Introduction
Squares B.V. (hereinafter 'Squares') provides an online environment in which organisations can organise events online. Your privacy is of great importance to Squares. That is why we comply with the General Data Protection Regulation (GDPR). This means that we:

  • Lay down our purposes clearly in this privacy and cookie statement before processing your personal data;
  • Store as little personal data as possible and only store those data that are required for our purposes;
  • Ask your explicit consent for the processing of your personal data, if this consent is required;
  • Take the required security measures to protect your personal data. We also impose these obligations on parties that process personal data on our behalf;
  • Respect your rights, such as your right of access to and rectification and erasure of personal data of yours that we have processed.


Personal data processing
In this privacy and cookie statement, we explain how we use the information we gather about you in our services and on our website https://squares.live/. When you use our services and/or visit our website, we obtain various types of personal data from you. We explain for each topic what data we obtain from you and for how long we retain these data, for what purpose we process these data and on what basis. If you have any questions, or would like to know exactly which of your data is processed by us, please contact Squares.


Contact form
We offer an online contact form where we will ask you to fill in information so that we can contact you. For this purpose, we process the following personal data:

  • name;
  • email address;
  • telephone number;
  • IP address;
  • any information you enter yourself as the content of a message.

We require these data to handle your contact request because you have asked us to contact you. We will retain this information until we are certain that you are satisfied with our response and for three months thereafter. This way, we can readily access the information in the event of any follow-up questions. If the completed contact form leads to an agreement, we will retain these data for as long as that service continues.


Squares Demo
You can book a Squares Demo through our website. You can enter a date and time yourself using our diary. To make the appointment to offer you the requested demo, we use the following personal data:

  • name;
  • email address;
  • telephone number;
  • IP address;
  • any information you enter yourself as the content of a message.

We require these data to handle your request for a Squares Demo because you have requested it. We will retain this information for as long as we consider necessary. This way, we can readily access the information in the event of any follow-up questions. If the Squares Demo leads to an agreement, we will retain these data for as long as that service continues and as long as necessary thereafter.

Squares
To be able to use the services of Squares, each visitor needs to register an account. For this purpose, we process the following personal data:

  • IP address; only for country of origin and use of operating system;
  • account details; e.g. first and last name;
  • company/organisation and job title.

The anonymous data we collect through Google Analytics only consist of:

  • visitors profile: number, page view, time, return, language, country, loyalty, target group;
  • behaviour based on (anonymous) client ID;
  • network location, browser, operating system, connection speed, screen colour and screen resolution of the visitor.

We use Google Data Studio to visualise the data of Google Analytics. Any personal data that can (possibly) be linked to a person will not be processed in Google Analytics and/or supporting programs.

Any personal data we receive electronically in the context of providing services will only be processed, sent and/or stored by means of documents locked with a password.

The visitor's data are collected specifically for an event taking place on Squares. After completion of the event, the visitor's data will be automatically deleted after 30 days.


Working at Squares
If you apply for a job at Squares, we collect the following personal data: your name and address details, gender, date and country of birth, contact details, CV, the content of your cover letter, salary expectations (optional), your availability (optional) and any references you provide. We process these data for the purpose of handling your application, and – if you join our company – to perform the employment contract.

Please note: A social media and Google search may form part of the application procedure. This is required to ensure that our image is preserved when we take on new staff. For this purpose, we will Google your name and look at any profiles you may have on the various social media. We will obviously only do so insofar as these profiles are public. We will not ask you to grant us access to a protected social media page or to make a connection with us. The results of the searches will be discussed with you.

In addition to social media and Google searches, the application procedure may also include an assessment. This is because we need to make sure, for certain positions, that applicants have the specific qualities essential for the position concerned. Should an assessment prove necessary, we will inform you in advance of how we intend to handle your data for this purpose.

We will retain your application details for a maximum of four weeks after the position has been filled. We will retain these data so that we will still be able to contact you should the position become vacant again within the trial period. If we are unable to offer a position at the time, but expect there to be a vacancy that would suit you in the near future, we may – with your consent – retain your application details for a further year. You can withdraw your consent at any time by sending us an email.

If you join our company, we will keep your application details in your personnel file. We will retain this file for as long as necessary.

Provision of data to third parties
We may provide your personal data to third parties because:

  • we have engaged them to process certain data;
  • this is required in order to perform the agreement with you;
  • you have provided your consent for us to do so;
  • we have a legitimate interest in doing so;
  • we are legally obliged to do so (for example, if the police so demand in case of a suspected offence).

