Privacy Policy

As we comply with the GDPR – Legislation in force since 25/05/2018, we present you this privacy statement.

If you still have questions after reading this statement, you can always contact our Data Protection Officer (DPO) as follows:

DPO@assetwins.com

1. WHAT:

In it, we explain how we handle your personal data, what your rights are, how you can exercise them, etc.

Terms used:

• Personal data: by this the GDPR means all information that could directly or indirectly identify a natural person. Further, referred to as "data." So it is NOT about company data!
• Processing: collecting, recording, organizing, structuring, storing, updating or modifying, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying data.

2. WHICH:

We process the following personal data about you:

• Contact Details including name, email, address, phone number, preferred contact method, job title and company name.

How data has come to us:

• 1. By registering and logging in to our application: https://assets.assetwins.com/
• 2. Since the property owner has given you permission to share data within the framework of a contractual relationship, this data, however, is not visible to us for our use. Should the relationship with the property owner end, please inform them to request the removal of your personal data.

We do not collect data in any other way.

3. PURPOSE:

We collect data from both property owners and their contractors, such as maintenance teams, to ensure the smooth execution and monitoring of contractual services. This data enables property owners to track and verify the completion and quality of the services provided, while allowing staff to accurately document their tasks and progress. Additionally, the collected information is used to facilitate clear communication between both parties, ensuring transparency, accountability, and efficient management throughout the service relationship.

4. STORAGE and SANITIZATION:

We will keep your data for as long as you use our internet application and for as long as we need your personal data to be able to offer you our services.

In particular:

• We retain accounting records for a minimum period of 7 years, either in original or electronic form. The retention period begins on 1 January of the year following the end of the relevant financial year. Our retention practices comply with applicable local and international accounting regulations, ensuring compliance with the legal requirements of each country in which we operate.
• Additionally, we retain personal data for the duration of the business relationship. Upon termination of the relationship, personal data will be securely deleted after a retention period of 7 years, unless otherwise required by applicable law or regulatory obligations.
• We have a formal destruction procedure in place for all records, including accounting and personal data. This procedure ensures that records are securely destroyed once the legal retention periods have expired, in accordance with applicable laws and regulations. The destruction process is designed to prevent unauthorized access, use, or disclosure of the data, ensuring full compliance with data protection and privacy standards.
• In compliance with the EU General Data Protection Regulation (GDPR), we retain personal data of employees for a period of 5 years following the termination of employment. After this period, the data will be securely deleted unless otherwise required by applicable law.
• For employee data provided in environments controlled by our partners acting as data controllers of your personal data, to which we do not have access, it is the responsibility of the employees to contact their former employers to ensure that their personal data is not retained indefinitely. We recommend employees exercise their rights under applicable data protection laws, such as requesting data deletion, to safeguard their personal information after the end of their employment.

5. SECURITY:

For this processing, we take the appropriate technical and organizational measures to optimally protect your data, taking into account the nature of the data and the associated risks. We do not store any special personal data and have the following measures in place for the security of your data:

• The computers on which data are processed are protected by default with a username and a complex password.
• All computers are equipped with a Small Office Security solution, which is of course always kept "up-to-date" and automatically performs multiple scans. All Windows installations are automatically updated. The installation is checked at least once a month and started manually if necessary.
• The data is stored in Microsoft Azure databases, with personal data of individuals from any country or region being stored in a geographically appropriate data center. Microsoft ensures that personal data is hosted in one of its regional databases, in accordance with data residency requirements, to minimize cross-border data transfers and ensure compliance with international data processing regulations. This setup leverages Azure's global infrastructure to store data close to its origin, reducing the need for international data transfers and enhancing data security.
• To prevent data loss in the event of device failure or loss, daily backups are automatically stored in Microsoft Azure's encrypted cloud environment. Azure's cloud infrastructure ensures that all data is securely replicated and stored across multiple geographically dispersed data centers, providing strong data redundancy and protection against potential data loss.
• All passwords are securely managed and stored using a cloud-based password management system, which encrypts all credentials and ensures that they are only accessible to authorized users through multi-factor authentication.
• Our employees are fully informed about the safe handling of your personal data and are bound by their employment contract to confidentiality.
• No data is kept on paper due to the possibility of online registration and is not accessible to unauthorized persons.

Past experience teaches us that no risk is completely avoided and should we become aware of any unauthorized access to our IT systems or unlawful alteration, damage or possible loss of your data, we will immediately all necessary measures take to minimize this risk and avoid it in the future. As a result, the possible damage to you will also be very limited.

6. MARKETING PURPOSES:

CLICK BEHAVIOUR AND VISIT DATA

General visitor data is kept on our company's website. In this context, the IP address of your computer, any user name, the time of retrieval and data sent along with a visitor's browser may be recorded and used for statistical analyses of visitor and click behavior on the website. We also use this to optimize the operation of the website. We try to anonymize this data as much as possible. This data will never be provided to third parties.

GOOGLE ANALYTICS

Our website's landing page uses Google Analytics to track how visitors interact with our site and to measure the effectiveness of our Google Ads campaigns on search result pages. The data collected through Google Analytics, including your computer’s IP address, may be transferred to and stored by Google on servers located in Dublin, Ireland. For more information, please refer to Google's privacy policy and the Google Analytics Privacy Policy.

We have taken steps to ensure that Google Analytics is only used on our landing page, and no data is tracked or collected through the app. Additionally, Google will not use the analytics information collected for other Google services unless required by law or if third parties process the data on Google's behalf. We have ensured that any data collected is in compliance with the GDPR and other applicable global privacy regulations.

Given the legal restrictions on Google Analytics in some European countries, users from these regions are advised that Google Analytics may not be fully compliant with local data protection laws, and we encourage users to refer to their local regulations and make informed decisions about the use of our website.

LINKEDIN, YOUTUBE, AND VIMEO

Our website includes buttons to promote or share content via LinkedIn, YouTube, and Vimeo. These buttons are implemented using code provided by the respective social media platforms, which may set cookies on your device (see our cookie policy for more details). Please review the privacy policies of LinkedIn, YouTube, and Vimeo to understand how they handle your personal data, as we have no control over how these platforms process your data through the embedded buttons and cookies. Their privacy policies may change periodically, and we encourage you to stay informed:

• LinkedIn Privacy Policy
• Youtube Privacy Policy
• Vimeo Privacy Policy

We ensure that our use of these social media integrations complies with applicable global data protection regulations, including GDPR. However, we advise users to review the privacy policies of these platforms and make informed decisions regarding the use of their services on our website.

NEWSLETTER

We offer a newsletter with which we want to inform interested parties about news, our services and related matters. Your email address will only be added to the list of subscribers with your explicit consent. Each newsletter contains a link with which you can unsubscribe. The subscriber base of the newsletter will not be passed on to third parties.

CONTACT

Would you like to fill in the contact form on our website? When giving your consent, personal data will be processed as described in this privacy statement and we can always be reached by e-mail.

USE OF COOKIES

We use cookies when offering electronic services. A cookie is a simple small file that is sent along with pages of this website and stored by your browser on your computer's hard drive. We use cookies to remember your settings and preferences if you click on them for approval. According to privacy-by-design, the analytical cookies are set to off by default. You can also disable these cookies through your browser.

For more information, please consult our Cookie Statement .

7. Data Sharing and Processing:

We may share your personal data with the following parties for the purposes outlined below:

• Our accountant to comply with legal accounting requirements;
• Our payroll provider to ensure accurate wage processing;
• The supplier of this application to ensure the security and proper operation of this internet application.

These parties may process your personal data, and we have entered into data processing agreements with each of these processors. These agreements ensure that your personal data is handled in compliance with the General Data Protection Regulation (GDPR) and other applicable global data protection laws and regulations, regardless of where the data is accessed or processed.

All parties involved in the processing of personal data are required to declare their compliance with GDPR or other relevant data protection regulations in their respective jurisdictions. We ensure that the highest standards of data protection are upheld, and no personal data will be shared with third parties for marketing purposes without your explicit consent.

We take all necessary steps to safeguard your personal data and ensure that it is processed securely and lawfully, regardless of the geographical location of the data processors.

