Privacy Statement Odyssey
Odyssey is an independent Software as a Service provider based in Amsterdam, The Netherlands. In this Privacy Statement we inform you about how Odyssey handles your personal data. This Privacy Statement applies to the processing of the personal data of the contact people at our clients, business relations and referrers, as well as to the visitors to our website https://odysseyattribution.co
Odyssey is the controller for the processing of your personal data. We may amend this Privacy Statement from time to time, if there are changes to how we process your personal data, for instance, or if this is necessary on the basis of regulations.
Content of the Privacy Statement:
- To whom does this Privacy Statement apply?
- What personal data does Odyssey process in relation to you?
- For which purposes do we process your personal data?
- What is the legal basis for the processing of your personal data?
- How did we obtain your personal data?
- How long do we keep your personal data?
- Who has access to your personal data?
- Transfer of personal data to countries outside the EEA
- How do we secure your personal data?
- Your rights
- Third-party websites
- Our contact details
1. To whom does this Privacy Statement apply?
This Privacy Statement applies to everyone who visits our website and to people whose personal data are processed by Odyssey in the context of its online media services.
People whose personal data are processed by Odyssey in the context of its provision of online media services are:
- Our clients, private persons;
- Contact persons at our clients;
- Contact persons at our potential clients;
- Contact persons at our business relations;
- Contact persons at our referrers;
- Recipients of our communications, such as our newsletters and invitations for events organised by or in cooperation with Odyssey;
- Visitors to our website https://odysseyattribution.co;
- People who contact us otherwise or whose personal data we process otherwise in the context of our service provision.
2.What personal data does Odyssey process in relation to you?
The personal data we process in relation to you are:
- Personal data you have provided to us;
- Personal data that give insight into the use of our website or other electronic means of communication;
- Personal data obtained from other sources.
- Personal data provided by you:
- contact details and other personal data which are needed for our services provided by an employee. These are details such as your name, address, telephone number and identity documents;
- contact details and other personal data filled in on contact forms or other web forms. The precise content of the data depends on the content of the contact forms and web forms;
- contact details provided during initial meetings, events, seminars, etc. These may include details provided on business cards;
- Other personal data that are provided by you.
- Personal data that give insight into the use of our website or other electronic means of communication. These could be data such as:
- IP address (unique number identifying your device when you connect with the internet), which we use to measure your interest in our website;
- your browsing behaviour on the website, such as data on your first visit, previous visit and current visit, the pages visited and how you navigate through the website;
- the opening and reading of a newsletter or commercial email. This also includes clicking behaviour in the email or newsletter.
In this context, we also refer to our Cookie Statement (https://odysseyattribution.co/cookies-statement)
- Personal data obtained from other sources:
- personal data available on public professional social media platforms such as LinkedIn. These are names and contact details;
- personal data obtained from the Trade Register of the Chamber of Commerce and the Land Registry Office. This could include a Chamber of Commerce number and contact details;
- personal data available on public professional websites, such as company websites.
3. For what purposes do we process your personal datas?
We may use your personal data for the following purposes:
- To perform a contract in which you have engaged us to provide you with online media services. Your contact details might be requested in that context. Other personal data may also be necessary for the handling of the matter, depending on the nature of the case. Data from other parties involved may also be processed.
- To perform online media services.
- To invoice for services rendered.
- To comply with our statutory obligations.
The State Taxes Act requires us to process and save certain personal data.
- To stay in contact with you.
We feel it is important to contact you with information that is relevant for you. We combine and analyse the personal data available to us in order to be able to do so. Based on this, we determine what information and channels are relevant and which moments are most suitable for providing information or making contact. In conducting marketing campaigns, we do not process any special personal data or any confidential data.
- To prepare analyses.
To prepare analyses we use:
- Interaction data:
Personal data obtained from contact between Odyssey and you. For example, on your use of our website or supporting applications. This also applies to offline interactions, including how often there is contact between Odyssey and you.
