This Privacy Policy (Policy) describes how We at Alkemio B.V. (Alkemio, We, Us, Our) collect, protect, share, and use the Personal Data You (User, You, or Your) may provide on the Alkemio Platform (Platform) and within any of Our products or services (Products).
This Privacy Policy applies to the following Data Subjects:
Depending on the Data Subject category and country of residence, this Policy may sometimes be supplemented by additional privacy notices issued by Us and other parties which will be notified to You separately.
We have a Data Protection Officer (DPO) who monitors Our compliance with the EU 2016/679 General Data Protection Regulation (EU GDPR). To reach out to Our DPO, please send an email to dpo@alkem.io.
The terms “Personal Data”, “processing”, “Data Subject”, “Controller”, “Processor” have the same meaning as in the GDPR.
Under GDPR, We may process Personal Data as a Controller or a Processor. This Privacy Policy applies to Personal Data We collect and process for Our own purposes where We act as a Controller. Where We process Your Personal data on behalf of Our Users, We act as a Processor and We have limited rights and responsibilities.
We process Your information for the purposes described in this policy based on the following legal bases:
Alkemio may collect Your Personal Data through Our communication and Your usage of Our Platform. Personal Data can be directly provided by You or indirectly collected by Us (i.e., from Your interactions, use, and experiences with Our Products).
| Purpose | Personal data category | Legal justification |
|---|---|---|
| Accounts Receivable | Contact Details, Financial Data, Identifiers, and Legal Documents | Contractual Obligations |
| B2B Email/Text Digital Marketing (existing customers) | Contact Details, Personal Characteristics, Views, and Opinions | Legitimate Interest |
| B2C Email/Text Digital Marketing (existing customers) | Contact Details, Personal Characteristics | Legitimate Interest |
| Calendar Scheduling | Contact Details | Legitimate Interest |
| Consent Management | Activity and Behavioural, Technical Identifiers | Legal Obligations |
| Customer Support | Contact Details, Personal Characteristics, Views, and Opinions | Contractual Obligations |
| Customer Relationship management | Contact Details, Personal Characteristics, Views, and Opinions | Legitimate interest |
| Financial Reporting | Contact Details, Financial Data | Legitimate interest |
| Infrastructure/Integrations or File Storage | Activity and Behavioural, Contact Details, Identifiers and Legal Documents, Technical Identifiers | Contractual Obligations |
| Product Surveys and Questionnaires | Contact Details, Technical Identifiers, Views, and Opinions | Consent |
| Provide collaboration software | Communications Data, Contact Details, Technical Identifiers, Views, and Opinions | Contractual Obligations |
| Website tracking | Activity and Behavioural, Technical Identifiers | Consent |
| Purpose | Personal data category | Legal justification |
|---|---|---|
| Accounts payable | Contact Details, Financial Data, Identifiers, and Legal Documents | Contractual Obligations |
| Calendar Scheduling | Contact details | Legitimate interest |
| Infrastructure/integrations or file storage | Contact Details | Legitimate interest |
| Internal communication | Communications Data, Contact Details, Views, and Opinions | Legitimate interest |
| Legal archiving | Contact Details, Identifiers, and Legal Documents | Legal Obligations |
| Password and credential safekeeping | Contact Details, Technical Identifiers | Contractual Obligations |
| Purpose | Personal data category | Legal justification |
|---|---|---|
| Account Customer Relationship Management (CRM) | Contact Details, Personal Characteristics | Legitimate Interest |
| Embedding Videos | Technical Identifiers | Consent |
| Website Hosting | Contact Details, Technical Identifiers | Legitimate interest |
| Website Tracking | Activity and Behavioural, Technical Identifiers | Consent |
We might store or send personal data about You to various third parties. These disclosures apply to all categories of Data Subjects in the scope of this Policy. These disclosures are either necessary for the purpose of fulfilling Our contract with You or necessary for the purposes of Our legitimate interests (that are to provide, maintain, improve, secure, and promote Our Products). When none of these bases apply, We will seek permission (consent) to share Personal Data with a specific supplier.
Our suppliers may change over time but You can find the latest list of key suppliers (Processors and sub-Processors) here.
We have put in place appropriate security measures to prevent Your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, We limit access to Your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process Your personal data on Our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify You and any applicable regulator of a breach where We are legally required to do so.
Where You have chosen a password that enables You to access certain parts of Our Platform, You are responsible for keeping this password confidential. We ask You not to share the password with anyone.
We will only retain Your personal data for as long as reasonably necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain Your personal data for a longer period in the event of a complaint or if We reasonably believe there is a prospect of litigation with respect to Our relationship with you.
To determine the appropriate retention period for personal data, We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of Your personal data, the purposes for which We process Your personal data and whether We can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
For more detailed information about the retention periods of the Personal Data that Alkemio processes, You can request a copy of Our Retention Policy via dpo@alkem.io.
You have the following data subject rights under GDPR:
That period may be extended by two more months where necessary considering the complexity and number of the requests. We will inform You of any such extension together with the reasons for the delay.
Where GDPR is not applicable, We will respond to such requests within the prescribed time according to the applicable law.
We note that where requests are unfounded or excessive, particularly due to their repetitive character, We may refuse to act on the request. In such cases, Alkemio shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
We kindly inform You that if We are not the Controller, We may not be able to directly address data subject requests We receive. In cases where We act as the Processor for Your personal data, We will promptly notify the Controller about Your request. Please understand that any response to Your request will be provided only if We are authorized by the Controller. For any inquiries or more information, We encourage You to contact the Controller directly.
For detailed information about cookies and which types of cookies We use, please read Our cookie policy.
Find our previous Privacy Policy here (from 07/07/2021 until 08/07/2024).