PRIVACY POLICY

Authic Labs B.V.

Effective Date: October 15, 2024

Authic Labs B.V., located at Singel 66-II, 1015 AC Amsterdam, and registered with the Chamber of Commerce under number 85539600, is committed to safeguarding your privacy. This policy outlines how we collect, use, store, and protect personal data in the context of our loyalty program services for business clients (B2B), such as those in the wellness and sports sectors.

Applicability
This privacy policy applies to all personal data collected and processed by Authic Labs B.V. (referred to as “Authic,” “we,” “us,” or “our”) in connection with the loyalty program services we provide to business clients. Our services are exclusively B2B, meaning we provide our platforms and applications to businesses that offer loyalty benefits, engagement tools and questionnaire incentives to their end-users.
Roles and Responsibilities
1. Controller and Processor
  - Controller: Our business clients are the data controllers for their end-users' personal data. They determine the purpose and means of processing this data.
  - Processor: Authic acts as a data processor for end-users' personal data processed through our services. We process this data solely according to the instructions of our business clients and do not use it for our purposes.
2. Contact Information
  For questions regarding the processing of your personal data by the service provider using Authic’s platform, please contact the respective organization’s privacy officer. For inquiries directed to Authic, contact us at:
  - Email: [email protected]
  - Address: Singel 66-II, 1015 AC Amsterdam
What Personal Data Do We Process?
1. Data of Business Clients
  We process the following categories of personal data of our business clients:
  - Identification and Contact Information: Contact person’s name, company name, job title, address, phone number, email address.
  - Account Data: Account details for accessing the Authic Dashboard, profile information (such as preferences and settings).
  - Financial Data: Bank account number, billing information, payment details.
  - Communication Data: Correspondence with Authic, including emails and support requests.
2. End-user Data
  On behalf of our clients, we process the following categories of end-user data:
  - Identification and Contact Information: First and last name, phone number, email address.
  - Loyalty and Engagement Data: Participation in loyalty programs, submission of reviews and feedback, engagement in social media actions (such as likes or shares).
  - Technical Data: IP address, browser information, device data, log files and usage statistics.
Purposes and Legal Grounds for Processing
1. Processing Business Client Data
  We process personal data of business clients for the following purposes:
  - Performance of the Agreement: Providing our services, including facilitating loyalty programs, managing reviews and tracking social media engagement.
  - Communication and Support: Maintaining contact with clients and offering technical support.
  - Billing and Administration: Processing payments and maintaining financial records.
    Legal Grounds: Necessary for the performance of the agreement (Article 6(1)(b) GDPR) and our legitimate interest in effective communication and support (Article 6(1)(f) GDPR).
2. Processing End-user Data
  As a processor, we process end-user personal data solely according to our clients' instructions for the following purposes:
  - Loyalty Programs: Managing end-users' participation in loyalty programs.
  - Reviews and Feedback: Collecting reviews and feedback from end-users on behalf of our clients.
  - Social Media Actions: Facilitating social media engagement by end-users, such as likes and shares.
    Legal Grounds: Consent of the end-user (Article 6(1)(a) GDPR) or performance of an agreement (Article 6(1)(b) GDPR).
Processor Agreement
We have a processor agreement with all our business clients, outlining terms for data processing, security measures, and responsibilities under GDPR. Authic only processes data as instructed by clients and does not use this data for our purposes.
Security of Personal Data
We implement technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, and alteration, including:
- Access Control: Restricting data access to authorized personnel only.
- Encryption: Encrypting data during transmission and storage as needed.
- Network Security: Securing our networks with firewalls and secure servers.
- Monitoring and Logging: Actively monitoring systems to detect unauthorized access and managing log files.
- Regular Audits and Updates: Conducting regular security audits and updates.
Data Retention Periods
We retain personal data no longer than necessary for service delivery and legal obligations, as follows:
- Business Client Data: Up to two years after the Agreement ends, unless legally required to retain it longer.
- End-user Loyalty and Engagement Data: Up to two years after the last interaction, unless longer retention is required by law.
- Financial Data: Retained for seven years in compliance with tax obligations.
Sharing Personal Data with Third Parties
1. Sub-processors
  We engage third parties as sub-processors to assist with our services, such as:
  - Hosting and Cloud Providers: For data storage and management.
  - Payment Processors: For handling payments.
  - Analytics and Marketing Tools: For analyzing user behavior and performing marketing activities.
    We establish processor agreements with sub-processors to ensure they adhere to our privacy and security standards.
2. Legal Obligations
  We disclose personal data to government authorities if legally required or as part of legal proceedings.
International Data Transfer
Data is processed within the European Economic Area (EEA). If data is transferred outside the EEA, we and our sub-processors provide appropriate safeguards, such as:
- Adequacy Decisions: Transfer to countries deemed adequate by the European Commission.
- Model Contract Clauses: Using EU-approved standard contractual clauses.
Data Subject Rights
Business clients (our contracting parties) have the following rights regarding their personal data:
- Right to Access: Know which data we process.
- Right to Rectification: Correct inaccurate data.
- Right to Erasure: Delete personal data if no legal requirement mandates retention.
- Right to Restriction: Restrict data processing.
- Right to Data Portability: Receive data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interest.
- Right to Withdraw Consent: Withdraw consent for processing if it was the legal basis.
To exercise these rights, please contact us via the contact information in Section 2.2.
Cookies and Similar Technologies
Our platforms use cookies and similar technologies to enhance functionality and improve user experience, such as:
- Functional Cookies: Necessary for service functionality (e.g., login retention).
- Analytical Cookies: Gathering usage statistics to understand user behavior and improve services.
Changes to this Privacy Policy
This policy may be updated to reflect changes in our services or legal requirements. The latest version is available on our website. Significant changes will be communicated to clients, enabling them to inform end-users if needed.
Questions and Contact
For questions or comments about this policy, please contact us:
- Email: [email protected]
- Address: Singel 66-II, 1015 AC Amsterdam
Complaints

