Privacy statement

Introduction

This privacy statement applies to the processing of personal data by Spotler Nederland B.V. (Dutch Chamber of Commerce number 55411592), hereinafter referred to as Spotler.

Spotler (hereinafter: “we”) processes personal data of its customers, prospects and partners. We do this to help our customers as best we can and to achieve our goals. In this privacy statement we explain why and how we process your personal data.

Our privacy policy relates to Spotler’s communication and services with / to (potential) customer and partner relationships.

Who are we?

Spotler develops and supplies e-mail marketing software called Spotler and helps more than 5,000 users in the Netherlands to use e-mail marketing and marketing automation. Spotler provides powerful easy-to-use software and also the practical support needed to start successfully and get more profit from these channels. We train our users and they can fall back on real-time support and a personal coach if they want help or advise. Spotler was created after the merger of the companies Blinker and MailPlus.

Which personal data do we process?

When you enter into an agreement with Spotler and / or register yourself for e-mailings and / or request information, demonstrations, test accounts, quotations, etc. via Spotler websites, we ask you to fill in personal and company details. This data can be combined with previously obtained data via other Spotler services and / or application forms and from other companies. We use cookies and other technologies to get an impression of your activities within our websites, e-mailings and services in order to offer you an optimal experience.

By personal data we mean the data that you voluntarily fill in on our website of you and / or your organization. This includes all public information available on the internet.

We process the following data from visitors to our website:

• Name, address, place of residence
• Phone number
• E-mail address, opt-in for e-mailings
• Gender
• Company, Job title
• Contact history
• Interests
• Surfing behavior
• IP address, social ID, cookie ID
• Public data obtained from the internet and social profiles
• If you receive e-mails from us, we will register your interactions (open and click behavior)

Zapier

Spotler uses Zapier to connect certain apps or services with Spotler. We connect Google Ads Lead Forms, Facebook Lead Ads and LinkedIn Lead Gen Forms with Spotler via Zapier. The data you enter via these apps or services can be sent to Spotler via Zapier. The data will only be used for the purpose of the connection and will be stored for a few days for possible error handling. After a few days the data will be automatically and continuously deleted. We use Zapier to process newsletter registrations and registrations for events and to make white papers and other content available to people who have requested this content. Visit Zapier’s privacy policy. By using Zapier, Spotler has agreed to Zapier’s Terms of Service, which includes a provision to ensure compliance with the GDPR.

We process the following data from customers:

If you are a Spotler customer or use our software or services, we will process additional personal data. These are the following data:

• Invoice and payment information
• Information about your activities within our software (open and click behavior) and services.

Cookies

As indicated, we use cookies on Spotler.com.

Why do we process that personal data?

We use your personal data to provide the services you request. For example to send (personalized) e-mailings that we think are relevant to you. We use your data to inform you about other products or services offered by Spotler and its partners, and to send you important invitations to participate in surveys or (online) events related to the Spotler products and services we offer. If you are a Spotler partner, we will also use your data to provide software updates.

Your personal data is processed by Spotler for the following purposes:

• For the execution of the agreement (s) concluded with you, including invoicing (see legal ground 1 below)
• To comply with legal obligations (administration, storage and tax obligations). (see legal ground 2 below)
• To be able to communicate with you through various channels (telephone, mail, e-mail, social, website, within our software) from both a service and marketing point of view. (see legal grounds 1 and 3 below)
• To adjust the content of our communication with you with what we think is relevant to you. For example, to inform you about new and / or additional products and / or services or to show the most relevant advertisement for you. (see legal ground 3 below)
• To help you with (support) questions. (see legal ground 1 below)
• To improve our software and services. (see legal ground 3 below)

Legal grounds for processing

The legal grounds for our purposes of processing are:

1. Necessary for the performance of an agreement with you (Article 6 paragraph 1 sub b GDPR)
2. Legal obligations (Article 6 paragraph 1 sub c GDPR)
3. Legitimate (marketing) interests of Spotler (Article 6 paragraph 1 sub f GDPR)

Mandatory disclosure

When we ask you for personal data, we will state per situation whether the provision of the data is necessary or mandatory and what the (possible) consequences are if the data is not provided. The starting point is always that Spotler will not process more personal data than is necessary for the purposes described above.

Data exchange with third parties

We never provide, sell, rent or lease your personal data to third parties, unless we are legally obliged to provide data or when you have given permission for this.

We engage service providers for the execution of our services. These are not “third party recipients” but “processors”. These processors do not use the data for their own purposes and only process the personal data in accordance with Spotler’s assignment.

Data within the EEA

Your personal data will only be processed within the European Economic Area (EEA) or countries to which an adequacy decision applies.

Automated decision making and profiling

Spotler does not use automated decision-making through profiling.

Retention period

We no longer keep your personal data as necessary.

Security of personal data

Spotler has taken appropriate technical and organizational measures to protect personal data against loss or any form of unlawful processing, including:

• Spotler is ISO 27001 certified for all processes and all systems in the office and on our technical platform. You can view our certificate in our software. You can view the validity and scope of our certificate on the website of the DNVGL auditor.

