Effective as of July 1, 2023
XLReporting (we-form), located in the Netherlands, provides services to our website visitors and other (natural) persons who have contacted us (you-form). In the context of these services, we process personal data.
We consider the protection of the personal data we process to be of utmost importance. As of May 25, 2018, we are bound by the General Data Protection Regulation (GDPR) when processing personal data within the European Economic Area, of which the Netherlands are a part. In this Privacy Policy, we explain how we protect your privacy and how we handle your personal data.
If you have any questions about this Privacy Policy, you can find our contact information below.
This Privacy Policy concerns the processing of personal data by XLReporting as the data controller. Our company is located at Winthontlaan 200, 3526 KV Utrecht. You can reach us by phone during office hours at +31 30 227 2117 or by email at info@xlreporting.com.
When you use our website, you may share personal data with us. We collect and use personal data that you directly share with us. We will not use the personal data for purposes other than those described in this statement unless you have given prior consent.
Personal data refers to data that says something about you or data that can be associated with you. Anything that can be done with your personal data, such as collecting, storing, using, transmitting, or deleting your data, is called 'processing' of personal data. We process personal data that you have provided to us, for example, by sending us an email.
When you use our Services, we may collect the following data:
These may also include personal data that we obtain from other public sources, such as the Chamber of Commerce Business Register, and data available through public (business) websites.
In general, we process your personal data for the following purposes:
We process your personal data when necessary for the performance of the contract in which you have instructed us or based on your consent, which you can withdraw at any time. Additionally, we may process your personal data when we have a legitimate interest that does not unduly infringe upon your privacy.
We ensure that your personal data is protected against loss, unauthorized processing, or misuse. We have implemented the following technical and organizational measures, among others:
We carefully and securely store all your data. We do not retain your data longer than necessary for the purpose for which it was processed. We comply with legal retention periods. Generally, we retain personal data of our website visitors for a period of 12 (twelve) months, for example.
In principle, we do not share your personal data with third parties without your consent. However, there may be situations where it is necessary to share your personal data with third parties. For example, it may be necessary to share your personal data with judicial authorities. Data may also be shared with contracted service providers, such as a bailiff. Furthermore, there may be legal obligations that require us to disclose your personal data to third parties. If a court order, for instance, compels us to provide personal data to third parties, we must comply. However, your personal data will not be shared with third parties for commercial purposes.
Our approach is designed to minimize the sharing of information with third parties. Information is only shared when necessary to perform our services and only with parties that can guarantee an appropriate level of protection and security.
Through our website, users may, for example, link to other third-party websites and therefore provide these third parties with useful information about themselves. However, this Privacy Policy only applies to personal data that we process in the context of our Services. It does not apply to third-party websites or applications. We cannot guarantee that these third parties handle your personal data in a safe and reliable manner. Therefore, we advise you to always read the privacy policy of these third parties.
To achieve the purposes described in this Privacy Policy, we process certain personal data outside the European Economic Area (EEA), through our contracted service providers Digital Ocean, Stripe, and Microsoft. We take appropriate measures to ensure that personal data is adequately secured.
XLReporting does not make decisions about matters that may have (significant) consequences for individuals based on automated processing. This refers to decisions made by computer programs or systems without the involvement of a human (such as an XLReporting employee).
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) oversees whether companies comply with the General Data Protection Regulation. If you believe that we are not adhering to the applicable privacy laws, you can contact us. We are happy to assist you in finding a solution. Additionally, you always have the right to file a complaint with the Dutch Data Protection Authority.
Would you like to know which personal data we have recorded about you? You can request an overview of the personal data that is or will be processed about you from XLReporting. If you believe that your personal data has been processed incorrectly or incompletely, or if you think that certain personal data about you should not have been processed, you can submit a request to XLReporting for changes, additions, or deletions. Additionally, you have the right to object to the processing of your personal data and the right to data portability. Furthermore, you have the right to withdraw any given consent for the processing of your personal data. This applies, for example, when filling out a contact form.
To ensure that the request for access has been made by you, we ask you to send a copy of your identity document along with the request. In this copy, please black out your photo, MRZ (machine-readable zone, the strip with numbers at the bottom of the passport), passport number, and citizen service number (BSN) for the protection of your privacy. If you send us such a request, we will provide you with information about the actions we have taken as soon as possible, but in any case within 4 (four) weeks after receiving your request.
For questions or complaints about the processing of personal data by XLReporting, please contact us, or write to XLReporting Software BV, Winthontlaan 200, 3526KV Utrecht, Netherlands.
The regulations concerning privacy law change regularly. Therefore, our Privacy Policy is never entirely final, but we do our best to keep it up to date. XLReporting may modify this Privacy Policy from time to time. If these changes are relevant to you, we will bring them to your attention or make the changes conspicuously noticeable. The most current version of our Privacy Policy can also be found on our website.