1. What data does Itility process?
Itility processes your personal data as you provide it to us, use our services, or as other sources (e.g., other users, third party services, or public databases) provide it to us. Itility may process the following personal data:
- Your first name and surname,
- Your address,
- Your telephone number,
- Your email address,
- Your IP address,
- Geographical location,
- Account and profile information, and
- Other personal data you provide to us through our services, websites, or support channels, or personal data that is publicly available, for example through search engines.
2. Purpose for processing personal data
Itility only processes personal data that we need to enable your optimal use of our services, to improve our business, to enable you to interact with other aspects of our business, and to comply with applicable laws and regulations. Depending on the services you use and how you use them, Itility may process your personal data to:
- Compile (anonymous) statistical data and analysis for use internally or with third parties,
- Create and manage your account (e.g., for authentication),
- Deliver recommendations, newsletters, and other information regarding promotions to you,
- Contact you related to the service (system or user-to-user communications by email or otherwise),
- Generate a personal profile about you to make future use of our services more personalized,
- Increase the efficiency and operation of our services,
- Keep customer and user administration,
- Monitor and analyze usage and trends for research and development,
- Notify you of updates,
- Perform other business activities as needed,
- Prevent fraudulent transactions, monitor against theft, and protect against criminal activity,
- Protect and improve the safety and security of our services,
- Provide support,
- Request feedback and contact you about your use of our services,
- Resolve disputes and troubleshoot problems,
- Respond to questions and complaints, and
- When required, assist regulators and law enforcement and respond to subpoena.
3. On what grounds does Itility process?
Itility will only process your personal data for the abovementioned purposes when:
- We have your consent,
- We need it to execute the services,
- We need to meet a legal obligation under EU or national legislation, or
- It protects a legitimate interest of Itility.
4. Sharing with third parties
Itility may share your personal data with third parties. When this happens, Itility ensures the third party will process your personal data carefully and only to the extent needed for the abovementioned purposes. We explicitly ensure you that we do not sell your personal information to advertisers or other third parties.
Examples of third parties with whom Itility might share your personal data:
- Network provider,
- Cloud platform host,
- Other service providers,
- (Security) auditors (for certification),
- Itility partners,
- Your organization (e.g., administrator(s) of your employer),
- Legal, regulatory, and other governmental authorities.
At first request of customers, Itility shall provide a detailed updated list of these third parties.
5. Personal data security
Itility ensures that personal data processed by Itility is sufficiently secured, in line with the applicable regulatory requirements and directives.
Itility protects your personal data using adequate technical and organizational security measures to minimize the risk of loss, destruction, misuse, unauthorized access, disclosure, and amendment of this data. Examples of this include firewalls, performing regular back-ups, data and communication encryption, and physical and administrative data access controls.
If you believe your data is not well-protected, if there are indications of misuse, or if you would like more information about the way data processed by Itility is protected, please contact Itility. Our contact data can be found in section 7. Your privacy rights.
6. Personal data retention period
Itility only retains the personal data it processes for as long as reasonably necessary for the purposes for which the data is processed or as is required by regulations or law (e.g., the Dutch Public Records Act (Archiefwet)). The specific retention period varies per type of personal data. After this retention period Itility will either delete or anonymize your personal data.
7. Your privacy rights
The personal data Itility processes of you are yours. Therefore, you have the following rights:
- The right to view your personal data (article 15 GDPR),
- The right to request your personal data to be corrected or deleted (articles 16 and 17 GDPR),
- The right to restrict processing (article 18 GDPR),
- The right to data portability (article 20 GDPR), and
- The right to object to your data being used (article 21 GDPR).
If you want to exercise any of your rights, you can submit a written request. Itility will process your request within four weeks.
You can send your written requests to:
Flight Forum 3360
5657 EW Eindhoven
Where the services are administered for you by an administrator (see “End User Notice” below), you will need to contact your administrator to assist with your requests first.
8. Transfer of personal data outside the EU
Itility may transfer, process and store your personal data outside of the EU, to wherever our third-party service providers operate for the purpose of providing you the services. Whenever we transfer your information, we take steps to protect it.
Third parties may be based in other countries that do not have equivalent privacy and data protection laws. When we share your personal data with these third parties outside the EU, we make use of adequacy decisions (‘adequaatheidsbesluiten’), European Commission-approved standard contractual data protection clauses, or other appropriate legal mechanisms to safeguard the transfer. If necessary, additional security measures will be put in place.
9. End User Notice
Our services are intended for use by organizations. Where our services are made available to you through an organization (e.g., your employer), that organization is the administrator of our services and is responsible for the accounts and/or service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of our services is subject to that organization’s policies. Itility is not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Administrators are able to:
- require you to reset your account password,
- restrict, suspend, or terminate your access to the services,
- access information in and about your account,
- access or retain information stored as part of your account,
- install or uninstall third-party apps or other integrations,
- perform the necessary actions to protect a legitimate interest of the organization.
In some cases, administrators can also:
- restrict, suspend, or terminate your account access,
- change the email address associated with your account,
- change your information, including profile information,
- restrict your ability to edit, restrict, modify, or delete information.
Even if the services are not currently administered to you by an organization, or if you use an email address provided by an organization (such as your work email address) to access the services, then the owner of the domain associated with your email address (e.g., your employer) may assert administrative control over your account and use of the services at a later date.
Please contact your organization or refer to your administrator’s organizational policies for more information.