Privacy Statement - Vesper
This privacy statement sets out the personal data processing activities conducted by Vesper B.V.
We are Vesper B.V., registered in the Netherlands with company number 72497254 whose registered office is at Vijzelgracht 79B, 1017 HG, Amsterdam, the Netherlands (Vesper, we, us or our).
By way of this privacy statement we would like to inform you about the processing of your personal data. It was last updated on February 1st 2022 and may be amended from time to time. We recommend consulting this privacy statement on a regular basis to review the most current version.
Personal data is collected and processed by Vesper in accordance with this privacy statement and the applicable laws, including the General Data Protection Regulation (Regulation EU 2016/679) (GDPR).
1. What personal data do we collect?
Personal data refers to any information that identifies or can be linked to a natural person, such as your name, contact details or payment information. It does not include data where the identity has been removed (anonymous data).
We may obtain personal data directly from you by submitting your personal data to us, for instance when you create an account or contact us through our contact details on our website www.vespertool.com (the Website) or via the application of Vesper (the Application). This includes:
- Name and contact details such as (professional) email address, telephone number, function and company name you are working for.
- Account information such as log-in name and password.
- Financial data such as your bank account number.
- Information relating to your application for a job at Vesper, such as information included in your application letter or curriculum vitae (CV), your job/education history and assessment information.
- Any other personal information or feedback you provide to us.
We may collect personal data automatically when you visit or use our Website and/or Application, such as data collected through cookies. This includes:
- Data about your device and browser type (including IP address);
- Data about your use of our Website or Application, such as the web pages you have viewed, the hyperlinks you clicked on and websites you visited before you came to the Website or Application; and
- Your location data.
We do not collect any special categories of personal data about you.
2. Why do we use your personal data?
We use the personal data that we collect about you for the following specific purposes:
- To provide our services to you and administer your account with us, we may process your name, contact details, function and company you are working for, financial data and account information.
The legal ground for this processing activity is the performance of our contract with you. The personal data will be retained the duration of our contract with you.
- To manage our relationship with you and communicate with you, for example by answering your questions, we may process your name, contact details, account information and any other personal data provided by you.
The legal ground for this processing activity is the performance of our contract with you or the necessity for our legitimate interests (e.g. to provide support and respond to your questions). The personal data will be retained for 2 years after termination of our contract with you.
- To administer our Website and Application, diagnose problems, protect our business, resolve disputes or troubleshoot problems and to prevent potentially prohibited or illegal activities, we may process your IP address, browser type and version.
The legal ground for this processing activity is the necessity for our legitimate interests (e.g. for running our business, IT services, network security and prevention of fraud or other illegal activities). The personal data will be retained for a maximum period of 24 months.
- To measure interest in and improve our Website and Application, and customise your user experience, we may process data about your use of our Website or Application (e.g. hyperlinks clicked on) or your location.
The legal ground for this processing activity is the necessity for our legitimate interests (e.g. to keep our Website and Application updated and relevant) or your consent. The personal data will be retained for 24 months or, if the processing is based on your consent, until the moment you withdraw your consent.
- To notify you about promotions and special offers, as well as the (additional) services we offer that may be of interest to you, we may process your name, account information and contact details.
The legal ground for this processing activity is your consent or the necessity for our legitimate interests (where allowed by applicable telecommunication and privacy law). The personal data will be retained for 2 years after termination of our contract with you or, if the processing is based on your consent, until the moment you withdraw your consent.
- For recruitment purposes, we may process your name, contact details and information included in your application letter or curriculum vitae (CV), your job/education history and assessment information.
The legal ground for this processing activity is the necessity for our legitimate interests (e.g. assessing your suitability with regard to the position to which you are applying) or your consent. The personal data will be retained for a period of 4 weeks, unless we have your consent to keep the personal data on file for a period of 1 year (e.g. to contact you with regard to job openings).
- To comply with a legal obligation to which we are subject, such as administration or tax obligations under applicable law, we may process your name, contact details, account information and financial data.
The legal ground for this processing activity is to comply with our legal obligation(s) (e.g. tax and administration obligations). The personal data will be retained for a period of 7 years (as required by law), unless longer retention is required to exercise or defend legal claims.
