Privacy policy

1. General

1.1 Guardey B.V. (hereinafter: Guardey) attaches great importance to the protection of your personal data. In this Privacy Policy, we provide information about the way in which we handle personal data.

1.2 Guardey adheres to applicable privacy legislation in all cases, including the General Data Protection Regulation (GDPR). This means that we in any case:

• Process your personal data in accordance with the purpose for which it was provided; these goals and types of personal data are described in this Privacy Policy;
• Limit the processing of your personal data to only those data that are minimally necessary for the purposes for which they are processed;
• Ask for your explicit permission if we need it for the processing of your personal data;
• Have taken appropriate technical and organizational measures to ensure that your personal data is secured;
• Do not pass on personal data to other parties, unless this is necessary for the implementation of the purposes for which they were provided;
• Point out to you the rights you have with regard to the processing of your personal data.

2. Which personal data do we process?

2.1 We process the personal data that you have provided to us, for example in the context of the delivery of products and/or services to you or obtained by us because you have used our website, completed a contact form, or registered for our newsletter.

2.2 The personal data that we process about you may be the following:

2.2.1 Organization Details:

• Organization name
• Organization billing details
• Custom content for challenges/micro training

2.2.2 User Information:

• Users’ email addresses
• Users’ first and last names
• Preferred language
• Gamification progress
• Group affiliation

2.2.3 Information Collected When Connecting via AzureAD:

• Azure AD group external ID
• Azure AD group name
• Azure AD user external ID

2.2.4 Session-Based Information (Stored for Limited Time):

• Technical Data:
  • Browser information (for debug logs and cookies)
  • IP address (for debug logs and cookies)
  • Operating system information (for debug logs and cookies)

2.2.5 Other Data:

• Cookies and Tracking:
  • Other cookie data (for session management and preferences)
  • Email performance data (e.g., open rates, click rates)

4. Purposes of use

4.1 We use your personal data for a number of different purposes. These are the following:

4.1.1 Execution of an agreement:

• If you conclude an agreement with us, we ask for your contact details. This data can also be used for invoicing.

4.1.2 Maintaining contact with you:

• Your contact details are maintained in our customer system and can be used for, among other things, sending newsletters, updates, invitations to events and seminars, and sending information that you have requested from us.

4.1.3 Improving our product and service information and carrying out targeted marketing campaigns:

• We are happy to provide you with relevant information. For this purpose, we analyze the following data:
  • Interaction data: Personal data obtained from contact between Guardey and you, for example via our website.
  • Behavioral data: Personal data that Guardey processes about your behavior, such as your preferences, opinions, wishes, and needs. We can derive this data, for example, from your surfing behavior on our website, from reading our newsletters, or because you have requested information. See also “Use of cookies”.

4.1.4 Analyzing the use of our website:

• The user statistics of the website enable us to get an idea of, among other things, the numbers of visitors, the duration of the visit, and which pages of the website are viewed. It concerns the collection of generic data, without information about persons. We use the information obtained to improve our website.

5. Legal basis of the processing

5.1 We only process personal data if there is a legal basis for this. The legal grounds on which we process personal data are:

• Consent
• On the basis of an agreement or in the run-up to the conclusion of an agreement
• A legitimate interest

5.2 Consent:

• If we have asked you for permission to process your personal data and you have granted this permission, you always have the right to withdraw this permission.

5.3 Agreement or in the run-up to the conclusion of an agreement:

• If you have concluded an agreement with us, we will process personal data if and insofar as this is necessary for the execution of the assignment.

5.4 Legitimate interest:

• We may also process personal data if we have a legitimate interest and thus do not disproportionately infringe on your privacy. For example, we use your contact details to invite you to relevant meetings.

6. Third parties (processors) engaged by us

6.1 We can engage service providers (processors) for the processing of your personal data, who process personal data exclusively on our behalf. We conclude a processing agreement with these processors. This processing agreement states, among other things, that the processors only act on our instructions and may not use the personal data for their own purposes.

6.2 For detailed information about our sub-processors and the processing agreements, please refer to our Data Processing Agreement (DPA).

7. Provision of personal data to third parties outside the EU

7.1 In the context of our services, it may be necessary to share personal data with parties located outside the European Economic Area (EEA). These parties guarantee an appropriate level of security of personal data. In our contractual relationship with these processors, we use model contracts approved by the European Commission (Decision 2010/87/EU) as appropriate precautions.

7.2 Your personal data will not be shared with third parties for commercial purposes.

8. Security Measures

8.1 We have taken appropriate technical and organizational measures to ensure that your personal data is secured. Details of these measures can be found in our Security Policy.

9. Your rights

9.1 Every person can exercise certain rights on the basis of the law with regard to his or her personal data. You have the right to inspect, rectify, and delete personal data. You can also object to the use of your data or ask to limit this use. In certain cases, you can even request your data and take it with you to another party. For all these questions, please contact us via our telephone number or [email protected].

10. Retention periods

10.1 We keep your personal data for as long as necessary for the purpose for which we obtained the data, unless a statutory retention period applies.

10.2 If we process your personal data on the basis of your consent, we will delete your personal data as soon as reasonably possible at your request.

11. Complaints?

11.1 If you have complaints about how we handle your personal data, you can contact us by sending an email to [email protected] or by calling us. We are happy to help you find a solution. If that does not work, you can always contact the Dutch Data Protection Authority.

12. Updates to this Privacy Policy

12.1 This Privacy Policy may be updated periodically to reflect changes in our practices or relevant laws. We will notify you of any significant changes by posting the new policy on our website and indicating the date of the latest revision. Please check back frequently to see any updates or changes to our Privacy Policy.