Privacy Policy

General
Pricing
Hosting
Subscription
INTRODUCTION

Last updated: [30/01/2025]

Welcome to Datajoy, a data intermediation service (“DIS”) that helps connect Individuals and Data Users. A further description of Datajoy’s services is available at www.datajoy.eu.

This privacy policy ("Privacy Policy") describes our practices and your rights in relation to the personal data that we collect and process in connection with Datajoy and our other solutions.

Where appropriate, this Privacy Policy differentiates the processing of personal data for Datajoy’s business operations (see sub-sections “in general”), where it acts independently from specific instructions from Individuals, from the processing where Datajoy acts on the instruction of Individuals in relation to requests it submits on their behalf to Data Holders, and disclosures of those personal data to Data Users (see sub-sections “Requests to Data Holders”). If nothing is specified, the section applies to both cases.

DATA SUBJECTS

This Policy is intended for:
- Individuals who use Datajoy, and on whose behalf Datajoy submits privacy, and other data-related, requests to Data Holders, and provides data to Data Users.
- Employees and other natural persons who work for or represent Data Holders, Data Users, service providers, and other third parties with whom Datajoy interacts.
- Visitors of Datajoy Websites.
- Participants in Datajoy events and others with whom Datajoy interacts for its own purposes.

OUR SOLUTIONS

Our solutions ("Solutions") include:
·        The Datajoy DIS and Related Content, including ancillary services we may offer, such as data hosting and content curation.
·        Our Websites, in particular www.datajoy.eu.
·        Our mobile apps.
·        Our emails that link to this Privacy Policy and other means of communication.
·        Social media pages that we administer.
·        Our cookies and other trackers.
·        Events such as our client receptions that are related to our Solutions.

PERSONAL DATA

The categories of personal data that we collect or obtain are:

  • Account data (username, password, user or administrator statuses, profile picture, and other account data).
  • Atypical data (unusual pattern, reporting, and other irregular activity).
  • Authentication data (contact details and personal attributes as described in this section, profile picture, and related technical data such as sender, recipient and logs)
  • Contact details (first name, last name, email, phone number and postal address).
  • Engagement data (online search history, online and physical journey – including shopping itinerary, name of store, loyalty programs, and other interactions with a brand's services, platforms, mobile applications, websites, and social media).
  • Data holder (name and category).
  • Data user (name and category).
  • Marketing data (choices about newsletters, topics of interest, surveys, participation in events and contests, comments and social media interactions).
  • Metadata related to the data set out in this section.
  • Personal attributes (demographics, place and date of birth, nationality, and gender).
  • Preference data (preferred language and settings).
  • Professional data (professional title, role, company number, and other professional data).
  • Support data (support and other support requests, and customer records).
  • Technical data (device number, operating system and version, software configuration, notifications, activity logs, connection data, IP address, and other technical data).
  • Transactional data (purchase history, deliveries, transactions, licenses, contracts, and billing).
PURPOSES

The purposes for which we use personal data are:

In general

Datajoy Account : Eligible Individuals, and other data subjects, may create and use Datajoy (potentially via an account). We use your personal data to create, administer, and enable you to offer a service or to use an account and the features of Datajoy.

  • Personal data used: account data, name, date of birth, contact details and professional data.
  • Legal basis: (pre)contractual necessity.
    • Contractual terms and conditions relating to the account are set out in the relevant general terms and conditions, and Specific Terms where applicable.

Support: Provide technical or administrative assistance, after-sales service, problem resolution service, and respond to your requests.

  • Personal data used: account data, name, date of birth, contact details, financial data, professional data, support data, technical data and transactional data.
  • Legal basis: (pre)contractual necessity.

Relationship Management: Manage and communicate with you about billing and payments, our relationship, and contractual documents.

  • Personal data used: Account data, contact details, financial data, professional data and transactional data.
  • Legal basis: (pre)contractual necessity.

Maintenance : To provide and administer our Solutions, such as ensuring the maintenance and proper functioning of Datajoy and our Websites, such as testing, updating, patching and debugging.

  • Personal data used: account data, contact details, feedback, professional data, support data and technical data.
  • Legal basis: Datajoy's legitimate interest in the administration and maintenance of its Solutions.

Security: To prevent, protect, investigate, mitigate, and respond to breaches of the security of Datajoy's and others' assets and infrastructure, including computer attacks, incidents or personal data breaches, fraud, theft, break-ins, identity theft, viruses, phishing, and other malicious practices.

  • Personal data used: account data, atypical data, contact details, financial data, professional data, support data, technical data and transactional data.
  • Legal basis: Datajoy's legitimate interest in ensuring the security of its resources and infrastructure.

Marketing : To advertise our Solutions, send you marketing communications, invite you to our events, and allow you to participate in our surveys and polls.

  • Personal data used: contact details, feedback, marketing data, professional data, support data, and technical data.
  • Legal basis: Datajoy's legitimate interest in marketing, or your consent where we request it.

 

Improvements: To understand how our Solutions are used and collect feedback to improve our Solutions and develop new ones, and our processes.

This processing is carried out in particular by means of surveys, questionnaires, spontaneous feedback or the analysis of statistical data.

Improving our processes involves standardization, task automation, performance management, supply chain optimization, and research and development.

  • Personal data used: atypical data, contact details, feedback, professional data and technical data.
  • Legal basis: Datajoy's legitimate interest in the improvement and development of its products.

Market Analysis: To assess our outlook and report on activities and productivity, we conduct statistical analyses of the use and performance of our Solutions.

  • Personal data used: financial data, marketing data, professional data,  and technical data.
  • Legal basis: Datajoy’s legitimate interest in understanding market trends and making informed business decisions.

Defending our Rights: To ensure the proper conduct of our business and to protect our interests, in particular with respect to compliance, audits, reporting, reputation, integrity, values and other rights and interests, and those of our directors.

  • Personal data used: account data, atypical data, contact details, financial data, professional data, support data, technical data and transactional
  • Legal basis: Datajoy’s legitimate interest in ensuring the proper functioning of its business and managing its litigation.

Business Transactions: Your personal data may be disclosed in connection with business transactions, including in the event of a reorganization, merger, sale, joint venture, divestiture, merger and acquisition.

  • Personal data used: account data, atypical data, name, date of birth, contact details, feedback, financial data, marketing data, professional data, support data, technical data, transactional data, and any other relevant data obtained in the context of a mandate you provided to use for requests to Data Holders.
  • Legal basis: Datajoy’s legitimate interest in carrying out business transactions.

Legal Obligations  : To meet our legal obligations, in particular in connection with data governance, such as to prevent fraudulent or abusive practices, facilitate interoperability, provide required disclosures and comply with transparency requirements, log records of DIS activity, accounting, financial, tax, civil, commercial, economic, privacy, cybersecurity, health and safety, and cooperation with judicial and administrative authorities.

  • Personal data used: account data, atypical data, contact details, feedback, financial data, professional data, support data, technical data and transactional
  • Our legal basis: compliance with our legal obligations and substantial public interests, including pursuant to the EU Data Governance Act (2022/868).

Requests to Data Holders

DIS Provision: Datajoy will submit requests to Data Holders where you have instructed it to do so, and in line with Datajoy’s Terms and Conditions for Individuals [Datajoy.eu/terms-for-individuals]. It will make those data available to the Data User consistent with your choices.

  • Personal data used: the data that you instruct us to obtain, disclose, and otherwise process on your behalf, including, if you have selected these items pursuant to your relevant mandate or your choices (including based on and as inferred from the name or categories of Data Holders), account data, atypical data, authentication data, contact details, data holder, data user, engagement data, feedback, financial data, marketing data, personal attributes, preference data, professional data, support data, technical data, transactional data and metadata in relation to these items.
  • Legal basis: (pre)contractual necessity, i.e., the performance of your mandate to us and performance our DIS.

Ancillary Services: Datajoy provides or facilitates ancillary services, such as data hosting, content curation, data conversion, anonymization and pseudonymization.

  • Where applicable, data are hosted with Google Inc. and its subsidiaries.
  • The personal data and legal basis are those regarding the sub-section on DIS Provision above.

Operations and Compliance: Datajoy may use personal data derived from the above sub-sections (DIS Provision and Ancillary Services) for Support, Maintenance, Security, Improvements, Defending our Rights, Business Transactions, and Legal Obligations, to the extent that they are relevant for the DIS provision, improvement, and compliance with legal and critical business requirements. The data collected with respect to any activity of a natural or legal person for the purpose of the provision of the data intermediation service, including the date, time and geolocation data, duration of activity and connections to other natural or legal persons established by the person who uses the data intermediation service, shall be used only for the development of that data intermediation service, which may entail the use of data for the detection of fraud or cybersecurity, and shall be made available to the data holders upon request.

 

Where the legal basis is (pre)contractual performance or compliance with our legal obligations, if you do not provide your personal data we will not be able to provide you with all or part of the functionalities of our Solutions.

You may request to review data received with the relevant data recipient, such as the Data User.

SOURCES

The sources from which we obtain your personal data are:
·        Through our Solutions: When you create a user account on Datajoy, fill in information about Datajoy,subscribe to our newsletters, or otherwise interact with our Solutions onlineand offline.
·        From Data Holders: Where you instruct us to obtain data from them on your behalf. Data may include data derived from the cookies they operate or connected product data, and related service data, they provide or manufacture.
·        From Data Users: To the extent they provide information about you back to us. For example, where the Data User has difficulties answering the request, or is legally required to contact us.
·        From our suppliers or partners who contribute to the development and marketing of our Solutions, to pursue our legitimate interests.
·        From third party authorities: For example, in connection with an investigation.

YOUR RIGHTS

In general

You have the following rights in relation to your personal data:

  • Right of access
    • Request confirmation as to whether we hold personal data about you, access those data and other information relating to those data.
    • Request a copy of your personal data.
  • Right to rectification
    • Request the correction of your personal data if they are incorrect or incomplete.
  • Right to erasure
    • Request the deletion of your personal data in certain cases, such as where you have consented to their use and subsequently withdrawn your consent, or where they are used unlawfully. In some cases, we may not be able to delete your personal data or certain content, for example for the management of our litigation, or where the law requires the retention of data such as for accounting purposes.
  • Right to restriction
    • Request the restriction of the use of personal data in certain circumstances, such as the time it takes to verify the accuracy of those personal data.
  • Right to portability
    • Request receipt of the personal data you have provided to Datajoy, in a structured, commonly used and machine-readable format.
    • Request to transmit or have transmitted such personal data, where technically feasible, to another data controller, under certain circumstances.
  • Right to object
    • Object to the use of your personal data in certain circumstances, including in the context of marketing and where your personal data are used based on a legitimate interest of Datajoy. If you no longer wish to receive direct marketing, you can opt out by unsubscribing to emails you receive from us.
  • Digital inheritance law
    • In some countries, such as France, individuals have the right to set directives on the fate of their personal data after their death.
  • Right to opt-out from data conversion
    • Under certain circumstances, you may be allowed to request to opt-out from data conversions. For example, where you elect to share your data with a Data User.
  • Right to withdraw your consent
    • You may withdraw your consent at any time if the use of your personal data is based on such consent. Withdrawing consent will not affect the use of your personal data prior to such a withdrawal.

If you wish to exercise your rights, please feel free to contact us at privacy@datajoy.eu. Please note that these rights may be limited in accordance with applicable law. For example, where the personal data you request contain personal data of other persons or anti-fraud information, those data may be redacted. A request may be refused if it is manifestly unfounded or excessive.

You may also lodge a complaint with a supervisory authority in your country or in the place where there is an alleged breach of applicable privacy law. A list of supervisory authorities is available on the https://edpb.europa.eu/about-edpb/about-edpb/members website. The supervisory authority responsible for Datajoy in Belgium is the Data Protection Authority, rue de la Presse, 35, 1000 Brussels.

Requests to Data Holders

To the extent that you have instructed Datajoy to retrieve or perform other actions in relation to your personal data with a Data Holder on your behalf, or otherwise process such data, we will exercise the rights for which you have granted us a mandate or other instruction.

Please note that you retain the right to exercise such rights independently and can withdraw your mandate or instruction at any time.