8. YOUR RIGHTS

Below is a list of your rights regarding the processing of your personal data, applicable under different global data protection regulations. These rights may vary depending on the jurisdiction in which you reside, but we aim to comply with relevant laws worldwide, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy frameworks.

• Right of Access

  You have the right to request access to the personal data we hold about you. If there are errors or omissions in the data, you may request corrections, additions, or deletions where applicable under the law.

  EU GDPR: Articles 12-13-14

  Other jurisdictions: Access rights may vary depending on local laws.

• Right to Rectification

  You have the right to have your personal data corrected if it is inaccurate or incomplete.

  EU GDPR: Article 16

  CCPA: You have the right to request the correction of inaccurate personal information.

• Right to Erasure ("Right to be Forgotten")

  You can request the deletion of your personal data if it is no longer needed for the purposes outlined in this privacy statement or if there is no longer a legal basis for retaining it.

  Note: Deletion may be restricted where data must be retained for compliance with legal obligations, such as tax and social security legislation.

  EU GDPR: Article 17

  Other jurisdictions: Rights to deletion may vary depending on local regulations.

• Right to Data Portability

  If you wish to switch service providers, we will provide your personal data in a structured, commonly used, and machine-readable format, so it can be transferred to the new provider.

  EU GDPR: Article 20

  Other jurisdictions: Portability rights may not be explicitly defined outside the EU but can still be honored if requested.

• Right to Object to Processing

  In certain circumstances, you have the right to object to the processing of your personal data, particularly if it is used for direct marketing purposes. However, we do not process personal data for marketing purposes, so this right is not applicable in our case.

  EU GDPR: Article 21

  CCPA: You have the right to opt out of the sale of your personal information.

• Right to Restrict Processing

  In some cases, you may have the right to request that we restrict the processing of your personal data if certain conditions are met, such as if you dispute the accuracy of the data or if the processing is unlawful but you oppose deletion.

  EU GDPR: Article 18

  Other jurisdictions: Similar rights may exist under local regulations, though restrictions on processing may differ.

• Right to Transparency

  You have the right to be informed about the processing of your personal data. This privacy statement is available via this link, attached to all electronic communications, and visibly posted in our offices.

  EU GDPR: Article 12

  Other jurisdictions: Transparency obligations vary globally, but we aim to keep you fully informed about how we handle your data.

• Right to Complain to a Supervisory Authority

  If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a relevant supervisory authority.

  EU GDPR: Article 77

  Other jurisdictions: You may have the right to file complaints with local authorities depending on the laws in your country.

How to Exercise Your Rights

If you wish to exercise one or more of the rights listed above, please submit your request in writing, along with proof of your double Opt-In verification by email. We will respond to your request within 30 days, in accordance with applicable data protection regulations.

9. COMPLAINTS

If you disagree with the way we handle your personal data, how we respect your rights, or with any part of this privacy statement, we encourage you to contact us first, so that we can address your concerns promptly and appropriately.

If you are not satisfied with our response, or if you believe that your personal data is being processed in violation of applicable data protection laws, you have the right to file a complaint with the relevant data protection authority in your country or region. Depending on where you are located, you can contact one of the following authorities:

• For individuals within the European Union (EU): You may file a complaint with the data protection authority in your country. For example, in Belgium, this is the Data Protection Authority (DPA), which can be reached via www.gegevensbeschermingsautoriteit.be, located at 1000 Brussels, Drukpersstraat 35, or via email at contact@apd-gba.be or by telephone at +32 2 274 48 00.

• For individuals in Tunisia:You may contact the Instance Nationale de Protection des Données Personnelles (INPDP) at 1002 Tunis, Rue du Lac Windermere, Les Berges du Lac, or via their website http://www.inpdp.tn

• For individuals in other countries:Please consult your local data protection authority to file a complaint. We comply with the applicable data protection regulations of each region, including but not limited to the GDPR, CCPA, and other international laws.

We are committed to handling all complaints in accordance with the relevant data protection laws of your country, and we will work to resolve any issues in a timely and transparent manner.

10. MISCELLANEOUS:

This privacy statement will enter into force on 01 September 2024, i.e. at the same time as the web application was displayed online with the new changes.

We reserve the right to change this privacy statement at any time.