Privacy Notice

This Privacy Notice applies to personal data processed by Cevinio BV and our group companies. Cevinio BV is a limited liability company established under Dutch law, with its principal place of business at Hofplein 20, 30332 AC Rotterdam, the Netherlands. In this policy, “we”, “us” and “our” refers to Cevinio BV and our group companies.

We recognize that when you choose to provide us with information about yourself voluntarily, you trust us to act in a responsible manner. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights.

This applies to personal information that we collect through our website(s), social media, or when engaging in our relationship or potential relationship with you (or your organization) as a supplier, client, business partner, or (potential) employee.

Our Privacy Notice may change from time to time, but never in a manner that compromises our commitment to respect and safeguard your privacy. The most current version of this Privacy Notice governs our practices for collecting, processing, and disclosing personal data. We will provide a more prominent notice (including, for certain services, email notification) of any material modifications to this Privacy Notice.

1. What personal data do we collect and process?

The Personal Data We collect depends on whether the individual is:

1. A visitor to the Cevinio website, participant of an event, subscriber of a whitepaper/newsletter via our website, or social media platforms such as LinkedIn, etc; or
2. A customer and/or user of the Cevinio Software (the “User”), business partner, or supplier; or
3. A subject of the accounts payable process/mentioned on an invoice that is processed as part of services delivered by Cevinio; or
4. An employee, applicant, temporary staff.

1.1. Visitor Website/Participant/Subscriber
In order to provide certain services and information to you, we may ask that you register and provide us with information about you and/or your company such as your name and contact information.

Below types of information Cevinio might collect about you.

• Contact details, such as your first and last name, phone number, and email address;
• Job title, position, preferences and interests in a professional context;
• Company’s name, number of headcounts, and country
• Website traffic information as provided by your web browser such as browser type, language, the address of the referring website, and other traffic information such as IP address;
• Website visitor behavior such as which links you click and when;
• Any other information that you provide to use when you are communicating with us.

The legal basis for such processing would be ‘Consent’ [Article 6(1)(a) GDPR].
Cevinio will process personal data for the purpose for which it is collected. We will not use your contact information for sending emails about product and/or service updates, events, whitepapers, newsletters & more unless you have specifically requested or agreed to receive such information.

We use cookies, ‘clear gifs’, or ‘web beacons’ to make our website easier and better to use and for marketing purposes. Cookies are files or pieces of information that may be stored on your computer (or other devices) when you visit a site. Please see our Cookie Policy for further details about the cookies we use to operate this (and other) website(s) and how you can disable or enable them. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you open, click on, or forward a message. This information is gathered from all email recipients. The legal basis for such processing would be ‘legitimate interest’ for the ‘Necessary cookies’ and ‘Consent’ for ‘all other types of cookies’ [Article 6(1)(f) and 6(1)(a) GDPR].

1.2. User/Business partner/Supplier
The personal data of (potential) customers, business partners and suppliers personal data is processed for making an offer, for entering into a contract, and for the performance of a contract. Personal data such as their name, email address, phone number, function, and additional details about them and the organization they represent can be processed. The legal basis for such processing would be ‘legitimate interest’ for any offers made and ‘contract’ [Article 6(1)(f) and 6(1)(b) GDPR].

The personal data of the Users of the Cevinio Software is collected to provide, maintain, protect, and improve the services, to develop new ones, and to protect Cevinio and our users.

We collect information in the following ways:

• Information you give us. For example, our services require you to sign up for a Cevinio Account. When you do, we’ll ask for personal information, like your name, email address, telephone number.
• When you contact our customer support for assistance.
• Information we get from your use of our services. We collect information about the services that you use and how you use them.
• Location information. When you use Cevinio services, we may collect and process information about your actual location.

We use cookies, “clear gifs”, or “web beacons” to make better use of our products and services, to tailor them to your interests and needs. Please see our  Cookie Policy for further details about the cookies we use to operate this (and other) website(s) and how you can disable or enable them. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you open, click on, or forward a message. This information is gathered from all email recipients. The legal basis for such processing would be ‘Legitimate interest’ for the ‘Necessary cookies’ and ‘Consent’ for ‘all other types of cookies’ [Article 6(1)(f) and 6(1)(a) GDPR].

