PRIVACY POLICY

Authic Labs B.V.


Effective Date: October 15, 2024


Authic Labs B.V., located at Singel 66-II, 1015 AC Amsterdam, and registered with the Chamber of Commerce under number 85539600, is committed to safeguarding your privacy. This policy outlines how we collect, use, store, and protect personal data in the context of our loyalty program services for business clients (B2B), such as those in the wellness and sports sectors.

  1. Applicability

    This privacy policy applies to all personal data collected and processed by Authic Labs B.V. (referred to as “Authic,” “we,” “us,” or “our”) in connection with the loyalty program services we provide to business clients. Our services are exclusively B2B, meaning we provide our platforms and applications to businesses that offer loyalty benefits, engagement tools and questionnaire incentives to their end-users.


  2. Roles and Responsibilities

    1. Controller and Processor


      • Controller: Our business clients are the data controllers for their end-users' personal data. They determine the purpose and means of processing this data.

      • Processor: Authic acts as a data processor for end-users' personal data processed through our services. We process this data solely according to the instructions of our business clients and do not use it for our purposes.

    2. Contact Information

      For questions regarding the processing of your personal data by the service provider using Authic’s platform, please contact the respective organization’s privacy officer. For inquiries directed to Authic, contact us at:


  3. What Personal Data Do We Process?

    1. Data of Business Clients

      We process the following categories of personal data of our business clients:


      • Identification and Contact Information: Contact person’s name, company name, job title, address, phone number, email address.

      • Account Data: Account details for accessing the Authic Dashboard, profile information (such as preferences and settings).

      • Financial Data: Bank account number, billing information, payment details.

      • Communication Data: Correspondence with Authic, including emails and support requests.

    2. End-user Data

      On behalf of our clients, we process the following categories of end-user data:


      • Identification and Contact Information: First and last name, phone number, email address.

      • Loyalty and Engagement Data: Participation in loyalty programs, submission of reviews and feedback, engagement in social media actions (such as likes or shares).

      • Technical Data: IP address, browser information, device data, log files and usage statistics.

  4. Purposes and Legal Grounds for Processing

    1. Processing Business Client Data

      We process personal data of business clients for the following purposes:


      • Performance of the Agreement: Providing our services, including facilitating loyalty programs, managing reviews and tracking social media engagement.

      • Communication and Support: Maintaining contact with clients and offering technical support.

      • Billing and Administration: Processing payments and maintaining financial records.

        Legal Grounds: Necessary for the performance of the agreement (Article 6(1)(b) GDPR) and our legitimate interest in effective communication and support (Article 6(1)(f) GDPR).

    2. Processing End-user Data

      As a processor, we process end-user personal data solely according to our clients' instructions for the following purposes:


      • Loyalty Programs: Managing end-users' participation in loyalty programs.

      • Reviews and Feedback: Collecting reviews and feedback from end-users on behalf of our clients.

      • Social Media Actions: Facilitating social media engagement by end-users, such as likes and shares.

        Legal Grounds: Consent of the end-user (Article 6(1)(a) GDPR) or performance of an agreement (Article 6(1)(b) GDPR).

  5. Processor Agreement

    We have a processor agreement with all our business clients, outlining terms for data processing, security measures, and responsibilities under GDPR. Authic only processes data as instructed by clients and does not use this data for our purposes.

  6. Security of Personal Data

    We implement technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, and alteration, including:


  7. Data Retention Periods

    We retain personal data no longer than necessary for service delivery and legal obligations, as follows:


  8. Sharing Personal Data with Third Parties

    1. Sub-processors

      We engage third parties as sub-processors to assist with our services, such as:


      • Hosting and Cloud Providers: For data storage and management.

      • Payment Processors: For handling payments.

      • Analytics and Marketing Tools: For analyzing user behavior and performing marketing activities.

        We establish processor agreements with sub-processors to ensure they adhere to our privacy and security standards.

    2. Legal Obligations

      We disclose personal data to government authorities if legally required or as part of legal proceedings.

  9. International Data Transfer

    Data is processed within the European Economic Area (EEA). If data is transferred outside the EEA, we and our sub-processors provide appropriate safeguards, such as:

  10. Data Subject Rights

    Business clients (our contracting parties) have the following rights regarding their personal data:


    To exercise these rights, please contact us via the contact information in Section 2.2.

  11. Cookies and Similar Technologies

    Our platforms use cookies and similar technologies to enhance functionality and improve user experience, such as:

  12. Changes to this Privacy Policy

    This policy may be updated to reflect changes in our services or legal requirements. The latest version is available on our website. Significant changes will be communicated to clients, enabling them to inform end-users if needed.

  13. Questions and Contact

    For questions or comments about this policy, please contact us:


  14. Complaints

If you believe we have not handled your data properly, you have the right to file a complaint with the Dutch Data Protection Authority: