We are strongly committed to protecting your privacy and complying with your choices. You will be in full control of all data relating to yourself. Your personal data is processed according to the highest privacy and data protection standards adopted worldwide, including, but not limited to the EU General Data Protection Regulation (GDPR) (collectively, the Data Protection Laws). We strive to make you feel safe when we collect or share your data and therefore, we want to be transparent on how we collect, use, share and store the information about you and the choices available to you as data subject.
3. Usage of personal data
We process your personal data for the following purposes:
• For relationship management and marketing: We use the information in the contractual relationships database to send you updates you on developments within our services and to cross-market our services to you. We also may use your personal data for the development, execution and analysis of market research and marketing strategies.
• To provide user support: We want to offer you the best experience possible when using our services and Website. Therefore, we are ready to handle any questions or complaints you might have. When you get in touch with us at our office, via social media, via a contact form, or in any other way, we will use your personal data in order to reply to you, answer your question, or handle your complaint.
• To process your payment: In order to use our services, you will need to enter into a (subscription) agreement for payment thereof. We will process your payment data in order to handle the payments, and for administrative purposes such as sending you invoices or refunds.
4. Legal bases for collecting your personal data
The legal basis we have in order to collect your personal data will depend on the type of data collected and the processing activity. In any case, it will be either of the following:
• We need to perform our obligations under a contract with you
• You have given us explicit consent
• It is in our legitimate business interest
• To comply with our legal obligations
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, and/or text message with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation, and you will always have the opportunity to opt-out or unsubscribe.
5. Which personal data do we collect?
We collect the following types of personal data:
• Identity Data: first name, last name, username, or similar identifier.
• Contact Data: billing address, email address and telephone numbers.
• Financial Data: bank account and payment card details.
• Transaction Data: details about payments to and from you and details of your subscription(s).
• Professional Data: details about your occupation, role, qualifications, and title.
• Usage Data: includes details of your use of our Website, such as traffic data and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access.
• Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any sensitive about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
6. How do we collect your personal data?
• Information you give us. This is information (including Identity, Contact, Financial, and Marketing and Communications Data) you consent to giving us about you by filling in forms on the Website, or by corresponding with us (for example, by email or chat). It includes information you provide when you subscribe to any of our Services, inquire regarding the Services, enter a promotion or survey, and when you report a problem our Services. If you contact us, we will keep a record of that correspondence.
• Information we receive from other sources including third parties and publicly available sources. We will receive personal data about you from various third parties as set out below:
- analytics providers such as Google (including Google Analytics and Google Ads);
- payment providers such as Stripe.
7. How do we use your personal data?
We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:
• Where you have consented before the processing.
Consent means processing your personal data where you have signified your agreement by a statement or clear opt-in to processing for a specific purpose. Consent will only be valid if it is a freely given, specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
• Where we need to perform a contract we are about to enter or have entered with you.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
• Where we need to comply with a legal or regulatory obligation.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
8. For which purpose do we collect your personal data?
Purpose/activity Type of data Lawful basis for processing
To register you as a new user
Identity, Contact, Financial
To process payments and deliver Services including managing payments and collecting money owed to us.
Identity, Contact, Financial, Transaction, Marketing and Communications
Your consent, Performance of a contract with you, Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you including notifying you of changes to the Services
Identity, Contact, Financial, Marketing and Communications
Performance of a contract with you, Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ Services), Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions)
To administer and protect our business and Website including troubleshooting, data analysis and system testing
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)
To deliver content and advertisements to you, To make recommendations to you about goods or services which may interest you, To measure and analyse the effectiveness of the advertising we serve you, To monitor trends so we can improve the Website
Identity, Contact, Content, Usage, Marketing and Communications
Consent, Necessary for our legitimate interests (to develop our products/Services and grow our business)
9. How long do we retain your personal data?
We will not retain your personal data for any longer than we need it. By law, we have to keep basic information about our clients (including Contact, Identity, Financial, and Transaction Data) for tax purposes.
In some circumstances, you can ask us to delete your data. See below for further information.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
10. Which parties have access to your personal data?
Our employees, contractors, agents and directors may have access to personal data, but only to the extent necessary to properly perform their individual tasks and under a duty of confidentiality.
We only share personal data with third parties if it is necessary to serve the applicable purpose as set out above. When a third party processes your personal data, this is only possible according to our instructions. In all cases, we will ensure that third parties with access to your personal data have implemented appropriate technical and organizational measures to maintain our intended level of privacy and security. We will conclude the necessary agreement with the data processor(s), whereby we include obligations to ensure that your personal data is only processed so that the data processor can fulfil his duty to provide services to us.
