This privacy policy (“Privacy Policy”) is applicable to all processing activities of Ambassify (as defined below) as a data controller.

Please read this Privacy Policy together with our Cookie Policy. This is the first and only Privacy Policy we have. Ambassify may update this Privacy Policy in the future: the latest version can always be found on our Website.

1. About this Privacy Policy

Due to, for example, your commercial relationship or recent contact with Ambassify or due to a visit to or action on our “Website” (i.e. https://www.ambassify.com/ including related sub-domains) we may collect, store and otherwise process personal data relating to you or, if you are a company, your employees/ representatives (“your personal data”).

This Privacy Policy describes (i) how we collect, treat and store your personal data; (ii) the rights you can exercise in relation to your personal data; and (iii) the measures we take to protect it and to secure your personal data.

Ambassify respects your privacy and we always strive to act in accordance with the applicable privacy legislation, such as (non-exhaustive): (i) the General Data Protection Regulation 2016/679 of April 27, 2016 (“GDPR”); (ii) the Belgian Privacy Law of 30 July 2018; (iii) the ePrivacy Directive 2002/58/EC of 12 July 2002, including future amendments and revisions thereof; and/or (iv) (future) national legislation regarding the implementation of the GDPR (together: “Privacy Legislation”).

2. Ambassify is the Data Controller

We are Ambassify NV, a limited liability company with registered office at Everselstraat 133, 3580 Beringen, Belgium, registered with the Crossroads Database for Enterprises under number 0830.870.128 (“Ambassify” or “we / us”)

Ambassify is the developer and provider of the Ambassify Software service as described and represented on the Website (the “Software Service”), the corresponding service of Ambassify (“Service”) and is the owner of the Website.

In light of the Privacy Legislation, Ambassify will act as the DATA CONTROLLER of your personal data for the purposes described in this Privacy Policy. This means we are in control of (and thus, responsible for) your personal data.

3. Ambassify’s Processing Activities

Which personal data we collect, store and process and the purpose for which we process this data may differ depending on your relation with Ambassify.

In particular, we identify five different scenarios:

  1. You are browsing on our Website;
  2. You (wish to) receive direct marketing (such as updates and newsletters) relating to Ambassify’s services and products (inc. the Software Service);
  3. You are a prospect and/or seeking a commercial relationship with Ambassify;
  4. Your company is an active Ambassify customer and/or seeking a commercial relationship with Ambassify; or,
  5. You are or your company is a partner or a supplier of Ambassify.

3.1. You are browsing on our Website

Contacting Ambassify via the contact form / Intercom-bot on the Website

Purpose Answer questions and initiate communication
Personal Data name email address company
Lawfulness of Processing Subject Consent
Retention Period Up until 1 year after last contact with Ambassify
Cookies When browsing on our Website, we may also collect your personal data through cookies stored on your device(s) in order to optimize the functioning of the Website. Please consult our Cookie Policy for more information.

3.2. You (wish to) receive direct marketing (such as updates and newsletters) relating to Ambassify services and products

Direct marketing

Purpose Provide platform and service news updates
Personal Data name email address company
Lawfulness of Processing Subject Consent
Retention Period Up until 1 year after last contact with Ambassify

3.3. You are a prospect and/or seeking a commercial relationship with Ambassify

Requesting a personal demo

Purpose Schedule personal demo
Personal Data name email address telephone number job titles company industry country website
Lawfulness of Processing Subject Consent
Retention Period Up until 1 year after last contact with Ambassify

Registering for and/or attending a Ambassify (network) event

Purpose Participants overview
Personal Data name email address job titles company
Lawfulness of Processing Subject Consent
Retention Period Up until 1 year after last contact with Ambassify

3.4. Your company is an active Ambassify customer

If you read this Policy as an employee of a company relying on Ambassify, please note that your employer is to be considered your data controller (as your employer decided to rely on the Software Service, choses if you get an account, etc.). To set up the Software Service, your employer might have provided us with some of your personal information (e.g. your name, your email-address, etc.). In this context, Ambassify has adopted a Data Processing Policy. For more information regarding the Software Service, you can always directly contact your employer.

Nevertheless, in some exceptional cases, Ambassify will act as your data controller. More specific, Ambassify will act as your data controller the following purposes:

Quotes and/or proposals

Purpose Draw up quotes and/or proposals
Personal Data name email address physical address company
Lawfulness of Processing Legitimate Interest
Retention Period Up until 1 year after last contact with Ambassify

Billing

Purpose Prepare invoices
Personal Data name email address physical address job titles company VAT identification number
Lawfulness of Processing Contractual Necessity
Retention Period Up until 1 year after last contact with Ambassify

General communication and (technical) support

Purpose Communication to provide support
Personal Data name email address telephone number company industry country website chat
Lawfulness of Processing Contractual Necessity
Retention Period Until thirty (30) days following the termination of the commercial relationship between your company and Ambassify.

