Privacy Policy

This Privacy Policy explains how Effectory B.V. and Effectory Deutschland GmbH (“Effectory”, “we” or “our”) collect, store and use your personal data. This Privacy Policy applies to all of our services, which includes our website, https://www.effectory.com, and all its sub-domain names (the “Website”) and our in-house developed software hosted on https://my.effectory.com and related sub-domain names (the “Platform”).

We are committed to protecting your personal data. The processing of your personal data is subject to the rules of the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”), as well as the national implementation acts of the GDPR. We follow these guiding principles to protect your privacy:

  • We only process personal data that is necessary.
  • We use personal data for the purposes specified.
  • We only keep personal data for the duration of the purpose.
  • We are transparent about our processing of your personal data.
  • We do not share your personal data with third parties, other than described in this Privacy Policy.
  • We are independently audited to prove our compliance.

Table of contents

  1. Who are we
  2. Scope
  3. Subprocessors
  4. Third parties
  5. How is your data secured?
  6. International data transfers
  7. Data retention
  8. Your rights
  9. Cookies
  10. Third party sites
  11. Changes to this Privacy Policy
  12. Contact us

1. Who are we

Effectory B.V. is an Amsterdam-based company, having its address at Rokin 16, 1012 KR Amsterdam, the Netherlands, registered with the trade register under no. 72541644, Effectory Deutschland GmbH is a Munich-based company, having its address at Karlsplatz 3, 80335, München, Germany, registered with the trade register under no. HRB164901. You may contact us by filling out the contact form available at https://support.effectory.com/hc/en-us/requests/new.

With regard to the processing of your personal data, we act as the “processor” (see Respondents through Customers below) or the “controller” (see Helpdesk through Job applicants below) within the meaning of the GDPR. If we are the processor, it means we process data on behalf of our customer, i.e. your employer. If we are the controller, it means we process data for our own purposes. This means that we have certain statutory obligations and responsibilities with respect to our data processing activities. This Privacy Policy informs you on how Effectory meets these obligations and responsibilities.

2. Scope

This Privacy Policy applies to the following situations:

  • using our Platform as an employee of one of our customers (a “Respondent”), for example after being invited to fill out a survey via our Platform;
  • using our Platform as an employee of a customer, other than in the role of Respondent (a “User”);
  • using our Platform, acting on behalf of our customer;
  • contacting our helpdesk (by phone, email or online on https://support.effectory.com);
  • visiting our Website;
  • receiving communication from Effectory as a recipient (a “Recipient”); and
  • applying for a job at Effectory.

Respondents

For the processing of personal data as described in this section, our customer, i.e. your employer, is the controller and Effectory is the processor, acting solely upon the instructions of your employer.

Your employer decides on the purposes for which it uses our Platform and which personal data of Respondents is being processed and provided to us:

  • to invite you to fill out a survey in the response period; and
  • to calculate meaningful results in the reporting phase.

For example:  name, employee number, (work) email address, date of birth, gender, date of employment, manager/supervisor (yes or no), level of education, salary scale, type of employment, number of hours (FTE), organizational chart.

Unless otherwise determined, your employer relies on legitimate interests as its legal basis to conduct employee surveys to understand what is going on among its employees for the purpose of improving the organization management (“employer excellence”) and optimizing the performances of the organization. Participating in a survey is voluntary, unless otherwise stated.

More specific information agreed with your employer, about how we handle your data and your confidentiality towards your employer can be found in the privacy statement on the online introduction page of your questionnaire on our Platform and on the Effectory support website (https://support.effectory.com).

Our customer, i.e. your employer, has authorized Effectory to use the external parties (data sub processors) referred to in section 3 to perform our services.

Our customer, your employer, determines how long your personal data will be retained securely by Effectory. In general, your personal data will be stored securely for the duration of the contract between your employer and Effectory, unless otherwise instructed by your employer.

Users

For the processing of personal data as described in this section, our customer, i.e. your employer, is the controller and Effectory is the processor, acting solely upon the instructions of your employer.

Your employer decides the purposes for which it uses our Platform, as well as the personal data that is being processed and provided to us. Your employer relies on legitimate interests as its legal basis. Before you can access our Platform, your employer has already created an account for you and provided us with certain personal data about yourself, for example: name, employee number, (work) email address, date of birth, gender, date of employment, manager/supervisor (yes or no), level of education, salary scale, type of employment, number of hours (FTE), organizational chart.

The personal data is necessary, for example:

  • to invite you to the Platform;
  • to access the Platform securely;
  • to use the Platform as a User, for example to send out a survey;
  • to invite you to fill out a survey during the response period;
  • to calculate meaningful results in the reporting phase;
  • to provide access to results and action plans; and
  • to inform our customers on product updates and new features.

Our customer, your employer, has authorized Effectory to use the external parties (data subprocessors) referred to in section 3 to perform our services. Our customer, your employer, determines how long your personal data will be retained securely by Effectory. In general, your personal data will be stored securely for the duration of the contract between your employer and Effectory, unless otherwise instructed by your employer.

