Privacy Statement

(last updated in January 2024)

Introduction

Welcome to Source.ag! Your privacy and the security of your personal data are very important to us. We therefore collect and manage your personal data with the utmost care and take specific measures to keep them secure. Below, you will find the main information regarding our processing of your personal data in relation to your use of our app, your browsing and interacting with our website, leaving your contact details and other information (https://source.ag) and the use of our services.

We process your personal data in accordance with the data protection regulations, including the General Data Protection Regulation (GDPR). In this privacy statement, we explain what personal data we process for what purpose. We encourage you to read it carefully. If you have any questions, please contact us via info@source.ag.

Data controller

Source.ag B.V., with its registered office at Johan Huizingalaan 763A (1066 VH) in Amsterdam (Source.ag or we) is responsible for all data processing described herein.

Collection and processing of personal data

Source.ag processes certain personal data to provide the services. We obtain personal data provided by our (potential) customers and, although very limited, automatically collect personal data as you use our services and browse our website. We only process personal data if we have a valid legal basis for that processing activity.

The categories of personal data that we collect and process are as follows:

  1. Account data. We may process a (company) name, a telephone number, an e-mail address, a unique identifier, an IP-address, the session length, the operating system version, the configuration of the app when utilizing our services and the time and date of your use of the services.

  2. Personal data related to commercial inquiries and requests. We process your (company) name, a telephone number, email address and inquiry or request if you contact our customer service.

  3. Contact details for non-commercial messages. We process your (company) name, a telephone number and email address for non-commercial messages, for example to inform you about changes to our services or to give you a demo of the software.

Legal basis for processing

We only process your personal data in the presence of one or more of the lawful bases established by current legislation, and specifically:

  1. For compliance with a legal obligation. We may process your personal data if such is necessary for compliance with a legal obligation to which we are subject, such as keeping records for tax purposes or providing information to a public body or law enforcement agency.

  2. For our legitimate interest. We only process personal data based on our legitimate interests for as far as such processing is necessary to achieve our purposes. We do not use more data than necessary. Furthermore, we make a balance of interests on a case-by-case basis. Only if the legitimate interests prevail over your privacy interests or other interests or fundamental rights, will we base our processing on this legal ground. You can contact us for more information on the legitimate interests in relation to a specific processing operation.

Purpose of processing

We may use your personal data for the following purposes:

  • To perform an agreement in which you have instructed us to provide our services. If you subscribe to our services, your contact and company details will be requested in any case. Other personal data may also be necessary for handling the request, depending on the subscription. Data of parties involved may also be processed.

  • To invoice services provided.

  • To comply with our legal obligations.

  • To respond to your queries or messages received from you via email correspondence, whether or not in connection with any of the above purposes.

  • The General State Tax Act requires us to process and retain certain personal data.

  • To maintain contact with you.

  • We believe it is important to contact you with information that is relevant to you. To make this possible, we combine and analyze the personal data available to us. On this basis, we determine which information and channels are relevant and which moments are most suitable for providing information or establishing contact.

  • For the purposes of webinars/demo’s and communications relating to them.

  • If you have given your consent via an inquiry, we will contact you to see if we help you with information on our services and to see if we can provide you with our services. This can be done through various communication channels, including by phone if you provide your phone number.

  • For performing evaluations.

  • To prepare analyses

  • To improve and secure our website.

  • To compile user statistics.

  • To control access to the office and to protect security.

  • For carrying out audits.

Means of collection

  1. Provided by you. We use information you have actively provided to us. For example, if you contact us to obtain information about our services.

  2. Automatically retrieved. We obtain some information about you in an automated manner. When you visit our website for example, we automatically obtain information about you via cookies. For more information on this, please see our Cookie Policy.

  3. Third-party sources. We also obtain information about you from third parties. For example, we may request information about you or your company from public sources, such as the Trade Register of the Chamber of Commerce, or professional social media platforms like LinkedIn.

  4. Derived. We may perform analysis on personal data about you. The resulting data can also qualify as personal data. For example, we may analyze which webpages on our website are visited most frequently.

Who has access to your personal data

Your personal data can only be accessed on a "need to know" basis by authorized persons at Source.ag. Outside the situations mentioned in this Privacy Statement, we do not disclose your personal data unless we deem it necessary to comply with our legal obligations, to protect our or others' rights.

Third Parties

We may share your personal data with third parties such as our service provides.

  1. To facilitate our services;

  2. To provide the services on our behalf;

  3. To perform related services; or

  4. To assist us in analyzing how our services are being used.

We will ensure your data is only being used in a way similar to, or for a similar purpose as the purpose for which your personal data has been gathered, and only in accordance with this Privacy Statement and any legal obligation.

Competent law enforcement, regulatory or government bodies

We may share personal data with third-parties if we are obliged to do so pursuant to a statutory provision or a decision of the court or supervisory body, or if this is necessary in the interest of preventing, detecting or prosecuting criminal offences (such as fraud or scams).

Children’s Privacy

The services that Source.ag provides do not address anyone under the age of 16. We do not knowingly collect personal data from children under 16 years of age. In the case we discover that a child under 16 has provided us with personal data, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do the necessary actions.

Security

We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All of our employees and all persons involved in data processing are obliged to comply with the data protection laws and to handle personal data confidentiality. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are constantly being revised according to technological developments.

We draw your attention to the fact that data transmission over the internet (e.g. e-mail communication) may involve loopholes in security. It is not possible to protect such data completely from third-party access. We will, however, always process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Storage

Your personal data is stored on servers and in databases controlled by Source.ag. Source.ag stores your personal data on servers located in Frankfurt, Germany.

We store your personal data for a limited period of time which differs depending on the type of activity that involves the processing of your personal data. After this limited period, your data will be permanently erased or otherwise rendered anonymous in an irreversible way. Your personal data is stored in compliance with the terms and criteria specified below:

  • Account data. If you have created an account with Source.ag, we store your personal information as long as:

    • necessary to provide the services; or

    • you did not request us to delete your personal data.

  • Data related to your requests or questions. We store your personal data, including the contact details you enter in the e-mail, as long as we need to provide you with our assistance.

Storage outside of the EER

Some third parties may be located outside the European Economic Area (EEA). When applicable, we have taken appropriate security measures to share the personal data. This is relevant, for example, for our email marketing party (newsletter, forms on website). We also take into account the additional requirements of the GDPR for transfers outside the EEA. We may transfer this data if this is necessary for the performance of our services or for administration purposes.

Changes to this privacy statement

We reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes.

Your privacy rights

You have the right to view and change the personal data that we have collected from you. You have the right to object to the processing of your personal data. In certain cases, you can also ask us to limit the processing of your personal data, erase your data, transfer your data to another data controller or have it deleted. If you wish to do any of these, please send a request to: info@source.ag and indicate that it concerns a personal data request.

We can request a copy of your identity document so that we can be sure that you are the person submitting the request. Make sure that you conceal your passport photograph and citizen service number. This is to protect your privacy. Also provide your private address. You will receive an overview of your data or a response to your request within one month of your request. We store this information until we are sure that you are satisfied with our response.

Right to make a complaint

You can submit a complaint about the processing of your personal data. If we do not meet your request for access, rectification, objection, restriction, erasure or transfer of your personal data, you can submit a complaint with the Data Protection Authority in your country. In the Netherlands, the relevant authority is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/).

If you are not happy with how the complaint is resolved, you can lodge an appeal with the courts.

Contact details

Source.ag B.V.

Johan Huizingalaan 763A

1066 VH Amsterdam

The Netherlands

info@source.ag