Privacystatement re: Digibeetle’s Website and App

version 1.2, 1 January 2025 (previous version, compare previous and this version)

  • Applies from 16 December 2024 to new case-law newsletter subscribers and trial users.
  • Applies from 1 January 2025 to everyone.

Our identity and contact details

Who is the controller Digibeetle?

  • We are “Digibeetle”, a company established as a general partnership under Dutch law with its principal place of business in Amsterdam, The Netherlands (Poortland 66, 1046 BD) and registered with the Dutch Chamber of Commerce under no. 90142306;
  • We are the creators of the Digibeetle App (available at https://app.digibeetle.eu) as well as our Digibeetle Website (available at https://www.digibeetle.eu). We act as the controller regarding the processing of your personal data when you visit or use either the Digibeetle App, Website or newsletter.
  • You, the data subject, are a professional or student active or with an interested in the (legal) fields of AI, data, digital and/or privacy. This privacy statement governs our processing activities related to your data, regarding the use of the Digibeetle App and Website as well as our newsletter.
  • Read this statement to learn how we process your data if you use our App, Website or newsletter.
  • You can contact us with questions about this privacy statement or if you want to enact your rights, by sending an email to: joost@digibeetle.eu

Processing purposes and legal basis

Why do we use your data?

  • The data we process are collected from you. These data are: (1) login credentials (your email address + password), (2) billing information (your first and last name, your organisation’s name where applicable, billing address, postal code, city and country), (3) the IP-address of the computer you use to access either the Digibeetle App or Website, (4) other information provided by you.
  1. Your login credentials are used to ensure access to the Digibeetle App in a secure manner. Your email address will be used as part of our newsletter. For more info about this, please go to “Newsletter”.
  2. Your billing information is used to send you an invoice if you are a customer (in other words: a paying user). 
  3. Your IP-address is used for security purposes. It helps us to detect and retrace malicious access to the Digibeetle App. For instance, it enables us to detect attacks on our Website and App and helps us to verify whether or not login credentials are illegally shared with others.
  4. Other information about yourself, provided by you. For example your name and occupational status. This information help us to tailor our services to you and allows us to gain insight into our user base.

Legal basis: our contract and legitimate interests

  • The login credentials and billing information (points 1 and 2 above) are necessary to provide our service, the Digibeetle App, to you. Without these data, it is impossible to do this. This processing is thus necessary to enter into a contract with us based on our Terms and Conditions. Regarding the use of your email address in the context of mailings, please go to “Newsletter” for more information.
  • Professional information about you and your organisation (e.g. organisation size and country, your profession). This information is needed to send you a quotation for our services, and/or to provide you the most relevant overview of cases and documents in the overview (‘dashboard’). For instance, a dashboard specifically for DPO’s who work in finance. Therefore, this information is needed to provide you with our service and/or to enter into an agreement with you or your organisation based on our quotation.
  • The IP-address (point 3 above) is used, based on our legitimate interests. Let us explain:
  1. We pursue legitimate interests, namely the security and continued proper functioning of our Website and App including the improvement of the Website and App,
  2. It is necessary to process IP-addresses because we need to identify the computer accessing our Website and App with sufficient precision in order to be able to effectively and quickly detect and trace malicious use of our Website and App – this cannot be done based on other data such as your name;
  3. Your (data protection) rights and interests do not take precedence, because the proper functioning of our Website and App safeguards the integrity of your account and computer as well as those of other users. If we don’t do this, everyone’s access to the Website and App will be at stake and the risks for unlawful data breaches increase. In addition, you benefit from these processing activities because it ensures a continuous and seamless use of the Website and App.
  • The IP-address is also used to periodically verify login credentials sharing, in breach of our Terms and Conditions. This check is part of our contract, in which you agreed to refrain from sharing login credentials with others.
  • We do not use personal data for analytical (statistical) purposes, thanks to our Simple Analytics configuration. In addition, you can provide us – either because of a quotation request and/or on a voluntary basis – information about yourself.
    • For instance, information about your profession or sector. Such data may then be aggregated, which allows us to gain insight into our user base. Those data could also be used to send mailings — tailor-made to certain segments (e.g. lawyers working in finance) — to you (if you are part of the target audience) in order to keep you updated on Digibeetle related matters.
    • Your occupational status information can be provided and processed, so we can learn which type of license is the most suitable for you (e.g. solo, team or enterprise). Please note that we can infer information based on your email address, such as country (based on country domain suffix such as @.nl) or type of professional sector (e.g. @jpmchase.com refers to the banking sector).
    • We can use your name to properly say hello to you in our mailings and to easily connect on LinkedIn.

