Effective Date: October 15, 2024
Authic Labs B.V., located at Singel 66-II, 1015 AC Amsterdam, and registered with the Chamber of Commerce under number 85539600, is committed to safeguarding your privacy. This policy outlines how we collect, use, store, and protect personal data in the context of our loyalty program services for business clients (B2B), such as those in the wellness and sports sectors.
Applicability
This privacy policy applies to all personal data collected and processed by Authic Labs B.V. (referred to as “Authic,” “we,” “us,” or “our”) in connection with the loyalty program services we provide to business clients. Our services are exclusively B2B, meaning we provide our platforms and applications to businesses that offer loyalty benefits, engagement tools and questionnaire incentives to their end-users.
Roles and Responsibilities
Controller and Processor
Contact Information
For questions regarding the processing of your personal data by the service provider using Authic’s platform, please contact the respective organization’s privacy officer. For inquiries directed to Authic, contact us at:
What Personal Data Do We Process?
Data of Business Clients
We process the following categories of personal data of our business clients:
End-user Data
On behalf of our clients, we process the following categories of end-user data:
Purposes and Legal Grounds for Processing
Processing Business Client Data
We process personal data of business clients for the following purposes:
Legal Grounds: Necessary for the performance of the agreement (Article 6(1)(b) GDPR) and our legitimate interest in effective communication and support (Article 6(1)(f) GDPR).
Processing End-user Data
As a processor, we process end-user personal data solely according to our clients' instructions for the following purposes:
Legal Grounds: Consent of the end-user (Article 6(1)(a) GDPR) or performance of an agreement (Article 6(1)(b) GDPR).
Processor Agreement
We have a processor agreement with all our business clients, outlining terms for data processing, security measures, and responsibilities under GDPR. Authic only processes data as instructed by clients and does not use this data for our purposes.
Security of Personal Data
We implement technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, and alteration, including:
Data Retention Periods
We retain personal data no longer than necessary for service delivery and legal obligations, as follows:
Sharing Personal Data with Third Parties
Sub-processors
We engage third parties as sub-processors to assist with our services, such as:
We establish processor agreements with sub-processors to ensure they adhere to our privacy and security standards.
Legal Obligations
We disclose personal data to government authorities if legally required or as part of legal proceedings.
International Data Transfer
Data is processed within the European Economic Area (EEA). If data is transferred outside the EEA, we and our sub-processors provide appropriate safeguards, such as:
Data Subject Rights
Business clients (our contracting parties) have the following rights regarding their personal data:
To exercise these rights, please contact us via the contact information in Section 2.2.
Cookies and Similar Technologies
Our platforms use cookies and similar technologies to enhance functionality and improve user experience, such as:
Changes to this Privacy Policy
This policy may be updated to reflect changes in our services or legal requirements. The latest version is available on our website. Significant changes will be communicated to clients, enabling them to inform end-users if needed.
Questions and Contact
For questions or comments about this policy, please contact us:
Complaints
If you believe we have not handled your data properly, you have the right to file a complaint with the Dutch Data Protection Authority: