principles when processing your personal data:

Privacy Company does not retain the data longer than necessary.
We do not provide the data to third parties in any way unless we are legally obliged to do so. For example, if the tax authorities request access to our accounts.
We do engage a number of other organizations to perform tasks for us. These organisations are processor and they process personal data on our behalf and under our supervision, for the purposes we have determined and under strict confidentiality.

What are my rights?

If Privacy Company processes personal data about you, you have the right to:

access your personal data;
modify your personal data;
delete your personal data;
correct your personal data;
object to the processing of your personal data;
data portability; and/or
withdraw your consent.

If you would like to know more details about the processing of your personal data, please read the detailed explanation below.

‍

2. Detailed explanation

Should I be reading the following detailed explanation?

Yes please. Because we really want you to know what we do with your privacy – what data we collect, how we do it (directly or indirectly), why we do it (for what purposes), based on what principles and how we handle your data.

2.1. All about the website

So, what data do you use?

If you visit our website, we collect:

cookies (please read the cookie policy for more information);
IP address, pages visited and referrer URL;
browser, plugins and operating system version and screen resolution;
approximate city and country;
marketing campaign URL parameters; and
name, e-mail address, phone number, and organization name (only if you provide it by yourself).

We do not:

process special categories of personal data;
collect information about you from other organizations; or
engage in automated decision-making or profiling.

And why are you collecting my personal data?

We process your personal data because it is necessary for one of the below purposes and it is based on a legal ground which the GDPR requires.

If you are a visitor to our website, we use your personal data:

For the (technical) maintenance and improvements of our website. As far as it concerns strictly necessary cookies, a separate consent is not required, please see the cookie statement for more information. However, this processing is based on a legitimate interest to be able to operate the website, to analyse which web pages are visited most often, and how you came to our website (via which other websites). This information allows us to analyse and improve our website in a privacy-friendly manner. We do not place or read tracking cookies through the website. Please read our cookie statement for more explanation on how we do the analysis.
To contact you by phone or email in response to requesting a demo, or in response to a query via our contact form; we will process your personal data for this purpose only based on your consent.

From where do you get all these data?

We collect the data when you visit our website or contact us by phone or email to request a demo. If we have your contact information, we will only use it to contact you. This can be through the website, through a "call me" option, a contact or download form, or if you contact us by email or phone.

Will you share these data with anyone else?

We do not share your personal data with any other organisation to allow them further processing of your personal data for their own purpose, except if we are legally obliged to do so. We do make use of processors that may only process personal data on our instructions and under our supervision, only for purposes we determine and under strict confidentiality. We actively monitor compliance with the security obligations of our processors. You can find a list of processors we use at the end of this document.

2.2. All about Privacy Nexus

So, what data do you use?

If you are a customer of Privacy Nexus, we process:

cookies (please read the cookie policy for more information);
IP address, pages visited and referrer URL;
username, hashed passwords, unique identifiers for authentication of users of Privacy Nexus;
names of users to display in Privacy Nexus;
logging submissions in Privacy Nexus (for example: at the time you submit a processing activity, a log line is generated);
email address to send out email invitations to allow others to access Privacy Nexus;
email address to send notifications from Privacy Nexus;
email address to send service updates about Privacy Nexus;
contact information (company name, contact name, contact email address, company address, company registration number) of (potential) customers for tracking and analysing sales of our products and services; and/or
contact, payment and communication data of (former) customers for regular business operations, such as sending invoices, maintaining accounting records, and storing correspondence with (former) customers on an e-mail server and in online work folders.

We do not:

process special categories of personal data;
collect information about you from other organizations; or
engage in automated decision-making or profiling.

And why do you use my personal data?

We process your personal data because it is necessary for one of the below purposes and it is based on a legal ground which the GDPR requires.

If you are a customer or wish to become a customer of Privacy Nexus, we use your personal data:

to provide the Privacy Nexus application to you and to provide you with necessary information about updates as a user of Privacy Nexus. In this way we are able to perform our part of the agreement between you and us. If you do not want to receive the service update emails (anymore), you can easily unsubscribe via a message to support@privacynexus.io or via the unsubscribe button at the bottom of each service email;
to meet legal obligations in respect to a competent authority, such as keeping financial records due to tax laws; and/or
to keep your contact information for two years after the last contact to be able to get in touch with you in the future based on our legitimate interest for possible follow-ups. This applies only if you have been our customer.

From where do you get all these data?

We do not collect information about you from other organisations, but only information which you provide to us yourself related to the purchase and/or use of Privacy Nexus.

Will you share these data with anyone else?

2.3. Applicable for the website and Privacy Nexus

How do I know that what you do with my data is safe?

