Privacy Policy

Privacy Statement Incentro

Last modified: 1 September 2021

This is the privacy statement of Incentro Nederland B.V., Incentro Business Acceleration B.V., Incentro International B.V. and Incentro Software & Licensing B.V. (hereinafter "Incentro", "we" or "us"). Your privacy is of great importance to us. This means that we store, save and otherwise process your personal data in a secure manner. In this privacy statement, we explain, among other things, which personal data is collected, how we process that data and why we do so.

Scope

This Privacy Statement applies to all activities and websites of Incentro, including:

- incentro.com

- careers.incentro.com

- skate.incentro.com

- cloudworker.co.ke

- maildoodler.com

- segona.io

This privacy statement does not apply to websites of third parties to which you are referred by means of links on our websites. We cannot guarantee that these third parties will handle your personal data in a reliable or safe manner. We therefore recommend that you read the privacy statements of these parties before using their products or services.

Modifications

We may modify this privacy statement at any time. The most recent version can always be found on this website. At the top you can see when this statement was last modified. We advise you to consult this privacy statement regularly so that you are aware of any changes.

From whom does Incentro process personal data?

This privacy statement applies to the following categories of individuals:

- visitors to one of our websites (hereinafter: "Website Visitors");

- applicants or other individuals who are looking for a job or internship at Incentro (hereinafter: "Applicants");

- individuals who are customers of Incentro or who work at one of our customers (hereinafter: "Customers");

- individuals from whom or with whom Incentro purchases products or services or who work for a supplier or partner of Incentro (hereinafter "Suppliers" and "Partners"); and

- third parties, such as individuals who are not Customers or Partners, but whose personal data are stored in our systems ("Third Parties").

What personal data does Incentro process and why?

Website Visitors

We process the following personal data of Website Visitors:

- data obtained through general contact forms, including your name, e-mail address, telephone number, the content of your question or information request and in some cases your function and company name;

- data obtained from forms with which you can register yourself for one of our events, including your name, e-mail address, telephone number and in some cases your position and company name;

- data obtained through forms with which information from one of our websites can be downloaded, including your name, e-mail address, telephone number and in some cases your function and company name;

- data obtained through forms with which you can subscribe or register for our (news) updates, including your name and e-mail address; and

- Data collected through the use of cookies and similar techniques.

We process the above data of Website Visitors in order to communicate about a possible question or (information) request, to maintain contacts and disseminate information about an event (such as the start time and location), to send newsletters and to provide other information related to our products and services. These processing activities are based on the performance of a (future) contract, a legitimate interest or consent.

For more information about the data collected by means of cookies and similar techniques, we refer you to our cookie statement.

Applicants

If and insofar as provided by you, we process the following personal data of Applicants:

- contact details (such as name and address details, telephone numbers and e-mail addresses), gender, date of birth, place of birth and nationality;

- followed education, courses and internships;

- data regarding the nature and content of your current employment and any termination thereof;

- other data that may be relevant to filling the position applied for, such as information contained in a CV or cover letter, references and grades; and

- other data of which the processing is relevant in connection with applicable laws and regulations.

We process the above data for the purposes of identifying the Applicant and communicating about the application process, assessing the suitability of the Applicant for a vacant position and implementing applicable laws or regulations. These processing activities are based on the performance of a (future) contract, a legal obligation, a legitimate interest or consent.

Customers

We process the following personal data from (individuals working at or for) our Customers, clients or partners of one of our Customers, if and to the extent that Customers provide such data to us: - Contact details (such as name and address details, telephone numbers and e-mail addresses) and gender;

- Data relevant to the performance of our services, such as contact details and job titles; and

- Other data of which the processing is relevant in connection with applicable laws and regulations.

We process the above data to establish the identity of our Customers, to enter into contracts with Customers, to perform our services for Customers, to calculate or record fees for our services and to make and collect payments. These processing activities are based on the performance of a (future) contract, a legal obligation or a legitimate interest.

Suppliers en Partners

We process the following personal data of (individuals working at) Suppliers and Partners: - contact details (such as name and address details, telephone numbers and e-mail addresses) and gender;

- data for the purpose of placing orders or purchasing services; and

- Other data of which the processing is relevant in connection with applicable laws and regulations.

We process the above data to establish the identity of our Suppliers and Partners, enter into contracts with Suppliers or Partners, place orders and purchase services for our internal business operations and our Customers' business operations, maintain contact and communication for orders placed and services received and calculate or record fees and make and collect payments. These processing activities are based on the performance of a (future) contract, a legal obligation or a legitimate interest.

Third parties

From Third Parties we process the following personal data:

- the content of (electronic) messages originating from or intended for Third Parties; and

- other data provided to us by Customers, Suppliers, Partners or (other) third parties (such as names and contact details) or information obtained from public sources in the context of our services.

We process the above data as part of the performance of our services for our Customers or in connection with the communication between us, Suppliers, Partners and/or Customers. These processing activities are based on the performance of a (future) contract, a legal obligation or a legitimate interest.

Legal basis for processing personal data

To the extent that we require the consent of the data subject for the processing of personal data, Article 6 (1)(a) of the General Data Protection Regulation ("GDPR") serves as the legal basis.

