Privacy statement Prowise

Prowise offers an overall solution for digital education in a safe learning environment and operates in several European countries. Where this statement mentions “we/us” or “our/ours”, this refers to Prowise B.V., with its registered office at Luchthavenweg 1B, 6021 PX in Budel, the Netherlands, and companies in the same group of companies, such as the parent organisation and/or sister companies (affiliated companies).

For questions regarding the field of privacy, including this privacy statement, you can contact our Privacy Officer via the address above or throughprivacy@prowise.com.

This privacy statement applies when Prowise acts as the controller processing your data on the basis of the privacy legislation.

This is the case when:

• you visit our websites, offices or events
• you are our client or supplier
• you want to make non-business use of our products and register via our website
• you ask us a question or contact us

We differentiate between the following categories of data subjects:

• Visitors, to the website or in person
• Clients
• Suppliers

This privacy statement does not apply if you are considering applying for a job with Prowise. We will then refer you to the privacy statement for Job Applicants.

Personal data refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly.

We collect personal data you provide us yourself, and also information we obtain automatically through you visiting us or doing business with us.

We collect the following categories of personal data:

• General and contact details, such as your name, address,e-mail address, and phone number
• Identification details, such as your date of birth,supplier number or client number
• Payment details, such as bank details, order historyand payment history
• On-premise details, such as details regarding your visit, your number plate, and any sound or image recordings.
• Log files, such as details regarding network traffic,your IP address, the operating system used, type and version of the browser used
• Business information, such as Chamber of Commercenumber and VAT registration number, assessment/screening in respect of knowledge, experience, achievements, figures, compliance/ethics
• Communication details, such as correspondence, e-mail,chats
• Login details and user content, such as userID, accountand profile data, password and usage data
• Cookie information. For more information, see our Cookie statement.

Prowise processes your data based on the following legal grounds in the privacy legislation:

• to conclude and execute an agreement with you
• necessary to fulfil our legal obligations
• in the context of our legitimate business interest
• your specific and informed consent

More specifically, the data is processed for one of the business purposes below:

Client and supplier evaluations
Before we can enter into a relationship with you, we must evaluate your credibility and quality.

Supplying and managing our products and services
We need your personal data to perform the agreement we conclude with you, to be able to pay invoices, and to provide support.

To be able to use our products and services through our Cloud platform, a Prowise account must be made through our Account Portal. Our specific Privacy statements apply to its use.

Development and improvement of our products and services.
We analyse and quantify data to evaluate products and services, such as the process of logging in. Based on this, we can implement innovations and improvements to our products for users. We will inform you of the improvements that are implemented, for example via security and other updates.

Account management, sales, and marketing activities.
We keep in contact with our existing clients via e-mail. You will receive our newsletters if you subscribed to them.

Business and organisational analysis and development.
In order to manage commercial objectives and optimise business operations, it is sometimes necessary to process personal data for this purpose.

Protection of health, safety and security of people, premises, systems and assets.
We monitor access to our buildings and digital systems, such as our products, through access control and log monitoring in order to detect any possible misuse.

To fulfil all legal obligations.
We can process and share personal data to fulfil our legal obligations, for example from a tax standpoint.

Your personal data may be shared between the companies within the Prowise business group, currently consisting of

• Prowise BV
• Prowise R&D BV
• Oefenweb.nl
• Prowise GmbH
• Prowise UK Limited
• Prowise BVBA

We only share your personal data with third parties when required or permitted by law. If necessary, we will conclude an agreement which includes stipulations on confidentiality and security.

The parties with which such agreements are made include:

• Hosting providers and e-mail providers
• IT and Security Service providers
• Financial services providers
• Cookie providers (see cookie statement)
• Logistics services providers
• Consultants
• Government agencies

In other cases, we will only share your personal data if you have given us prior permission to do so. We will under no circumstances sell your data to third parties.

We are doing our best to keep your data in the European Economic Area (EEA). In some cases, service providers outside of the EEA provide a higher level of services, particularly in the field of security, in which case we opt for quality.

We will only provide your personal data to parties outside of the EEA if they provide an appropriate level of protection for the processing of personal data. This means that we will conclude an agreement with such parties, which will include the relevant model clauses made available by the European Commission.

We will keep your data for as long as necessary to achieve the purposes laid out in this privacy statement. We will delete the personal data if they are no longer needed or relevant, or if they have become obsolete.

We secure our website and other systems through technical and organisational measures. We do this to prevent data from being lost or being accessed by unauthorised parties.

Examples of some technical measures we have taken are:

• data is sent through a secured connection when one of the forms on our website is used
• data is encrypted during transmission
• we have implemented several security techniques that protect your data from the inside and out.

Some examples of organisational measures we have taken:

• set up and implemented an internal policy
• our employees can only access the personal data in so far necessary to perform their work
• we regularly examine our security, for example by conducting investigations into internal vulnerabilities and reviewing the best practices (for example, OWASP and the NCSC guidelines) in the field of security

In addition, we are certified and internal and external audits take place regularly. We take immediate action if these audits deem such necessary or advisable. Unfortunately, despite all precautions and regular audits, absolute protection against all dangers is impossible, but we do everything in our power to make sure our security levels conform with the applicable standards.

Based on the privacy legislation, you are entitled to exercise the following privacy rights:

• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to be forgotten (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR)

You can contact us about this via privacy@prowise.com. Please note that for such requests, we need to verify that you are actually the person in question.

You also have the right to submit a complaint about the manner in which we handle your data. If you have a complaint, we prefer to resolve it with you directly. Therefore please contact us if you have a complaint. If you are not content with the settlement of your request or complaint, you can file a complaint with the competent Data Protection Authority. You can also lodge a complaint at the Dutch Data Protection Authority (Dutch DPA) which serves as our lead Supervisory Authority. For this we refer you to the website of the Dutch DPA which is only available in Dutch. No automated decision-making takes place via our website.

Aside from the rights above, you can also object to the processing of certain data.

Right to object (Article 21 GDPR) In so far as we process personal data based on our legitimate interest or the legitimate interest of a third party, you have a right to object. You can do so based on reasons linked to your specific situation.

You can make an objection via the contact details specified in this privacy statement.