1.3. Subject of the accounts payable process

Cevinio offers services to optimize the accounts payable automation of our customers. It is possible that we process your personal data if it is mentioned on an invoice of one of our Customers. We process that data on behalf of our Customers according to the data processing agreement (DPA) we have concluded with them. According to the GDPR, Cevinio is the Processor and that Customer is the Controller. For questions about the personal data processed, the purpose, the legal basis, the retention period, your rights, etc. we refer you to the Customer for which Cevinio processes the invoices.

If the Customer requests us to remove the data, we will respond to its request within thirty (30) days. Cevinio will delete, amend, or block access to any personal data that we are storing only if we receive a written request to do so from the Customer who is responsible for such personal data, unless we have a legal right to retain that data. We reserve the right to retain a copy of such data for archiving purposes, or to defend our rights in litigation. Any such request regarding Customer Data should be sent by email to complianceofficer@cevinio.com, and include sufficient information for us to identify the Customer or third party and the information to delete or amend.

1.4. Employees/Applicants/Temporary Staff
Cevinio processes personal data about her (temporary) employees and applicants like names, contact information, resume, assessments, salary, reviews, employment leave and sickness. Cevinio receives this information directly from the employee/applicant or with consent from them. The legal basis for such processing would be ‘Contract’ or ‘Legal obligation’ [Article 6(1)(b) and 6(1)(c) GDPR].

2. To whom do we disclose your personal data?

To fulfill the purposes above, Cevinio may need to disclose to, transfer, or otherwise share your personal data with a select number of trusted service providers to whom we have outsourced the processing (including storage) of personal data. These service providers are carefully selected and meet high data protection and security standards. We only share personal data with them that is required for the services offered and we contractually bind them to keep any information we share with them as confidential and to process personal data only according to our instructions. The legal basis for such processing would be ‘Legitimate interest’ [Article 6(1)(f) GDPR].

In addition to services providers, other categories of third parties may include:

• Vendors/public institutions. To the extent that this is necessary in order to make use of certain services requiring special expertise (such as legal, accounting, or auditing services) We may share personal data with vendors of such services or public institutions that offer them (e.g. courts). The legal basis of this data processing is ‘Legitimate interest’ [Article 6(1)(f) GDPR].
• Disclosure in the event of a merger, sale, or other asset transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then personal data may be sold or transferred as part of such a transaction, as permitted by law and/or contract. The legal basis for such processing would be ‘Legitimate interest’ [Article 6(1)(f) GDPR].
• Other than the cases mentioned above, we will only transfer personal data to third parties with explicit consent in accordance with Article 6(1)(a) GDPR or if We are obliged to do so by statutory law or by instruction from a public authority or court.

3. Where do we store your personal data?

We keep your data within the European Union unless requested otherwise by the User of the Cevinio Software. We inform you where your data is located and will not change the location without approval.

4. How long do we keep your personal data?

As required by law, we will only hold your personal data as long as necessary to fulfill the purposes for which the data is collected before making it non-identifiable (anonymous) or deleting it. Unless there is a contractual or legal requirement to retain data for a longer period (such as required by trade or tax regulations).

5. What do we do to protect your personal data?

We work hard to protect Cevinio and our Users from unauthorized access to or unauthorized alteration, disclosure, or destruction of information we hold. In particular:

• We encrypt all of our services using SSL.
• We periodically review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems.
• We restrict any access to personal data to those Cevinio employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

6. What are your rights?

you’re a visitor to our website/social media/participant/subscriber,  or a User or business partner of our Software or an employee you have the right to request:

• access to your personal data;
• rectification/correction;
• erasure (subject to above-mentioned limitations); and
• data portability.

Under certain conditions, you may also object to the processing of your personal data or restrict the processing.

If you have given consent for processing of your personal data, you also have the right to withdraw your consent.
If you wish to exercise any of your rights, please send your request by email to complianceofficer@cevinio.com.

7. How can you file a complaint?

If you have a complaint regarding the manner in which Cevinio processes your personal data or suspect that a personal data breach has occurred, please contact us at complianceofficer@cevinio.com and provide sufficient details for us to revert to you. If, in your view, the complaint is not dealt with satisfactory, you may have the right to lodge a complaint with the Dutch Data Protection Supervisory Authority (“Autoriteit Persoonsgegevens”).

8. How can you contact us?

Please contact us if you have any questions about our Privacy Notice and/or the manner in which we process your personal data by sending an email to complianceofficer@cevinio.com.