This privacy statement is divided into a general part, a part for customers relating to the software of Negometrix, a part for the use of the website of Negometrix and a part for the Release notes (digital newsletter). This Privacy Statement applies as of May 25, 2018 and replaces previous statements from Negometrix.
Negometrix B.V. is located in Utrecht at the Rijnzathe 32 and is registered at the Chamber of Commerce under number 30148169.
Negometrix supplies software (SaaS) in support of purchasing and contract management processes applicable in all markets. We process personal data for the delivery of our products and associated services to users. We process these in our own software and those of sub-processors. We never sell or provide your information to third parties. We will only share your information:
- At your request or
- in case Negometrix is requested to do so by a court.
The processing of personal data is always done in a manner that is in accordance with the requirements set by the General Data Protection Regulation (EU 2016/679 Regulation, hereinafter AVG) and any other legislation and regulations. This Privacy Statement explains in more detail how Negometrix deals with such data.
Negometrix does not process special personal data of users. The privacy risks of the Negometrix processing are low.
This Privacy Statement applies as of May 25, 2018 and replaces previous statements from Negometrix.
The Negometrix software
This section describes the data processing within the Negometrix software:
Processing Personal Data of Users
Negometrix processes (personal) data of Users (buyers, colleagues, consultants, suppliers etc. Negometrix customers receive a license on the software and therefore more functionality.
The same category and type of personal data are processed for all Users. To enable Users to get in touch with each other, they need certain data. In this context Negometrix processes the following data:
- First Name;
- Last name;
- Phone number
- E-mail address;
- (business) address details
- LinkedIn profile (not required)
- Photo (not required)
Certain technical data will be gathered during the use of the software. This concerns data required for proper operation of the Negometrix software. Depending on the activity you perform with the software, Negometrix processes the following data in this context:
- IP address;
- Login name;
- Time of operations in the software.
Negometrix has drawn up a register of processing that is part of a Processing Agreement with users to be concluded. This register can be obtained from Negometrix on request.
Right of access, correction or deletion
Requests for inspection, correction or removal can be submitted by the Processor. Individual persons (data subjects) can apply for a request for deletion. They need to request this form the contact person of the Processor who can submit the request to Negometrix.
NB: In many cases, the request for deletion will have to take account of archiving principles by law.
The Commercial Website of Negometrix
This section describes the data processing within the Negometrix website (accessible via https://www.negometrix.com).
The website of Negometrix uses Google Analytics to measure how often and in which way the website is visited. To perform this measurement, Google will store certain information, such as your IP address, on its servers in the United States. The privacy statement of Google can be consulted (among other things) at http://www.google.com/intl/en/policies/privacy/. Negometrix has not allowed Google to use the obtained information for other purposes than for the services provided to Negometrix.
In order to analyse the behaviour of users on the website, the Hotjar software is also used on the Negometrix website. This software carries out measurements and also stores your IP address, device information and visitor behaviour. For more information, please visit https://www.hotjar.com/privacy.
The Negometrix release note
Negometrix regularly sends a release note by e-mail to users in which they are informed about new and / or adapted functionality of the software, news about Negometrix and related matters. Negometrix only adds your data to the release notes file if you have explicitly given permission in your account. It concerns the following data:
- First name;
- E-mail address.
Each release note contains a link with which you can unsubscribe.
Negometrix uses the following sub-processors for its hosting
- Rackspace data center / EEA – London / https://www.rackspace.com/certifications-uk
- Equinix datacenter AM5 / EER – Amsterdam / https://www.equinix.nl/services/data-centers-colocation/standards-compliance/
- Digital Realty datacenter / EER – Amsterdam / https://www.digitalrealty.com/data-center-solutions/security-compliance/
- Microsoft Azure cloud computing / EER – Western Europe / https://azure.microsoft.com/en-us/overview/trusted-cloud/
- Amazon cloud computing / EEA – Western Europe region / https://aws.amazon.com/compliance/Myracloud threadprotection / EER – Germany / https://myracloud.com/en/
Customer support questions and requests to Negometrix are recorded in special support software. This application is called Freshdesk (www.freshdesk.com). Negometrix only adds your personal data to the support software when you submit a support question or request to Negometrix.
The recorded data are only used for the purpose for which they are intended, being able to provide support. It concerns the following data:
- First name;
- E-mail address;
- Phone number;
Other aspects in the GDPR/AVG
Data protection officer (DPO)
Organizations have the possibility to appoint an internal supervisor for the processing of personal data. Such a person is called a Data Protection Officer (DPO). The DPO monitors the application and compliance with the Personal Data Protection Act and the General Data Protection Regulation within the organization. Negometrix has appointed a DPO, E.J. van Hellenberg Hubar. He can be reached via email@example.com
Reporting duty data leaks
Negometrix has developed a procedure for reporting (possible) data leaks. In the event that a (possible) data breach occurs, Negometrix will inform its users within 24 hours so that the Processing Officer can report it to the authorities if necessary.
Negometrix has drawn up a Processing Agreement in consultation with lawyers of the IT industry sector organization ‘Nederland ICT’. Users can download this agreement here.