Effective Date: 11 September 2024
At Awesome Compliance Technology BV (ACT), your privacy is a top priority, and we are fully committed to protecting your personal data. This Privacy Notice outlines how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
We process personal data for various purposes, in accordance with the principles of lawfulness, fairness, and transparency. The table below outlines the types of personal data we collect, the purposes of collection, the legal basis for processing, and how long we store your data:
Purpose | Personal Data Collected | Legal Basis | Data Retention Period |
|---|---|---|---|
Sales & Marketing (via LinkedIn, email, and enrichment tools) | Name, email, job title, LinkedIn profile, company details | Legitimate interest or consent | Until you opt-out, withdraw your consent or unsubscribe |
Account information (when you become a client) | Name, email, payment details, company information | Contractual necessity, legal obligation | 7 years after account termination (for compliance purposes) |
Applicant information (when applying for a job) | CV, contact information, references | Consent/Legitimate interest | 3 months until the vacancy has been fulfilled and 1 year after the hiring process ends when consent has been given |
Account creation & authentication | Name, email, login credentials | Contractual necessity | As long as you hold an account |
Providing ACT services | Usage data, account information | Contractual necessity | As long as your account is active |
Responding to inquiries & offering support | Name, email, inquiry details | Legitimate interest | Until the inquiry is resolved plus 1 year |
Enabling user-to-user communications | Contact details, user identifiers | Contractual necessity | Until you deactivate the communication option |
Requesting feedback | Name, email, feedback | Legitimate interest | 2 years after the feedback is provided |
Protecting ACT & fraud monitoring | IP address, device information, account information | Legitimate interest, legal obligation | As long as necessary to ensure security |
Identifying usage trends | Usage data, IP address, device information | Consent, Legitimate interest | Max 14 months and thereafter aggregated data |
Marketing & promotional campaign effectiveness | Email engagement metrics, campaign responses | Consent, Legitimate interest | Until the campaign ends plus 2 years |
We use different methods to collect data from and about you including through:
You may provide us with personal information such as Contact Details, Identifiers, Financial Data, and other categories when you:
As you use our website and services, we may automatically collect Technical, Profile, and Usage Data, such as details about your device, browsing behavior, and usage patterns.
Your personal data is accessed by authorized personnel at ACT and, where necessary, trusted third-party service providers who assist us in fulfilling the purposes mentioned above. These third parties may include marketing platforms, payment processors, IT service providers, and others, all of whom operate under strict confidentiality agreements.
We ensure that access to your data is granted only on a need-to-know basis and is fully controlled and monitored.
Third Party | Encryption | Country |
|---|---|---|
Digital Ocean | Encryption in Transit, Encryption at Rest | European Economic Area |
Calendly | Encryption in Transit, Encryption at Rest | United States |
Slack | Encryption in Transit, Encryption at Rest | United States |
Google Drive | Encryption in Transit, Encryption at Rest | United States |
Hubspot | Encryption in Transit, Encryption at Rest | United States |
Typeform | Encryption in Transit, Encryption at Rest | United States |
LinkedIn Sales Navigator | Encryption in Transit, Encryption at Rest | United States |
Clay | Encryption in Transit, Encryption at Rest | United States |
Google Gmail | Encryption in Transit, Encryption at Rest | United States |
Google Meets | Encryption in Transit, Encryption at Rest | United States |
OpenAI | Encryption in Transit, Encryption at Rest | United States |
PandaDoc | Encryption in Transit, Encryption at Rest | United States |
Figma | Encryption in Transit, Encryption at Rest | United States |
Miro | Encryption in Transit, Encryption at Rest | United States |
Github | Encryption in Transit, Encryption at Rest | United States |
Auth0 | Encryption in Transit, Encryption at Rest | Germany |
Twin AI | Encryption in Transit, Encryption at Rest | Netherlands |
N8N | Encryption in Transit, Encryption at Rest | Germany |
Pinecone | Encryption in Transit, Encryption at Rest | Belgium |
PostHog | Encryption in Transit, Encryption at Rest | Germany |
SmartLead | Encryption in Transit, Encryption at Rest | United States |
MagicLead | Encryption in Transit, Encryption at Rest | France |
ZenLeads Inc. | Encryption in Transit, Encryption at Rest | United States |
Mail Forge | Encryption in Transit, Encryption at Rest | Denmark |
Sales Forge | Encryption in Transit, Encryption at Rest | Denmark |
Bluedot | Encryption in Transit, Encryption at Rest | United States |
Some of our external third parties are located outside the EEA, meaning your personal data may be transferred to countries outside the EEA. To ensure your data is protected, we implement at least one of the following safeguards:
We take the security of your personal data very seriously and implement appropriate technical and organizational measures to safeguard your information. These measures include:
In the event of a personal data breach, we will notify you and the relevant authorities as required by law.
As a data subject, you have the following rights under the GDPR:
If you believe that we have not handled your data appropriately or you are unsatisfied with our response to your concerns, you have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. You can contact them via their website at www.autoriteitpersoonsgegevens.nl.
For data subjects in other countries, you can contact your respective national data protection authority.
We may ask for specific information to verify your identity and confirm your right to access your personal data (or exercise any other rights). This is a security measure to prevent unauthorized access to your personal data. We may also reach out for additional details about your request to process it more efficiently.
We aim to respond to all valid requests within one month. However, if your request is particularly complex or if you have made multiple requests, it may take longer. If this happens, we will inform you and keep you updated on the progress.
If you wish to exercise any of your rights or have questions about this process, please contact us at [email protected].
Your personal data is not used for automated decision-making (decisions made only by machines without human input) or profiling with a negative effect (analyzing personal data to assess certain traits or behaviors).
It is our policy to not collect personal data from any person under 13m because children are not permitted to use our services and our website and we request that children under the age of 13 not submit any personal data to us. If we learn that we have inadvertently gathered personal data from children under 13, we will promptly remove such information from our records.
We may update this Privacy Notice from time to time to reflect changes in our data processing practices or legal obligations. Any updates will be posted on our website, and we encourage you to review this Privacy Notice regularly. Significant changes will be communicated directly via email or through a prominent notice on our website.
If you have any questions or concerns about this Privacy Notice, please contact us at: