Last updated: 20 January 2022
Connec2 B.V., Chamber of Commerce no. 77877640, Twentepoort Oost 28, 7609 RG Almelo, The Netherlands (the ”Company”, “we”, “our”, “us”, etc.) to the Customers.
2.2 “Customer”, “you”, “yours” etc. shall mean a free trial user or subscriber of Services provided by the Company.
2.3 “Data Controller” and “Data Processor” shall mean “controller” and “processor” respectively as defined in the GDPR.
2.4 “GDPR” shall mean the General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data.
2.5 “Personal Data” shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.6 “Services” shall mean all services rendered by the Company to the Customer, including, but not limited to services located at www.connec2.nl and our mobile/VR application “Connec2” and other apps, IT tools or software programs developed by the Company, hosting of data, support and helpdesk services etc.
3. DATA PROCESSING AGREEMENT
3.2 Our processing of Personal Data on behalf of the Customer is regulated by the Data Processing Agreement, which is entered into upon the Customer’s subscription to the Services or a free trial period.
4. CATEGORIES OF PERSONAL DATA
4.1 Personal Data includes information that can be used to identify you as an individual. If you sign up to our Services or a free trial, we will ask you to provide us with certain personal identifiable information that can be used to identify you, including:
- Contact information, such as email address, first and last name.
- Username(s) and device identification of authorized users.
- Company information, such as organization, department, location and function.
- Information collected via www.connec2.nl, including cookies and usage data (see section 10).
- Additionally, when using the VR app some information is required to be processed for the basic functionality of the app and in some cases be stored. This information includes, but is not limited to, voice data and VR/AR tracking data.
- For automated trial requests we log IP addresses.
4.2 Voice data. When using the VR App, your voice data is transferred and processed through our secure servers with an encrypted connection for the purposes of voice communication with other users. Voice communication may be disabled in the app.
4.3 VR/AR tracking data. To use the VR app positional data is required to position and pose your avatar in the virtual space. Tracking data is only transferred and processed through our secure servers with an encrypted connection.
4.4 As the clear main rule, we do not collect or process any sensitive Personal Data.
5. PURPOSES AND LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
5.1 We process the Personal Data we collect to:
- Fulfil our agreement with you, including providing our Services to you or take steps on your request.
- Provide analysis or valuable information so that we can improve our website and Services.
- Monitor the use of our website and Services.
- To contact you for feedback about our Services.
- To contact you for our own marketing and promotional purposes, e.g. to provide you with our newsletter (provided that you have provided your consent).
- Detect, prevent, and mitigate technical issues.
- Comply with legal obligations.
- Establish, exercise, or defend against legal claims and to protect and defend the rights or property of the Company.
- Prevent or investigate possible wrongdoing in connection with our website or Services and protect the personal safety of users of our website, Services, or the public.
5.2 Our legal basis for processing of Personal Data is primarily based on the necessity of such processing to provide our Services. In some cases, processing may be necessary for the establishment, exercise or defense of legal claims.
6. TRANSFER OF PERSONAL DATA
6.1 Depending on your location Personal Data is processed and stored in one of the following datacenter locations:
- TransIP, The Netherlands, Amsterdam (ISO 27001 certified).
- Hetzner, Germany, Falkenstein (ISO 27001 certified).
6.2 Before transferring Personal Data to a third country or an international organization outside the EU/EEA, we will assess whether such transfer of Personal Data ensures an adequate level of protection of the Personal Data. We will ensure that the transfer is in accordance with rules on transfers of personal data to third countries or international organizations in the GDPR.
7. OUR USE OF DATA PROCESSORS
7.1 We may employ third-party suppliers located in the EU to facilitate, service or analyze the use of our website or Services or for data hosting and storage, including backup.
7.2 These third-party suppliers will only have access to your Personal Data if necessary to perform the agreed tasks. We will ensure that third parties with access to Personal Data are obligated not to disclose or use the Personal Data for any other purposes than to perform the agreed tasks.
7.3 If the third-party suppliers act as Data Processors and process Personal Data on our behalf, we will make sure to enter into data processing agreements with the Data Processors before the Data Processors carry out any processing of Personal Data on our behalf.
