This privacy policy (“Privacy Policy”) is applicable to all processing activities of Ambassify (as defined below) as a data processor.

Please read this Privacy Policy together with our Cookie Policy. Ambassify may update this Privacy Policy in the future: the latest version can always be found on our Website.

1. About this Privacy Policy

Due to, for example, a visit to or action on our “Software Service” we may collect, store and otherwise process personal data relating to you or, if you are a company, your employees/ representatives (“your personal data”).

This Privacy Policy describes (i) how we collect, treat and store your personal data; (ii) the rights you can exercise in relation to your personal data; and (iii) the measures we take to protect it and to secure your personal data.

Ambassify respects your privacy and we always strive to act in accordance with the applicable privacy legislation, such as (non-exhaustive): (i) the General Data Protection Regulation 2016/679 of April 27, 2016 (“GDPR”); (ii) the Belgian Privacy Law of 30 July 2018; (iii) the ePrivacy Directive 2002/58/EC of 12 July 2002, including future amendments and revisions thereof; and/or (iv) (future) national legislation regarding the implementation of the GDPR (together: “Privacy Legislation”).

2. Ambassify is the Data Processor

We are Ambassify NV, a limited liability company with registered office at Everselstraat 133, 3580 Beringen, Belgium, registered with the Crossroads Database for Enterprises under number 0830.870.128 (“Ambassify” or “we / us”)

Ambassify is the developer and provider of the Ambassify Software Service as described and represented on the Website (the “Software Service”), the corresponding service of Ambassify (“Service”) and is the owner of the Website.

In light of the Privacy Legislation, Ambassify will act as the DATA PROCESSOR of your personal data for the purposes described in this Privacy Policy. This means we are in control of (and thus, responsible for) your personal data.

3. Ambassify’s Processing Activities

Which personal data we collect, store and process and the purpose for which we process this data may differ depending on your relation with Ambassify.

In particular, we identify two different scenarios:

  1. You’re an active Ambassify admin who manages the platform; or,
  2. You’re an active Ambassify user who participates in campaigns published through Ambassify and receives communication around this.

3.1. You’re an admin

You were added/invited as a manager in the Ambassify platform.

Optional * Data you as a Data Controller can choose to allow or not by specifying these in the Data Processing Agreement.
Required Data which is needed for the functionality of the platform.

Ref. Data Purpose Lawfulness
M01 passwords *
Example: A hashed version of the password.
Identification Contractual Necessity
M02 unique id
Example: Universal Unique Identifier (UUID) generated by Ambassify for a specific person. Example: de595e11-8854-4dc2-868d-a69c94501040
Identification Contractual Necessity
M03 name
Example: Example: John Doe
Identification Contractual Necessity
M04 platform activity
Example: We log for reporting purposes the different actions a users does on the platforms. Examples of such activity are: pageviews, campaign participations, errors triggered
Measurement Contractual Necessity
M05 preferred language
Example: Example: EN
Segmentation Legitimate Interest
M06 chat
Example: Intercom history
Contact Contractual Necessity
M07 email
Example: E-mails with Ambassify Staff
Contact Contractual Necessity
M08 email address
Example: The e-mail address that can be used by the advocate to login and we will also use this address as primary contact point. Example: dev@ambassify.com
Identification Contractual Necessity
M09 IP address
Example: For debugging purposes and audit logs we store the managers IP address. Example: 169.254.12.233
Identification Legitimate Interest
M10 browser
Example: For debugging purposes we store the managers browser name and version. Example: Google Chrome 81
Identification Legitimate Interest
M11 country *
Example: A manager can choose to set his country on his community profile
Segmentation Subject Consent
M12 opt-in
Example: Example: manager accepted the data processing agreement
Compliance Legal Obligation
M13 access token *
Example: Access token to share content on social networks of choice
Identification Contractual Necessity

3.2. You’re an End User

You were added/invited as a member in the Ambassify platform.

Optional * Data you as a Data Controller can choose to allow or not by specifying these in the Data Processing Agreement.
Required Data which is needed for the functionality of the platform.

Ref. Data Purpose Lawfulness
A01 passwords *
Example: A hashed version of the password.
Identification Contractual Necessity
A02 interests *
Example: Groups that were assigned to the advocate by one of the managers or that the advocate subscribed to.
Segmentation Legitimate Interest
A03 unique id
Example: Universal Unique Identifier (UUID) generated by Ambassify for a specific person. Example: de595e11-8854-4dc2-868d-a69c94501040
Identification Contractual Necessity
A04 name
Example: Example: John Doe
Identification Contractual Necessity
A05 profile picture *
Example: Link to a profile or avatar picture
Identification Contractual Necessity
A06 platform activity
Example: We log for reporting purposes the different actions a users does on the platforms. Examples of such activity are: pageviews, campaign participations, errors triggered
Measurement Contractual Necessity
A07 birth date *
Example: Example: 2021-10-30
Segmentation Legitimate Interest
A08 preferred language
Example: Example: NL
Segmentation Legitimate Interest
A09 email
Example: Copies of the emails that managers send through Ambassify to this advocate.
Contact Contractual Necessity
A10 text messages *
Example: Copies of the text messages that managers send through Ambassify to this advocate.
Contact Contractual Necessity
A11 notifications
Example: Mobile application notifications that were send through the Ambassify platform to this advocate.
Contact Contractual Necessity
A12 employer *
Example: Example: Acme Corporation
Segmentation Legitimate Interest
A13 job titles *
Example: Example: CEO
Segmentation Legitimate Interest
A14 social unique id *
Example: Once a advocate decides to connect his social media account to Ambassify we will receive a unique identifier for that specific user from the social platform. Example: linkedin|5-l9LKSrox
Identification Subject Consent
A15 connections *
Example: The number of connections (friends, connections, followers) someone has on the social media channel that gets connected. We use this value to calculatete potential reach for shared content. This is only a numeric value and not a list of names. Example: 15
Measurement Subject Consent
A16 email address
Example: The e-mail address that can be used by the advocate to login and we will also use this address as primary contact point. Example: dev@ambassify.com
Identification Contractual Necessity
A17 telephone number *
Example: Example: +32 12 34 56 78
Contact Subject Consent
A18 physical address *
Example: Example: Everselstraat 133, 3583 Beringen, Belgium
Contact Subject Consent
A19 IP address
Example: For debugging purposes we store the advocates IP address. Example: 169.254.12.233
Identification Legitimate Interest
A20 browser
Example: For debugging purposes we store the advocates browser name and version. Example: Google Chrome 81
Identification Legitimate Interest
A21 country *
Example: An advocate can choose to set his country on his community profile
Segmentation Subject Consent
A22 opt-in
Example: To keep track of the advocates communication preferences: Example: Only emails about new campaigns
Compliance Legal Obligation
A23 access token *
Example: Access token to share content on social networks of choice
Identification Contractual Necessity

