New dashboard feature launched in our app
Read more >
1. Which personal data does Facilitee process?
By visiting and/or registering on our Website and the services available on it, you leave certain personal data with us (such as your name and e-mail address). Facilitee also obtains personal data via cookies when you visit our Website. We only process, store and store your personal data if it is provided directly by you. As mentioned above, we also process personal data of which it is clear when specified that they are provided to us for processing (as processor) on behalf of our customer, for example because your landlord has passed on your data. Depending on the services you use, we can collect the following personal data: If you are a Client of Facilitee and use our services via our Website, not being the web application:– Name;– E-mail address;– Phone number;– Payment details (especially business accounts).
2. Legal basis for data processing and purposes of data processing
Facilitee processes your personal data in the context of the execution of the agreement with you, so that you can create an account with us, use our services and we can process our payments. We can also process your personal data on the basis of our legitimate interest, for example by placing cookies on our Website, so that your preferences are saved, we can improve our services and respond to a message you have left on our Website or inform you about current events or changes in our services.
3. Provision of your personal data to third parties
Employees of Facilitee or other third parties who work for us have access to your personal data if this is necessary for the performance of their work. The personal data may only be used by the employees for the purposes mentioned above. They are also bound by confidentiality. In addition, we will in principle only provide your personal data to third parties if this is necessary for the implementation of the agreement or if you have given explicit permission for this yourself. We have made agreements with these third parties about the careful processing of your personal data in accordance with the law and this privacy statement.
4. Retention Periods
Your data will not be kept longer than necessary for the purposes for which it was collected, unless this data must be kept longer on the basis of a legal obligation or on the basis of our legitimate interest that outweighs (e.g. in the event of a dispute). In principle, we use the following retention periods: – Financial data is kept for 7 years; – We store contact details of our customers and other relations for a maximum of two years after the end of the collaboration or two years after the last contact;– If you leave a message on our Website via the contact form or via our general e-mail address, we will keep that message until we have followed up and dealt with your message. In any case, the message will be kept for a maximum of one year.
5. Security Measures
We have taken appropriate organizational and technical security measures to protect your data as well as possible against unauthorized access, alteration, disclosure or destruction. Our database is secured in a private network accessible only from an API server. In particular, we take the following measures:
– All servers and database are not publicly available. The web application is only available through Application Load Balancer.– The Application Load Balancer converts all unencrypted data traffic to encrypted data traffic.– CloudFront and WAFv1 have been implemented for app.facilitee.com.– Network security fulfilled on SecurityGroups.– All passwords and other highly confidential information are stored in the AWS Param Store and are encrypted and delivered directly to the end server.– All encrypted certificates are provided by AWS.– Server and database monitoring and logging are implemented via DataDog.– DataDog alarms for infrastructure problems are set up so that our DevOps engineer is immediately notified.– Separate dashboards for Quality Assurance and developers.– Infrastructure scale test is done.– Load test is done.– Employees and third parties are bound by confidentiality.If, despite the security measures, there is a security incident (data breach) that is likely to have adverse consequences for you, we will inform you about the incident as soon as possible. We will therefore inform you about the measures we have taken to limit the consequences and prevent recurrence in the future. In the unlikely event that you find a security leak or you suspect that the security of your personal data is not properly guaranteed, then we request that you contact Facilitee directly via email@example.com. We have established procedures to handle these reports adequately and carefully in accordance with the applicable legislation.
Our Website may contain links to other websites. We are not responsible for the practices of other websites linked to or from our Website. Our privacy statement does not apply when you use a link to go from our Website to another website. Your conduct on any third party website, including those parties that link to our website, is subject to their own rules and policies. We are not responsible for the privacy practices or the content of these other websites. We recommend that you take note of the privacy statement and other relevant (legal) information on these websites.
6. Your rights
When you have provided us with personal data, you have various rights that you can exercise. You have the right to inspect, rectify and delete your data. You can also request us to transfer your data to you or another party or to limit data processing. You are also free to object to the processing of your data. You can always withdraw your consent to data processing. However, this withdrawal does not affect the lawfulness of the processing of your personal data before you withdrew your consent. You can email your request to: firstname.lastname@example.org. We ask you to motivate your request and to identify yourself (paint your photo and citizen service number in this case). Facilitee will respond to your request as soon as possible, but no later than within four (4) weeks. We will comply with your request, unless we have a compelling legitimate interest not to delete the personal data, which outweighs your privacy interest. If we have deleted the personal data, for technical reasons we cannot immediately remove all copies of the personal data from our systems and back-up systems. We may also refuse to comply with the aforementioned requests if they are made unreasonably often, require unreasonably heavy technical efforts or have unreasonably heavy technical consequences for our systems or endanger the privacy of others. If Facilitee has complied with a request for personal data to improve, supplement or delete, we will also inform third parties to whom this personal data has been provided of the changes made.
7. Submit a complaint to the Dutch Data Protection Authority
In the unlikely event that you are not satisfied with the way in which we handle your personal data, you can submit a complaint to the Dutch Data Protection Authority.
8. Changes to this Privacy Statement
9. Our contact details
Do you have any questions or comments after reading this Privacy Statement? Then you can contact us via email@example.com.
Talk to one of our experts and discover the possibilities.