Customers

To fulfill our contractual obligations, we need to process personal data to maintain relationships with our Customer. The personal data that is processed may include name, (work) email address and possible other basic personal data that was provided to us, such as telephone number.

The personal data is necessary, for example:

  • to arrange and administer contracts between the Customer and Effectory;
  • to support the customer and its internal project team to use our Platform successfully;
  • to process requests for possible future Platform features; and
  • to send invoices to the Customer and for other relevant administrative tasks.

The personal data will be securely stored in accordance with legal requirements, for example for keeping tax records and financial accountant’s audits.

Helpdesk

For the processing of personal data as described in this section, Effectory acts as the controller. If you wish to contact our Helpdesk, the personal data processed may include your name, (work) email address, and other basic personal information, such as a telephone number.

The personal data is necessary, for example:

  • to create a support ticket with our company, allowing us to reach you;
  • to verify your identity; and
  • to review your request or question.

The personal data will be securely stored in accordance with legal requirement, for example for keeping a tickets history.

Website visitors

For the processing of personal data as described in this section, Effectory acts as the controller, relying on our legitimate interest or your consent as the legal basis for processing of personal data. The personal data processed is provided by you to us through the website and may include your name, (work) email address, cookies, and other basic personal information, such as a telephone number.

The personal data is necessary, for example:

  • to follow-up on your request(s);
  • to request a demo or pitch of our Platform;
  • to arrange a trial account of our Platform;
  • to provide you with relevant advertisements;
  • to ask you for consent to contact you;
  • to arrange events, courses, webinars, and/or trade fairs;
  • for research and development purposes in our legitimate interests;
  • to analyse and improve our services;
  • to optimize our Website; and
  • to perform other commercial activities.

Your personal data will be stored securely as long as necessary to fulfil its purpose. For more details about cookies and to manage your consent choices, please refer to section 9.

Recipients of our communication

For the processing of personal data as described in this section, Effectory acts as the controller. The personal data processed includes your name, email address, telephone number, and company information, provided by you.

The personal data is necessary, for example:

  • to send mailings for which you have opted in;
  • to reach out to you with relevant communication;
  • to manage your communication choices (opt-in, opt-out).

Your personal data will be stored securely until your consent is revoked. You can manage your communication and consent choices through the link provided in the mailings.

Job applicants

For the processing of personal data as described in this section, Effectory acts as the controller based on the initiation of a contractual relationship, its legitimate interest or on consent. The personal data that is processed includes name, (private) email address and other basic personal data, such as a telephone number or other personal data provided to us through your application and CV.

The personal data is necessary:

  • to contact you about your job application; and
  • to optimize our recruitment process and performance

Your personal data will be processed for the duration of your application. If we do not reach an employment agreement, Effectory will retain your personal data for a maximum of one month. After that, we will inquire if you would like to retain your personal data in our talent pool, enabling us to contact you in the event of a relevant new job opening. If you agree, your personal data is kept for another 12 months. After this period, we will again ask for your consent. You may withdraw your consent at any time.

3. Subprocessors

To perform the services on the Platform, our customer (your employer) has authorized Effectory to use the following data subprocessors (relevant if you are a Respondent or a User):

OrganizationProcessing purposeLawfulnessLocation
MicrosoftHosting web application and storing dataLegitimate interestEU (EEA)
MailJetSending email invitations to fill out surveyLegitimate interestEU (EEA)

4. Third parties

As part of our business operations, we use certain external service providers, such as:

OrganizationProcessing purposeLawfulnessLocation
CookieBotCookie consent managementConsentEU (EEA)
HotJarUX analyticsConsentEU (EEA)
HubSpotContact person managementContract performanceEU (EEA)
MicrosoftOffice collaboration e.g. emailing, telemetry and logging Contract performanceEU (EEA)
Piwik PROWebsite analyticsConsentEU (EEA)
PlanHatCustomers success managementContract performanceEU (EEA)
ProductboardRoadmap and feature managementContract performanceEU (EEA)
ZendeskTicketing systemContract performanceEU (EEA)

Effectory may disclose personal data collected in the scope of this privacy policy from Effectory B.V. to Effectory Deutschland GmbH, and vice versa, to make cross border cooperation possible.

5. How is your data secured?

Effectory implements state of the art security standards to prevent unauthorized access, maintain data accuracy and ensure the correct use of information. We implement appropriate technical and organizational measures to protect your information.

Effectory is certified in ISO 27001 and ISO 27701 and has achieved SOC 2 Type II assurance. These certifications are awarded to Effectory by independent, specialized, external auditors. The certifications are worldwide standards used to prove to interested parties the Effectory information security management, data privacy management, and assurance.

Effectory only selects and enters into agreements with third parties that use appropriate security and privacy measures, providing sufficient guarantees, including technical and organizational measures, to ensure the appropriate protection of the data entrusted to them.

Up-to-date information about Effectory’s current technical and organizational measures as well as our certifications and compliance details are accessible on https://security.effectory.com.

6. International data transfers

Data processed by Effectory is primarily hosted and processed within the EU. In cases where processing occurs outside the EU, only service providers from third countries deemed to have an adequate legal level of data protection by the European Commission are used. Alternatively, suppliers are selected based on binding agreements that fully comply with the lawfulness of third-country transfers, according to GDPR model contractual clauses.

We and our processors apply appropriate safeguards to protect the privacy and security of your personal data. Therefore, we and our processors only process your personal data in accordance with the practices described in this Privacy Policy. Other recipients of your personal data may include government agencies and administrations, to the extent that we are legally obliged to do so, such as tax authorities or financial accountants.

7. Data retention

We retain personal data for different periods, depending on the type of information, the contract period with our customers, legal requirements regarding certain types of data, and other factors. Generally, we will stop processing your information when (a) your employer is no longer a customer; or (b) you are no longer a Respondent or User of our Platform. If circumstance (a) or (b) occurs and we are under no legal or contractual duty to preserve your information for a longer period, we will delete your data. We reserve the right to retain any information in our archives that we deem necessary to comply with our legal obligations, settle disputes, and enforce our rights.

8. Your rights

You have certain rights when it comes to our processing of your personal data, such as:

  • the right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights;
  • the right of access: You have the right to obtain access to your personal data.
  • the right to rectification: You have the entitlement to have your personal data rectified if it is inaccurate or incomplete;
  • the right to erasure: You have the right to request the deletion or removal of your personal data when there is no compelling reason for us to keep using it. However, this is not an absolute right, and exceptions may apply;
  • the right to restrict processing: You have the right to block or suppress further use of your personal data. When processing is restricted, we can still store your personal data but may not use it;
  • the right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services;
  • the right to object to processing: You have the right to object to certain types of processing;
  • the right to withdraw your consent: You have the right to withdraw your consent to the processing of your personal data at any time, if we have collected and processed your personal data with your consent. Withdrawal does not affect the lawfulness of any processing carried out prior to the withdrawal, nor does it affect the processing carried out on other legal grounds;
  • the right not to be subject to automated decision making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects for you;
  • the right to opt out: You have the right to unsubscribe from the marketing communications that we send you. You can make use of the right by clicking on the unsubscribe button provided at the bottom of the received messages;
  • the right to complain: You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, contact your local data protection authority.

You can exercise your rights by contacting us via https://support.effectory.com/hc/en-us/requests/new.

In some cases, your request may be limited. For example, if you ask for the deletion of data necessary for the fulfilment of legal obligations and enforcement our legal rights, or if you request deletion or alteration of survey data for which our customer, your employer, is the Controller, who bases its grounds for processing on legitimate interests.

9. Cookies

Cookies are small files stored on your device that can be used by websites to make the user experience more relevant and efficient. According to the law, Effectory may store cookies on your device if they are necessary for correct functioning of the Website. For other type of cookies, we need your consent. Our Website uses various types of cookies, some of which are placed by third-party services that we use.

You can manage your cookie consent here at any time: renew or change your cookie consent. Effectory uses CookieBot to manage your cookie preferences. CookieBot also independently provides information on the cookies we use so that you can make an informed choice.

The cookies we use include:

  • Necessary cookies: These enable basic functions such as page navigation and access to secured areas, making the website function;
  • Preference cookies: These ensure that a website can remember information that affects the behavior and design of the website, such as your selected language;
  • Statistic cookies: These help us understand how our Website or the Platform is used in order to optimize future visits, for example which types of devices are used and how long it takes to load the Website or the Platform on your device;
  • Marketing cookies: These are used to follow Website Visitors when visiting different websites. Their purpose is to display advertisements that are tailored and relevant to the individual user. Marketing cookies only apply to the Website and never apply to the Platform;
  • Unclassified cookies: These are new or unknown cookies that Effectory and/or other parties are still in the process of classifying.

10. Third party sites

Our Website may contain links to other websites operated by third parties. Please note that this Privacy Policy applies only to the personal data that we collect through this Website and our services. We are not responsible for personal data that third parties may collect, store, and use through their websites. We recommend that you check the privacy policies of the third parties.

11. Changes to this Privacy Policy

This Privacy Policy was last updated in February 2024 and replaces our previous Privacy Policy. Please check regularly for updates to this Privacy Policy to stay informed. If we make any changes to this Privacy Policy in the future, we will publish the revised applicable Privacy Policy on our Website. If changes are made that may significantly affect you, we will do our best to inform you about those changes.

12. Contact us

In case you have any questions or complaints regarding the processing or your personal data, you may contact us by filling out the contact form available at https://support.effectory.com/hc/en-us/requests/new.