You can find more information on the applicable ground for each of the identified processing activities in Section 3 above.

In case the legal ground for processing happens to be legitimate interest, Ambassify shall always (i) assess whether this is in proportion with the purpose for which your personal data was collected and used; and, (ii) take your reasonable expectations into account and ensure a balance with your fundamental rights and freedoms. If we cannot guarantee this, we will stop storing / using your personal data or we will determine a new legal ground.

5. Retention periods

Unless a longer storage period is required or justified (i) by law or (ii) through compliance with another legal obligation, Ambassify shall only store your personal data for the period necessary to achieve and fulfil the purpose in question.

6. Disclosure of personal data to third parties

Ambassify shall not disclose your personal data to other third parties, unless it is necessary to achieve the purposes described in this Privacy Policy. In this respect, (some of) your personal data may be disclosed to:

  • Software and cloud providers
  • Marketing agencies
  • Freelancers or other service providers

Of course we have made sure that the necessary contracts or similar legal binding acts are in place to ensure that these third parties treat your personal data in accordance with the Privacy Legislation (e.g. Article 28 GDPR).

In addition, we might transfer your personal data:

  • To competent authorities: for instance, because (i) we are obliged to provide your personal data under law or in the scope of (future) legal proceedings, or (ii) this is necessary to safeguard our rights; or,
  • In M&A(Mergers & Acquisitions) context: meaning, if Ambassify or the majority of its assets, is taken over by a third party, in which case your personal data – which Ambassify has collected – may be one of the transferred assets.

7. Cross-border processing of personal data

In case any of the above mentioned third parties or other recipients are located in a country outside the European Economic Area, Ambassify will ensure that one or more of the listed EU-approved safeguards are in place:

  • European Commission adequacy decision;
  • Data transfer agreement (cfr. the Standard Contractual Clauses as provided in the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, including the performance of a transfer impact assessment);
  • Binding corporate rules; or,
  • Certification mechanisms.

8. Your privacy rights

The Privacy Legislation (e.g. GDPR) gives you certain rights over your personal data vis-à-vis Ambassify. You can exercise these rights by contacting us, as specified in Section 11, and by using the Data Subject’s Rights Form.

Access you can ask for confirmation of whether or not personal data that relates to you is being processed. If so, you can ask us to give you copies of your personal data. We may charge you a small fee for this service;
Rectification you can ask us to correct and/or complete any information you believe is inaccurate | incomplete;
Erasure you can ask us to erase your personal data, under certain conditions. Please be aware that in this context certain services will no longer be accessible and/or can no longer be provided.
Objection You can object to us processing your personal data, under certain conditions.
Restriction of processing you can ask us to restrict the processing of your personal data, unless we have legitimate interests for the processing of your personal data that prevail over your interests
Data portability you can ask us to transfer your personal data to another organization, or directly to you in a commonly used structured format readable by automatic device, under certain conditions.

9. Security

Ambassify undertakes to take reasonable, physical, technological and organizational precautions in order to avoid (i) unauthorised access to your personal information, and (ii) loss, abuse or alteration of your personal data.

10. Updates

We are entitled to update this Privacy Policy by posting a new version on the Website whereby we will indicate the revision date at the top of this Privacy Policy. As such, it is strongly recommended to regularly consult the Website and the page displaying the Privacy Policy, to make sure that you are aware of any changes.

11. Notifications and questions

Notifications under this Privacy Policy (such as, exercising your rights as a data subject) and/or any questions or concerns with regard to the provisions of this Privacy Policy must be directed at our DPO, via dpo@ambassify.com.

12. Complaints?

You are not satisfied with the manner in which we collect, store or otherwise treat or secure your personal data? We are sorry to hear that and are prepared to take all measures to remedy this situation. Please do contact us!

You also have the right to lodge a complaint with the authorized supervisory authority (i.e. the Belgian Data Protection Authority or the data protection authority of (i) your residence or (ii) your workplace) should you consider that the processing of your personal data infringes the Privacy Legislation. You can send an email to the Belgian Data Protection Authority at contact@apd-gba.be or any other email address provided by the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/contact-us).