- Behaviour data:
Personal data that Odyssey processes on your behaviour, such as your preferences, opinion, wishes and needs. We can derive these data from your browsing behaviour on our website, for instance, the reading of our newsletters or because you requested information. But also from inbound telephone conversations and email contact with our employees. We collect and use information obtained via tracking cookies only with your consent, which you can withdraw at any time. See also our cookie statement (https://odysseyattribution.co/cookies-statement)
- To conduct client satisfaction surveys. We sometimes ask clients to participate in a client satisfaction survey, by means of an online questionnaire. Participation is voluntary. Before each client satisfaction survey, you will receive further information on the procedure and the way in which we handle the information obtained.
- To improve and secure our website.
- To prepare user statistics. The user statistics from the website enable us to get a picture of, among other things, the number of visitors, the duration of the visit, what parts of the website are viewed and the clicking behaviour of visitors. These are generic reports without any information on individual persons. We use the information obtained to improve the website.
- To monitor access to the office building and protect safety. When you visit our office, we take down your name upon arrival. There are surveillance cameras on the exterior of the office building, at the entrances and the exits of our office building, in the basement car park belonging to the office building and at the reception desk. We do this in order to have a record of who is in the building in case of an emergency and to ensure that unauthorised people cannot gain access to the building. In principle, the camera footage will be destroyed within 4 weeks.
- To perform audits.
4. What is the legal basis for the processing of your personal data?
We process your personal data only when this is permitted on grounds of one of the legal bases cited in the GDPR. We are guided by the following legal bases:
- We ask your consent for participation in a client satisfaction survey.
- If we have requested and obtained your consent to process your personal data, you have the right to withdraw such consent at any time by contacting us: firstname.lastname@example.org
- The processing is necessary in order to establish a contract or in the run-up to the establishment of a contract
- If you give us an assignment to provide online media services or other services, we process personal data if and to the extent this is necessary
- Legitimate interest
- We may also process personal data if we have a legitimate interest and this does not breach your privacy disproportionately. We use your contact details to invite you to seminars and events, for instance.
- We also have a legitimate interest if we use your personal data to contact you after you have approached us yourself.
- We do not always need permission to contact you. If we obtain your email address as a result of providing services, we can offer you similar services via direct marketing. In that case, we have a legitimate interest in offering you these services.
5. How did we obtain your personal data?
We obtain some information automatically when you visit our website. We collect this information via cookies, for instance. In this context, we also refer to our cookie statement (https://odysseyattribution.co/cookies-statement).
We obtain other information if you actively provide it to us. For example, if you are or become a client of ours or if you sign up for newsletters or events.
We also obtain information from third parties, such as personal data from the Trade Register of the Chamber of Commerce and the Land Registry Office, or personal data available on public professional websites. We also obtain information from professional social media sources like LinkedIn.
6.How long do we keep your personal data?
We will not keep your personal data longer than strictly necessary for the purposes for which they are processed.
Unless statutory requirements obligate us to keep your personal data longer:
- We will delete your personal data if you have withdrawn your consent or have decided to opt out.
- We will delete your personal data from our contact database within three years from the day our business relationship ends.
For the retention periods in relation to cookies, we refer you to our Cookie Statement (https://odysseyattribution.co/cookies-statement) on the website.
Camera footage will be destroyed within four weeks, unless there is an incident which requires us to hold on to the footage for longer.
We will delete visitor registration details within seven weeks from the date the right to access the information expires or from the date of the visit.
7. Who has access to your personal data?
Your personal data are only accessible to people at Odyssey authorised to access them on a ‘need-to-know’ basis. Outside of the situations mentioned in this Privacy Statement, we will not disclose your personal data unless we deem this disclosure necessary in order to satisfy our statutory obligations, to protect our rights or someone else’s rights, or to enforce compliance with this Privacy Statement.
