Privacy is van cruciaal belang voor Shoutem. Dit privacybeleid, conform de nieuwe AVG wetgeving (General Data Protection Regulation, beschrijft welke informatie wij verzamelen en hoe deze wordt gebruikt en gedeeld.
Vanwege het internationale karakter van onze diensten en producten is deze tekst alleen in het engels beschikbaar.
Your privacy is critically important to us. At Shoutem we have a few fundamental principles:
- We don’t ask you for personal information unless we truly need it. (We can’t stand services that ask you for things like your gender or income level for no apparent reason.)
- We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
- We don’t store personal information on our servers unless required for the on-going operation of one of our services.
- In our social networking and mobile application products, we aim to make it as simple as possible for you to control what’s visible to the public, seen by search engines, kept private, and permanently deleted.
Shoutem operates several websites including shoutem.com (collectively, the “Websites”), as well as a number of mobile applications on behalf of our customers (collectively, the “Applications”). It is Shoutem’s policy to respect your privacy regarding any information we may collect while operating our Websites and Applications.
General Data Protection Regulation (GDPR)
Inter!dee, acting under the names Rebels4Media, Shoutem, Mail!dee and Appdrive, located at Trasmolenlaan 5, 3447 GZ in Woerden, The Netherlands, is registered with the Chamber of Commerce under number 30200699. We are the Processor in this agreement.
We only process personal data to make our service possible, so that you can easily use and manage our applications. We have no control over the purpose and means for the processing of personal data. We do not take independent decisions about the received personal data, the use of the personal data, the provision to third parties and the duration of the storage of the personal data.
2.1 Your responsibilities
As controller you are responsible for ensuring that from May 25, 2018, the moment the General Data Protection Regulation (GDPR) becomes applicable, you keep a register of the processing operations regulated under this processing agreement. You indemnify us against all claims and claims that are related to the incorrect compliance with this obligation to register.
3. Our Responsibilities
We agree that we will both take care of compliance with current privacy laws and regulations. We will perform the permitted processing within a (semi) automated environment. We are solely responsible for the processing of the personal data that falls under this processor agreement under instructions from you and under the explicit final responsibility of you as controller.
3.1 Other processing
For all other processing of personal data, including in any case included but not limited to: • the collection of personal data by you; • processing for purposes that have not been reported to us by you; • processing by third parties and / or other purposes, we are not responsible. The responsibility for these processing is exclusively with you.
You guarantee us that the personal data that we process for you under this processing agreement has not been obtained unlawfully and does not infringe any right of third parties. We will ensure compliance with the conditions set by the Wbp and General Data Protection Regulation (GDPR) for the processing of personal data by us from our role as processor.
We process your personal data in countries within and outside the European Union (EU). The data centers where our servers are located are located inside and outside the EU. The data centers are subject to the laws and regulations of the country in question. You give us permission to have the personal data processed in these countries, if applicable.
You authorize us to engage sub-processors and suppliers of our services for the processing of your personal data, subject to the applicable privacy legislation. Think, for example, of our links with 3rd party applications.
You have the right to object to subprocessors. Send your objection including arguments to us by e-mail. We would like to point out that many of our services do not function (properly) without our sub-processors.
5. 2 Liability limitation
We are limited liable for damage in the context of personal data due to the act or omission of the subprocessor where the limitation of liability applies from our general conditions. We are not liable in case of force majeure (as defined in our general conditions) on the part of the subprocessor.
We have taken appropriate technical and organizational measures to protect your personal data against loss and unlawful processing. We use advanced firewalls and network traffic is constantly monitored. All connections to our servers are secured, among other things, with an SSL connection. All passwords are stored safely with us.
6.1 Security measures
We have taken the following security measures: • logical access control, using strong passwords; • IP restrictions for access security of database and files with us; • organizational measures for access security; • security of network connections
The General Data Protection Regulation (GDPR) requires that any data leaks be reported to the Data Protection Authority by the controller of the data. We will therefore not report to the Data Protection Authority itself. Of course, as a processor, we will inform you correctly, timely and completely about relevant incidents, so that you, as controller, can comply with these legal obligations. To determine a data breach, we use the General Data Protection Regulation (GDPR) and the Policy Rules on the obligation to report data leaks as a guide.
A data breach covers all security incidents, as a result of which the protection of personal data is breached at any time or as a result of which the personal data are exposed to loss or unlawful processing. For example, the loss of a USB stick or computer, burglary by a hacker, sending an e-mail in which the e-mail addresses are visible to all addressees or a malware infection.
If you make a (provisional) report to the Data Protection Authority and / or the person(s) concerned about a data breach with us, while it is clear to you that we are not dealing with a data breach then you are liable for all damage and costs suffered by us. You are also obliged to immediately withdraw or rectify such a report.
7.3 Datalek supplier
If there is a data breach at a supplier of ours, we will of course also report this. You do not have to contact our suppliers directly, we are your contact point.
Initially, we will inform the contact person of the user account about a data breach. It is your responsibility as a user to ensure that your contact information is correct and accurate. We try to provide you with all information that is necessary to file a report with the Data Protection Authority and / or the person (s) involved. If this information is not yet known, for example because the data breach is still being investigated, we will provide the information you need to at least first make a preliminary report to the Data Protection Authority and / or the data subject (s). Here we follow the information list from the aforementioned policy rules. This in any case contains the nature of the infringement, a description of the observed, the probable consequences of the infringement and the measures taken and to be taken to limit and remedy the negative consequences of the data breach.
The General Data Protection Regulation (GDPR) indicates that 'without delay' must be reported. According to the Data Protection Authority, this is without undue delay and if possible no later than 72 hours after discovery. We therefore inform you as soon as possible, at the latest within 48 hours after discovering a data breach, so that timely notification can be made to the Data Protection Authority.
We will keep you informed of the progress and measures that are being taken. We make agreements about this with the primary contact person at the initial report. In any case, we will keep you informed in case of a change in the situation, the publication of further information and the measures that are or will be taken.
8. Personal data
In the event that a data subject makes a request to us about his personal data, we will forward the request to you. We may inform the people involved. We will provide the necessary cooperation in handling the request. If it turns out that you need help from us for the execution of the request of a person involved, we can charge you for this.
All personal data that we receive from you and / or collect ourselves in the framework of this processor agreement is subject to a confidentiality obligation towards third parties. We will not use this information for any purpose other than that for which we have obtained it unless it has been formulated in such a way that it can not be traced back to the data subjects.
The duty of confidentiality does not apply insofar as you have given express permission to provide the information to third parties or if the provision of the information to third parties is logically necessary for the execution of our general terms and conditions or this processing agreement or if there is a legal obligation to provide information to a third party.
You have the right to carry out an audit or have it carried out by an expert independent third party who is bound to confidentiality, in order to check compliance with all points in this processor agreement and everything that is directly related to it.
10.1 Audit reports
This audit only takes place after you have requested the relevant relevant audit reports from us, assessed them and provide reasonable arguments that justify an audit initiated by you. Such an audit is justified when the similar audit reports that we have present give no or insufficient information about the compliance with this processing agreement by us. The audit initiated by you will take place two weeks after prior announcement by you and will take place at most once every calendar year.
We will cooperate with the audit and provide all relevant information for the audit as timely as possible and within a reasonable period of up to two weeks. The findings of the audited audit will be assessed by mutual agreement and jointly determined which changes will be made to us and to you. All costs of the audit are for your account, including the (internal) costs we make. This also includes the costs of a third party if this is used to carry out the audit.
The liability of both of us for damage as a result of an attributable shortcoming in the performance of this processing agreement, in tort or otherwise, shall be limited to the amount of the last invoice that you have paid. A condition for the existence of any right to compensation is always that you report the damage to us as soon as possible after it has been made known in writing. Any claim for compensation from you will lapse through the mere expiry of three months after you became aware of the fact that you have suffered damage. We are explicitly not liable for damage caused by you as a result of a fine imposed by one of the national supervisors, including the Data Protection Authority, including in the context of the statutory duty to report.
12. Duration and termination
Because you use our services or because you visit our website and / or social media channels, these conditions apply. If you create an account with us, you explicitly state that you agree with the general terms and conditions, including this processor agreement, which is an integral part of our general terms and conditions. We work in all cases on the basis of this processor agreement and deviate from this only if this has been explicitly agreed in writing or by e-mail.
