GDPR Protocol

NLOCKD places great importance on protecting personal data and strictly adheres to the provisions of the General Data Protection Regulation (GDPR). This protocol outlines how NLOCKD handles personal data in the context of its Services.

1. Responsibility for Data Processing

NLOCKD acts as:

  • Processor: When processing personal data on behalf of our customers (e.g., customer data on our platform).

  • Controller: For data collected for our own business operations, such as customer accounts or marketing information.

2. Purposes of Data Processing

Personal data is processed solely for the following purposes:

  • Providing Services as described in our general terms and conditions.

  • Facilitating payments and invoicing.

  • Offering customer support through our helpdesk.

  • Improving our Services, such as through usage analysis.

  • Complying with legal obligations, such as tax reporting.

3. Rights of Data Subjects

NLOCKD respects the rights of data subjects as outlined in the GDPR, including:

  • Right of access: Data subjects can request access to the data NLOCKD holds about them.

  • Right to rectification: Incorrect data can be corrected upon request.

  • Right to erasure: Personal data will be deleted upon request, unless legal obligations prevent this.

  • Right to data portability: Data can be provided upon request in a structured, commonly used, and machine-readable format.

4. Technical and Organizational Security Measures

NLOCKD implements appropriate technical and organizational measures to protect personal data against loss, unauthorized access, or other forms of unlawful processing. These measures include:

  • Encryption of data in transit and at rest.

  • Regular security updates and vulnerability scans.

  • Restricting data access to authorized personnel only.

5. Retention Periods

Personal data is retained no longer than necessary for the purposes for which it was collected, unless legal obligations require a longer retention period.

6. Data Processing Agreement

When NLOCKD processes personal data on behalf of a customer, a data processing agreement is established to define agreements regarding data handling, security, and responsibilities.

7. Data Breach Notification

In the event of a data breach, NLOCKD promptly notifies the affected customer(s) and takes appropriate measures to mitigate further damage. If required, a report is filed with the Dutch Data Protection Authority.

8. International Data Transfers

If data is transferred outside the European Economic Area (EEA), NLOCKD ensures appropriate safeguards are in place in accordance with the GDPR, such as Standard Contractual Clauses (SCCs).

9. Contact Information for Privacy Matters

For questions or requests regarding privacy or the GDPR protocol, please contact:

  • E-mail: privacy@nlockd.com

  • Postal Addres: NLOCKD B.V., Hannie Dankbaarpassage 14, 1053 RT Amsterdam, Nederland.