Privacy Policy

1. Introduction:

KOOPR BV, your professional online assistant, is dedicated to efficiently managing your administrative tasks with a high degree of respect for your privacy and the security of your personal data. This statement provides comprehensive details about our approach to data processing.

2. What personal data do we collect?

We collect and process the following categories of personal data:

  • Identification data: Name, address details, email addresses, phone numbers.
  • Demographic data: Age, gender, preferences, and interests.
  • Professional data: Occupation information
  • Login and device data: Usernames, passwords, IP addresses, device IDs, and browser settings.
  • Financial and transactional data: Purchase history, purchase information, payment history, invoice information.
  • Content you provide: Photos, videos, comments, messages, and other media or documents.
  • Communication data: Email correspondence, phone calls, and chat history.

3. What are the sources we rely on?

  • Directly from the data subject: Through website interactions, app usage, registration processes, and direct communication.
  • Indirectly through third parties: Through collaborations with partner companies, from social media, and other external data sources.
  • Automatic collection: Through cookies, analytics tools, and other technologies that monitor interactions with our digital properties.

4. On what legal grounds do we process data?

KOOPR BV takes the principle of data minimization very seriously. We therefore only want to process personal data that is strictly necessary to offer you our online purchase assistant.

The table below shows which categories of personal data are processed by us (column 1), why such personal data is processed (the 'purposes' - column 2) and on what legal basis such processing takes place (column 3).

The processing of personal data only takes place for one or more specific purposes. Please note that the retention period for the different purposes may differ.

Furthermore, there is always a demonstrable legal basis for each processing of personal data. The description in the 'Legal basis' column has the following meaning:

  • Consent: you have given your (explicit) consent to the processing of personal data for one or more specific purposes;
  • Agreement: the processing of personal data is necessary for the performance of a contract to which you are a party;
  • Legitimate interests: the processing is necessary for the purposes of the legitimate interests pursued by KOOPR BV or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data;
  • Legal obligation: the processing is necessary for compliance with a legal obligation to which KOOPR BV is subject.

Categories of personal data Purposes Legal basis
First and last name, e-mail address, telephone number, work address, legal status, VAT or company registration number, type of activity, contact details of your accountant Registration with KOOPR software Agreement
First and last name, e-mail address, legal status, VAT or company registration number, type of activity, invoices/receipts/e-mail messages, transaction information, other financial documents Providing financial assistance through our digital purchase assistant Agreement
E-mail address and password Authentication of the user via KOOPR software Agreement
E-mail address and password Authentication of the user's account for connecting with webshops Agreement
Notification or payment references, amount, date of transactions, other payment details Providing financial assistance through our digital purchase assistant (explicit) Consent
E-mail address Collecting product feedback to improve our products and services Legitimate interests
User feedback Development and improvement of our digital purchase assistant Legitimate interests
E-mail address To inform you as a registered user about technical information about our services through a newsletter Legitimate interests
E-mail address To send you, as a registered user, marketing messages regarding other products or services of KOOPR BV Legitimate interests
E-mail address To send you as a potential user marketing messages regarding the products and services of KOOPR BV Consent
E-mail address, complaint Addressing any complaints about the service. Legitimate interests
First and last name, legal status, VAT or company registration number, professional bank details, transaction data KOOPR BV is bound by a number of legal obligations that require the processing of your personal data. Legal obligation

5. Purposes for Data Processing:

Contractual obligations: To fulfill our contractual agreements, such as managing your account and delivering our services.

Service improvement: Analyzing usage data to improve our products and services.

Legal obligations: Complying with legal requirements, including tax laws and data protection regulations.

Marketing activities: Carrying out marketing and promotional activities, including newsletters and targeted advertisements, based on your consent or our legitimate interest.

6. Data Security:

We apply strict physical, technical, and administrative security measures to protect your personal data from unauthorized access, modification, disclosure, or destruction. Examples of our security measures include encryption, firewalls, and secure data centers.

7. Data Sharing and International Transfers:

Within KOOPR BV: Data may be shared internally for operational purposes and management.

With external service providers: Trusted third parties that provide services and support, such as IT services, cloud hosting, and customer service.

