Last updated September 10th 2024.
This privacy policy notice is served by Protokol B.V., under the website https://www.protokol.com
In this document “Protokol”, “Protokol.com”, “Protokol B.V.” or “we”, “our” or “us”, refers to Protokol B.V., registered in the Netherlands.
Our registered office address is:
Protokol
Keizersgracht 391A
1016 EJ, Amsterdam
Netherlands
For privacy-related inquiries, you may contact us via email at [email protected] or via www.protokol.com/contact.
This policy is governed by the laws of the Netherlands and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.
Introduction
At Protokol we take your privacy very seriously. This Policy explains in a clear and transparent manner, how and when we collect, share and protect your personal data.
This Policy applies to the Protokol website (www.protokol.com), our Kredential product and it’s associated applications (such as Kredential Wallet, Kredential Manager) and any other products and services (collectively, the “Services”) provided by Protokol and defined in each Terms of Service. Please note that anonymized information or purely statistical data used by Protokol will not be considered personal data.
Purpose
The purpose of this Privacy and Cookie Policy is to explain to you how Protokol controls, processes, handles and protects your personal information both through the business, while you browse or use this website, and while you use our products or applications (such as Kredential, or Kredential Manager). It also details the choices you can make about the way your information is collected online and how that information is used. If you have not done so already, please review our privacy policy. If you do not agree to the following policy then please cease viewing/using this website and/or Protokol products and applications and refrain from submitting your personal data to us.
Overview
This privacy notice aims to inform you about how we collect and process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information. It tells you about your privacy rights and how the law protects you.
We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
General Data Protection Regulation (GDPR)
Our policy complies with the Data Protection Act 2018 (Act) accordingly incorporating the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at: https://www.knowyourprivacyrights.org/
The GDPR extends certain rights to users of the Protokol website. Those rights are as follows:
- Right to be Informed – Protokol agrees to inform all users what data we are collecting and for what purposes.
- Right of Access – All users have a right to see what extent of their personal information is being held by Protokol.
- Right to Rectification – Users have the right to rectify any incorrect or amend any personal information being held by Protokol.
- Right to Erasure – Users can request to have their personal data erased or redacted under certain circumstances. Circumstances may include events such as: data is no longer being used for its intended purpose, or the personal data has been possessed unlawfully.
- Right to Restrict Processing – Users can request for data to be halted from being processed in the event that data is being amended or redacted.
- Right to Data Portability – Users can request any piece of personal data given to Protokol. Personal data will be supplied in a structured, commonly used, machine-readable format.
- Right to Object – Users have the ability to object to their data being processed if the data is being used in a manner that is inconsistent with the stated purpose for which it was collected.
- Rights in Relation to Automated Decision-making and Processing – Users have the right to object and not be subject to decisions based solely on automated processing
Except as set out in the third-party tools and cookies section below, we do not share, or sell, or disclose to a third party, any information collected through our website.
Data Protection Officer
We have appointed a data protection officer (DPO) who is responsible for ensuring that our policy is followed.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our DPO at [email protected] or you can write to us at:
Data Protection Officer
Protokol B.V.
Keizersgracht 391A
1016 EJ, Amsterdam
Netherlands
Data Collection and use
We may collect, use, store and transfer different kinds of personal data about you. We have collated these into groups as follows:
Your identity includes information such as first name, Job title and other identifiers that you may have provided at some time.
Your contact information includes information such as email address, phone number or any other information you have given to us for the purpose of communication or meeting.
Technical data includes you internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Marketing data includes your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.
We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity.
For example, we may aggregate profile data to assess interest in a product or service.
However, if we combine or connect aggregated data with your personal information so that it can identify you in any way, we treat the combined data as personal information and it will be used in accordance with this privacy notice.
Communicating with us
When you contact us through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need. This includes providing information via email updates, or other communication channels.
We record your request and our reply in order to increase the efficiency of our business.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high quality service.
The basis on which we process information about you:
The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.
Processing Purpose:
- To communicate with you to optimize our platform
- To provide our service
Legal Basis:
- These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests.
- We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
Processing Purpose:
- With your consent
Legal Basis:
- Where our use of your personal information is based upon your consent, you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at [email protected]
If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.
If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
Data retention
We will only keep your personal data for as long as is necessary to provide applicable services/information to you however this could be a period of up to 8 years. After this period your personal data will be deleted from our records.
If you wish to be removed from our database you have the right to be forgotten. Once the request to be forgotten is received Protokol will remove all your details from our system within 4 working days.