Under these conditions, the following third parties will have access to your personal data. Please click on the relevant links to review their respective privacy policies:
• Payment details are collected through Stripe.
• To communicate with you, we use Brevo, Microsoft Outlook, Microsoft Bookings, Microsoft Azure, WhatsApp, and Wix for transactional emails.
• We use Microsoft Outlook, Microsoft Teams, Microsoft Bookings, Microsoft Azure and Wix for bookings.
• We use Strato as a domain provider.
• We may professional advisors such as insurers, accountants, consultants, and legal professionals.
• Tax authorities, regulators and other authorities acting as processors or joint controllers.
• When your activity gives us any indication to do so, we may disclose information with the relevant authorities necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to safety, or violations of the Terms of Service.
• Personal data may be shared within our corporate family to provide you with relevant other services.
• We may collect, process, analyse and share aggregate or de-identified information about used with third parties for marketing, advertising, research or similar purposes.
• If we are in any negotiation with a third party which will involve the transfer of all or substantially all of our assets, we may transfer certain personal data as required.
In all other cases, your personal data will not be provided to third parties, unless required by law. We do not and will never sell your personal data.
11. International Transfers of Personal Data
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Whenever we transfer your personal data to countries outside of the European Economic Area (EEA), we will do so in accordance with the Data Protection Laws. Any party located outside of the EEA (in a country not deemed adequate) will need to be certified under the Data Privacy Framework or will have to enter into the Standard Contractual Clauses alongside any data processing agreement they enter into.
12. How do we secure your personal data?
Your personal data is stored securely at all times. We value the protection of your privacy. We have taken strong security measures to protect your data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. We further ensure that personal data is only accessible to those specific persons who are authorized based on their function.
Any payment transactions carried out by our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology. Our API’s are encrypted.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.
You are also encouraged not to submit any personal data that is not required and which you do not want to be seen, collected, or used by other users.
We have taken the necessary technical and organizational measures to prevent, identify, report and deal with data protection breaches. We will notify you and any applicable regulator when we are legally required to do so.
13. Your rights
As the owner of the personal data, you have the following rights:
• Right of access: You have the right to receive a copy of the personal information we hold about you to verify that we are lawfully processing the data (commonly known as a ‘data subject access request’).
• Right to correction: You may request any incomplete or incorrect information that we may have about you to be corrected or supplemented.
• Right to be "forgotten": If there is no good reason to keep your personal information, we will stop processing. You also have the right to ask us to delete your personal information. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Right to object to the processing of your personal data: You can submit a request not to process your personal data, either temporarily or permanently, when we rely on our legitimate interest, and you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Right to portability: You can submit a request to transfer your personal data to a person or institution designated by you. This right only applies to automated information which your initially provided consent for us to use or where we used the information to perform a contract with you.
• Right to restrict processing of your personal data: Under certain circumstances you can object to the processing of personal data altogether. This can occur in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Right to withdraw consent: You also have the right to withdraw your previously granted permission to process your personal data or to object to the processing of your personal data by us. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Every request is subject to applicable law, which means that we may have to store the personal information. We also want to remind you that you have the right to make a complaint to your national Data Protection Authority if you think we are not compliant with the applicable data protection legislation.
If you want to exercise any of your rights as set out above, you can do so here at any time:
14. How can you access your personal data?
If you want to know what personal data we have about you, you can ask us for details and a copy (if we hold personal data). This is known as a “subject access request”. All subject access requests should be made in writing and sent by email.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request without undue delay, in any case, in not more than one month of receiving it. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
We insist on not processing any personal data of children under the age of 18, unless this is explicitly consented to by a parent or legal guardian. However, as it is hard to detect whether we are doing so, we strongly encourage you to inform us if you have reason to believe we process the personal data of a minor. We will delete this personal data instantly.
17. External Links
Our Website may display links to other websites. Unless these other websites are affiliated with us, we are not responsible for the privacy policies that these other websites use, nor for their content and security. We do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. We advise you to inform yourself by reading the privacy policies on these websites.
19. Questions or comments?
We have appointed a data privacy manager. If you have any questions about this Privacy Notice, please contact them using the details set out below:
• Full name of legal entity: BlitzAdvisy B.V.
• Email address: email@example.com