We at Govin B.V. (“Govin”, “we”, “our” or “us”) are committed to respect your privacy. This policy describes in short how we collect, store, use, disclose and otherwise process personal data when you interact with us on govin.com, its related websites (the “Websites”) or our software platform via app.govin.com (“Platform”) as well as your privacy rights.
Please note that this policy is not applicable when you apply for a job at Govin, since this matter is addressed in our Recruitment Policy.
2. Which personal data do we process?
The information we collect from you depends on how you use our Websites and Platform and is further described below.
2.1 Account set-up
2.1.1 Account information
We collect data when you create an account on our website. This includes:
- Personal details (e.g. full name, prefix, title, gender and age);
- Contact details (e.g. e-mail address, phone number and postal address);
- Professional details (e.g. job title and other information about the organization your affiliated with; and
- Optional information (e.g. details of your social media profiles, language preferences and profile picture).
2.1.2 Payment information
We may collect billing related information when you create an account on our Platform or sign-up for a subscription. This includes, for example, billing address and billing preferences. If you pay your subscription via a third party payment service provider (“PSP”), you will provide your payment details directly to the PSP and not to us.
2.2 Website and Platform Interactions
2.2.1 Web interactions
Similar to other businesses, we collect personal data when you submit forms on our Websites and Platform or interact with us in a different manner. We for example collect personal data when you get in touch with our customer support and/or sales teams, sign-up for newsletter(s), register for product demonstrations and events. We also collect personal data if you participate in our surveys or complete a testimonial. The collected date includes:
- Personal details (e.g. full name, prefix, title);
- Contact details (e.g. e-mail address, phone number and postal address);
- Professional details (e.g. job title and other information about the organisation your affiliated with (if any)); and
- Other personal data provided by you (including the content of the messages send).
2.2.2 Platform interactions
We collect personal data when you use our Platform. We for example collect information about your interactions, such as search prompts and feedback on AI-generated content. We furthermore collect personal data if you communicate with other users via the messaging client.
2.3 Customer Data
Our product enables companies and its stakeholders to centralize governance affairs on an integrated Platform. Due to the nature of the product, we may process personal data if our Platform is utilized. For example if capitalization tables, contracts and other material (“Customer Data”) are uploaded, stored, transmitted or otherwise made available via our Platform.
Customer Data is processed under the instructions of our customers and in accordance with our Terms of Service, which prohibits us – in short – from using Customer Data for other purposes than providing and improving our services. Any requests regarding the correction, amendment or the deletion of personal data in Customer Data as well as questions related to this matter should be addressed to our customer (which acts as the data controller in this regard).
2.4 Information that we collect automatically
During your visit on our Websites or usage of our Platform, we automatically collect information about you and your device(s). This includes:
- Identifiers (e.g. your IP address);
- Data related to your device (e.g. operating system and browser type);
- Data related to your visit (e.g. usage details, e.g. time spent and pages visited);
- Geolocation (e.g. approximate geographical location based on your IP address); and
- Email interconnectivity (e.g. open and click rate of our newsletters).
2.5 Information from other sources
We also collect personal data other sources, for example from (i) our employees and business partners, (ii) other entities within the Govin corporate structure, (iii) third party service providers (e.g. Dutch Chamber of Commerce) and (iv) other online sources, such as social media platforms (e.g. LinkedIn). In this context, we collect the following personal data:
- Personal details (e.g. full name, prefix, title);
- Contact details (e.g. e-mail address, phone number and postal address); and
- Professional details (e.g. job title and other information about the organisation your affiliated with.
3. Why do we process personal data?
We use your personal data for a range of different business purposes and in particular for the matters described below.
3.1 Identification & authentication
We use your personal data to verify your identity when you create an account and/or to authenticate you if you log-in to and use functionalities of our Platform.
3.2 Provide our services
We process personal data to render the services that are requested by our customers and their users. We for example process Customer Data in order to provide management- and supervisory board overviews, compile capitalization tables and assist users whilst they navigate through (legal) contracts. Other examples include the processing of personal data to (i) assign governance related tasks to users, (ii) support decision making (resolution management) and (iii) enable users to securely communicate with each other.
3.3 Develop and improve our services
We analyse the interactions on our Platform to develop and improve our services. We for example (i) use personal data to understand how our product is used and to enhance the user experience, (ii) collect feedback to identify problematic or inaccurate responses of our AI-search tool and (iii) analyse search prompts to provide our users with (alternative) suggestions.
To deliver better services, we may also process Customer Data to train and enhance our in-house build features, such as our AI search tool. We do so by using machine learning and in particular natural language processing technologies. You may opt-out for this by contacting Govin via firstname.lastname@example.org.