If you believe we have not handled your data properly, you have the right to file a complaint with the Dutch Data Protection Authority:

Website: www.autoriteitpersoonsgegevens.nl
Phone: 088 - 1805 250

PRIVACY POLICY

Authic Labs B.V.

Controller: Our business clients are the data controllers for their end-users' personal data. They determine the purpose and means of processing this data.

Processor: Authic acts as a data processor for end-users' personal data processed through our services. We process this data solely according to the instructions of our business clients and do not use it for our purposes.

Email: [email protected]

Address: Singel 66-II, 1015 AC Amsterdam

Identification and Contact Information: Contact person’s name, company name, job title, address, phone number, email address.

Account Data: Account details for accessing the Authic Dashboard, profile information (such as preferences and settings).

Financial Data: Bank account number, billing information, payment details.

Communication Data: Correspondence with Authic, including emails and support requests.

Identification and Contact Information: First and last name, phone number, email address.

Loyalty and Engagement Data: Participation in loyalty programs, submission of reviews and feedback, engagement in social media actions (such as likes or shares).

Technical Data: IP address, browser information, device data, log files and usage statistics.

Performance of the Agreement: Providing our services, including facilitating loyalty programs, managing reviews and tracking social media engagement.

Communication and Support: Maintaining contact with clients and offering technical support.

Billing and Administration: Processing payments and maintaining financial records.

Loyalty Programs: Managing end-users' participation in loyalty programs.

Reviews and Feedback: Collecting reviews and feedback from end-users on behalf of our clients.

Social Media Actions: Facilitating social media engagement by end-users, such as likes and shares.

Access Control: Restricting data access to authorized personnel only.

Encryption: Encrypting data during transmission and storage as needed.

Network Security: Securing our networks with firewalls and secure servers.

Monitoring and Logging: Actively monitoring systems to detect unauthorized access and managing log files.

Regular Audits and Updates: Conducting regular security audits and updates.

Business Client Data: Up to two years after the Agreement ends, unless legally required to retain it longer.

End-user Loyalty and Engagement Data: Up to two years after the last interaction, unless longer retention is required by law.

Financial Data: Retained for seven years in compliance with tax obligations.

Hosting and Cloud Providers: For data storage and management.

Payment Processors: For handling payments.

Analytics and Marketing Tools: For analyzing user behavior and performing marketing activities.

Adequacy Decisions: Transfer to countries deemed adequate by the European Commission.

Model Contract Clauses: Using EU-approved standard contractual clauses.

Right to Access: Know which data we process.

Right to Rectification: Correct inaccurate data.

Right to Erasure: Delete personal data if no legal requirement mandates retention.

Right to Restriction: Restrict data processing.

Right to Data Portability: Receive data in a structured, machine-readable format.

Right to Object: Object to processing based on legitimate interest.

Right to Withdraw Consent: Withdraw consent for processing if it was the legal basis.

Functional Cookies: Necessary for service functionality (e.g., login retention).

Analytical Cookies: Gathering usage statistics to understand user behavior and improve services.

Email: [email protected]

Address: Singel 66-II, 1015 AC Amsterdam

Website: www.autoriteitpersoonsgegevens.nl

Phone: 088 - 1805 250