Privacy Policy

We care about your privacy.

Exset Labs Privacy Policy

Last updated: 20.08.2020

About this document

Exset Labs B.V. (“Exset” or “us,” “our,” and similar expressions) offers technological services. When a user of our services (“you” and similar expressions) registers and applies for and uses our services, we collect, use and share your personal data in the manner described in this policy. By personal data, we mean any information about an individual from which that person can be identified, either directly or indirectly.

This policy applies to your use of:

Exset’s websites; any of Exset’s services accessible through the website.

Contents

Data controller

Exset Labs B.V.

Hullenbergweg 413

1101 CS Amsterdam

The Netherlands

Business ID number: 58598359

If you have any questions about this policy, including any requests concerning your rights as a data subject, please contact info@exset.com.

Changes

We may update this policy from time to time in response to changing legal, technical, or business developments. When we update this policy, we will strive to inform you in a manner consistent with the significance of the changes we make.

The personal data we collect about you

We may collect, use, store, and transfer the following kinds of personal data about you:

Contact Data Your contact details, such as your name, email address, and phone number.

Device Data Information about the device

Technical Data Technical information, including your internet protocol (IP) address, browser type and version, time zone settings, browser plug-in types and versions, operating system and platform, device information and the type of mobile device you use, a unique device identifier, mobile network information, your mobile operating system and the type of mobile browser you use

Usage Data

Information about your use of our website and services, including full uniform resource locators (URLs) and information on the manner and time of use of the website, such as date and time, frequency and patterns of use, and other interaction information

Communications Data

Your correspondence with our customer support and information on other communications between us, including any notifications we may send to you by email from time to time, and

Marketing Data

Information on your preferences regarding marketing carried out by us and/or our partners.

We may also collect, use, and disclose Aggregated Data for any purpose. This kind of data, such as demographic or statistical data, may be derived from your personal data, but it no longer reveals your identity and is therefore not considered personal data. While we may use your data to serve relevant adverts and other commercial communications to you and others, we will not disclose such data to our advertising partners in a form allowing for your identification.

How we collect the data

We may collect personal data from you in the following ways:

  • Information provided by you: You may give us your Contact, Device, Communications, and Marketing Data by submitting it to us through our website or by communicating with us by phone, email, or otherwise. The data may be submitted in connection with, for example, subscribing for our newsletter or support requests related to our services, or by opting to share certain information through your device settings.
  • Automated technologies: We may automatically collect Technical and Usage Data, as well as certain Communications Data, based on your use of our website and services. We may also use Usage Data to infer Profile Data about you.
  • Third parties or publicly available sources: We may receive personal data about you from the following third parties:
  • Technical Data from analytics providers (cookies) and advertising networks

How we use the data

Below we have set out the purposes for which we intend to process your personal data and the legal bases we are relying on to do that. Most commonly, we will rely on the following lawful grounds to collect, use, and disclose your personal data:

  • Contract: We need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate interests: The processing is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.

We may rely on more than one legal basis depending on the specific purpose for which we are using your data. If you need details about the grounds we are relying on on with respect to specific data or circumstances, please contact us as set out above.

Purpose

Type of data

Legal basis

Providing our services, customer support

Contact,

Device,

Technical, Usage,

Communications

(a) Contract

(b) Consent (where legally required)

Analyzing and improving the use and functionality of our website and services (including e.g., system maintenance, troubleshooting, logging, debugging, data analysis and testing) and ensuring information security

Contact,

Device,

Technical, Usage,

Communications

(a) Contract

(b) Legitimate interests (monitoring, safeguarding and improving our website and services)

Optional customization and improvement of user experience (e.g., using Device Data to streamline the registration process)

Contact,

Device,

Location,

Technical, Usage,

Communications

(a) Consent

(b) Contract

Managing our customer relationship, communicating with you and keeping records of our communications

Contact,

Communications,

Marketing

(a) Legitimate interests (managing customer relationship)

Offering and marketing relevant goods and/or services to you, delivering relevant content and advertisements, and measuring the effectiveness of the advertising

Contact, Marketing

(a) Legitimate interests (marketing our services, showing you relevant content)

(b) Consent (where legally required)

Analyzing the user base and use

patterns of our services

Technical, Usage

(a) Legitimate interests (improving and developing our services)

In addition, we may process any of your personal data identified in this policy where necessary for the establishment, exercise, or defense of legal claims. Such processing is based on our legitimate interests, in particular the protection of our legal rights, your legal rights, and those of others (e.g., other users of our services). We may also process any of your personal data where necessary for the purposes of managing risks or obtaining professional advice. The legal basis for this is our legitimate interests, in particular protecting our business against risks.

Disclosure and international transfers

Where necessary for the purposes detailed above, your personal data may be disclosed to the following categories of recipients:

  • Our group companies
  • Our service providers for email communications related to our services
  • Our service providers for the purposes of legal and other services provided to us
  • Buyers and potential buyers (and their agents and advisers) in connection with any (proposed) purchase, merger, or acquisition of any part of our business, provided that the buyer is informed that it must use your personal data only for the purposes set out in this document.
  • Competent courts, law enforcement bodies, or other authorities or third parties where we deem that disclosing your personal data is necessary to protect your vital interests or those of any other person, or for compliance with laws or regulations, or to exercise, establish or defend our legal rights, including when we enforce or apply our terms of service and/or any other agreements between you and us, investigate potential breaches or take measures to protect the rights, property or safety of Exset, our users or others.
  • Any other person – but only with your separate consent

Exset stores your personal data in secure locations and servers within the European Economic Area. Your personal data may be transferred to countries outside the European Union or the European Economic Area only where the European Commission has held that the country ensures an adequate level of protection for personal data, or where we have taken appropriate safeguards to require that your personal data remains protected in accordance with this policy, such as by implementing the European Commission’s Standard Contractual Clauses for transfers of personal data. You may contact us for more information on the safeguards in place. In individual cases, such transfers may also take place based on your separate consent or in order to provide you with a service you have specifically requested, such as when you engage in transactions with counterparties in international locations, or where otherwise allowed by applicable data protection laws.

Automated decisions

In order to optimize the services we offer, we reserve the right to make automated decisions about our customers, including using machine learning algorithms and profiling. Should we introduce automated decision-making measures that have significant effects on you, we will make sure that you will have the right to obtain human intervention, to express your point of view, and to contest such decisions. We will inform you about such circumstances separately.

Data retention

We keep your personal data only as long as we have a legitimate business need to retain it for the purposes described above, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the scope, nature, and sensitivity of the personal data we process, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and the relevant legal requirements. We will also regularly assess the data we keep, and where we deem retention unnecessary, we will either erase or anonymize the data or, if this is not possible – for example, for information stored in backup archives – we will store the data securely and block any further processing until deletion is possible.

We will usually retain personal data related to a customer relationship only for the duration of the relationship and for a reasonable period thereafter in order for us to be able to respond to inquiries or pending issues related to the relationship. However, some data may be retained for longer where we believe retention is necessary for compliance with laws, or to exercise, establish or defend our legal rights or those of our customers, affiliates, or partners.

Security

To protect your personal data, we use appropriate technical and organizational measures designed to provide a level of security appropriate to the risk of processing and to protect your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. Our personnel has been trained to observe information security in their work, and we limit access to your personal data on a strict need-to-know basis. Our employees, agents, contractors, and service providers will only process your personal data on our instructions subject to a duty of confidentiality.

Data subject rights

You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed by us, and where that is the case, access to that personal data, as well as to have any inaccurate or incomplete personal data rectified or completed. In certain circumstances, you may also have the right to request the erasure, or the restriction of processing, of your personal data or parts of it, to object to the processing (including our direct marketing), and/or to receive the data in a structured, commonly used and machine-readable format.

Please contact us for any inquiries related to exercising the above rights.

If you consider our processing activities of your personal data to be inconsistent with applicable data protection laws, you may lodge a complaint with the responsible supervisory authority. Contact information for the supervisory authority in the Netherlands can be found here: https://autoriteitpersoonsgegevens.nl/.