We process personal data to maintain contacts with prospects and customers (e.g. handling support requests and informing users about (scheduled) maintenance, updates and webinars).
We process personal data to market our products, for example by sending newsletters and circulating promotions.
3.6 Business purposes
We process personal data for own business purpose (e.g. monitor market trends). We furthermore use personal data for billing purposes and to detect and prevent fraud, criminal activities, abuse and other security incidents on our platform.
We may include personal data in testimonials if you allowed us to do so.
We process personal data to comply with legal, tax and other statutory requirements (e.g. legal retention periods). We furthermore process personal data to resolve disputes and to enforce our legal rights (e.g. enforcement of contracts).
4. What is the legal basis for processing?
The actual legal basis for processing depends on the personal data concerned, the context in which we collect that personal data and includes:
- the performance of a contract;
- our legitimate interests;
- legal obligations; and
- your explicit consent.
If personal data has been processed with your consent, you may withdraw your consent at any time. Please note that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal nor the processing of personal data based on other lawful processing grounds.
5. To whom do we share your personal data?
We do not sell personal data to others. In certain cases, we may however share personal data with others if this is necessary for the purposes as mentioned in this privacy statement. Third parties to whom personal data is made available should handle your personal data with due care and keep it confidential. If third parties qualify as a so-called ‘data processor’, we will enter into a data processing agreement with these parties.
We may share your personal data with the following categories of recipients:
- We may share personal data with our affiliates (e.g. subsidiaries or other entities within the Govin corporate structure).
- Service providers & vendors. We may share personal data with parties that provide services to us. We for example engage third parties for IT related services (e.g. hosting and cloud computing, e-mail and other messaging services, identity verification and electronic signatures, analytics, payment processing and CRM) as well as other service providers (e.g. accountant and professional indemnity insurers).
- Your organization and other users. We may share personal information with the organization you’re affiliated with and other (authorized) users within that organization.
- Our website may contain publicly accessible blogs and other messaging boards. Any information that you share on these environments may become available to the public.
- Parties in connection with corporate transactions. We may share information with our advisors and/or other third parties in case we or our assets are involved in a (potential) business transaction (e.g. merger, acquisition or otherwise).
- Law enforcement. We may be required to share personal data by law, court order or to third parties with legal rights. We will take reasonable efforts to inform you before we disclose such information, unless prior notice is prohibited by law or not possible given the circumstances at hand.
- Disclosures with your consent.
Please note that Govin may transfer personal data to recipients in a country outside the European Economic Area. We implement safeguards if personal data is transferred to a jurisdiction that does not have an adequate level of data protection (as determined by the European Commission), for example by adopting the so-called “Standard Contractual Clauses” (as approved by the European Commission).
6. How do we protect your personal data?
We take security seriously. We have therefore taken various technical and organisational measures to protect your personal data. We refer to our Security page.
7. How long do we retain personal data?
Note that we may be required to retain personal data for longer period of time under applicable laws and regulations and that content that you post on our websites (for example on publicly accessible blogs) may remain on our website(s), even if you stop using our services.
8. What type of cookies do we use and what are they used for?
9. What are your privacy rights?
You may have certain rights over the processing of your personal data by Govin:
- the right to request whether Govin processes your personal data and if so, the right to access your personal data;
- the right to rectification of your personal data if these are incorrect or incomplete;
- the right to erase your personal data (right to be forgotten);
- the right to object to processing of your personal data;
- the right to restrict the processing of your personal data;
- the right to withdraw your consent for the processing of personal data; and
- the right to data portability.
If you wish to exercise your rights, you can contact us. Our contact details are included in the next section.
In order to prevent that Govin discloses information to the wrong person, Govin can ask you for additional information to verify your identity. In principle, Govin will inform you of whether Govin can comply with your request, within one month after receipt. In specific cases, for example when it concerns a complex request, this term may be extended by two months. Govin will inform you of such an extension within one month after receiving your request. On the basis of the applicable privacy legislation, Govin can refuse your request under certain circumstances. If this is the case, Govin will explain to you why.
Govin does not use automated decision-making within the meaning of Article 22 GDPR.
10. What are our contact details?
If you have any queries or complaints regarding the processing of personal data, we recommend you to contact us in writing via email@example.com or by regular mail:
Herengracht 280 (3rd floor)
1016 BX Amsterdam
In addition, you have at all times the right to submit a complaint about the processing of personal data at the relevant Data Protection Authority (in the Netherlands: Autoriteit Persoonsgegevens).