Introduction

This Privacy Policy applies to personal data collected, used and stored by Struck.build in connection with the use of our services (the “Services”) that are being offered to you on our website www.struck.eu (the “Website”). This Privacy Policy explains the types of personal data we collect from and about you and how we use, disclose and protect that data as well as your ability to control certain uses of it.

Struck.build is responsible for the data you share with us as a data controller under the General Data Protection Regulation 2016/679 (‘GDPR’). It goes without saying that STRUCK.build adheres to the rules as set forth therein.

Who is responsible for the personal data collected?

Your personal data is controlled by Struck.build B.V. (“Struck”). Our company details can be found at the end of this document.

Collecting, processing and storing your personal data

In this Privacy Policy, your “personal data” means information or pieces of information that could allow you to be identified. For example, your name, address, telephone number and e-mail address, but also your IP address.

Information we collect directly from you if you as a user of our Services:

• first and last name;

• e-mail address;

• IP address;

• occupation, place of work, company/firm;

• phone number;

and, once the Service has become paid:

• username and password,

• payment information; and

• search history

We only request the personal data that we specifically need to provide the Services in your particular case. Without this information, we are unable to deliver our Services. It is therefore important that you have verified its accuracy. To better understand our customers we may create user profiles based on aggregated data per type of professional (based on occupation), so we can build specific features and services for specific user groups. We will never create individual profiles of any users and we will never make automated decisions about you.

We retain this data for the duration of your use of the Services, up to a maximum of 7 years thereafter.

How do we use your personal data?

We require your information in order to fulfil our agreement with you, which is to provide a service. Specifically, this entails empowering you to prioritize your creative process while minimizing the mundane task of compliance with regulations. This means that:

• we need to be able to contact you;

• we need to manage your account;

• we need to resolve services issues;

• we need to prevent illegal activities, suspected fraud and potential threat to our services; and

• we may track your usage to improve the Services by understanding where a workflow breaks, popular searches, use cases, and to understand what are the most useful features of the Website.

We may reach out to you to with i) service e-mails, and (ii) information about updates, new services, our newsletter, complaints, suggestions, and follow-up on conversations with you.

At times, we may also require your information to comply with legal obligations, such as filing tax returns.

Processors

To provide our services, we engage with other processors. We use Vercel to host our web services, Hubspot for our e-mail service and newsletter hosting, and Google Cloud Platform and Azure to host our Cloud. We will ensure that our Processors comply with the GDPR. We use Google Analytics to monitor and analyze your use of the Website and the Services.

We shall not transfer, store or process your personal data to a location or country that is not compliant with GDPR*.* We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement.

Will we share your personal data with other parties (other than our Processors)?

Other than set out in this Privacy Statement, we will not share your personal data with any third party, unless you have given us your prior consent to do so.

We do not share your personal data with other users of the Services.

How do we protect your personal data?

The collection, use and disclosure of personal data is safeguarded by technological and organisational security measures with the objective to protect the personal data against loss, misuse and unauthorised access, alteration, disclosure or destruction. These measures are continually improved in line with technological developments.

In particular, we restrict access to personal information to our employees, retailers and all other parties we work with, who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

We will not retain your personal data for a period longer than necessary to fulfil the purposes for which it was collected for, unless we have to keep it for legitimate business, tax or legal purposes.

Your privacy rights

You have the following rights regarding your data:

• Access. You can request a written copy of the personal data we hold about you;

• Correct. We want to ensure that your personal data is accurate and current. You can rectify data with us that you believe to be incorrect;

• Erase: You can request us to erase your personal data. If we need the personal data to be able to provide you with our services, we may not be able to erase it immediately. We may not delete information that we are required to keep by law;

• Object. You can object at any time to the processing of your personal data on the basis of Article 21 GDPR;

• Restrict processing. You can limit the processing of your data in accordance with Article 14 of the GDPR;

• Withdraw consent. When the processing of your personal data is based on your consent, you have the right to withdraw your consent, without affecting the lawfulness of the processing based on your consent before the withdrawal;

• Data portability: If your personal data is processed by automated decision-making for the fulfilment of our contractual relationship, you have the right to request that we provide you with your personal data in a machine-readable format for transfer to another controller;

• Complain. You can submit a complaint at any time to [email] or to the authority via https://autoriteitpersoonsgegevens.nl/;

• Ask information. You have the possibility to request information about your personal data; and

• E-mail. Questions, comments, requests or complaints concerning the processing of your personal data or this privacy statement can be addressed to [email protected].

Modifications to this Privacy Policy

This Privacy Policy may be changed from time to time. If we make any substantial changes to this Privacy Policy and the way we use your personal data, we will provide appropriate notice to you. Please check our Privacy Policy frequently to stay informed about how we use your personal data.

Questions?

If you have any questions or comments about our Privacy Policy, please send us an e-mail at [email protected]. You may also contact us by postal mail at:

Struck.build B.V.

Weteringschans 85

1017 RZ Amsterdam

Chamber of Commerce 92270271

www.struck.eu