Privacystatement re: Digibeetle’s Website and App

version 1.1, 26 February 2024 (previous version, compare)

Summarized information about pre-registration

  • If you have pre-registered yourself to gain access to the Digibeetle App (after our approval), we will only use your email address.
  • Your email address will be used to informed you that you are eligible to access the Digibeetle App as a trial user.
  • Once you have logged-in to the Digibeetle App for the first time, your status will be updated to trial user and your trial starts. The provisions of this privacystatement will then apply to your situation.
  • If you do not log-in to access the Digibeetle App, despite our email reminders, then your email address will be automatically deleted after one year of Digibeetle’s launch, unless you log-in prior to that moment.
  • In any case: you can always opt-out from our mailings as a pre-registered user. Your email address will then deleted from the pre-registration mailing list directly after your opt-out.

Our identity and contact details

Who is the controller Digibeetle?

  • We are “Digibeetle”, a company established as a general partnership under Dutch law with its principal place of business in Amsterdam, The Netherlands (Poortland 66, 1046 BD) and registered with the Dutch Chamber of Commerce under no. 90142306;
  • We are the creators of the Digibeetle App (available at https://app.digibeetle.eu) as well as our Digibeetle Website (available at https://www.digibeetle.eu). We act as the controller regarding the processing of your personal data when you visit or use either the Digibeetle App or Website.
  • This privacy statement governs our processing activities related to your data, regarding the use of the Digibeetle App and Website.
  • You can contact us for questions about this privacy statement or if you want to enact your rights, by sending an email to: joost@digibeetle.eu

Processing purposes and legal basis

Why do we use your data?

  • The data we process are collected from you. These data are: (a) login credentials (your email address + password), (b) billing information (your first and last name, your organisation’s name where applicable, billing address, postal code, city and country), (c) the IP-address of the computer you use to access either the Digibeetle App or Website.
  1. Your login credentials are used to ensure access to the Digibeetle App in a secure manner. Your email address will be used as part of our newsletter. For more info about this, please go to “Newsletter”.
  2. Your billing information is used to send you an invoice if you are a customer (in other words: a paying user). 
  3. Your IP-address is used for security purposes. It helps us to detect and retrace malicious access to the Digibeetle App. For instance, it enables us to detect attacks on our Website and App and helps us to verify whether or not login credentials are illegally shared with others.

Legal basis: our contract and legitimate interests

  • The login credentials and billing information (points a and b) are necessary to provide our service, the Digibeetle App, to you. Without these data, it is impossible to do this. This processing is thus necessary to enter into a contract with us based on our Terms and Conditions. Regarding the use of your email address in the context of mailings, please go to “Newsletter” for more information.
  • Professional information about you and your organisation (e.g. organisation size and country, your profession). This information is needed to send you a quotation for our services, and/or to provide you the most relevant overview of cases and documents in the overview (‘dashboard’). For instance, a dashboard specifically for DPO’s who work in finance. Therefore, this information is needed to provide you with our service and/or to enter into an agreement with you or your organisation based on our quotation.
  • The IP-address (point c) is used, based on our legitimate interests. Let us explain:
  1. We pursue legitimate interests, namely the security and continued proper functioning of our Website and App including the improvement of the Website and App,
  2. It is necessary to process IP-addresses because we need to identify the computer accessing our Website and App with sufficient precision in order to be able to effectively and quickly detect and trace malicious use of our Website and App – this cannot be done based on other data such as your name;
  3. Your (data protection) rights and interests do not take precedence, because the proper functioning of our Website and App safeguards the integrity of your account and computer as well as those of other users. If we don’t do this, everyone’s access to the Website and App will be at stake and the risks for unlawful data breaches increase. In addition, you benefit from these processing activities because it ensures a continuous and seamless use of the Website and App.
  • The IP-address is also used to periodically verify login credentials sharing, in breach of our Terms and Conditions. This check is part of our contract, in which you agreed to refrain from sharing login credentials with others.
  • We do not use personal data for analytical (statistical) purposes, thanks to our Matomo configuration. You can provide us – either because of a quotation request and/or on a voluntary basis – information about yourself. For instance, information about your profession or sector. Such data may then be aggregated, which allows us to gain insight in our user base. Those data could also be used to send mailings — tailor-made to certain segments (e.g. lawyers working in finance) — to you (if you are part of the target audience) in order to keep you updated on Digibeetle related matters. Such as case-law updates within the field of finance, or mailings specifically meant for DPO’s.