When the processing of personal data is necessary for the performance of a contract to which the data subject is party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing necessary for the implementation of pre-contractual measures.

To the extent that the processing of personal data is necessary for compliance with a legal obligation to which Incentro is subject, Article 6(1)(c) GDPR serves as the legal basis.

If the protection of vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary for the purposes of pursuing a legitimate interest of Incentro or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.

With whom do we share personal data?

Incentro may provide your personal data to an affiliated company if this is necessary for the purposes as described in this Privacy Statement. In addition, we provide personal data to others in the following situations:

Third parties providing services for or with us

Wij delen informatie met Partners en Leveranciers van wie wij diensten afnemen of met wie wij samenwerken. Hierbij kun je denken aan partijen die de volgende diensten uitvoeren: We share information with Partners and Suppliers from whom we receive services or with whom we work together. This includes parties that perform the following services:

- analytics to discover the interests of Website Visitors and bottlenecks on our Website.

- customer relationship system to record and maintain contact details and communication between Incentro and its Customers.

- accounting system to handle our invoices and staff information.

- to ensure smooth recruiting a tool has been set up to manage applications and communication to Applicants.

As far as necessary, we have concluded data processing agreements with these Suppliers and Partners. These data processing agreements contain strict agreements on what data will be stored and processed.

protecting ourselves and others

In order to protect our own rights and those of others, it is sometimes necessary to disclose information to governmental authorities, investigative bodies or other parties. For example, we may disclose personal data to third parties, including lawyers: (i) to respond to claims from third parties, whether in connection with legal proceedings or otherwise; (ii) to comply with a court order or a request or demand from a supervisory, investigative, or other governmental authority; (iii) to protect our own and others' (intellectual property) rights and safety; and (iv) to cease or prevent activities that we deem to be unlawful, unethical, or criminal, such as fraud and cybercrime. These processing activities are primarily based on a legal obligation or a legitimate interest.

sale of our business

Your personal data may be considered a business asset. If Incentro is faced with a bankruptcy, merger, acquisition, reorganisation sale of assets or similar situation our assets, including your personal data, may be sold and transferred to a third party as part of that transaction. These processing activities will usually be based on a legitimate interest.

Do we transfer personal data to countries outside the EEA?

In some cases, your personal data may be transferred to organisations or countries outside the European Economic Area (EEA). If your personal data is transferred to a country that offers a lower level of protection than countries within the EEA, we will put in place appropriate safeguards to protect your personal data, such as the conclusion of a model contract approved by the European Commission with the recipient of the personal data. How long do we keep your personal data? In principle, we do not keep your personal data any longer than necessary for processing purposes it was originally collected, unless the data must be kept for a longer period in order to comply with legal obligations, such as a statutory retention period. Some examples are given below:

- Personal data of Website Visitors obtained through (contact) forms may be kept for 2 years after receipt of the form.

- Personal data of Applicants will be kept for a maximum of 4 weeks after the end of the application procedure. If you have given us your consent, we may keep these data for a maximum of one year, as a suitable position may become available for you at a later date.

- We are required to retain tax-related data for a period of 7 years, such as our accounts receivable and accounts payable records.

- Contracts may be retained for as long as necessary in connection with the statute of limitations on any claims.

How do we secure your personal data?

We have taken appropriate security measures to prevent the destruction, loss, alteration, unauthorised access or disclosure of personal data that we process. For example, a security officer has been appointed who is responsible for information security within our organisation. We are also ISO 27001 certified. ISO 27001 is an ISO standard for information security. Personal data is only accessible to authorised individuals at Incentro. Depending on which personal data is used, groups with authorised persons are determined. Groups include our sales and marketing colleagues. Furthermore, analysts, developers and office managers may also work with personal data. For example, our sales department needs access to relevant data about Customers, communication and sales appointments in order to tailor services to Customers' needs. Our marketing department needs to see the interest shown by our Website Visitors and contacts from offline channels. Furthermore, there are analysts who need to see different types of data in order to improve our services and the office managers need (personal) data in order to do invoicing and administration within Incentro.

What rights do you have?

You have the right to request us access of rectification and erasure of your personal data or restriction of processing. You also have the right to object to the processing and under certain circumstances you have the right to data portability. If the processing of your personal data is based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before you withdrawal. If you wish to exercise your rights, you can contact us by sending an e-mail to gdpr@incentro.nl. Circumstances may arise where we may not be able to respond fully or at all to your request. Please make sure that you send your request from the e-mail address that you are known to us, so that we know who you are and can access, modify or delete the correct information. To prevent abuse, we may ask you to identify yourself before we handle your request. We will in principle respond to your request within one month after receipt thereof.

Do you have any questions, comments or complaints?

Do you have any questions about the processing of your personal data, would you like to pass on changes or would you like to react to this privacy statement?

You can reach us via the contact details below. You also have the right to file a complaint with your national supervisory authority.

Contact details

Gdpr@incentro.com

Attn. Compliance Officer

Van Deventerlaan 20

3528 AE, Utrecht, Netherlands