• Spotler (then former company name Blinker) officially received the DDMA Privacy Guarantee mark on 21 April 2010. With this quality mark we demonstrate that we use personal data in a careful and transparent manner, that we handle personal data that (can) be used for advertising purposes in a correct manner, and that we act in accordance with all applicable privacy rules. On the basis of an enforcement regulation, the DDMA assesses whether we properly adhere to the strict rules and legal obligations.

• Our website and software has an SSL certificate that guarantees visitors and users that (personal) data is sent via browsers via HTTPS, so that information is encrypted and secured. SSL (Secure Sockets Layer) is also used, among other things, for online transactions (like credit cards).

• Our software is tested for vulnerabilities annually by independent and accredited parties that perform penetration tests (or pen tests). Until now, the conclusion has always been that our software is adequately secured to be resistant to digital attacks.

• Spotler has taken extensive measures to cover what the procedure is in the event of a data breach. But more importantly; various technical and organizational measures have been taken to prevent data leaks.

• Spotler has appointed a Security Officer and a Data Protection Officer (DPO).

Rights of data subjects

Spotler looks after all your privacy rights. Do you have any tips or comments? Let us know! To exercise your rights, please contact us.

The right of access

You have the right to information and access to the personal data that we process about you. We are happy to tell you how and why we process that data.

The right to rectification

You have the right to have your personal data changed or even deleted if the data is not (or no longer) correct, or if the processing is no (longer) justified. Do you feel that we have wrong information about you? Let us know and we will adjust it.

The right to erasure

You have the right to ask us to delete the personal data we have about you. We may not be able to completely delete your personal data, because we still have to process some data for other purposes. For example administration or other legal obligations.

The right to restrict processing

If you feel that we are processing your personal data unlawfully or incorrectly, you can also have that processing restricted.

The right to object

The right to object means that you can object to certain processing of personal data. You have this right for all processing operations that are not based on (1) your explicit consent, (2) the necessity thereof with regard to the performance of an agreement with you (3) to comply with legal obligations or (4) to protect vital interests of yourself or others. If you object to the use of your personal data to inform you about our activities and similar (“direct marketing”) processing, we will always honor this. You can prevent further receipt of (marketing) emails from Spotler by clicking on the unsubscribe link in every email you receive from us. Your data will then no longer be used for direct marketing purposes. If you object to other forms of processing of your personal data, we will assess whether we can meet your objection. In that case, it is up to us to demonstrate that, despite your objection, we still have a legitimate interest in continuing to process the personal data. If that weighing of interests turns out to be in your favor, we will stop processing your data.

The right to data portability

You have the right to receive (back) the personal data you have provided to us in a common file format. This right only applies to the personal data that we process about you on the basis of your consent or an agreement concluded with you. Moreover, the right only applies to the data that we already process in digital form (so not for analogue processing). You are free to pass this information on to another party.

Exercise of the rights

Exercising the rights is free of charge for you, except for abuse. You exercise the rights by contacting us.

Time period

In principle, we will answer your questions / requests within one month. In the unlikely event that it takes more time to answer your question / request, we will inform you within one month. Due to the complexity of the requests and / or the number of requests, the response time may be up to three months in total.

Identification

We may ask for further proof of your identity with all questions / requests. We do this to prevent us from providing personal data to the wrong party or incorrectly making changes to the personal data or the way in which those personal data are processed by us. To ensure that your request is processed as smoothly as possible, we ask you to send a copy of your ID in a secure manner in advance.

Individual consideration for each request

We point out that the rights described above are not absolute rights. There may be circumstances that prevent us from complying with a particular request. We will always assess each request on its own merits. If we do not (cannot) comply with a specific request, we will of course inform you of this with reasons. In that case you can then possibly go to court. The right to object to the use of data for direct marketing purposes is absolute. Cancellations for our commercial communications are therefore honored in any case.

Privacy Officer

Spotler has appointed a Privacy Officer (PO). The PO monitors compliance with privacy legislation and advises us on privacy legislation. Our PO reports directly to Spotler’s management team. The PO is also the contact person for all questions about privacy, both for you as the data subject and for the supervisor. You can contact our PO via: [email protected].

Data Protection Authority

You are always free to file a complaint with the data protection authority. The supervisory authority for privacy legislation is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can find the contact details of the Dutch Data Protection Authority via the website www.autoriteitpersoonsgegevens.nl.

Questions

Feel free to ask questions about the personal data processed by us. For questions about privacy, please contact us using the contact details below.

Changes to the privacy policy

Spotler reserves the right to change this privacy policy. Any changes will be made on this page. The most recent changes date from November 11, 2018. These changes will be announced on our website. Spotler can process your personal data for new purposes that are not yet stated in this privacy statement. In that case, we will contact you before using your data for these new purposes, to inform you of the changes to our regulations for the protection of personal data and to give you the opportunity to refuse participation.

Contact details

If you have any questions about this privacy statement or our privacy policy, or would like to exercise one of your legal rights, please contact us using the information below:

Spotler Nederland B.V.

Boris Pasternaklaan 16
2719 DA Zoetermeer

Algemeen: +31 (0)88 – 103 09 00
Support: +31 (0)88 – 103 09 09
FG: +31 (0)88 – 103 09 00

E-mail: [email protected]