No automated decision-making

We do not perform automated decision-making, including profiling, as referred to in Article 22(1) GDPR and 22(4) GDPR

Recipients of your data

  • Recipients of your data are companies who act as our processors:
  1. Asana, Inc.: Asana is a U.S. based ISO 27001/27017/27018 and 27701 certified company which allows us to organize our work. For example, to articulate tasks which can be assigned to each other. This is relevant when we name an individual user as part of a support task, which occasionally happens. Asana is committed to privacy and data protection (learn more).
  2. Combell NV: Combell is a Belgian company which hosts the Digibeetle Website and App, including your data consisting of your login credentials, billing information and IP address. Combell NV is ISO 9001 and 27001 certified and has a good track-record if it comes to data security (learn more).
  3. Moneybird B.V.: Moneybird is a Dutch ISO 27001 certified company that handles our financial administration. Moneybird receives the billing information you provided to us. Moneybird also handles invoicing and payments, in cooperation with the Dutch payment processing company Adyen NV (learn more about Adyen’s privacy policy). 
  4. Aut O’Mattic A8C Ireland Ltd. (“Mailpoet”): Mailpoet is an Irish based company which delivers the frequent email updates to you as a customer. Such as service messages and updates about new case-law or supervisory authorities documents. It takes the GDPR seriously and you can learn more about Mailpoets privacy policy on the website of its parent company called Automattic Inc., which is a participant of the Data Privacy Framework Program. Mailpoet only receives the email address you provided to us. 
  5. Laposta B.V.: Laposta is a Dutch ISO 27001 certified company which delivers the monthly newsletter containing case-law updates. Laposta is focused on the security and privacy. Laposta hosts its data in The Netherlands.
  6. Crisp IM SAS: Crisp is the French provider of our chat feature. You can learn about their privacy statement here, and their security and GDPR compliance. The Crisp core infrastructure which contains the user data is hosted in Amsterdam, The Netherlands. We configured Crisp to only process data you provide to us and, if you are logged-in, your user information (user email address, login name, first and last name if provided and user role).
  7. Slack Technologies, LLC: Slack is a U.S. based SOC and ISO certified communication tool we use to work with each other. This is relevant when we name an individual user as part of our work, which occasionally happens. You can learn about Slack’s security policy, privacy FAQ and GDPR commitment. Its parent company, Salesforce, is a participant of the of the Data Privacy Framework Program.
  8. Google Cloud EMEA Ltd.: We use Google Workspace (formerly G Suite), offered by Google Cloud EMEA in Ireland, to host our business documents and email communications. We think this is a good service, especially since Google Space successfully passed a rigorous DPIA performed by the Dutch government. In addition, the parent company Google LLC is a participant of the Data Privacy Framework Program.
  • The above-mentioned processors act on our instructions based on data processor agreements we have with them. We also activated multi-factor authentication for added protection.
  • Regarding the U.S. processors or processors with a U.S. parent company, we configured the data storage to European servers where possible. Any data transfers to the U.S. are based on the Data Privacy Framework Program. If that Program ceases to exist, we will try to find other sitable legal foundations for data transfers such as the use of Standard Contractual Clauses (SCC’s) and inform you accordingly.

Data retention

How long and why do we store your data?