Access to your personal data
To enquire about accessing your personal data, to update or rectify your data or to exercise your right to be forgotten/data removed, please contact our Data Protection Officer.
You can do so via email by contacting: [email protected]
Unsubscribe from Communications
You may unsubscribe or opt-out of our services at any time. Where we collect your personal data, via web form we provide you with the means to opt-out by indicating in a check-box on the form.
For email communications, your individual contact preferences and ability to unsubscribe can be accessed via the footer of marketing emails sent to you by Protokol. Simply click the “Unsubscribe” link, or send an email to [email protected] with your request.
Information Collected by the Protokol Website (www.protokol.com)
Cookies
Protokol uses a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit https://www.aboutcookies.org/ for detailed guidance.
By clicking the “Accept” button on the Site’s Cookie Banner you are agreeing to our use of cookies and similar tracking technologies. Once you have accepted the use of cookies and similar tracking technologies on the Site, your preferences with regard to use of the cookies will be saved in the form of a cookie for your future visits to the Site for as long as you do not remove the cookies stored on your device(s). If you disable cookies that we use, some functionality of the Site may be unavailable, depending on the type of cookie you have disabled.
If you do not agree to our use of cookies and similar tracking technologies, you should set your browser settings accordingly. You will always be able to withdraw your consent and change your choices by amending your browser settings in the future.
If you wish to withdraw your consent to use of cookies on this Site by changing your browser settings to block cookies or alert you when cookies are being sent to your device you can do so by referring to your browser instructions or help screen. To learn more about how to adjust or modify your browser settings please visit:
Please note that third party websites, which may be linked to the site, are not covered by this Cookie Policy.
Cookies set by us
_hash – these cookies are set to allow us to identify the status of a user on our website and are generally used across the web for things such as log-in routines and shopping baskets. This cookie expires within a month.
PHPSESSID – this cookie stores the identifier for your current session in PHP. It is removed at the end of your session.
CSRF token – Cross-Site Request Forgery (CSRF) is an attack that forces a user to perform unwanted actions on a website (for example your data could be hijacked and used to perform tasks). This cookie is required to protect users from a CSRF attack and allows us to mask your data.
Cookies set by our Third Party Tools
_ga/_gat/_gid – These cookies are utilized by Google Analytics to collect data on how visitors interact with our site. Specifically, the _ga cookie is used to distinguish users and expires after 2 years, the _gat cookie is used to throttle the request rate on high traffic sites and expires after 1 minute, and the _gid cookie is used to distinguish users and expires after 24 hours. The information collected includes the number of visitors to the site, where visitors have come from geographically, the pages they have visited, as well as the devices and browsers the visitor is using, all in an anonymous form.
__hstc, __hssrc, __hssc, and hubspotutk – these cookies are used by HubSpot to collect information about how visitors use our site. The cookies collect information which includes: the number of visits, the time of the first visit, the previous visit, and the current visit, alongside a session counter that’s updated with each subsequent session via __hstc. The __hssrc cookie is used to determine if the visitor has restarted their browser. The __hssc cookie keeps track of sessions and updates the session number and timestamps in the __hstc cookie accordingly. The hubspotutk cookie tracks a visitor’s identity and is passed to HubSpot upon form submission, aiding in deduplicating contacts and understanding user engagement over time.
_hjIncludedInSample, _hjTLDTest, _hjid, and _hjFirstSeen – these cookies are used by Hotjar to collect information on how visitors interact with our site. The cookies collect information in an anonymous form, including the number of visitors to the site, the pages they have visited, and the actions they have performed (like clicks, scroll behavior, and form submissions). The _hjIncludedInSample cookie is used to let Hotjar know whether a visitor is included in the data sampling defined by the site’s pageview limit. The _hjTLDTest cookie detects the most generic cookie path to use instead of the page hostname. The _hjid cookie stores a unique user identifier, enabling tracking of the user over subsequent visits, while the _hjFirstSeen cookie identifies a new user’s first session on the website, indicating whether or not they are a returning visitor.
Third Party tools we utilise for website analytics and performance
Google Analytics
Protokol uses a web analytics tool to analyse site usage, how our users arrive at our site, what they do on the site, what browser they are using and on what operating system.
We use Google Analytics to help us understand how the site is being used in order to improve the user experience.
You can find out more about Google’s position on privacy as regards its analytics service at https://www.google.com/policies/privacy/partners
HubSpot
On Protokol’s website (this site) we use HubSpot for our online marketing activities. HubSport is a software company from the USA with branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.
