euquista Contact

Privacy Policy

Privacy Policy Effective Date: 09/12/2024

euquista BV (“we,” “us,” “our”) values your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share information in the context of our general business operations and our product, the GDPR app. It also outlines your rights under the General Data Protection Regulation (GDPR).

1. Controller information

The data controller for the purposes of GDPR is:

euquista BV
Wupstraat 45, 2812 Mechelen, Belgium
Email:

Our Data Protection Officer (DPO) can be reached at:
Email:

2. Types of data we collect

How we collect data

We collect personal data through the following methods:

  • euquista.com website:

    Personal data is collected when users subscribe to our newsletter. We do not use cookies or tracking technologies on this website.

  • gdprapp.eu website: Personal data is collected when users:

    • Subscribe to our newsletter.
    • Submit a contact form or inquiry.

    We also collect anonymous analytics data through PostHog to monitor website performance. This data is aggregated and cannot be used to identify individual users.

  • gdprapp.cloud platform (GDPR app):

    Personal data is collected when users:

    • Create and manage user accounts.
    • Use the app’s features to manage GDPR compliance (e.g., uploading compliance-related data).
    • Interact with the app, generating system usage logs automatically.

We process personal data in two main contexts:

A. General business operations

Data types:

  • Customer inquiries
  • Newsletter sign-ups
  • Billing information

Purpose:

  • Sales and customer support
  • Marketing and communication
  • Billing and financial transactions

Legal basis:

  • Consent (for marketing communications)
  • Contractual necessity (for providing services and handling billing)

B. GDPR app

In addition to the data described in A. General business operations, we process additional personal data specific to the use of the GDPR app:

Additional data types:

  • User account data: Information provided during account creation, such as email address and login credentials.
  • App usage data: Information about your interactions with the app, including logs and usage statistics.

Purpose:

  • Service provision: To enable the app’s core functionality, such as maintaining user accounts and providing GDPR compliance tools.
  • Service improvements: To analyze usage patterns and improve app performance and features.

Legal basis:

  • Contractual necessity: To provide the app’s services as agreed upon in the Terms of Service.
  • Legitimate interest: To enhance user experience and optimize the app’s functionality.

Third-party processors

We work with trusted third-party processors to support our operations and the GDPR app. These processors are GDPR compliant and bound by Data Processing Agreements (DPAs) to ensure the protection of your personal data.

Our processors include:

  • Odoo: For CRM, marketing, billing and subscription management.
  • PostHog: For analytics and performance monitoring. PostHog collects aggregated data without storing or processing IP addresses, ensuring no personally identifiable information is tracked.
  • DigitalOcean: For secure hosting of the GDPR app.

3. Cookies and tracking technologies

We do not use cookies or tracking technologies on the euquista.com website.

On the gdprapp.eu website, we use anonymous web analytics through PostHog to monitor website performance and improve user experience. These analytics do not involve cookies and do not identify individual visitors.

Cookies and tracking technologies may be introduced on the gdprapp.cloud platform to enhance functionality and analytics. When implemented, this Privacy Policy will be updated to include details about the types of cookies, their purposes, and how you can manage them.

4. Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.

A. General business data

  • Customer inquiries: Retained for up to 12 months after the inquiry is resolved.
  • Billing data: Retained for up to 7 years to comply with legal obligations.
  • Newsletter data: Retained until you unsubscribe or withdraw consent.

B. GDPR app data

  • User account data: Retained for as long as the account is active and for up to 6 months after account deletion.
  • App usage data: Retained for up to 24 months for service improvement purposes.

5. Data transfers

We do not transfer personal data outside the European Union (EU) or European Economic Area (EEA).

6. Security measures

We implement robust security measures to protect your personal data. These include:

  • Encryption of data in transit and at rest.
  • Role-based access controls and secure authentication protocols.
  • Regular security audits and monitoring of our systems.

In the event of a data breach affecting your personal data, we will notify the relevant supervisory authority and, where required by law, inform affected individuals without undue delay.

For more information, please see our Security Protocol.

7. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You can request corrections to inaccurate or incomplete data.
  • Right to Erasure: You can request that we delete your personal data where applicable.
  • Right to Restriction: You can request that we limit processing of your data in certain circumstances.
  • Right to Data Portability: You can request to receive your data in a structured, commonly used format.
  • Right to Object: You can object to data processing based on legitimate interests or direct marketing.

To exercise any of these rights, please contact us at . You also have the right to lodge a complaint with the Belgian Data Protection Authority at https://www.gegevensbeschermingsautoriteit.be.

If processing is based on your consent, you have the right to withdraw this consent at any time by contacting us or using the unsubscribe link in our emails.

8. Children’s privacy

Our services are intended for business use only and are not directed at children under the age of 16. We do not knowingly collect or process personal data from children.

If we become aware that personal data from a child has been collected without appropriate parental consent, we will take immediate steps to delete such data.

9. Updates to this policy

We may update this Privacy Policy to reflect changes in our practices or regulatory requirements. Updates will be posted on our website with the effective date.

10. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us.

Prev
Security Protocol