  • In case you pre-registered to gain access to the Digibeetle App once it goes live (after our approval), we give you 12 (twelve) months to apply as a trial user. After that period, your email address will be automatically deleted unless you started using the Digibeetle App as a trial or paying user.
  • Your login credentials associated with your account are stored for the duration of your license or trial period, and 3 (three) months after the end of the license or trial period. The 3-month period is needed if you want to re-activate your account. After this period, the login credentials are permanently deleted. This retention period also applies to your IP-address and your personal data which can be part of a support ticket.
  • Your billing information is stored for a maximum of 7 (seven) years. This is because we have to comply with Dutch tax laws and regulations.
  • Regarding the Mailpost mailing lists, your email address used in relation with the mailings you receive, will be stored and used until you opt-out from the mailings (newsletters). You can do this by clicking unsubscribe in the email you’ve received from us. Regarding the Laposta mailing list, your email address and additional information be permanently deleted after 7 days of unsubscribing.
  • Your IP-address will be stored for 60 days as part of our security logs.
  • If you fill-in the form located at the ‘get membership‘ page, we store the information as long as this is necessary to conclude a license agreement with you. If we don’t come to an agreement, we delete the information.

Your rights

  • You have several rights based on the GDPR. Relevant are:
  1. the right to request access to and rectification (or erasure) of your personal data, or 
  2. restriction of processing concerning you as a data subject, or 
  3. to object to processing, as well as 
  4. the right to data portability regarding the data you have provided to us;
  • If you want to send us a request based on these rights, just send us an email: joost@digibeetle.eu
  • You also have a right to lodge a complaint with a supervisory authority. In The Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Newsletter

  • We use two tools to send out email messages: (1) Laposta and (2) Mailpoet.
  • Laposta is used to send the monthly newsletter about case-law and information regarding our services. Everyone can join this newsletter, including non-customers. We ask professional information about you and your organisation (e.g. organisation size, country and your profession) to gain insight in the composition of our user base, and this enables us to send us tailor-made emails about our services (e.g. to DPO’s who work at large organisations). If you don’t want this, please don’t sign-up for the newsletter. Or, if you regret signing up, unsubscribe and your information will be deleted based on our data retention policy.
  • Laposta offers privacy friendly statistics: we enabled option 2 which does not show us your individual actions with the email messages, but only aggregated information. You can opt-out from this newsletter any time you want by clicking the unsubscribe option at the end of each email message.
  • We send other types of email messages to our customers using Mailpoet:
    • If you pre-register to gain access to the Digibeetle App once it goes live (after our approval), then your email address will be automatically added to our mailing list, provided by Mailpoet. Your email address will then be used to remind you that you are eligible to access the Digibeetle App.
    • If you register as a trial or paying user of the Digibeetle App, your email address will be automatically added to our mailing list, provided by Mailpoet. Once your email address is on this mailing list, you can receive updates on Digibeetle’s new features, promotions, etc. We will also ask your opinion about our services and remind you of your trial period and cancellation rights if you are a customer.
    • Based on the Dutch Telecommunications Act, we do not ask for consent for email messages sent by Mailpoet because you are our customer or customer-to-be.
    • You cannot unsubscribe from important service messages sent by Mailpoet. For example, messages regarding scheduled maintenance, your cancellation rights or other important (technical or legal) messages related to our App such as information about a change in our privacy statement or terms and conditions.
      In other cases you can use the unsubscribe link in the footer of each email. Please note: you unsubscribe from a list. This means that you may have to unsubscribe more than once (e.g. from the welcome email list and the trial period email list).

LinkedIn

  • We are active on Linkedin and would like to let you join our community over there. We post about Digibeetle related topics, such as new case-law, documents from supervisory authorities and interesting statistics.
  • If you sign-up for the Digibeetle App or the monthly case-law newsletter, you understand that we would like to add you to our LinkedIn connections based on your professional email address if this signals your name and organisation. You can always decline the connection request or use an email address that does not reveal your real name.

Cookies or similar technologies

  • We don’t use cookies or similar technologies, other than the automatic retrieval of your IP-address (learn more about the use of your IP-address) and as means to facilitate your inlog procedure. These activities are necessary for the proper functioning of our services, and are allowed without your consent according to the Dutch Telecommunications Act.