3. How long do we keep the personal data?
We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are set out in section 2 above.
4. Who may have access to your personal data?
We may share data with third parties which are under a strict duty of confidentiality and with whom agreements on the processing of personal data have been entered into (if required).
Your personal data may be shared with the following third parties:
- third party service providers such as DigitalOcean, Google and HubSpot who provide or facilitate services on our behalf (e.g. hosting services).
- third parties, institutions or government agencies, such as the tax authorities, to comply with laws and legal proceedings such as responding to court orders, exercise our legal right or defend against legal claims. We may share your personal data if we believe in our sole discretion it is necessary to share information in order to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person or otherwise required by law.
- third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.
We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We will not sell or rent your personal data to third parties.
5. What do we do when we share personal data outside of the European Economic Area?
When processing your personal data for the purposes specified above, in some cases we may transfer your personal data to organizations located outside of the European Economic Area (EEA). For example, some cloud service providers are established in the United States.
In such situations we will ensure that necessary safeguards are in place that offer an adequate level of protection of your rights and freedoms as a data subject in accordance with the GDPR, and that additional legal or regulatory requirements regarding the data transfer are complied with. We do this, for example, by concluding standard contractual clauses approved by the European Commission for the transfer of personal data, or by transferring your personal data to third parties established in third countries that are considered to guarantee an adequate level of protection by the European Commission. If you want to receive more information about the transfer of your personal data and the measures implemented by us, you can contact us via the contact details included in section 8 below.
6. What are your rights with regard to personal data and how do we respect them?
You have the following rights with regard to your personal data:
- Right to access: request an overview of the personal data that we process, to check whether your personal data is accurate and complete.
- Right to rectification: correct your personal data if it is factually incorrect or incomplete. You may also supplement any incomplete data we have, taking into account the purposes of the processing.
- Right to object: object to our use of your personal data for direct marketing or because of personal circumstances. We will comply with this request if we do not have an overriding legitimate ground for the processing.
- Right to erasure or 'right to be forgotten': ask us to delete your personal data, for example if your personal data is no longer necessary for the purposes for which we collected it or if you withdraw your consent if the processing is based on consent and no other legal ground exists.
- Right to restrict processing: ask us to limit the way we use your data if you have a particular reason for it (e.g. if the accuracy of the personal data is contested by you).
- Right to data portability: request us to receive the personal data that concerns you. You may also request us to send this personal data to a third party, where feasible and permitted under applicable law.
You also have the right to lodge a complaint to the supervisory authority (Autoriteit Persoonsgegevens) about the way we process your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
You can exercise your rights by filing a request by e-mail to Alexander Sterk via firstname.lastname@example.org. We aim to address your requests as quickly as possible and in any case within one month after receiving such request. If we require more time to complete your request, this one month term may be extended with two months. In such event, we will notify you within one month after receipt of your request and explain why and provide reasons for the delay.
In some cases we may deny your request, and we will notify you of the reason for denial, but only if permitted by law. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
Except for functional and analytical cookies that have a limited impact on your privacy, we need your permission to place cookies.
We use the following types of cookies:
- Functional cookies: these are required for the proper functioning of the Website. These ensure that the Website does not forget your user settings. If no consent is provided to analytical cookies and/or tracking cookies (where possible), the Website and Application will still be functional.
- Analytical cookies: these measure the quality and functionality of our Website by collecting data that gives us insight into how our Website and Application are used, and thus helps us to improve our user experience.
- Tracking cookies: these improve and personalize our services by collecting data about your behaviour and location (e.g. hyperlinks you clicked on). These cookies may include targeting and advertising cookies that are specifically designed to gather information from you on your device to show you advertisements.
We use Google Tag Manager, which manages Hotjar, LinkedIn, HubSpot and Zendesk, to place cookies. When you first visited our Website, we asked you for your consent to place (certain types of) cookies. You can always withdraw your consent, or block (certain types of) cookies via the settings of your browser.
If you have any questions or complaints about your personal data processed by Vesper, please feel free to contact Alexander Sterk via email@example.com.