Privacy Policy

Your privacy is fundamental to our service. This policy explains how we collect, use, and protect your personal data in full compliance with GDPR and EU privacy regulations.

Effective Date: January 15, 2025 | Last Updated: January 15, 2025 | Data Controller: Datlas B.V., Netherlands

Privacy at a Glance

We process your personal data fairly, lawfully, and transparently with strong technical and organizational measures to protect your privacy rights.

GDPR Compliant

Full compliance with EU data protection regulations and privacy by design principles.

EU Data Residency

Your data stays in Europe. No transfers to third countries without your explicit consent.

Your Rights Protected

Full access to your data rights with easy tools to exercise them at any time.

Personal Data We Process

We only collect personal data that is necessary for providing our document intelligence services and maintaining platform security.

Account Information

Service provision and account management

Data Examples:

NameEmail addressCompany detailsBilling information

Lawful Basis: Contract performance

Retention: 7 years after account closure

Usage Analytics

Service improvement and security

Data Examples:

Feature usagePerformance metricsError logsAccess patterns

Lawful Basis: Legitimate interest

Retention: 25 months from collection

Document Metadata

Document processing and compliance

Data Examples:

File namesProcessing timestampsExtraction resultsAudit trails

Lawful Basis: Contract performance

Retention: As configured by customer (default 7 years)

Security Information

Platform security and fraud prevention

Data Examples:

IP addressesLogin attemptsSecurity eventsDevice information

Lawful Basis: Legitimate interest

Retention: 3 years from last activity

Your Privacy Rights

Under GDPR, you have comprehensive rights regarding your personal data. We provide easy ways to exercise these rights.

Right to Information

Understand how your personal data is processed

How to exercise: Contact our DPO for detailed processing information

Right of Access

Request a copy of your personal data

How to exercise: Submit request through customer portal or email

Right to Rectification

Correct inaccurate personal data

How to exercise: Update through account settings or contact support

Right to Erasure

Request deletion of personal data

How to exercise: Submit deletion request (subject to legal obligations)

Right to Restrict Processing

Limit how we process your data

How to exercise: Contact DPO with specific restriction requirements

Right to Data Portability

Receive data in machine-readable format

How to exercise: Export available through customer portal

Right to Object

Object to processing based on legitimate interests

How to exercise: Contact DPO with objection details

Exercise Your Rights

Response time: Within 30 days | Free of charge for reasonable requests

International Data Transfers

We maintain strict controls on where your data goes. EU data sovereignty is our priority.

Within EU/EEA

Purpose:

Primary data processing and storage

Safeguards:

GDPR applies directly

Restrictions:

None - full EU data sovereignty

Third Countries

Purpose:

Limited support services

Safeguards:

Adequacy decisions only

Restrictions:

No personal data transfer without explicit consent

Technical & Organizational Measures

We implement state-of-the-art security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

AES-256 encryption at rest and TLS 1.3 in transit

Role-based access controls and multi-factor authentication

Comprehensive audit logging and real-time monitoring

Regular security assessments and penetration testing

Data Breach Procedures

Detection & Assessment

Automated detection within 15 minutes, risk assessment within 1 hour

Authority Notification

Dutch DPA notification within 72 hours if high risk to rights

Individual Notification

Direct communication if high risk to rights and freedoms

Remediation

Immediate containment and measures to prevent recurrence

Privacy Questions?

Our Data Protection Officer is available to help with any privacy-related questions or concerns.

Data Protection Officer

privacy@datlas.eu

Supervisory Authority

Dutch Data Protection Authority (AP)

Response Time

Within 30 days maximum