The parties that process personal data on our or your behalf include:

  • IT suppliers and service providers;
  • consultancy firms;
  • cookie service providers;
  • payment service providers.

In order to provide our services, we may provide your personal data to parties located outside the European Economic Area (EEA). We will only do so if the personal data are processed with an appropriate level of protection. This means – for example – that we use a model agreement of the European Commission or make arrangements on the handling of personal data.

We are familiar with the judgment of the EU Court of Justice of 16 July 2020 (Schrems II case). We are currently examining how we can best deal with this. We are very committed to privacy and will try to do everything we can to find a suitable solution. Once we have a suitable solution, we will inform you of this through this privacy statement. If you have questions about the processing of your personal data, please contact us using the contact details in this privacy statement.


Cookies
On our websites we use cookies of our own and of third parties. Cookies are small data files that can automatically be stored on or accessed from a visitor's device (such as a PC, tablet or smartphone) when visiting a website. The cookies are sent to the web browser on the device. Squares uses cookies to:

  • enable the features of the website (technical and functional cookies);
  • analyse use of the website and use the information obtained to make the website more user friendly (analytical cookies).

When you visit our website for the first time, we will show you a message containing an explanation of cookies. Insofar as we are required to do so, we will ask for your consent to the use of cookies. This document gives an overview of the cookies we use: Cookies Squares

Enabling and disabling cookies
While you can disable the placement of cookies in your web browser, it will prevent some parts of our website from functioning properly. For more information on enabling, disabling and deleting cookies, see the instructions and/or help function in your browser.

Deleting cookies
Most cookies have an expiry date. If the cookies have been given an expiry date, they will be automatically removed once the expiry date has lapsed. You may also opt to delete cookies manually before the expiry date has lapsed. Please consult your browser's user guide for this purpose.

Security
Protection of personal data is very important to us. We safeguard that your data are properly secured with us. We continuously adapt our security and pay close attention to what could go wrong.

The following technical security measures have been taken:

- access to servers and data based on personal keys (no passwords);

- access to the servers based on IP address;

- access to the back-end of the application based on roles;

- access to the back-end of the application based on IP address;

- encrypted storage of sensitive data in the database, not just passwords;

- monthly testing of the application with the OWASP Zap tool to search for possible data breaches (vulnerability test);

- website(s) secured with SSL certificate (https);

- dual servers available at every level (High Availability Cluster);

- regular updates of servers and systems;

- backups of complete servers at regular intervals;

- backups of databases at regular intervals;

- backups of code through version management (GIT);

- use of proven (PHP) frameworks for coding the software;

- use of good code and code reviews;

- use of a DTAP street to roll out the application (Development, Testing, Acceptance and Production).


Your rights
If you have any questions or want to know which personal data we have collected from you, please do not hesitate to get in touch. See the contact details below.

You have the following rights:

  • The right of access: you have the right to access your personal data that we process.
  • The right to rectification: you have the right to correct or supplement the personal data that you have provided and that we process if they are incorrect or incomplete.
  • The right to withdraw your consent: you can easily withdraw your consent at any time.
  • The right to object: you can object to the processing of your personal data.
  • The right to erasure: you can ask us to erase your personal data.
  • The right to data portability: insofar as this is technically possible, you have the right to have your personal data that we process transferred to a third party.
  • The right to restrict processing: in some cases, you can request that the processing of your personal data is restricted (temporarily or otherwise), which means that we process less data about you.

In the event of such a request, we may ask you to provide identification. We do this to confirm that you are indeed the person to whom the personal data belongs. In principle, we will comply with your request within 30 days. However, this term may be extended for reasons relating to the specific rights of data subjects or the complexity of the request. If we extend this term, we will inform you of that in due time.

Changes to this privacy and cookie statement
In the event of changes to our services, we are of course also required to update our privacy and cookie statement. We recommend that you always note the date at the top and check regularly to see whether there are any new versions.

Questions or complaints
If you have any questions or wish to complain about the use of your personal data, you can contact us using the contact details at the bottom of this privacy and cookie statement. We handle every question and complaint internally and will discuss this with you in further detail. If you are of the opinion that we have not provided you with the proper assistance, you have the right to submit a complaint to the privacy regulator. For the Netherlands this is the Dutch Data Protection Authority.

Contact details for Squares B.V.
3e Binnenvestgracht 23 M
2312 NR Leiden, The Netherlands

Telephone number: +31 85 23 57 000
Email address: info@squares.live

Chamber of Commerce number: 80483739