No automated decision-making

We do not perform automated decision-making, including profiling, as referred to in Article 22(1) GDPR and 22(4) GDPR

Recipients of your data

  • Recipients of your data are companies who act as our processors:
  1. Asana, Inc.: Asana is a U.S. based ISO 27001/27017/27018 and 27701 certified company that allows us to organize our work. For example, to articulate tasks that can be assigned to each other. This is relevant when we name an individual user as part of a support task, which occasionally happens. Asana is committed to privacy and data protection (learn more).
  2. Combell NV: Combell is a Belgian company that hosts the Digibeetle Website and App, including your data consisting of your login credentials, billing information and IP address. Combell NV is ISO 9001 and 27001 certified and has a good track-record when it comes to data security (learn more).
  3. Moneybird B.V.: Moneybird is a Dutch ISO 27001 certified company that handles our financial administration. Moneybird receives the billing information you provided to us. Moneybird also handles invoicing and payments, in cooperation with the Dutch payment processing company Adyen NV (learn more about Adyen’s privacy policy). 
  4. Crisp IM SAS: Crisp is the French provider of our chat feature. You can learn about their privacy statement here, and their security and GDPR compliance. The Crisp core infrastructure which contains the user data is hosted in Amsterdam, The Netherlands. We configured Crisp to only process data you provide to us and, if you are logged-in, your user information (user email address, login name, first and last name if provided and user role).
  5. Slack Technologies, LLC: Slack is a U.S. based SOC and ISO certified communication tool we use to work with each other. This is relevant when we name an individual user as part of our work, which occasionally happens. You can learn about Slack’s security policy, privacy FAQ and GDPR commitment. Its parent company, Salesforce, is a participant in the Data Privacy Framework Program.
  6. ActiveCampaign, LLC: ActiveCampaign is a U.S. based email marketing and marketing automation service. It is a participant of the Data Privacy Framework Program. You can learn about how they comply with the GDPR here. For European based users, ActiveCampaign processes the data in the EU as much as possible (see here, here and here). We use ActiveCampaign, LLC to send our mailings. Technically, ActiveCampaign uses another party to do this, called Nylas which is based in the U.S. Nylas also participates in the Data Privacy Framework Program. Learn about their privacy policy here.
  7. Google Cloud EMEA Ltd.: We use Google Workspace (formerly G Suite), offered by Google Cloud EMEA in Ireland, to host our business documents and email communications. We think this is a good service, especially since Google Space successfully passed a rigorous DPIA performed by the Dutch government. In addition, the parent company Google LLC is a participant of the Data Privacy Framework Program.
  • The above-mentioned processors act on our instructions based on data processor agreements we have with them. We also activated multi-factor authentication for added protection.
  • Regarding the U.S. processors or processors with a U.S. parent company, we configured the data storage to European servers where possible. Any data transfers to the U.S. are based on the Data Privacy Framework Program. If that Program ceases to exist, we will try to find other suitable legal foundations for data transfers such as the use of Standard Contractual Clauses (SCC’s) and inform you accordingly.

Data retention

How long and why do we store your data?

  • Your login credentials associated with your account are stored for the duration of your license or trial period, and 12 (twelve) months after the end of the license or trial period. The 12-month period is needed if you want to reactivate your account. Why twelve months? Because we’ve experienced that within this time frame people want to come back to us, for example as a customer or, in specific cases, with the wish a retry of their trial period. After the 12-month period, the login credentials are permanently deleted. This retention period also applies to your IP-address and your personal data which can be part of a support ticket.
  • Your billing information is stored for a maximum of 7 (seven) years. This is because we have to comply with Dutch tax laws and regulations.
  • Regarding the mailings you receive as a customer or customer-to-be, your email address used in relation to the mailings you receive, will be stored and used until you opt-out of the mailings (newsletters). You can do this by clicking unsubscribe in the email you’ve received from us.
  • Regarding the case-law newsletter mailing list, your email address and additional information will be permanently deleted after 7 days of unsubscribing.
  • We reserve the right to unsubscribe you from our mailing lists, and consequently delete the data associated with your subscription. For example, if you have never clicked a link in a newsletter email in a time frame of 6 months, we will consider you as an inactive user that does not want our mailings anymore.
  • Your IP-address will be stored for 60 days as part of our security logs.
  • If you fill-in information in our forms available via our pricing page or elsewhere, we store the information as long as this is necessary to conclude a license agreement with you. If we don’t come to an agreement, we delete the information. If you didn’t complete a form, we may contact you to offer our assistance.

