PRIVACY AND DATA PROTECTION POLICY

Effective date                    Version
September 21, 2021         1.5

Protecting the privacy and safeguarding the personal information of the users is one of our highest priorities. The following explains the privacy practice of processing of Personal Data provided by the you (the Visitor, or you) to Nectain B.V. (Nectain, we, or us), a legal entity duly incorporated under the laws of the Netherlands with commercial registry code 71590242 and with a registered office at Amsterdam Sloterdijk Teleport Towers, Kingsfordweg 151, Amsterdam 1043 GR, the Netherlands, which is providing its Services under the brand name Nectain.

The provisions of this Privacy and Data Protection Policy (the Policy) are subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (the General Data Protection Regulation, https://eur-lex.europa.eu/eli/reg/2016/679/oj) (the GDPR) and also enforced in the Netherlands with Dutch GDPR Implementation Act (Uitvoeringswet Algemene Verordening gegevensbescherming (https://wetten.overheid.nl/BWBR0040940/2019-02-19) (the Regulations). This Policy is an integral part of the Nectain Terms and Conditions (the Terms).

1. INTRODUCTION
1.1. We understand the importance of protection of your privacy and Personal Data and commit a lot of efforts to develop and maintain high standards of our inner security measures and technologies to provide you with secure processing and storage of the data we collect from you; and keep your data safe against unauthorized or unlawful processing and against accidental loss, destruction or damage.

2. DEFINITIONS
2.1. The Affiliates are affiliated companies in which Nectain holds more than 25% of shares.
2.2. The Consent means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data. In particular, by providing your Personal Data for contacting purposes, you provide the Consent that it may be transferred to our Partners that execute communication with you on behalf of Nectain.
2.3. Content is all types of data presented on the Site, including but not limited to text, images, photos, logos, icons, sounds, animation, (info-)graphics, audios and videos.
2.4. The Data Controller (Controller) means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
2.5. The Data Processor (Processor) means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
2.6. The Data Subject means any living individual who is the subject of Personal Data are processed by Nectain, including Visitors, independent contractors/employees and other stakeholders. On other words, in case of use of our Site/Services it is you.
2.7. The Personal Data Breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
2.8. Personal Data means any information relating to an identified or identifiable natural person that is a Visitor as defined in this Policy; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.9. The Partners are commercial partners in which Nectain either does not have a share or this share is below 25%. You can read more about our Partners at the following link: [LINK].
2.10. The Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.11. Services are the services provided by Nectain and listed in Nectain Terms and Conditions.
2.12. The Site means www.nectain.com website, which provide Visitors with access to information on Nectain details, Nectain Software as defined in the Nectain Terms and Conditions, products, Services, offers, news, articles, and other information that might be useful to Visitors.
2.13. The Subprocessors are third-party subcontractors, service providers, and processors subcontracted by Nectain for the proper provision of the Services.
2.14. Third-Party Content shall mean content provided by third parties, including without limitation links to webpages of such parties, which may be represented on the Site.
2.15. The Visitor means a data subject who has entered the Site with any purpose.

3. PRINCIPLES OF PROCESSING
3.1. During collecting and processing Personal Data, Nectain adheres the principles provided by the Regulations. The Nectain’s policies and procedures are designed to ensure compliance with the principles: lawfulness, fairness and transparency. They mean the following:
3.1.1. Lawfulness means that the controller identifies a lawful basis before to process Personal Data (for example Consent).
3.1.2. Fairness means that in order to process fairly, the controller has to make certain information available to the Data Subjects as practicable. This applies whether Personal Data was obtained directly from the Data Subjects or from other sources.
3.1.3. Transparency means that any information and communication relating to the processing of Personal Data be easily accessible and easy to understand, and that clear and plain language be used.
3.1.4. Purpose limitation
Personal Data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, not be considered to be incompatible with the initial purposes.
3.1.5. Data minimization
Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
3.1.6. Accuracy
Personal Data is accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
3.1.7. Storage limitation
Personal Data is kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which Personal Data are processed. Personal data is stored for longer periods insofar as Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if only are implemented appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of the Data Subject.
3.1.8. Integrity and confidentiality
Personal Data is processed in a manner that ensures appropriate security of Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

