Effective Date: 11 September 2024
1. What Personal Data We Collect and For What Purpose
We process personal data for various purposes, in accordance with the principles of lawfulness, fairness, and transparency. The table below outlines the types of personal data we collect, the purposes of collection, the legal basis for processing, and how long we store your data:
Purpose
Personal Data Collected
Legal Basis
Data Retention Period
Sales & Marketing (via LinkedIn, email, and enrichment tools)
Name, email, job title, LinkedIn profile, company details
Legitimate interest or consent
Until you opt-out, withdraw your consent or unsubscribe
Account information (when you become a client)
Name, email, payment details, company information
Contractual necessity, legal obligation
7 years after account termination (for compliance purposes)
Applicant information (when applying for a job)
CV, contact information, references
Consent/Legitimate interest
3 months until the vacancy has been fulfilled and 1 year after the hiring process ends when consent has been given
Account creation & authentication
Name, email, login credentials
Contractual necessity
As long as you hold an account
Providing ACT services
Usage data, account information
Contractual necessity
As long as your account is active
Responding to inquiries & offering support
Name, email, inquiry details
Legitimate interest
Until the inquiry is resolved plus 1 year
Enabling user-to-user communications
Contact details, user identifiers
Contractual necessity
Until you deactivate the communication option
Requesting feedback
Name, email, feedback
Legitimate interest
2 years after the feedback is provided
Protecting ACT & fraud monitoring
IP address, device information, account information
Legitimate interest, legal obligation
As long as necessary to ensure security
Identifying usage trends
Usage data, IP address, device information
Consent, Legitimate interest
Max 14 months and thereafter aggregated data
Marketing & promotional campaign effectiveness
Email engagement metrics, campaign responses
Consent, Legitimate interest
Until the campaign ends plus 2 years
2. How We Collect Your Personal Data
We use different methods to collect data from and about you including through:
2.1 Direct Interactions:
You may provide us with personal information such as Contact Details, Identifiers, Financial Data, and other categories when you:
Apply for our products or services.
Create an account with us.
Subscribe to publications.
Request marketing materials.
Provide feedback or contact us through forms, post, phone, email, our website, or other means.
2.2 Automated Technologies or Interactions:
As you use our website and services, we may automatically collect Technical, Profile, and Usage Data, such as details about your device, browsing behavior, and usage patterns.
2.3 Third Parties or Publicly Available Sources:
Online recruitment platforms or professional networks (e.g., work-related information).
Publicly available sources providing Identity and Contact Data.
We might receive personal data about you from various third parties or publicly available sources like the ones set below.
3. Who Has Access to Your Data?
Your personal data is accessed by authorized personnel at ACT and, where necessary, trusted third-party service providers who assist us in fulfilling the purposes mentioned above. These third parties may include marketing platforms, payment processors, IT service providers, and others, all of whom operate under strict confidentiality agreements.
We may also share your personal data:
If required by law, regulation, or legal process;
To protect our legal rights, prevent fraud, or comply with lawful requests;
In connection with a merger, acquisition, or sale of all or a portion of our assets or in case of bankruptcy.
We ensure that access to your data is granted only on a need-to-know basis and is fully controlled and monitored.
Third Party
Encryption
Country
Digital Ocean
Encryption in Transit, Encryption at Rest
European Economic Area
Calendly
Encryption in Transit, Encryption at Rest
United States
Slack
Encryption in Transit, Encryption at Rest
United States
Google Drive
Encryption in Transit, Encryption at Rest
United States
Hubspot
Encryption in Transit, Encryption at Rest
United States
Typeform
Encryption in Transit, Encryption at Rest
United States
LinkedIn Sales Navigator
Encryption in Transit, Encryption at Rest
United States
Clay
Encryption in Transit, Encryption at Rest
United States
Google Gmail
Encryption in Transit, Encryption at Rest
United States
Google Meets
Encryption in Transit, Encryption at Rest
United States
OpenAI
Encryption in Transit, Encryption at Rest
United States
PandaDoc
Encryption in Transit, Encryption at Rest
United States
Figma
Encryption in Transit, Encryption at Rest
United States
Miro
Encryption in Transit, Encryption at Rest
United States
Github
Encryption in Transit, Encryption at Rest
United States
Auth0
Encryption in Transit, Encryption at Rest
Germany
Twin AI
Encryption in Transit, Encryption at Rest
Netherlands
N8N
Encryption in Transit, Encryption at Rest
Germany
Pinecone
Encryption in Transit, Encryption at Rest
Belgium
PostHog
Encryption in Transit, Encryption at Rest
Germany
SmartLead
Encryption in Transit, Encryption at Rest
United States
MagicLead
Encryption in Transit, Encryption at Rest
France
ZenLeads Inc.