This is an integrated software solution that we use to cover different aspects of our online marketing. This includes, among others:
- Email marketing (newsletter, together with automated mailings, e.g., for provision of downloads), social media publishing & reporting, reporting (e.g., traffic sources, accesses, etc. …), contact management (e.g., user segmentation & CRM), landing pages and contact forms.
- Our registration service enables visitors to our website to find out more about our company, to download contents and to provide their contact information, together with further demographic information. This information, together with the contents of our website are stored on the servers of our software partner HubSpot. We can use it to make contact with visitors to our website and to determine which of our company’s services are interesting for them.
All information collected and stored by us is subject to this data privacy policy. We use all information collected exclusively for optimizing our marketing measures.
The legal basis for the use of HubSpot’s services is article 6 (1) f) GDPR – justified interest. Our justified interest in the use of this service is the optimization of our marketing measures and the improvement of our service quality on the website.
HubSpot is certified under the conditions of the “EU – U.S. Privacy Shield Framework” and it is subject to TRUSTe’s Privacy Seal, as well as the “U.S. – Swiss Safe Harbor” Framework.
- More information on HubSpot’s data privacy provisions
- More information on the cookies used by HubSpot can be found here & here
To remove your data from Protokol’s HubSpot database, you can do so by sending a request to our Data Protection Officer via this email address: [email protected] or by writing to us at our registered address shown at the top of the page.
Hotjar
Protokol use the user insight tool, Hotjar. Hotjar enables us to better understand our users’ needs and to optimize our service and customer experience based on this insight. Hotjar provides data related to users experience (e.g. how much time users spend on site, on which pages they spend their time, which links users choose to click, and what users engage with most etc.) and this enables us to build and maintain our website with user feedback in mind.
Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile.
Neither Hotjar nor Protokol will ever use this information provided by Hotjar to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link: https://www.hotjar.com/legal/policies/privacy/
For more information and more about Hotjar’s data processing, please visit: https://www.hotjar.com/legal/compliance/gdpr-commitment/
Information Collected While Using the Kredential Wallet Application
While using the Kredential Application (Kredential Wallet, and/or Kredential Manager), in order to provide access to the features of Our Application, We may access or collect information from your device with your prior permission.
Information we collect
Profile information is voluntarily submitted by the user. This includes data such as:
- First Name
- Last Name
- Date of Birth
- Home Address
- Profile Image
A user does not need to submit this information, however, if they do, we use this information to provide features of our service, and to improve and customize our service. The information is simply stored on your device and is not uploaded to Protokol’s servers or a third-party’s server on behalf of Protokol.
You can delete this information at any time, either by deleting the information directly from the profile page within the application, or by deleting the Kredential application from your device.
Information we access from your device when using the Kredential Wallet
- Pictures and other information from your device’s camera and photo library (utilised for your Profile picture, for scanning QR codes). You can enable or disable access to this information at any time, through your device settings.
- Biometric Information: Users of the Kredential Wallet application have the option to use biometric verification instead of a PIN. We do not store biometric data, but we do utilise what the system on your device (phone) provides for verification. You can enable or disable access to this information at any time, through your device settings or directly within the Kredential application.
- App-specific Pin code. This data is stored in your device’s secure storage. We do not store the Pin data, but utilise it for verification purposes.
- DID (EBSI ID). This data is stored in your device’s secure storage. Protokol do not store this data. You can delete this information at any time, either by deleting the information directly from the profile page within the application, or by deleting the Kredential application from your device.
- Public/Private key pair. This data is stored in your device’s secure storage. Protokol do not store this data.
Data Sharing with Third Parties
Protokol will not transfer your personal information to third parties for the purpose of providing or facilitating third-party advertising to you. We will also reject any offer to sell your personal information to a third party vendor for the purposes of advertising.
If Protokol intends to share your information in response and compliance to the legal process, Protokol will provide you with notice so you can challenge it (for example by seeking court intervention), unless we’re prohibited by law or believe doing so may endanger others. Protokol will not divulge user information to legal solicitations that are deemed to be improper.
California Privacy Rights
Notice concerning Do Not Track. Do Not Track (DNT) is a privacy preference that users can set in certain web browsers. We are commited to providing you with meaningful choices about the information collected on our website for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals.
Changes to this Policy
Protokol may periodically update this Policy. We encourage you to periodically review this page for the latest information on our privacy practices. We will notify you about significant changes to it by highlighting any changes in the most recent version of the policy. The most current version of the policy will always be here and former versions of the policy can be acquired by sending a request to [email protected]. This policy was last updated on September 10th 2024.