We do not provide personal data to third parties, except if we are legally obliged to do so. We do use the services of a number of specialized suppliers in the field of ICT. We have concluded processing agreements with these organizations. Processors may only process personal data on our instructions and under our supervision, only for purposes we determine and under strict confidentiality. We actively monitor compliance with the security obligations of our processors. If we need to engage a processor, we strive to choose one located in the EU. If that is not possible, we will ensure that transfers outside the EU are safeguarded either by an adequacy decision or another transfer mechanism, such as standard contractual clauses.
If we work together with freelancers, temporary workers or partners who are not processors because they are under our direct authority, and it is necessary to exchange personal data, we conclude a confidentiality agreement.
Privacy Company has enabled encryption on traffic to the Web site. This renders the data traffic between you and our web server unreadable so that outsiders cannot access it.
We make sure that we secure your data appropriately in all our systems. We do this with a variety of technical measures, including physical security of access to our office, as well as organizational measures. For example, we use access control to ensure that only authorized accounts, such as administrators, have access to participant accounts.
New employees receive security awareness training in their first period of work. Privacy Company encourages its employees to report security incidents immediately, without fear of negative consequences. Our motto is: You are a hero when you report!

Will you keep my data forever?

Privacy Company retains personal data no longer than is necessary for the purpose for which it was collected. We base this consideration on the type of personal data, the product or service for which Privacy Company obtained the personal data, and what you as a data subject can reasonably expect as a retention period. If you are no longer a customer of Privacy Nexus the data of your Privacy Nexus environment will be removed after at most two months.

What rights do I have?

You have the right:

to clear information about what is done with your personal data (Article 13 and 14 GDPR);
to access to your personal data and certain information on processing activities and to receive a copy of the personal data undergoing processing (Article 15 GDPR);
to have your personal data corrected by us (Article 16 GDPR);
to have your personal data data deleted (Article 17 GDPR);
to obtain from us restriction of processing (Article 18 GDPR);
to have your personal data transferred to another party (Article 20 GDPR);
to object to data processing (Article 21 GDPR);
to active human involvement in automated decisions affecting you (Article 22 GDPR), however we do not use automated decision-making; and
to withdraw your consent at any time (Article 7 (3) GDPR).

If you would like to exercise any of your rights, please contact us via the contact information at the bottom of this privacy statement.

You have also the right to lodge a complaint with the Dutch Data Protection Authority via https://autoriteitpersoonsgegevens.nl.

Is this statement ever going to change?

Privacy Company may change this privacy statement. Changes will be published on our website. Please review this statement regularly to be aware of the latest changes. If Privacy Company wants to substantially change the purposes of processing, and the processing is based on your consent, Privacy Company will again ask for consent for those new purposes.

What can I do if I have questions or good ideas?

Please contact us via:

Privacy Company B.V.
Maanweg 174
2516 AB The Hague
The Netherlands

info@privacycompany.nl
‍+31 70 820 96 90

‍

Processor overview

The following parties process personal data on our behalf when delivering our website and Privacy Nexus to you.

Processor: Webflow, Inc.

Used for: Hosting our website
Type of data: IP address and request information
Applies to: Website

Processor: Weglot SAS

Used for: Translation of Privacy Nexus website
Type of data: IP address and request information
Applies to: Website

Processor: InnoCraft Ltd. (Matomo)

Used for: Analytics of our website
Type of data: Website visitor data
Applies to: Website

Processor: MailerLite Limited

Used for: Service updates to customers
Type of data: E-mail addresses of Privacy Nexus users
Applies to: Privacy Nexus

Processor: Microsoft Ireland Operations Limited (Microsoft 365)

Used for: Storage of our own email and documents
Type of data: Business management data
Applies to: Privacy Nexus, Website

Processor: Microsoft Ireland Operations Limited (Azure cloud hosting)

Used for: Hosting of Privacy Nexus
Type of data: Hosting data
Applies to: Privacy Nexus

Processor: ActiveCampaign, LLC (Postmark)

Used for: Handles emails from Privacy Nexus
Type of data: E-mail addresses and names of Privacy Nexus users
Applies to: Privacy Nexus

Processor: HelpDocs Ltd

Used for: Hosting of knowledge base
Type of data: IP address and request information
Applies to: Privacy Nexus

Processor: Teamleader

Used for: Customer relationship management
Type of data: Contact details
Applies to: Privacy Nexus

Processor: Exact

Used for: Financial administration
Type of data: Contact details
Applies to: Privacy Nexus

‍

Changelog

Privacy Statement Privacy Company B.V.
Version: 26 March 2024

2024-04-04: Removed Tilaa from the list of processors

2024-03-26: Full rewrite of our privacy statement and start of this changelog. You can find the previous version here.