In addition, where we are not acting on your behalf, we are not able to submit requests for you. In that case, please direct your questions or requests directly to the relevant data controller. For example, while we may retrieve data for you from a Data Holder, our mandate regarding a Data User may be limited to sending your data to that Data User. Any subsequent request for access or deletion of those data that are in possession of the Data User should be made by you directly, not through Datajoy, unless we specifically agree otherwise.

Your rights may be limited under applicable law, in particular where they may affect the rights of others. For example, data may be expunged of confidential information or company secrets before being transferred to us. You may also be able to set restrictions on the data you would like us to request, or we may do so to avoid duplicate requests, which will accordingly narrow the scope of data we receive.

AUTHENTICATION AND SIGNATURE

Datajoy requires Individuals’ authentication and signature where appropriate, to authenticate the request or to submit requests to Data Holders on your behalf. Datajoy needs to provide proof of such authentication and signature to Data Holders or other Data Participants.

To do so, Datajoy seeks to rely on electronic identification and signature services, such as itsme or other providers. Datajoy may provide a report containing a fingerprint of your identification or signature, along with other relevant data, such as the sender and receiver of the authentication or signature request, and information on the document and logs.

If electronic identification is not possible, for instance, Datajoy may request a physical copy of your ID card. In such cases, please provide only one side of the card, excluding the side containing your national register number. Additionally, we recommend crossing out the card, marking the copy as for reference only, including the date, authorized recipient and use, and obscuring irrelevant data such as your profile picture, date and place of birth, gender, nationality, card number, and signature. Datajoy may provide a copy of your ID card to the Data Holder or other relevant Data Participants where required to comply with your requests, perform the DIS or where required by applicable law.

RECIPIENTS

In general

We share your personal data with the following recipients:

  • Persons with whom you interact or disclose information through our Solutions
    • When you transmit, or allow persons to access, your personal data, for example to user account administrators.
    • If you use a third-party product to connect to our Solutions, you will share information about yourself with that third-party product.
  • Our suppliers in relation to the services they provide
    • These services include account administration and development, support, relationship management and payment processing, maintenance, security, marketing, improvements, market analysis, advocacy, business transactions, compliance with our legal obligations, and ancillary functions.
  • Public authorities, where disclosure is appropriate
    • To enforce your rights or our rights.
    • To comply with our legal obligations.
    • To provide public authorities with information that we believe is important.
  • Our business partners in the context of our business relationships with them.
    • As part of improving our processes such as collaboration.
    • For a business transaction.
    • To allow them to send you marketing communications, in accordance with your choices.
  • Where disclosure is required with third parties under laws and regulations, our terms and conditions or to defend our rights and those of our employees, directors and representatives.

Name

Function

Primary Data Localization

Website

Google Inc.

Email, data storage

Europe

https://support.google.com/

googlecloud/answer/6056650

FlowCrypt

Email

Europe (Client Side Encyption)

https://webflow.com/legal/dpa

https://webflow.com/legal/eu-privacy-policy

Plausible Analytics

Analytics

Europe

https://plausible.io/privacy

https://plausible.io/terms

 

Requests to Data Holders

To the extent that you have instructed Datajoy to retrieve or perform other actions in relation to your personal data with a Data Holder on your behalf, or otherwise process such data, we will provide those data to the recipients or categories of recipients that you have selected.  This may include, as appropriate, Data Holders and Data Users, or other Data Participants. You may, at any time, modify your instructions. However, please note that this modification will not affect prior disclosures.

INTERNATIONAL TRANSFERS

Due to the local nature of our operations, your personal data are generally stored and processed within the European Union. We do, however, use suppliers and other third parties who may, under certain circumstances, process your data outside the European Union. For example, given the distributed nature of their services, IT service providers may process data in various jurisdictions, including outside the European Union or the European Economic Area. Certain countries that are not members of the European Economic Area are recognized by the European Commission as ensuring an adequate level of data protection in accordance with European Union standards (the full list of these countries is published on the European Commission's website). For transfers from the European Economic Area to countries that the European Commission does not recognize as adequate, we endeavor to put in place adequate measures to protect your personal data, in particular standard contractual clauses unless the provider or third party offers other safeguards, such as binding corporate rules or certification to the transatlantic data protection framework.

THIRD-PARTY PRODUCTS

Your use of third-party products, and the use of your personal data by the third-party providers, such as websites that link to our Solutions, Data Holders, or Data Users, are governed by the practices and legal terms of that third party. Datajoy is not responsible for the processing of your personal data and does not exercise control over these third parties, unless they act as processors to Datajoy. We encourage you to consult their privacy policies and other documentation accordingly.

RETENTION

The criteria used to determine our retention periods include:

  • The length of time we have a relationship with you and provide Solutions to you (for as long as you have an account with us or use our Solutions), or to enable you to conduct your business and meet your needs.
    • For example, with respect to Individuals, Datajoy may retain the data for a period of maximum 3 years once it is received through the mandate or dating from your last interaction with Datajoy. This enables us to respond to any complaints or questions that may still arise or in relation to our service, for example).
  • Datajoy seeks to delete the data received from Data holders as soon as we have provided it to the Data User. Typical timeframe for deletion for our systems is less than a day to a week.
  • If there is a legal obligation to retain data, in particular in relating to accounting, tax, civil or commercial matters. In general, relevant documents (invoices, balance sheets, annual accounts, and other accounting and business documents, contracts, declarations, correspondence, and administrative or regulatory documents) are kept for 7 to 10 years. Some records are kept for a shorter time, such as emails, or longer, such as corporate or real estate or intellectual property documents that are retained at least for the life of the company, asset or right to which they relate.
  • To defend and enforce our rights. For example, in relation to litigation or investigations.
SECURITY

We seek to use reasonable organizational, technical, and administrative measures designed to protect the personal data under our control or within our custody. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure(for example, if you believe that the security of any of your account with us has been compromised), please notify us immediately in accordance with the Contact section below.

UPDATES

Datajoy may update this Privacy Policy from time to time. The online version is authoritative. You can find the date of the last version at the top of this Privacy Policy. In the event of a material change, other than for legal or cybersecurity compliance reasons, Datajoy will endeavor to notify you in advance with reasonable notice and give you the opportunity to object to the changes. In the absence of any objection on your part, the changes will be deemed to have been acknowledged. Any other changes will take effect immediately upon posting on our Website.

CONTACT

Datajoy, 7 Sainte Gertrude Street, 1040 Etterbeek, Belgium, registered with the Belgian Crossroads Bank for Enterprises under number 1022.271.122 is the data controller for Datajoy and its other Solutions to the extent described in this Privacy Policy. If you have any questions about this Privacy Policy, please contact us at privacy@datajoy.eu.

DEFINITIONS

·        "Data Holder" means a person authorized or required in accordance with applicable law to provide data to Datajoy, including where Datajoy acts upon request of an Individual. For the avoidance of doubt, “Data Holder” includes the meaning attributed to data holder under the EU Data Governance Act (2022/868) and the Data Act (2023/2854).
·        "Data User" means a person authorized or required in accordance with applicable law to use data provided to it by, or in connection with, Datajoy. For the avoidance of doubt, “Data User” includes the meaning attributed to data user under the EU Data Governance Act (2022/868) and the Data Act (2023/2854).
·        "Datajoy" refers to the data intermediation service provided by Datajoy BV, and/or to Datajoy BV depending on the context.
·        "Individual" means a natural person on whose behalf Datajoy acts in relation to that person’s personal data and privacy rights.
·        "Related Content" means related products and servicescontrolled by Datajoy and in connection with Datajoy, such as commercialpresentations and materials, including the Website.
·        "Sensitive Data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
·        "Specific Terms" means any contract or other document referring to the applicable terms and conditions and establishing between the parties additional terms and conditions relating to Datajoy, including any mandate, subscription or data sharing agreement, license or letter of intent."
- "Website" means any website owned or validly bearing the Datajoy trademark, including www.datajoy.eu.

Untitled UI logotextLogo
© 2025 Datajoy BV. All rights reserved.
TermsPrivacy
(+32) 497 86 42 48
Language
Get in touch