Date: 17 May 2024
Version: 1.2.0


Cloutive respects the privacy of its customers, suppliers and partners. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request.
This privacy policy pertains to processing by Cloutive by means other than through the use of cookies. Cloutive has formulated a separate cookie policy, which can be found on our Cloutive’s websites: www.cloutive.com
Cloutive processes personal data for one or more of the following purposes:
The following business processes describe how we may collect, store or otherwise process the types of personal information set out in the table above:
We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law.
We may transfer your Personal Data outside The Netherlands. If we do, you can expect a similar degree of protection in respect of your Personal Data.
We will only share your Personal Data with third parties in accordance with the GDPR and as outlined in the legal justification.
We share your personal data with the enterprise third parties. We also share your data with SME third parties, details of which are available upon request.
The third parties we have engaged for the above mentioned business process may transfer your personal information to outside of your jurisdiction. Cloutive’s third party processors take all necessary measures to ensure the confidentiality, availability and integrity of personal data and to comply with the GDPR with regards to international data transfers. The international nature of its compliance certifications, as well as far-reaching technical security measures (including but not limited to encryption of the personal data, making the data illegible to an unauthorised recipient) are sufficient to ensure that the data subjects continue to benefit from the fundamental rights they are entitled to under the GDPR.
Where Cloutive transfers data to third countries, it relies on the following legal grounds for international data transfers:
In the event that Cloutive is reliant on Standard Contractual Clauses for the legality of its international data transfer, it ensures that the Processor or Subprocessor takes supplementary security measures to safeguard the international data transfer with one or more of the following measures:
Your data is protected by Cloutive and its processors in pursuance to all legal requirements set by the relevant data processing laws. Cloutive has taken technical and organizational security measures to protect your data and requires its data processors to meet the same requirements. Cloutive has signed processing agreements with its processors to ensure an adequate level of data protection.
The following security measures are taken by Cloutive to protect your personal data in the course of the listed business processes:
Staff
Cloutive staff members are required to conduct themselves in a manner consistent with Cloutive’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. All staff members undergo appropriate background checks prior to hiring and sign a confidentiality agreement outlining their responsibility in protecting customer data.
We continuously train staff members on best security practices, including how to identify social hacks, phishing scams, and hackers.
Access controls
Cloutive maintains your data privacy by allowing only authorized individuals access to information when it is critical to complete tasks for you. Cloutive staff members will not process customer data without authorisation.
Data hosting
As a rule, data is hosted within countries and areas that provide a substantially similar level of protection as data subjects have under the GDPR. To ensure this, we rely on Adequacy Decisions as a legal basis for our international data transfers. In exceptional circumstances, where data is transferred to a country or area not subject to an Adequacy Decision, we rely on Standard Contractual Clauses with the recipient and take supplementary security measures to secure this data transfer, such as anonymisation.
Physical security
The data centres on which personal data is hosted are secured and monitored 24/7 and physical access to facilities is strictly limited to select staff.
All devices which are used to access personal data for which we are responsible are secured with antivirus software, firewalls, encryption and access management. We regularly update operating systems and software to ensure vulnerabilities cannot be exploited.
We carry out regular vulnerability scanning of our website and have engaged credentialed external auditors to verify the adequacy of our security and privacy measures.
Each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of their personal data, as well as the right to object to the processing and the right to data portability.You also have the right to request that you are not made subject to decision making based solely on automated processes, including profiling, if these decisions would have a significant effect on you.
You can exercise these rights by contacting us at the following email address: info@cloutive.com. If we have any doubts as to your identity, we may request you to provide us with proof of identification, such as through sending us a copy of your valid ID. Ensure that you write “Data Request” in the subject line of your email.
Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature. Depending on the complexity and the number of the requests this period may be extended to two months.
The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any Cloutive account, system or other data processing medium in accordance with the process described above.
These conditions are governed by the laws and regulations of the country where we are headquartered. The court in the district where we are headquartered has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.
We do not knowingly process children’s data, unless specifically stated in this Privacy Policy. If you have concerns about or knowledge of a child using our services, products, websites or apps without parental consent, please contact our DPO via dee.cooke@cloutive.com to ensure we can take appropriate action as soon as possible.
For questions about this privacy policy, product information or information about the website itself, please contact: info@cloutive.com.