8. STORAGE OF YOUR PERSONAL DATA AND DELETION
9. SECURITY MEASURES
9.1 We have taken technical and organizational measures to prevent your information from being accidentally or illegally deleted, disclosed, lost, impaired, misused or otherwise violated by law.
9.2 We use encryption of data. This means that all data transmitted between your device and our servers is unreadable to outsiders. To access your account, you need your personal username and password and must go through our authentication process. All data is transmitted using secure protocols, such as JWT tokens signed with HS512, TLS1.3 (SSL) for REST and AES-GCM-256 for XR traffic such as events, voice communication and data such as screen share. Encryption keys are randomized continuously throughout sessions. We do not knowingly allow any unencrypted data to be exposed. Extra sensitive information, such as login credentials have additional encryption at the application level. Very little personal data is stored on the user’s physical device, and only include low-risk information such as parameters used to display the user’s avatar.
9.3 We host all data on up-to-date cluster servers that are protected against unauthorized access by a firewall. Database isolation per tenant/workspace.
9.4 We have internal rules on information security containing instructions and measures (e.g. role based access) to protect Personal Data from being destroyed, lost or modified, from unauthorized disclosure, and against unauthorized access or knowledge of them. We will ensure that collected Personal Data are treated with care and protected according to applicable safety standards.
9.5 The security of your Personal Data is very important to us, but remember that no online transmissions, or method of electronic storage is 100% secure. While we strive to use commercially validated means to protect your Personal Data, we cannot guarantee its absolute security.
9.6 We assess the risk of our processing of Personal Data on an ongoing basis. You can see the most asked questions and answers to our Information Security measures in our Platform Guide available on www.connec2.nl/docs/admin-security.
10.2 You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.
10.3 Links to other websites
10.3.2 We have no control over and assume no responsibility for the contents, privacy policies or practices of any third-party sites or services.
10.4 There are two types of cookies – session cookies and persistent cookies. Session cookies are bits of information that are erased when you close your web browser. Persistent cookies are bits of information that are stored on your computer until they are erased. Persistent cookies erase themselves after a certain period of time but are renewed each time you visit www.connec2.nl. Our website uses both session cookies and persistent cookies.
11. YOUR RIGHTS
11.1 You have certain rights related to our processing of your Personal Data according to the GDPR.
11.2 In short, your rights include:
11.2.1 Right of access. You are entitled to be informed whether any Personal Data about the subject is being processed and if so, obtain access to the Personal Data.
11.2.2 Right of data portability. You are entitled to receive Personal Data that you have provided to the Company (this data must be provided in a structured, commonly used and machine-readable format).
11.2.3 Right to rectification. You are entitled to obtain rectification of incorrect Personal Data.
11.2.4 Right of deletion. You are (with certain limitations), entitled to request erasure of Personal Data by us without undue delay.
11.2.5 Right to object. You are entitled to object to the processing of your personal data, namely if the processing of your personal data includes profiling or if the processing is based on the assessment of our interest in processing your personal data)
11.2.6 Right to restriction of processing. You are entitled to obtain a restriction of the processing of your personal data, namely if you contest the accuracy of the personal data, or where a request to be deleted cannot be accommodated, e.g. due to the Company’ need to keep the personal data for the establishment, exercise or defense of legal claims.
11.3 Please note that the above-mentioned rights will only be individually fulfilled by the Company in relation to the cases where the Company is considered as the Data Controller. In situations where The Company is regarded as the data processor, the above-mentioned rights must be fulfilled by the data controller.
11.4 Inquiries related to your rights according to GDPR can be made to: email@example.com.
13. CONTACT INFORMATION
14.1 The Dutch Data Protection Authority (Dutch DPA), supervises the compliance with the applicable national regulation on Personal Data. The contact information for the Dutch Data Protection Authority is:
PO Box 93374
2509 AJ DEN HAAG
Telephone number: (+31) – (0)70 – 888 85 00
Fax: (+31) – (0)70 – 888 85 01
(only by appointment)
2594 AV Den Haag
Please note that when visiting the Dutch DPA you need to show a valid identification.