Your rights

  • You have several rights based on the GDPR. Relevant are:
  1. the right to request access to and rectification (or erasure) of your personal data, or 
  2. restriction of processing concerning you as a data subject, or 
  3. to object to processing, as well as 
  4. the right to data portability regarding the data you have provided to us;
  • If you want to send us a request based on these rights, just send us an email: joost@digibeetle.eu
  • You also have a right to lodge a complaint with a supervisory authority. In The Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Newsletter

  • We use ActiveCampaign (‘AC’) to send out email messages. It is used in two ways:
  • First, we use it to send the newsletter about case-law and information regarding our services. Everyone can join this newsletter, including non-customers. We ask for professional information about you and your organisation (e.g. your name and occupational status) to gain insight into the composition of our user base, and this enables us to send us tailor-made emails about our services (e.g. to lawyers). We use your name to properly say hello to you in our mailings and to easily connect on LinkedIn.
  • Your consent: By clicking “submit” you give your consent for the above-mentioned processing activity.
  • If you don’t want this processing of your data, please don’t sign-up for the newsletter. Or, if you regret signing up, unsubscribe and your information will be deleted based on our data retention policy.
  • FYI: AC has link tracking switched on. Learn here what that means.

How we apply AC to customers-to-be and customers

  • Second, we send other types of email messages to our customers or customers-to-be (‘trial users’):
    • If you register as a trial or paying user of the Digibeetle App, your email address will be automatically added to our trial-user and customer mailing list. Once your email address is on this mailing list, you can receive updates on Digibeetle’s new features, promotions, etc. We will also ask your opinion about our services and remind you of your trial period and cancellation rights if you are a customer.
    • Based on the Dutch Telecommunications Act, we do not ask for consent for these email messages because you are our customer or customer-to-be. This is also true regarding our weekly updates and other mailings related to our App, which form an integral part of our service. However, you can always unsubscribe from these mailings. For example, if it clutters your email inbox.
      • Tip to avoid cluttered inboxes: direct our mailings to a dedicated Digibeetle folder in your email client using automation rules.
    • You cannot unsubscribe from important service messages sent by us. For example, messages regarding scheduled maintenance, your cancellation rights or other important (technical or legal) messages related to our App such as information about a change in our privacy statement or terms and conditions. In other cases you can use the unsubscribe link in the footer of each email, or adjust your preferences in the preference center.

LinkedIn

  • We are active on Linkedin and would like to let you join our community over there. We post about Digibeetle related topics, such as new case-law, documents from supervisory authorities and interesting statistics.
  • If you sign-up for the Digibeetle App or the case-law newsletter, or otherwise interact with us (e.g. with Digibeetle’s CEO or personnel), you understand that we would like to add you to our LinkedIn connections. For example, based on your professional email address if this signals your name and organisation. You can always decline the connection request or use information that does not reveal your real name.

Insight of clicked links in emails

  • We use ActiveCampaign, which has email link tracking switched on by default. This gives us insight into which links are being clicked, the number of times those links are clicked and who clicked links.
  • This is necessary for us, for example, to gain insight in who is interested in our services, and allows us to draw conclusions regarding the success of certain email campaigns. It also necessary for us to track the clicked links in order to assess user engagement. Inactive users will be deleted from mailing lists based on our data retention policy.
  • These insights are needed to sustain a viable business. For example, without these insights, we cannot optimize our content with the aim to tempt subscribers to be come customers in a cost-efficient manner. It also a way for us to stay avoid inactive users as much as possible.
  • Your consent: By clicking “submit” you give your consent for the above-mentioned link tracking activity.

How we apply AC to customers-to-be and customers

  • Regarding our customers-to-be and customers, applying our knowledge about who did (or didn’t) click a certain link is an essential part to efficiently providing our App to you.
  • Our customers-to-be and customers expect to receive optimized mailings, which is possible thanks to link tracking.
  • Without link tracking switched on, we cannot see who received an important message regarding our service, for instance regarding platform updates. It would also hinder us in gaining insight who tried to buy a license, but failed, and needs our assistance. In addition, we couldn’t effectively tailor the App to the needs of the users if we don’t know which topics are popular based on clicks. This is all detrimental to the user and his/her use of the App. Reasons why it’s necessary to optimally provide our services, as expected by the user.
  • For the few people who don’t want such tracking: please don’t use our App or click links in emails, and unsubscribe where possible.

Cookies or similar technologies

  • We don’t use cookies or similar technologies, other than the automatic retrieval of your IP-address (learn more about the use of your IP-address) and as a means to facilitate your inlog procedure and App usage. These activities are necessary for the proper functioning of our services, and are allowed without your consent according to the Dutch Telecommunications Act.