This processor agreement has been entered into for the duration as stipulated in our general terms and conditions that apply between us.
Do you want to delete all your data? Then you can contact us. We will immediately destroy your user account and all associated data. It is not possible to restore this at a later time.
13 Personal data
Shoutem collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Shoutem purpose in collecting non-personally identifying information is to better understand how Shoutem’ visitors use its Websites and Applications. From time to time, Shoutem may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its Websites or Applications. Shoutem also collects potentially personally-identifying information like Internet Protocol (IP) addresses. Shoutem does not use such information to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personally-identifying information, as described below.
13.1 Gathering of Personally-Identifying Information
Certain visitors to Shoutem’s Websites and users of Shoutem’s Applications choose to interact with Shoutem in ways that require Shoutem to gather personally-identifying information. The amount and type of information that Shoutem gathers depends on the nature of the interaction. For example, we ask visitors who sign up for a social network at shoutem.com to provide a username and email address. Those who engage in transactions with Shoutem – are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, Shoutem collects such information only insofar as is necessary or appropriate to Shoutem discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Shoutem’s behalf or to provide services available at Shoutem’s Websites and Applications, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Shoutem’s Websites and Applications, you consent to the transfer of such information to them. Shoutem will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Shoutem discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when Shoutem believes in good faith that disclosure is reasonably necessary to protect the property or rights of Shoutem, third parties or the public at large. If you are a registered user of an Shoutem Websites or Applications and have supplied your email address, Shoutem may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Shoutem and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Shoutem takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
Cookies fulfill the purpose of the visitor’s interaction with Shoutem does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain Website-related and Application-related activities.
13.1 E-mail address
We can offer you, in the context of a closed agreement, offers on similar products and services, provided you have not objected to this. The possibility to record resistance is stated at the time of providing your data. In addition, you will be given the opportunity in every communication to object to further use of your e-mail address under the same conditions. When collecting your e-mail address for reasons other than in the context of a contract, this is not used for the transfer of unsolicited communication if you have not given permission for this.
13.1.2 Postal address
We use your postal address only for sending quotations, invoices, reminders, reminders related to our services or information that you have requested.
13.1.3 Telephone number
We only use your telephone number in the context of our service. in the framework of a closed agreement we can make offers about similar products and services, provided you have not objected to this.
We only process other personal and company data if the data processing is necessary for: • The execution of an agreement with you; • The proper implementation of a public law task; • The defense of our legitimate interest (unless your interest or fundamental rights and freedoms prevail over this interest), or you have given permission for the processing when collecting it.
13.2 Aggregated Statistics
Shoutem may collect statistics about the behavior of visitors to its Websites and users of its Applications. For instance, Shoutem may monitor the most popular social networks on the shoutem.com site. Shoutem may display this information publicly or provide it to others. However, Shoutem does not disclose personally-identifying information other than as described below.
13.3 Protection of Certain Personally-Identifying Information
Shoutem discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Shoutem’s behalf or to provide services available at Shoutem’s Websites and Applications, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Shoutem’s Websites and Applications, you consent to the transfer of such information to them. Shoutem will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Shoutem discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when Shoutem believes in good faith that disclosure is reasonably necessary to protect the property or rights of Shoutem, third parties or the public at large. If you are a registered user of a Shoutem Websites or Applications and have supplied your email address, Shoutem may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Shoutem and our products. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Shoutem takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
13.5 Storage data
We do not store your data any longer than is necessary for the processing of the purposes for which they were collected.
13.6 Special data
In the context of offering products or services that may be of interest to you, we may pass on data from persons who have made their data available to organizations with which we are contractually bound, when this is necessary: • for the execution of an agreement concluded with you; • for the proper implementation of a public law task; • for the defense of our legitimate interest unless your interest or fundamental rights and freedoms prevail over this interest.
Any dispute will be submitted to a competent court in the district where we are located. law applies to this agreement. If you have any questions about our processing agreement, you can contact us.
Version: 1.0 - 18-05-2018