Privacy Policy as Data Controller
This privacy policy (“Privacy Policy”) is applicable to all processing activities of Ambassify (as defined below) as a data controller.
Please read this Privacy Policy together with our Cookie Policy. This is the first and only Privacy Policy we have. Ambassify may update this Privacy Policy in the future: the latest version can always be found on our Website.
1. About this Privacy Policy
Due to, for example, your commercial relationship or recent contact with Ambassify or due to a visit to or action on our “Website” (i.e. https://www.ambassify.com/ including related sub-domains) we may collect, store and otherwise process personal data relating to you or, if you are a company, your employees/ representatives (“your personal data”).
This Privacy Policy describes (i) how we collect, treat and store your personal data; (ii) the rights you can exercise in relation to your personal data; and (iii) the measures we take to protect it and to secure your personal data.
Ambassify respects your privacy and we always strive to act in accordance with the applicable privacy legislation, such as (non-exhaustive): (i) the General Data Protection Regulation 2016/679 of April 27, 2016 (“GDPR”); (ii) the Belgian Privacy Law of 30 July 2018; (iii) the ePrivacy Directive 2002/58/EC of 12 July 2002, including future amendments and revisions thereof; and/or (iv) (future) national legislation regarding the implementation of the GDPR (together: “Privacy Legislation”).
2. Ambassify is the Data Controller
We are Ambassify NV, a limited liability company with registered office at Everselstraat 133, 3580 Beringen, Belgium, registered with the Crossroads Database for Enterprises under number 0830.870.128 (“Ambassify” or “we / us”)
Ambassify is the developer and provider of the Ambassify Software service as described and represented on the Website (the “Software Service”), the corresponding service of Ambassify (“Service”) and is the owner of the Website.
In light of the Privacy Legislation, Ambassify will act as the DATA CONTROLLER of your personal data for the purposes described in this Privacy Policy. This means we are in control of (and thus, responsible for) your personal data.
3. Ambassify’s Processing Activities
Which personal data we collect, store and process and the purpose for which we process this data may differ depending on your relation with Ambassify.
In particular, we identify five different scenarios:
- You are browsing on our Website;
- You (wish to) receive direct marketing (such as updates and newsletters) relating to Ambassify’s services and products (inc. the Software Service);
- You are a prospect and/or seeking a commercial relationship with Ambassify;
- Your company is an active Ambassify customer and/or seeking a commercial relationship with Ambassify; or,
- You are or your company is a partner or a supplier of Ambassify.
3.1. You are browsing on our Website
Contacting Ambassify via the contact form / Intercom-bot on the Website
| Purpose | Answer questions and initiate communication |
| Personal Data | name email address company |
| Lawfulness of Processing | Subject Consent |
| Retention Period | Up until 1 year after last contact with Ambassify |
| Cookies | When browsing on our Website, we may also collect your personal data through cookies stored on your device(s) in order to optimize the functioning of the Website. Please consult our Cookie Policy for more information. |
3.2. You (wish to) receive direct marketing (such as updates and newsletters) relating to Ambassify services and products
Direct marketing
| Purpose | Provide platform and service news updates |
| Personal Data | name email address company |
| Lawfulness of Processing | Subject Consent |
| Retention Period | Up until 1 year after last contact with Ambassify |
3.3. You are a prospect and/or seeking a commercial relationship with Ambassify
Requesting a personal demo
| Purpose | Schedule personal demo |
| Personal Data | name email address telephone number job titles company industry country website |
| Lawfulness of Processing | Subject Consent |
| Retention Period | Up until 1 year after last contact with Ambassify |
Registering for and/or attending a Ambassify (network) event
| Purpose | Participants overview |
| Personal Data | name email address job titles company |
| Lawfulness of Processing | Subject Consent |
| Retention Period | Up until 1 year after last contact with Ambassify |
3.4. Your company is an active Ambassify customer
If you read this Policy as an employee of a company relying on Ambassify, please note that your employer is to be considered your data controller (as your employer decided to rely on the Software Service, choses if you get an account, etc.). To set up the Software Service, your employer might have provided us with some of your personal information (e.g. your name, your email-address, etc.). In this context, Ambassify has adopted a Data Processing Policy. For more information regarding the Software Service, you can always directly contact your employer.