Sometimes it is necessary to share your personal data with third parties. Depending on the circumstances of the case, this may be necessary in order to handle your contract. There are also statutory obligations which mean that personal data must be passed on to third parties
Personal data are provided to third parties in the following cases, among other things:
If a court order requires us to provide personal data to third parties, we must comply with that.
Your personal data are not shared with third parties for commercial purposes. There is one exception to this. We sometimes work with other organisations to organise a joint activity, such as an event or seminar. In that case, only the necessary contact details will be exchanged.
Personal data may also be provided to third parties in the event of a reorganisation or merger of our business or sale of (part of) our business.
We may engage service providers (processors) for the processing of your personal data, who process personal data exclusively on our instructions. We conclude processing agreements with these processors which fulfil the requirements of the General Data Protection Regulation (GDPR).
We work with service providers who provide SaaS (software as a service) solutions or hosting services. There are also ICT service providers who help us keep our systems secure and stable. We also use third-party services to send newsletters and commercial emails.
8. Transfer of personal data to countries outside the EEA
When your personal data are processed, your personal data may be shared with third parties. These parties may be located outside the EEA. When applicable, we have taken appropriate security measures for sharing the personal data.
We can transfer these data if this is necessary to perform the contract for services for the provision of legal or tax-related services or if this is necessary in the context of a legal claim for which we are providing you with legal support.
The processor outside the EEA which provides us with services in the sending of online newsletters and email campaigns and the processing of data filled in on the web forms on our website is located in the United States and has a registration for the EU-US Privacy Shield. More information on this can be found at: https://www.privacyshield.gov/welcome
9. How do we secure your personal data?
We do our utmost to take appropriate technical and organisational security measures to protect against the loss, abuse and alteration of your personal data for which we are responsible.
To ensure the security of your personal data, we have taken the following technical and organisational measures, among other things:
- Availability and continuity: We do our utmost to ensure optimal availability and continuity of our website and our systems.
- Device management and security: Exclusively devices managed by Odyssey have direct access to our systems. Devices that are not managed by Odyssey only have access to our system via a VPN connection secured by means of passwords and two-factor authentication.
- Physical security: Our building is secured by physical access control and camera security. Only people authorised to access our building may enter.
- Authorisations: The access to our systems is protected via role-based security.
- Encryption: We use encryption to secure our laptops and the exchange of data with you can, on request, also take place using encryption.
- Monitoring of our systems: Our systems are constantly checked for suspicious behaviour via monitoring by a certified third party.
- Periodic penetration testing: A certified third party regularly conducts penetration tests on our network for internal and external vulnerabilities.
- Thread protection: Various systems have been put in place to prevent unauthorised access and exchange of personal data.
- GDPR design: Every new system we consider adopting must be tested in advance for the principles of privacy by design and privacy by default.
- Data Protection Impact Assessments (DPIA): Before we put a new system into use, we will also subject that system to a data protection impact assessment, if required by law.
- Data Leaks: We have established a Data Leak Team to detect and report data leaks.
10. Your Rights
You have various privacy rights pursuant to the privacy regulations.
You can request:
- to inspect the personal data we process in relation to you.
- to amend your personal data or supplement these if you believe that the personal data we process in relation to you are incomplete or inaccurate.
- to have certain personal data relating to you erased.
- to have your data transferred to another party.
You can also object to the processing of your personal data.
For more information on the rights you can exercise on the basis of the privacy regulations, please see the website of the Dutch DPA. See this webpage for an overview of your rights under the privacy regulations. In cases that arise, you also have the right to submit a complaint to the Dutch DPA.
12. Third-party websites
13. Our contact details
Please contact us, if you have any questions or comments with regard to how we handle your personal data::
De website https://odysseyattribution.co is managed by Odyssey B.V.
Gedempt Hamerkanaal 173 (1021 KP) Amsterdam The Netherlands (NL)
Chamber of Commerce number: 54808235
You may contact us via:
To the attention of Compliance Officer
Gedempt Hamerkanaal 173 (1021 KP) Amsterdam (NL)
T: 020- 8932941