Encryption in Transit, Encryption at Rest
United States
Mail Forge
Encryption in Transit, Encryption at Rest
Denmark
Sales Forge
Encryption in Transit, Encryption at Rest
Denmark
Bluedot
Encryption in Transit, Encryption at Rest
United States
4. Is Data Transferred Outside the European Economic Area (EEA)?
Some of our external third parties are located outside the EEA, meaning your personal data may be transferred to countries outside the EEA. To ensure your data is protected, we implement at least one of the following safeguards:
The destination country has been recognized by the European Commission as providing an adequate level of data protection.
We use specific contracts approved by the European Commission that ensure your personal data receives the same level of protection as within the EEA, such as Standard Contractual Clauses.
The transfer complies with the US Data Privacy Framework.
5. What Technical and Organizational Security Measures Are in Place?
We take the security of your personal data very seriously and implement appropriate technical and organizational measures to safeguard your information. These measures include:
Data encryption (both in transit and at rest)
Secure access controls and authentication procedures
Regular security audits and vulnerability assessments
Monitoring and logging of system access
Employee training and awareness programs on data protection
In the event of a personal data breach, we will notify you and the relevant authorities as required by law.
In the event of a personal data breach, we will notify you and the relevant authorities as required by law.
6. What Are Your Data Subject Rights?
As a data subject, you have the following rights under the GDPR:
Right to Access: You can request access to the personal data we hold about you.
Right to Rectification: You can request that we correct any inaccuracies in your personal data.
Right to Erasure: You can request the deletion of your personal data under certain conditions.
Right to Restriction: You can request the restriction of processing your data under certain circumstances.
Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format when you have provided your personal data to us.
Right to Object: You have the right to object to the processing of your data for direct marketing or other purposes based on legitimate interest.
Right to Withdraw Consent: Where we rely on your consent, you can withdraw that consent at any time.
If you believe that we have not handled your data appropriately or you are unsatisfied with our response to your concerns, you have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. You can contact them via their website at www.autoriteitpersoonsgegevens.nl.
For data subjects in other countries, you can contact your respective national data protection authority.
We may ask for specific information to verify your identity and confirm your right to access your personal data (or exercise any other rights). This is a security measure to prevent unauthorized access to your personal data. We may also reach out for additional details about your request to process it more efficiently.
We aim to respond to all valid requests within one month. However, if your request is particularly complex or if you have made multiple requests, it may take longer. If this happens, we will inform you and keep you updated on the progress.
If you wish to exercise any of your rights or have questions about this process, please contact us at marianne@awesomecompliance.com.
7. Automated Decision-Making and Profiling
Your personal data is not used for automated decision-making (decisions made only by machines without human input) or profiling with a negative effect (analyzing personal data to assess certain traits or behaviors).
8. Third-Party Websites
Our Site may include hyperlinks to third-party websites, such as LinkedIn or Instagram. These hyperlinks are provided for your reference and convenience only, and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We are not responsible for the privacy practices or content of these third-party websites. You are encouraged to read their respective privacy notices for more information.
9. Privacy of Children
It is our policy to not collect personal data from any person under 18 because children are not permitted to use our services and our website and we request that children under the age of 18 not submit any personal data to us. If we learn that we have inadvertently gathered personal data from children under 18, we will promptly remove such information from our records. If you are a parent or guardian and believe we have collected personal information in violation of COPPA, contact us marianne@awesomecompliance.com . We will remove the personal information in accordance with COPPA.
10. Cookies and Similar Technologies
We use cookies to enhance your experience on our Site. You can control cookie settings through your browser or device settings, or by accessing a “Cookie Settings” within your account. For more details, please refer to our Cookie Notice.
11. Updates to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our data processing practices or legal obligations. Any updates will be posted on our website, and we encourage you to review this Privacy Notice regularly. Significant changes will be communicated directly via email or through a prominent notice on our website.
12. How to Contact Us
If you have any questions or concerns about this Privacy Notice, please contact us at:
Awesome Compliance Technology BV
De Kluftstraat 18, 1035 WE, Amsterdam
Email: marianne@awesomecompliance.com
We are committed to ensuring that your privacy is respected and protected at all times.