Nevertheless, in some exceptional cases, Ambassify will act as your data controller. More specific, Ambassify will act as your data controller the following purposes:
Quotes and/or proposals
| Purpose | Draw up quotes and/or proposals |
| Personal Data | name email address physical address company |
| Lawfulness of Processing | Legitimate Interest |
| Retention Period | Up until 1 year after last contact with Ambassify |
Billing
| Purpose | Prepare invoices |
| Personal Data | name email address physical address job titles company VAT identification number |
| Lawfulness of Processing | Contractual Necessity |
| Retention Period | Up until 1 year after last contact with Ambassify |
General communication and (technical) support
| Purpose | Communication to provide support |
| Personal Data | name email address telephone number company industry country website chat |
| Lawfulness of Processing | Contractual Necessity |
| Retention Period | Until thirty (30) days following the termination of the commercial relationship between your company and Ambassify. |
3.5 You are or your company is a partner or supplier of Ambassify
General communication and provision of services
| Purpose | Answer questions and initiate communication |
| Personal Data | name email address physical address job titles company |
| Lawfulness of Processing | Contractual Necessity |
| Retention Period | For the duration of your commercial relationship with Ambassify and in any event accordance with any (data processing) agreements concluded with Ambassify |
Billing
| Purpose | Prepare invoices |
| Personal Data | name email address physical address job titles company bank account VAT identification number |
| Lawfulness of Processing | Contractual Necessity |
| Retention Period | For the duration of your commercial relationship with Ambassify and in any event accordance with any (data processing) agreements concluded with Ambassify |
4. Legal grounds
You can find more information on the applicable ground for each of the identified processing activities in Section 3 above.
In case the legal ground for processing happens to be legitimate interest, Ambassify shall always (i) assess whether this is in proportion with the purpose for which your personal data was collected and used; and, (ii) take your reasonable expectations into account and ensure a balance with your fundamental rights and freedoms. If we cannot guarantee this, we will stop storing / using your personal data or we will determine a new legal ground.
5. Retention periods
Unless a longer storage period is required or justified (i) by law or (ii) through compliance with another legal obligation, Ambassify shall only store your personal data for the period necessary to achieve and fulfil the purpose in question.
6. Disclosure of personal data to third parties
Ambassify shall not disclose your personal data to other third parties, unless it is necessary to achieve the purposes described in this Privacy Policy. In this respect, (some of) your personal data may be disclosed to:
- Software and cloud providers
- Marketing agencies
- Freelancers or other service providers
Of course we have made sure that the necessary contracts or similar legal binding acts are in place to ensure that these third parties treat your personal data in accordance with the Privacy Legislation (e.g. Article 28 GDPR).
In addition, we might transfer your personal data:
- To competent authorities: for instance, because (i) we are obliged to provide your personal data under law or in the scope of (future) legal proceedings, or (ii) this is necessary to safeguard our rights; or,
- In M&A(Mergers & Acquisitions) context: meaning, if Ambassify or the majority of its assets, is taken over by a third party, in which case your personal data – which Ambassify has collected – may be one of the transferred assets.
7. Cross-border processing of personal data
In case any of the above mentioned third parties or other recipients are located in a country outside the European Economic Area, Ambassify will ensure that one or more of the listed EU-approved safeguards are in place:
- European Commission adequacy decision;
- Data transfer agreement (cfr. the Standard Contractual Clauses as provided in the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, including the performance of a transfer impact assessment);
- Binding corporate rules; or,
- Certification mechanisms.
8. Your privacy rights
The Privacy Legislation (e.g. GDPR) gives you certain rights over your personal data vis-à-vis Ambassify. You can exercise these rights by contacting us, as specified in Section 11, and by using the Data Subject’s Rights Form.
| Access | you can ask for confirmation of whether or not personal data that relates to you is being processed. If so, you can ask us to give you copies of your personal data. We may charge you a small fee for this service; |
| Rectification | you can ask us to correct and/or complete any information you believe is inaccurate | incomplete; |
| Erasure | you can ask us to erase your personal data, under certain conditions. Please be aware that in this context certain services will no longer be accessible and/or can no longer be provided. |
| Objection | You can object to us processing your personal data, under certain conditions. |
| Restriction of processing | you can ask us to restrict the processing of your personal data, unless we have legitimate interests for the processing of your personal data that prevail over your interests |
| Data portability | you can ask us to transfer your personal data to another organization, or directly to you in a commonly used structured format readable by automatic device, under certain conditions. |
9. Security
Ambassify undertakes to take reasonable, physical, technological and organizational precautions in order to avoid (i) unauthorised access to your personal information, and (ii) loss, abuse or alteration of your personal data.
10. Updates
We are entitled to update this Privacy Policy by posting a new version on the Website whereby we will indicate the revision date at the top of this Privacy Policy. As such, it is strongly recommended to regularly consult the Website and the page displaying the Privacy Policy, to make sure that you are aware of any changes.
11. Notifications and questions
Notifications under this Privacy Policy (such as, exercising your rights as a data subject) and/or any questions or concerns with regard to the provisions of this Privacy Policy must be directed at our DPO, via dpo@ambassify.com.
12. Complaints?
You are not satisfied with the manner in which we collect, store or otherwise treat or secure your personal data? We are sorry to hear that and are prepared to take all measures to remedy this situation. Please do contact us!
You also have the right to lodge a complaint with the authorized supervisory authority (i.e. the Belgian Data Protection Authority or the data protection authority of (i) your residence or (ii) your workplace) should you consider that the processing of your personal data infringes the Privacy Legislation. You can send an email to the Belgian Data Protection Authority at contact@apd-gba.be or any other email address provided by the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/contact-us).