Privacy Statement – Website

Introduction

GroundControl and/or Startup Studio NEXT B.V. (hereinafter together also referred to as “GroundControl”, “we” or “our”) values your privacy as website visitor as well as our (potential) customer (hereinafter also referred to as “you” or “your”). GroundControl processes personal data as Controller within the meaning of the GDPR. This privacy statement explains the collection and processing of personal data by GroundControl in accordance with the GDPR.

In specific, the following subjects will be covered within this privacy statement:

  1. Which personal data is collected and how it is collected;
  2. The purposes of the processing of this personal data;
  3. The retention period of this data;
  4. Sharing your data with third parties;
  5. The security of the processing of your personal data;
  6. The rights you have as a data subject and the exercising of these rights;
  7. The use of cookies; and
  8. Our contact details for your privacy-related questions.

This privacy statement can be updated regularly. If any material changes will occur to the privacy statement, data subjects will be clearly notified via this website. We do however encourage you to read our privacy statement regularly and keep yourself informed of our practices. The latest adjustments have been made on 24 August 2020.

Personal data

When visiting the website or making use of the contact form on the website personal information could be collected. Personal data means any information relating to an identified or identifiable natural person (‘data subject’). The following (personal) data can be processed by GroundControl:

  • Basic information (e.g. name and surname, function, country, company name);
  • Contact details (e.g. e-mail address, telephone number);
  • Avatar image (when uploaded by the user on the website);
  • Information relating to your device (IP-address);
  • Information regarding the use of our website (e.g. language preferences);
  • Any other information provided by you to GroundControl, e.g. by our contact form or via e-mail.

The source of the personal data, or where the personal data is originated from, will always be the data subject itself. GroundControl’s website only collects personal data that is clearly and voluntarily provided by the data subject itself, for example via the contact form or when the data subject requests a demo of the GroundControl software as a service. No sensitive personal data of website visitors is collected.

Purposes

GroundControl can use your personal data for the following purposes:

  • To provide you with the requested service;
  • To let you be able to create an account on our website;
  • To get in contact with (potential) interested customers;
  • To comply with all legal obligations regarding the collection of personal data;
  • For communication and marketing activities, such as newsletters, where you can opt-out from at any time;
  • For generating the statistics regarding the use of the website and to improve the browsing experience.

In order to be allowed to process your personal data, there must be a legitimate basis for doing so as set out in the GDPR. In the case of GroundControl this legitimate basis will be – depending on the type of personal data concerned – consent, performance of an agreement, a legal obligation, or a legitimate interest.

An example of a situation in which you give your consent is by filling in the contact form on the website giving your contact information. An example of a situation when the process is needed for the purposes of fulfilling an agreement is when you make use of the GroundControl SaaS. 

Retention period

Your personal information will be retained for as long as is necessary to carry out the purposes set out in this privacy statement. We retain personal information no longer than necessary to comply with legal obligations, but we are required by law to keep some data for a certain period of time. 

For example, this means that we will keep your personal data for as long as you are subscribed to the newsletter and also open it. We regularly clean our databases and remove unnecessary personal data. 

Sharing your data 

The starting point is that your personal data is only used by GroundControl. However, GroundControl shares (personal) information with third parties, including but not limited to:

  • GroundControl’s other entity, NEXT Amsterdam;
  • Government agencies in case of a legal obligation to do so;
  • Third-party services who process data on behalf of GroundControl (for example to research and analyze the use of the website and distribute newsletters) and hosting and managing services. GroundControl shares personal data with third parties to support the performance of its duties. 
    When using these external services we enter into agreements that require them to implement appropriate technical and organizational measures to ensure the protection of your personal data. Please note that certain services may be located outside of Europe;
  • To any third party where you have provided your consent.

All transfers are done in accordance with the purposes of this privacy statement. GroundControl will strive to process your data solely within the European Union (‘EU’) by saving your data on a server located in the EU wherever possible. When we do transfer your personal data to recipients in other countries, we take the requisite measures to provide a suitable level of protection to ensure that your personal data is secure.

Security of processing

GroundControl has taken appropriate technical and organizational measures to secure personal data and to prevent loss or unlawful processing of personal data, including but not limited to:

  • Restricting access to personal data within the company to necessary employees;
  • Regularly controlling log files;
  • Access control, e.g. use of passwords and possibly two-factor-authentication;
  • Encryption in transit and rest;
  • Anonymization of data;
  • Purpose-bound access limitations.

Rights of the data subject

  1. Right of access: you have the right to request access to the information we have about you. 
  2. Right to rectification: if you believe that the information we have about you is incorrect, you have the right to request a rectification or improvement of this information. 
  3. Right to erasure: you have the right to request erasure of your personal information. If we can comply with this request depends amongst others on the existence of legal obligations to maintain certain information. You also have the right to object to certain data processing operations.
  4. Right to data portability: you have the right to request an electronic copy of your personal data in a machine-readable format.
  5. Right to withdraw from consent: you have the right to withdraw the permission that you have granted or for example object to receiving messages (for example by filling in our contact form) for the collection of your personal data. If you no longer wish to receive email messages or any other electronic messages from us, then you can deregister for these by clicking on the unsubscribe button in an email message received from us. You can also deregister by contacting us. 

You can contact us with these requests and we will respond in a timely manner applicable with the GDPR. If you are unsatisfied with the reply received from us, you have the right to refer your complaint to the data protection authority.

Cookies

By using the website of GroundControl, certain data is automatically collected from  website visitors’ device or web browser. GroundControl only uses functional and analytic cookies, which can be placed without previous consent. These cookies are used to track the usage of our website and to understand preferences of website visitors such as language preferences. GroundControl does, by placing this cookies, not have access to personal data, but only to anonymous information. In this way, our services are best delivered to individuals interested in GroundControl. GroundControl does not use tracking or advertising cookies. 

A list of the cookies that GroundControl uses can be found below.

Type of cookieFunction
__cfduidCookie associated with sites using CloudFlare, used to speed up page load times. According to CloudFlare it is used to override any security restrictions based on the IP address the visitor is coming from. It does not contain any user identification information.
_gaThis cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
_gatThis cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.
_gidThis cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited.
pll_languageThis cookie name is associated with the Polylang plug-in for WordPress powered websites. it stores a language preference for the visitor to support multi-lingual websites. When set as a persistent cookie, or with the default lifespan of 1 year, it has to e considered Functional rather than strictly necessary.

For more information about cookies, visit http://www.allaboutcookies.org

Contact details

All questions or complaints regarding privacy can be sent to the following address:

GroundControl and/or Startup Studio NEXT B.V.
att. privacy department
Postjesweg 1 – 3.20
1057 DT AMSTERDAM

Or via e-mail to: privacy@togroundcontrol.com

We will be happy to help!