3.5 You are or your company is a partner or supplier of Ambassify

General communication and provision of services

Purpose Answer questions and initiate communication
Personal Data name email address physical address job titles company
Lawfulness of Processing Contractual Necessity
Retention Period For the duration of your commercial relationship with Ambassify and in any event accordance with any (data processing) agreements concluded with Ambassify

Billing

Purpose Prepare invoices
Personal Data name email address physical address job titles company bank account VAT identification number
Lawfulness of Processing Contractual Necessity
Retention Period For the duration of your commercial relationship with Ambassify and in any event accordance with any (data processing) agreements concluded with Ambassify

You can find more information on the applicable ground for each of the identified processing activities in Section 3 above.

In case the legal ground for processing happens to be legitimate interest, Ambassify shall always (i) assess whether this is in proportion with the purpose for which your personal data was collected and used; and, (ii) take your reasonable expectations into account and ensure a balance with your fundamental rights and freedoms. If we cannot guarantee this, we will stop storing / using your personal data or we will determine a new legal ground.

5. Retention periods

Unless a longer storage period is required or justified (i) by law or (ii) through compliance with another legal obligation, Ambassify shall only store your personal data for the period necessary to achieve and fulfil the purpose in question.

6. Disclosure of personal data to third parties

Ambassify shall not disclose your personal data to other third parties, unless it is necessary to achieve the purposes described in this Privacy Policy. In this respect, (some of) your personal data may be disclosed to:

  • Software and cloud providers
  • Marketing agencies
  • Freelancers or other service providers

Of course we have made sure that the necessary contracts or similar legal binding acts are in place to ensure that these third parties treat your personal data in accordance with the Privacy Legislation (e.g. Article 28 GDPR).

In addition, we might transfer your personal data:

  • To competent authorities: for instance, because (i) we are obliged to provide your personal data under law or in the scope of (future) legal proceedings, or (ii) this is necessary to safeguard our rights; or,
  • In M&A(Mergers & Acquisitions) context: meaning, if Ambassify or the majority of its assets, is taken over by a third party, in which case your personal data – which Ambassify has collected – may be one of the transferred assets.

7. Cross-border processing of personal data

In case any of the above mentioned third parties or other recipients are located in a country outside the European Economic Area, Ambassify will ensure that one or more of the listed EU-approved safeguards are in place:

  • European Commission adequacy decision;
  • Data transfer agreement (cfr. the Standard Contractual Clauses as provided in the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, including the performance of a transfer impact assessment);
  • Binding corporate rules; or,
  • Certification mechanisms.

8. Your privacy rights

The Privacy Legislation (e.g. GDPR) gives you certain rights over your personal data vis-à-vis Ambassify. You can exercise these rights by contacting us, as specified in Section 11, and by using the Data Subject’s Rights Form.

Access you can ask for confirmation of whether or not personal data that relates to you is being processed. If so, you can ask us to give you copies of your personal data. We may charge you a small fee for this service;
Rectification you can ask us to correct and/or complete any information you believe is inaccurate | incomplete;
Erasure you can ask us to erase your personal data, under certain conditions. Please be aware that in this context certain services will no longer be accessible and/or can no longer be provided.
Objection You can object to us processing your personal data, under certain conditions.
Restriction of processing you can ask us to restrict the processing of your personal data, unless we have legitimate interests for the processing of your personal data that prevail over your interests
Data portability you can ask us to transfer your personal data to another organization, or directly to you in a commonly used structured format readable by automatic device, under certain conditions.

9. Security

Ambassify undertakes to take reasonable, physical, technological and organizational precautions in order to avoid (i) unauthorised access to your personal information, and (ii) loss, abuse or alteration of your personal data.

10. Updates

We are entitled to update this Privacy Policy by posting a new version on the Website whereby we will indicate the revision date at the top of this Privacy Policy. As such, it is strongly recommended to regularly consult the Website and the page displaying the Privacy Policy, to make sure that you are aware of any changes.

11. Notifications and questions

Notifications under this Privacy Policy (such as, exercising your rights as a data subject) and/or any questions or concerns with regard to the provisions of this Privacy Policy must be directed at our DPO, via [email protected].

12. Complaints?

You are not satisfied with the manner in which we collect, store or otherwise treat or secure your personal data? We are sorry to hear that and are prepared to take all measures to remedy this situation. Please do contact us!

You also have the right to lodge a complaint with the authorized supervisory authority (i.e. the Belgian Data Protection Authority or the data protection authority of (i) your residence or (ii) your workplace) should you consider that the processing of your personal data infringes the Privacy Legislation. You can send an email to the Belgian Data Protection Authority at [email protected] or any other email address provided by the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/contact-us).