International transfers: Personal data may be transferred to and stored in countries outside the EU, where we ensure appropriate safeguards in accordance with the GDPR.

How is your personal data shared?

Within KOOPR BV

Because KOOPR BV consists of many different subsidiaries, it is important for us that we can offer you the best possible integral experience. In order to maintain an overview and insight, KOOPR BV may share your personal data with other companies in the KOOPR BV Group.

Outside KOOPR BV

KOOPR BV may also share your personal data with external parties in the following frameworks:

  • User communities of KOOPR BV
  • When you post, comment or something similar on the user communities of KOOPR BV or on other forums on KOOPR BV Sites, such information may be read and used by anyone who has access to such forums. KOOPR BV is not responsible for information that you post on such forums or KOOPR BV Sites.
  • Business partners
  • KOOPR BV may share your personal data with our partners when this is justified from a business perspective and in accordance with applicable privacy laws.
  • Government agencies
  • The police and other authorities may request access to personal information from KOOPR BV. In such cases, KOOPR BV will only make the data available when there is a court order or similar order to do so.

8. When do we use processors?

KOOPR BV uses processors to process personal data. These processors are typically vendors of cloud services or other IT hosting services.

When processors are used, KOOPR BV will enter into a processor agreement to guarantee your privacy rights. If processors are located outside the EU, KOOPR BV will ensure on your behalf that there are legal grounds for such international transfers, including through the use of the EU Model Clauses.

You can always request an overview and further information about KOOPR BV processors, including documentation of legal grounds for the aforementioned international transfers. See the last part of this statement for contacting KOOPR BV.

9. Your Rights under the GDPR:

You have extensive rights under the GDPR, including:

  • Right of access: You can request a copy of the personal data we process about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure: You can ask us to delete personal data if there is no valid reason for further processing.
  • Right to restriction of processing: You can request to restrict the processing of your data.
  • Right to data portability: You can receive a copy of your data in an electronic format and you can request that we transfer this data to another party.

10. Use of Cookies and Tracking Technologies:

Our websites use cookies and similar technologies to improve user experiences, analyze website traffic, and offer targeted advertisements. You can manage your cookie preferences through your browser settings.

11. Use of Artificial Intelligence:

KOOPR uses A.I. to train and improve certain models within KOOPR's software. Personal data (such as those from the Google Workspace APIs and other sources) are not used to develop, improve, or train generalized AI and/or ML models.

12. Contact Information:

For questions about this privacy statement or your personal data, please contact hello@koopr.com. For complaints, you can also contact the national supervisory authority.

13. Changes to this Statement:

This privacy statement may be updated periodically. Important changes will be communicated via our website or by email.

14. What does "GDPR" stand for?

"GDPR" stands for General Data Protection Regulation. This is an important privacy and data protection legislation that has been in force in the European Union since May 25, 2018. The GDPR is designed to give EU citizens more control over their personal data and to create a more uniform regulatory framework for data privacy in Europe.

Some key points of the GDPR are:

  • Stricter consent requirements: Organizations must obtain clear and unambiguous consent from individuals before processing their personal data. This consent must be easy to withdraw.
  • Right of access and erasure: Individuals have the right to ask organizations what personal data is being processed about them and to have this data corrected or deleted.
  • Data breach reports: Organizations are required to report data breaches that are likely to pose a risk to individuals to the relevant supervisory authority within 72 hours of discovering the breach.
  • Protection by design and default settings: GDPR requires that data protection be integrated from the start of system development (Privacy by Design) and that the default settings be as privacy-friendly as possible (Privacy by Default).
  • Data protection impact assessment: For certain types of data processing that may pose a high risk to the rights and freedoms of natural persons, organizations must carry out a data protection impact assessment.
  • Data Protection Officer: Organizations may be required to appoint a Data Protection Officer (DPO) who oversees compliance with the GDPR within the organization.

The GDPR has a broad scope and applies to all organizations within the EU, as well as to organizations outside the EU that offer goods or services to, or monitor the behavior of, EU citizens. The purpose of the GDPR is to create a balance between the protection of privacy and the free flow of personal data within the internal market of the EU.