4. PERSONAL DATA WE PROCESS AND ITS OBJECTIVE
4.1. Visitors to our Site are in control of Personal Data, which they share with us. The list of Personal Data, which we may process includes:
4.1.1. person’s name;
4.1.2. the name of the company, if the person represents some;
4.1.3. email address;
4.1.4. other personal information that person may actively provide to us in correspondence, by telephone, application through the section “Career”, “Messages” through the section “Contact us” or other contact potions available on the Site.
4.2. We do not collect any information that may identify you without your permission.
4.3. We do not intend to solicit or collect Personal Data from anyone under the age of 16 or under the legal age of your country, if it is higher. If you are under 16 or are not of a legal age of your country, do not enter any Personal Data on our Site.
4.4. We kindly ask you not to provide any sensitive information (Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) when you use our Site in any way.
4.5. The term we keep Personal Data collected depends on the type of information, the purpose of its use, nature of sensitiveness, etc. To the general rule, we will retain your Personal Data for the length of time reasonably needed to fulfill the purposes outlined in this Policy, including for as long as needed to provide you with our products and Services, unless a longer retention period is required or permitted by law. We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements.
4.6. We collect and process Personal Data to fulfil our contractual obligations and legitimate interest before you, namely:
4.6.1. to provide with access to the Site;
4.6.2. to inform on any changes and updates to the Services you are provided with;
4.6.3. to comply with applicable legislation;
4.6.4. to maintain actions in relation to legal claims;
4.6.5. improve the performance and functionality of our Services.
4.6.6. to provide additional or supportive Services, as well as perform Visitor surveys, statistical analysis;
4.6.7. to aggregate data for Site analytics, administration and improvement;
4.6.8. to perform customer management, handle complaints, conduct satisfaction surveys, management of claims, provision of the after-sales service;
4.6.9. to ensure marketing activities (send you news, updates, promotions, product information, event announcements, and other);
4.6.10. to recruit staff (it means, that when you send us your CV, you entitle us to check whether skills listed in CVs match the position (including positions to be opened in the future), set up the interview and notify about the results).
4.7. The above list may be extended depending on the development of the Services we provide.
4.8. Site does not collect or store up Personal Data for the dissemination or sale to outside third parties for consumer marketing purposes or host mailings on behalf of third parties. If there will be a need to conduct such actions the Visitor will be asked for their Consent beforehand.

5. PROCESSING
5.1. We will process Personal Data of Visitors based on one or more of the following legal grounds:
5.1.1. The Consent of the Visitor;
5.1.2. Compliance with our legal obligations and protection of our legal rights;
5.1.3. Our legitimate business interests, e. g. for recording of our Visitor’s Consents, personalizing our offerings to them, development of marketing campaigns, production of statistics and researches, improvement and personalization of Visitor’s experience during their usage of our Site, sharing the data with the authorized third parties, as described in paragraph 5.3.
5.2. Our legitimate business interests do not override interests of Visitors of our Site – we will not process Personal Data for activities where our interests are overridden by the impact on our Visitors (unless we have obtained their Consent or we are required or permitted to process them by law).
5.3. To fulfill the purposes for processing, which are described above, we only Personal Data within our internal systems of processes compliant to technical and organizational measures in a manner that meets applicable requirements of the Regulations and security standards, and disclose Personal Data of Visitors of our Site to authorized employees of Nectain. However, Personal Data may be transferred to these authorized third parties:
5.3.1. The Affiliates for administrative purposes and provision of Services, that could be indicated as such as they are clearly stated in our Site, advertisements or due to their usage of our name/logos/trademark;
5.3.2. The Partners on the basis of relevant agreements;
5.3.3. The Subprocessors, who access and use Personal Data only to the extent required to perform the obligations subcontracted to them by Nectain.
5.4. You give your explicit consent that Nectain may on its own discretion to engage Subprocessors, Affiliates, and Partners that comply with technical and organizational measures in a manner that meet applicable requirements of Regulations and security standards implied under this Policy and also the policies used by Nectain.
5.5. If Subprocessors, Affiliates, and Partners perform tasks on our behalf, they are contractually obliged not to disclose or use collected information for any other purposes, other than specified in this Policy, and may provide storage and assistance in the facilitation of technical aspects of the Services or performance of functions related to the administration of the Services (collection and analysis) or other indicated under contractual closes.
5.6. Subprocessors, Affiliates, and Partners remain fully liable before you for their acts and omissions and all their obligations under relevant agreements. Nectain is not responsible in the event that Personal Data is disclosed as a result of a breach or security lapse by any such Subprocessor, Affiliate, or Partner, or for their non-compliance with the foregoing requirements.
5.7. Personal Data may be transferred outside the countries where Visitors of our Site are located. If Subprocessors, Affiliates, and Partners are based outside of the European Economic Area, the processing of Personal Data is done in accordance with applicable laws.
5.7.1. If such cross-border transfer includes countries outside the European Economic Area and states, which were not declared by the European Commission as those, that provide an adequate level of data protection, we shall use legal transfer mechanisms (contracts based on the European Commission approved Standard Contractual Clauses or within other legal framework available under Regulations, on the basis of derogation for a specific situation).
5.8. We may provide Personal Data of our Visitors to governmental or regulatory agencies, when obliged to do so by law.

