Privacy Policy

Introduction

At Itemzen we take privacy seriously. We treat your personal data with utmost care, applying security best practices and in line with applicable data protection laws.

The controller of the processing of personal data in this context is the legal entity Langsweirdt BV. You can find all contact details on the impressum page of this website.

This Privacy Policy explains which data we collect, for which purposes and informs you about your rights.

Your Data

What data do we collect?

Itemzen may collect the following privacy related data:

• Personal identification information (PII) such as, but not limited to, first and last name, email address and IP address.
• Anonymized technical information such as, but not limited to, browser type and version, operating system, time of visit and pages visited.
• Any other information you voluntarily provide us with.

How do we collect your data?

We collect data and process data when you:

• Subscribe to our newsletter.
• Sign up as a user of the application.
• Invite other users to the application.
• Contact us for questions, feedback or support through chat, mail or social media.
• Use or view our website or app.

When you use our website or application, third parties may collect, store and/or process the information detailed in this Privacy Policy. These third parties are carefully selected to ensure that they, and their related entities who may access your information, provide your information with equal protection to that stated in this Privacy Policy and required by applicable privacy laws.

What is the legal basis for collecting, storing and processing the personal data?

The legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect the information:

• We need to perform a contract with you.
• You have given consent to do so.
• We need to comply with legal and regulatory obligations.
• Processing your personal data is in our legitimate business interests.
• For the establishment, exercise or defence of legal claims or proceedings.

How will we use your data?

We collect your data so that we can:

• Maintain and improve the functionality of our website and application (performance of contract).
• Provide you with secure access to our application (performance of contract).
• Maintain the connection to your account during subsequent visits and sessions (performance of a contract).
• Keep backups in order to ensure the availability of our website and application (legitimate interest).
• Provide means of support and responding to your requests (performance of a contract).
• Measure the success of marketing campaigns (consent).
• Detect and prevent fraudulent behaviour (legitimate interest).
• For the establishment, exercise or defense of legal claims (legitimate interest).
• For the purposes of a business reorganisation, transfer, disposal, merger or acquisition (legitimate interest).

We may also send you electronic communications about our products and services based on our legitimate interest to advertise our products and services where you have provided us with your contact details in the context of the sale of similar products and services of ours.

How long do we keep your data?

We keep your data in compliance with GDPR requirements and comply with GDPR removal rules. Legal retention periods are preserved.

Data based on feedback forms, chat and emails are stored to enable processing of your questions, comments and follow-up communication. We process the data due to your consent. You may ask to revoke your consent at any time via email. Your provided data will be stored until you request erasure, the purpose for storing the data ceases or you revoke your consent.

You have the right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please unsubscribe using the link in our email.

We will delete all your data (personal and non-personal) 30 days after account closure, unless required otherwise by law.

Who we share your personal information with?

We may share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, for example third parties engaged to provide certain support or IT services, among others:

• We are using cloud service providers (Microsoft Azure) which are accessible through the Internet for hosting our website and application, and to support several business processes. In this context, personal data may be processed and stored on the service provider’s servers, as far as we process data as described in this policy.
• We use the services Google (Universal) Analytics, Google Analytics Remarketing, Google Ads, and the Google Tag Manager. These are services provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”). Google is based in the third country USA, which basically lacks an EU level of protection. Therefore, Standard Contractual Clauses as appropriate safeguards according to Art. 46 GDPR are completed with Google. You can find more information in the Privacy Policy of Google.
• We use Crisp Chat, a service of Crisp IM, 2 boulevard de Launay in Nantes (44100), for real-time chat and mail based support on our website. Crisp is operating in the EU and has implemented the GDPR regulations. You can find more information in the Privacy Statement of Crisp.

We may also share your personal information with certain public authorities in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use or as otherwise required by law (e.g. to comply with subpoenas).

Which countries we transfer your personal information to?

In order to provide our services to you we may need to transfer your personal information to locations outside the jurisdiction in which you provide it or where you are viewing the website/apps. This may be a transfer of your information from a location within the European Economic Area (EEA) to outside the EEA, or from outside the EEA to a location within.

Your Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user, independent of location or jurisdiction, is entitled to the following:

• The right to access You have the right to obtain confirmation as to whether or not we process personal data relating to you, and, where that is the case, access to the personal data and information about their processing. You have the right to request copies of your personal data, provided that this does not adversely affect the rights and freedoms of others.
• The right to rectification You have the right to request that we correct any information you believe is inaccurate. You also have the right to request to complete information you believe is incomplete.
• The right to data portability If the processing of your personal data is based on your consent or on the performance of a contract that you have with us, you have the right to request that we transfer the data concerned to another organization, where technically possible, or directly to you.
• The right to erasure You have the right to request that we erase your personal data, except in certain cases, notably if we need your personal data for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
• The right to restrict processing You have the right to request that we restrict the processing of your personal data in certain situations, notably where you contest the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal data, or, where you have objected to the processing pending verfication whether our legitimate grounds override those of you.
• The right to object to processing Where the processing of your personal data is based on the pursuance of a legitimate interest, you have the right to object to us processing of your personal data. In this case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds overriding those of you or if we need your personal data for the establishment, exercise or defence of legal claims. Your right to object is unconditional with regard to the processing of your personal data for direct marketing purposes.

If you make a request, we have 30 days to respond to you from the point where we receive all relevant information. If you would like to exercise any of these rights, please contact us on the email address provided below.

Additional Information

Third-party Resources

Our website contains links to third-party resources. Our Privacy Policy only applies to our website and application. If you click on a link to another website, you should read their privacy policy.

The content of third-party resources is not under our control, and we are not responsible for the contents of any of these websites. The third-party hypertext links presented on this site are provided for your convenience only. The inclusion of any link on this website does not imply any recommendation, approval or endorsement of that site by us.

Changes

We may periodically update this Privacy Policy. The date at which the last revision took effect is indicated at the top of this page. We will notify you about significant changes in the way we treat personal information by sending a notice to your email address (when applicable) or by placing a prominent notice on our site.

Contact

If you have any questions about our Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at hello@itemzen.com.

Should you wish to report a complaint because you feel that we have not addressed your concern in a satisfactory manner, you may contact the Belgian data protection supervisory authority at:

APD - DPA
Drukpersstraat 35, 1000 Brussel
+32 (0)2 274 48 00
contact@apd-gba.be