In order to properly carry out our business activities, it is necessary to process personal data of our customers, landlords, their tenants, our website visitors and other relations. Facilitee attaches great importance to the protection and careful, confidential processing of your personal data. In doing so, Facilitee adheres to the applicable laws and regulations in the field of privacy. Through this privacy statement, Facilitee informs you about how we handle your data. We also explain which information is recorded from you via our website www.facilitee.com (hereinafter: “Website”) and the web application offered by us (on the Website) and what we do with it. We also explain what rights you have with regard to the processing of your personal data. Service App B.V. (hereinafter “Facilitee”), established in Amsterdam (1017 JZ) at Prinsengracht 769 and registered with the Chamber of Commerce under number 75390515, processes the personal data as shown in this Privacy Statement. Insofar as this concerns data about its customers (landlords, property managers, portfolio holders or project developers), website visitors or contract parties of Facilitee, it is responsible for this. Facilitee only processes data from tenants or other customers or relations of customers of Facilitee as a processor, on behalf of its customer. The customer’s privacy policy applies to these processing operations.

1. Which personal data does Facilitee process?

By visiting and/or registering on our Website and the services available on it, you leave certain personal data with us (such as your name and e-mail address). Facilitee also obtains personal data via cookies when you visit our Website. We only process, store and store your personal data if it is provided directly by you. As mentioned above, we also process personal data of which it is clear when specified that they are provided to us for processing (as processor) on behalf of our customer, for example because your landlord has passed on your data. Depending on the services you use, we can collect the following personal data: If you are a Client of Facilitee and use our services via our Website, not being the web application:
–  Name;
–  E-mail address;
–  Phone number;
–  Payment details (especially business accounts).

When you visit our Website:
–  IP address, surfing behavior via cookies (for more information about the cookies on our Website, please refer to our Cookie Policy);
–  Name, e-mail address and other data that you leave via our contact form on our Website.
–  In addition, as a processor we can also process the following data: address details of the tenant and the owner; billing and address information of owners, managers and suppliers; personal data in messages, reports or complaints sent via the web application, data from rental agreements, which may include a copy of your passport and inspection reports, possibly including photos.

2. Legal basis for data processing and purposes of data processing

Facilitee processes your personal data in the context of the execution of the agreement with you, so that you can create an account with us, use our services and we can process our payments. We can also process your personal data on the basis of our legitimate interest, for example by placing cookies on our Website, so that your preferences are saved, we can improve our services and respond to a message you have left on our Website or inform you about current events or changes in our services.

3. Provision of your personal data to third parties

Employees of Facilitee or other third parties who work for us have access to your personal data if this is necessary for the performance of their work. The personal data may only be used by the employees for the purposes mentioned above. They are also bound by confidentiality. In addition, we will in principle only provide your personal data to third parties if this is necessary for the implementation of the agreement or if you have given explicit permission for this yourself. We have made agreements with these third parties about the careful processing of your personal data in accordance with the law and this privacy statement.

4. Retention Periods

Your data will not be kept longer than necessary for the purposes for which it was collected, unless this data must be kept longer on the basis of a legal obligation or on the basis of our legitimate interest that outweighs (e.g. in the event of a dispute). In principle, we use the following retention periods:
–  Financial data is kept for 7 years;
–  We store contact details of our customers and other relations for a maximum of two years after
    the end of the collaboration or two years after the last contact;
–  If you leave a message on our Website via the contact form or via our general e-mail address, we will keep that message until we have followed up
   and dealt with your message. In any case, the message will be kept for a maximum of one year.

5. Security Measures

We have taken appropriate organizational and technical security measures to protect your data as well as possible against unauthorized access, alteration, disclosure or destruction. Our database is secured in a private network accessible only from an API server. In particular, we take the following measures:

–  All servers and database are not publicly available. The web application is only available through Application Load Balancer.
–  The Application Load Balancer converts all unencrypted data traffic to encrypted data traffic.
–  CloudFront and WAFv1 have been implemented for app.facilitee.com.
–  Network security fulfilled on SecurityGroups.
–  All passwords and other highly confidential information are stored in the AWS Param Store and are encrypted and delivered directly to the end server.
–  All encrypted certificates are provided by AWS.
–  Server and database monitoring and logging are implemented via DataDog.
–  DataDog alarms for infrastructure problems are set up so that our DevOps engineer is immediately notified.
–  Separate dashboards for Quality Assurance and developers.
– Infrastructure scale test is done.
–  Load test is done.
–  Employees and third parties are bound by confidentiality.
If, despite the security measures, there is a security incident (data breach) that is likely to have adverse consequences for you, we will inform you about the incident as soon as possible. We will therefore inform you about the measures we have taken to limit the consequences and prevent recurrence in the future. In the unlikely event that you find a security leak or you suspect that the security of your personal data is not properly guaranteed, then we request that you contact Facilitee directly via support@facilitee.com. We have established procedures to handle these reports adequately and carefully in accordance with the applicable legislation.

External links

Our Website may contain links to other websites. We are not responsible for the practices of other websites linked to or from our Website. Our privacy statement does not apply when you use a link to go from our Website to another website. Your conduct on any third party website, including those parties that link to our website, is subject to their own rules and policies. We are not responsible for the privacy practices or the content of these other websites. We recommend that you take note of the privacy statement and other relevant (legal) information on these websites.

6. Your rights

When you have provided us with personal data, you have various rights that you can exercise. You have the right to inspect, rectify and delete your data. You can also request us to transfer your data to you or another party or to limit data processing. You are also free to object to the processing of your data. You can always withdraw your consent to data processing. However, this withdrawal does not affect the lawfulness of the processing of your personal data before you withdrew your consent. You can email your request to: support@facilitee.com. We ask you to motivate your request and to identify yourself (paint your photo and citizen service number in this case). Facilitee will respond to your request as soon as possible, but no later than within four (4) weeks. We will comply with your request, unless we have a compelling legitimate interest not to delete the personal data, which outweighs your privacy interest. If we have deleted the personal data, for technical reasons we cannot immediately remove all copies of the personal data from our systems and back-up systems. We may also refuse to comply with the aforementioned requests if they are made unreasonably often, require unreasonably heavy technical efforts or have unreasonably heavy technical consequences for our systems or endanger the privacy of others. If Facilitee has complied with a request for personal data to improve, supplement or delete, we will also inform third parties to whom this personal data has been provided of the changes made.

7. Submit a complaint to the Dutch Data Protection Authority

In the unlikely event that you are not satisfied with the way in which we handle your personal data, you can submit a complaint to the Dutch Data Protection Authority.

8. Changes to this Privacy Statement

We reserve the right to amend this Privacy Statement from time to time. These changes will be announced via our Website. We therefore recommend that you consult this Privacy Statement regularly so that you are aware of any changes. If the changes have a major impact on you, we will inform you about this. Download our Privacy Policy here.

9. Our contact details

Do you have any questions or comments after reading this Privacy Statement? Then you can contact us via support@facilitee.com.

Version 01/2022