Version January 2023
This document contains information about our policies regarding the collection, use and disclosure of personal information that we obtain through our platform. By using our services, you agree to the collection and use of information in accordance with this policy.
About ESOP Alliance
The company is responsible for processing your personal data in conformity with the General Data Protection Regulation. Company is located at Kattenburgerstraat 5, 1018JA Amsterdam, The Netherlands. The Data Protection Officer is Floris van Hoogenhuyze and he can be reached at email@example.com.
Purposes and Legal Grounds
The way we process and collect data through our platform is in conformity with the GDPR. The General Data Protection Regulation (EU) 2016/679 is an EU regulation on data protection and privacy for all individuals within the European Union with the aim to provide more transparency and control to European citizens over their personal information.
The following measurements have been implemented to comply with the GDPR.
- Responsibility for data security: We take the responsibility for the data security very serious. Our business model is built on a being a trustful partner for all stakeholders. We have implemented an Information Security Management System according to the ISO27001 standards to ensure the security and privacy.
- Data protection by design & default: Privacy and data protection principles are safeguarded by implementing technical and organisational measures from the design stage to the deployment of our platform.
- Transparency: We believe in the importance of being transparent with our data flow organization as well as to how access to data is structured.
- Data Protection Officer: We have appointed a Data Protection Officer who is a first point of contact in case of any concerns or questions related to our personal data policies or practices.
- Data Process Agreements (DPA): We hold a DPA with all our customers; the measurements within the DPA comply with the GDPR.
- Privacy Statement: We hold a Privacy Statement with all users of our platform describing all GDPR rights.
- Duty to report Data Breaches: We hold a data breach procedure which included the GDPR rules of communicating data breaches.
Type of Data Collected
The types of data collected through our platform are:
- Log Data: We collect information that your browser sends whenever you visit our platform. This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages and other statistics.
- Personal data: We collect personal data required to create the user account for the We.Vestr Dashboard. Personal data is defined as any information which are related to an identified or identifiable natural person.
Storage, Retention and Deletion
Records of the personal data collected are processed by ESOP Alliance.
Personal data is retained for as long as it is required to fulfil the agreements with our customers, for our business operations or for a maximum of the statutory storage periods applicable to us.
Cookies are files with small amount of data, which may include an anonymous unique identifier. We use functional cookies that are essential for optimising the users’ navigation on the platform. These cookies also support the website security and basic functionality. For more information regarding the cookies we use can be found in our Cookies Policy.
Data to Third Parties
We do not transfer your personal data to third parties unless it is mandatory by law or a court order, in order to protect the rights of the parties involved in the performance of the agreement or if you give your consent to do so.
For more information on how we secure and give access to our data, treat and prevent incidents you can request a copy of our Security Policy.
View, Modify or Delete Data
You have the right to view, correct or delete your personal data. You can do this via the personal settings of your account. Next to that, you also have the right to withdraw your consent to the data processing or to object to the processing of your personal data by our company. You can request a record of your personal data that our company has stored by contacting us at email address firstname.lastname@example.org.
Filing a Complaint
Users may file a complaint with our Data Protection officer via email email@example.com. In case you may have a serious concern regarding data privacy, you may always contact "Autoriteit Persoonsgegevens" (https://autoriteitpersoonsgegevens.nl), or the Data Privacy Agency/Authority of your respective country.