Our Privacy Principles

At Federated Directory, we are committed to protecting your Personal Data and to providing clear and transparent disclosures about the types of information we collect and how we use it.

For your further visits to our website and use of our Services, we would like to inform you about data collection, processing and use when visiting and using our service. As well as objection, revocation and other rights to which you are entitled as a person affected by data collection and use.

In principle, we will only use your Personal Data in accordance with the applicable data protection laws, in particular the Dutch GDPR Implementation Act (“UAVG”), the General Data Protection Regulation (“GDPR”), and only as described in this Privacy Policy.

The Data Controller
Federated Directory
Dordrecht, The Netherlands
KVK Number 64979075

If you have any questions or need more information about the legal basis for the collection of your Personal Data, please contact us, using privacy@federated.directory.

What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.

Processing of Automatically Collected Data

a) Hosting
To provide our platform, we use the of Google Cloud (Europe region) who process the below-mentioned data and all data to be processed in connection with the operation of our platform on our behalf. The legal basis for the data processing is our legitimate interest in providing our platform.

b) Collection of access data and log files
We also collect data on every access to our platform. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing platform.

c) Use of cookies
We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.

Data processing when you submit it to our platform and when you use our services

a) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your request.

For the Chat, we use the tawk.to Life Chat of the company tawk.to, Inc, on our website. Tawk.to Life Chat uses cookies to enable you to personalize your online experience. We have no knowledge of the storage period at tawk.to and no possibility to influence it.

b) Data processing in the context of providing our services
The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data (for example, your name, address, e-mail address or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfil our contractual obligations to you or to carry out pre-contractual measures.

c) Account Registration
If you register on our platform, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form. The entry of your data is encrypted so that third parties cannot read your data when it is entered. The basis for this storage is our legitimate interest in communicating with registered users and, in the case of contracts, also the storage of contract data.

Alternatively, you are able to sign up using the convenience log in and sign up from Microsoft or Google. For Microsoft and Google log in and sign up, you will be asked to provide your basic information (i.e., name, email address, and display picture) linked to your account. If granted, your username and password will be auto generated to fill in the rest of required user data. When registering via Microsoft`s and Google`s connect function, you agree to the relevant terms and conditions and consent to certain data from your respective profile of being transferred to us.

d) When using our services
We process the data of our registered users in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further. This includes in particular our support, correspondence with you, invoicing, fulfilment of our accounting and tax obligations. Your data will not be used by us for automated decision making or profiling, nor will it be shared with third parties. Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfil our legal obligations.

The legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as your consent.

Some of the data you choose to provide may be considered non-Personal Data and/or “special” or “sensitive” in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.

Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us.

Unless otherwise specified the purposes of processing are contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests, visit action evaluation. The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as your Consent.

You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing to privacy@federated.directory.

e) Platform Services
Please note when using our services, you become the data controller and we become the data processor in accordance with the UAVG and GDPR. Where we process your Personal Data as a data intermediary on behalf of you, we will process the Personal Data involved in accordance with your instructions and shall use it only for the purposes agreed between you and us, for further information please refer to our Data Processing Addendum.

f) Administration, financial accounting, office organisation, contact management
We process data in the context of administrative tasks as well as organisation of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.

g) Credit/Debit Cards Payments
Payment by credit card and debit card is made via the payment service provider Stripe to which you pass on your payment details during the checkout, for payment processing.

h) Service Notifications
By using our services, you are giving your consent to receiving notifications and messages per email. Those typically include general, profile and content information in relation to your use of our Services. Our system notifications are sent using Mailgun (Europe Region) and are designed to enhance your experience. Administrators can opt out from receiving notifications by following the unsubscribe instructions on the ‘company’ page in Federated Directory. The legal bases are to provide you with our services and your consent as well as our legitimate interest.

Data processing through integration of third-party services and content

We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services ("content").

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.

The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:

• Analytics and Tracking: PostHog by PostHog Inc
• Spam protection: reCAPTCHA by Google LLC
• Chat support: Tawk.to by Tawk.to Inc

Retention of your data

We will retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy, for as long as you are actively working with us, and in accordance with Dutch Retention Periods and other applicable laws.

International transfers

Federated Directory may transfer your Personal Data to other companies and/or business partners as necessary for the purposes described in this Privacy Policy. In doing so, your Personal Data may be transferred to countries outside the European Economic. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.

Sharing of Personal Data by us.

For the operation and optimization of our website and platform and for the processing of contracts, various service companies work for us, e.g., for IT services or the hosting of our website and platform, for the payment and delivery of service, to whom we pass on the data required for the fulfillment of the task (e.g., name, address). Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

With your consent, we may disclose your Personal Data for any purpose. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Federated Directory (or a part of Federated Directory) is sold to or merged with another company; or if Federated Directory has reason to believe that disclosure is necessary to protect Federated Directory, its clients or the public. In all cases other than those described above, Personal Data will not be disclosed by us to third parties for their own marketing purposes without your consent.

How we protect your Personal Data

Federated Directory takes all reasonable steps to protect your Personal Data from misuse, alteration, and loss, and from unauthorized access, alteration, or disclosure. To this end, we use the following means, among others:

• Use of encryption when collecting, storing and transmitting sensitive data such as credit card information, technical and organizational measures to ensure the continuous integrity, availability and fail-safety of processing systems and services,
• Restricting physical access to our sites,
• Restricting access to data we collect about you,
• Ensuring appropriate safeguards are in place at our facilities and those of our business partners to ensure the security of your Personal Data; and,
• where required by law, deleting, or anonymizing Personal Data.

Nonetheless, databases, encryption keys or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Your rights

Under the UAVG and the GDPR, you can exercise the following rights:

• Right to information
• Right to rectification
• Right to object to processing
• Right to deletion
• Right to information
• Right to data portability
• Right of objection
• Right to withdraw consent
• Right to complain to a supervisory authority
• Right not to be subject to a decision based solely on automated processing.

If you have any questions about the nature of the Personal Data we hold about you, or if you wish to request the erasure or rectification of Personal Data we hold about you, or to exercise any of your other rights as a data subject, please contact us at privacy@federated.directory.

The Supervisory Authority

The competent data protection authority is:

Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ Den Haag
The Netherlands
www.autoriteitpersoonsgegevens.nl

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

Withdrawing your consent

You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Access Request

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

Collection and Use of Children's Personal Data

Federated Directory takes the privacy of children very seriously. We do not knowingly collect Personal Data from children through our website.

Automated decision-making

We do not use automated decision-making or profiling.

Do Not Sell

We do not sell information that directly identifies you.

Do-not-track

Most browsers give you the option to enable a so-called "do-not-track" signal to protect against tracking. Our website does not currently respond to "do-not-track" web browser signals. If we implement this feature in the future, we will describe how in this Privacy Policy. For more information about "Do-not-track," please visit www.allaboutdnt.org

Changes and Questions

We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy or materially change Federated Directory's use of your Personal Data, we will revise the Privacy Policy accordingly and also change the effective date at the end of this section. We encourage you to periodically review this Privacy Policy to be informed of how we use and protect your Personal Data. If you would like to contact us regarding our privacy practices for any reason, please contact us.

Effective date

27 January 2024