6. INCIDENTS NOTIFICATION
6.1. If Nectain becomes aware of any Personal Data breach leading to the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to (excluding unsuccessful attempts or activities) Personal Data of Visitors on systems managed or otherwise controlled by us we will notify you promptly and without undue delay and in compliance to the procedure prescribed under Regulation or applicable laws.
6.2. The notification will be made to your email address or by other direct communication available to Nectain and allowed by the Visitor (for example, by phone). It is sole responsibility of the Visitor to provide us with the contact details address and ensure that these details are valid and current.
6.3. None of data incidents notification from Nectain may be and will be construed as an acknowledgment of any fault or liability with respect to data incident by us.

7. VISITOR’S SECURITY COMMITMENTS
7.1. The Visitor agrees that without prejudice to our security measures and data incidents it is Visitor’s responsibility to make appropriate use of our Services to ensure a level of security appropriate to the risk in respect of your Personal Data and securing your authorization credentials, system and devices which you use to access to our Services.
7.2. We are not obligated to protect your Personal Data that you choose to store or transfer outside Nectain, our Affiliates’, Partners’, and Subprocessors’ systems, and Nectain cannot be held responsible for any negative consequences you may suffer as a result thereof.

8. VISITOR’S RIGHTS IN RESPECT TO ITS PERSONAL DATA
8.1. You have the following rights in relation to your Personal Data:
8.1.1. Right of access – you have the right to obtain from us information as to whether your Personal Data is being processed, and, where that is the case, access to such Personal Data.
8.1.2. Right to withdraw Consent – when we rely on your Consent for processing of your Personal Data, you have the right to withdraw your Consent at any time. However, the withdrawal of your Consent will not affect the lawfulness of Nectain’s processing based on Consent before your withdrawal.
8.1.3. Right to rectification – we are obliged to ensure and you have the right for the accuracy of your personal information. In order to assist us with this, you are obliged to notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your Personal Data where you believe Personal Data we have is inaccurate or incomplete.
8.1.4. Right to restriction of processing – you have the right to ask us to stop processing your Personal Data at any time.
8.1.5. Right to erasure – asking us to delete all of your Personal Data will result in Nectain deleting your Personal Data without undue delay (unless there is a legitimate and legal reason why we are unable to delete certain of your Personal Data, in which case we will inform you of this). Asking us to stop processing your Personal Data or deleting your Personal Data will likely mean that you are no longer able to use our Services.
8.1.6. Right to data portability – you have the right to request that Nectain provides you with a copy of all of your Personal Data and to transmit your Personal Data to another Data Controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so and the processing is based on Consent or contractual performance.
8.1.7. Right to complain – you have the right to lodge a complaint to our responsible person designated in our internal regulations and/or to the authorized body, all contacts for the submissions specified hereinbelow.
8.1.8. Right to object automated processing – you have the right not to be subject to a decision based solely on automated processing of your Personal Data, including profiling, which produces legal or similarly significant effects on you. There may be exceptions or limitations to this right as defined under relevant data protection laws
8.2. The Visitor can realize any of described above rights by sending request to the email address: contact@nectain.com. The Visitor request must include name, contact information, right which the Visitor wants to realize, Personal Data processed by Nectain, details and reason/justification of such request.
8.3. The Visitor may also send a request to receive the information which is been processed, amended, deleted or locked and information about any parties to which we transmit your Personal Data.
8.4. We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above, however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you a reasonable fee taking into account the administrative costs in order to process such requests or we may refuse to act on such requests. This fee shall be based on our reasonable costs if the requests are excessive, considering the nature of the request itself or nature and functionality of our Services.

9. THIRD-PARTIES’ RESOURCES OR SITES
9.1. Our Site may contain links to other sites that are not operated by us. If you click on third party links, you will be directed to that third-party’s site, which may have its own privacy policy that you have to read. We have no control over, and therefore assume no responsibility for content, privacy policies or practices of any such websites and their services.

10. COOKIES & SIMILAR TECHNOLOGIES
10.1. We also collect Cookies and similar technologies for collecting technical information, which contains unique identifiers from you. In brief words we automatically receive the web address of the site that you came from and the IP address of the computer or device that you are using to access. This information helps to understand your preferences, navigate Site efficiently, and allows to develop and improve our Services, and to manage the load on our servers.
10.2. If you prefer not to allow cookies, please use your browser settings, most browsers give you an ability to manage your cookies or provide you with “incognito mode” or similar options, which allows you not to record your visits and downloads in your browsing and download histories. In this mode any cookies created while this type of session is deleted after you close all “incognito” windows.
10.3. We may use cookies and web beacons (also known as action tags or single-pixel gifs), and other technologies to provide us with data we can use to improve your experience and to know you better.
10.4. These technologies enable us to capture how you arrived at our Site, when you return, which pages on our Site you visit, and to recognize that you are already logged on when we receive a page request from your browser (if applicable).
10.5. In any case we do not link the information we store in cookies to any personally identifiable information and use cookies only for analytical purpose and to improve the user experience.
10.6. We will never share this information with any third party. Cookies are readable only by us and do not contain any Personal Data nor do they contain account or password information. We cannot and will not gather information about other Sites you may have visited.
10.7. We may use third-party software to track and analyze usage and volume of statistical information, including page requests, form requests and click paths. The third party may use cookies to track behavior and may set cookies on our behalf.
10.8. We also use cookies related to the use of Google Analytics on our sites. Google Analytics uses first-party cookies to report on Visitor interactions. These cookies are used to collect information about how Visitors use our Site. We use the information to compile reports and to help us improve the site. You can opt out of tracking by Google Analytics by visiting: http://tools.google.com/dlpage/gaoptout?hl=en-GB. In any event, we do not link information collected through cookies with any personally identifiable information.
10.9. For more details on this, please check our Cookie Policy and check out European Commission legal requirements:
http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
These requirements demand that companies must adequately inform users and obtain their consent before setting cookies and any other technology falling within the scope of Article 5(3) of the ePrivacy directive. More about the specific regulations you can read here:
Directive 2009/136/EC (ePrivacy Directive)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32009L0136:EN:NOT
EDPS Guidelines on the protection of Personal Data processed through web services provided by EU institutions EDPS Guidelines on the protection of Personal Data processed through web services provided by EU institutions
10.10. In order to understand better how cookies work, please refer to the following:
https://ec.europa.eu/info/cookies_en

11. SECURITY
11.1. Nectain is responsible for ensuring the holding any Personal Data, that’s why we keep securely and aren’t disclosed under any conditions your Personal Data to any persons (unless those persons have been specifically authorized by Nectain to receive that information and has entered into a confidentiality agreement).
11.2. All Personal Data is accessible only to the parties that need to use it according to the Nectain’s internal documentation.

12. CHANGES TO THIS POLICY
12.1. Please note that we may amend this Policy from time to time at our sole discretion. Therefore, please check this Policy for updates. If any significant updates in regard to data processing terms are made here, we will notify you additionally within reasonable time.

13. CONFIRMATION AND CONSENT
13.1. By visiting our Site and/or using our Services you declare and confirm that you have familiarized yourself with this Policy, understood its Content and possible consequences.
13.2. By visiting our Site and/or using our Services you Consent to the processing (including collection, storing, receipt, forwarding, disclosing, making available, deleting, etc.) of your Personal Data, as described in this Policy.

14. CONTACT DETAILS
14.1. If you require any additional information or have any further questions concerning this Policy or you wish to execute any of your rights regarding your Personal Data, please contact us via
email: contact@nectain.com
mail: Nectain B.V., Amsterdam Sloterdijk Teleport Towers, Kingsfordweg 151, Amsterdam 1043 GR, the Netherlands

15. OFFICIAL COMPLAINTS
15.1. Should you feel that your rights related to Personal Data are or may be violated, and you are not satisfied with our answers, or you still have questions or complaints related to your Personal Data you may also submit an official complaint to the respective Data Protection Authority. If your complaint will fall under jurisdiction of other EU member state, respective Data Protection Authority will advise you and provide you with all necessary directions to address your complaint to a competent Data Protection Authority of such other state.

Dutch Data Protection Authority
phone: (+31) (0) 70 888 85 00
fax: (+31) – (0)70 – 888 85 01
email: info@autoriteitpersoonsgegevens.nl
mail: Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ DEN HAAG
Visiting address (only by appointment): Bezuidenhoutseweg 30, 2594 AV Den Haag

The European Data Protection Supervisor (the EU’s independent data protection authority)
Postal address: Rue Wiertz 60, B-1047 Brussels
Telephone: +32 2 283 19 00
Email: edps@edps.europa.eu
Website: www.edps.europa.eu

get in touch

Contact us to learn how your organisation can realize end-to-end process automation company-wide.

get your tailored solution

Nectain provides custom solutions tailored to the needs of your organization. From process identification, architecture and set up, through complex document management systems, to full end-to-end automation, including integration with existing systems. Nectain is the ultimate BPM and DMS solution.

    Need a support?