Privacy statement

Coosto respects the privacy of all its users. In this privacy statement, we explain how we treat your personal data and how you can exercise your privacy rights.

What is Coosto?

Coosto is a content & social media marketing tool designed to help organizations get better results from content. We’re offering practical solutions for every stage of the content marketing process: our customers are relying on Coosto to come up with content, distribute content to social media, manage their community, and monitor and report all results.
To make this possible, Coosto collects public data and processes certain data from clients to properly provide services to them. This may also include personal data. 

For the processing of personal data, which Coosto conducts at its own initiative, such as the processing of our own customer data and collecting public data, Coosto is considered the ‘controller’ in the sense of privacy legislation. In addition, Coosto may be ‘processor’ for certain operations on personal data in the sense of privacy regulations, for example, if its user chooses to exchange personal data in messages in the Engage environment or when posting a social media message in the Publish environment. For those services the customers of Coosto are the controllers.

What personal data does Coosto process? 

Personal data in public data
Coosto collects data from various information sources, such as social media, news sites, blogs, and fora. It always regards public information, that is, data that has been actively shared online and can be found with a standard internet search engine, or by visiting the relevant websites. Coosto does not collect shielded information.

Some public data is provided to Coosto for which we collaborate with suppliers of this data. We make arrangements with these suppliers to make sure that this takes place in conformity with the privacy regulations, their own privacy policies, and applicable terms & conditions.

Examples of personal data which may appear in public information are (profile) names, (profile) pictures, public account information, location information (if these are shared), and possibly other personal data included in messages. The visibility of a possible username, profile picture, or other personal data in Coosto does not only depend on whether this is public information. Public information is also anonymized if it does not contribute to the intended uses of Coosto. For example, comments on Facebook and Instagram pages that are not managed by our customers are always anonymized, and those users are displayed as "Anonymous user" with an empty profile picture.

Furthermore, Coosto has taken as many technical and organizational measures as possible to make sure that when information is removed, shielded, or updated, it no longer appears in search results or is replaced with the updated version. In short, our software keeps social media messages up to date. 

Personal data in customer (social media) posts
Coosto processes the data that users publish and exchange through the Coosto. Users of Coosto can choose to process personal data in, for example, social media posts, interaction with their audience or through the creation of reports and dashboards. Coosto's customers are therefore considered as a ‘controller’ in the sense of the privacy regulations. Coosto processes this personal data on behalf of the customer.

Personal data is customer data 
Coosto also processes certain personal data of customers so as to properly provide services. Specifically, the name and contact information of the customer or of the contact person acting on behalf of the customer, their address (for example, for training visits, customer-relation maintenance, and satisfaction surveys), email address, phone number and bank information (for payments). In addition, Coosto uses personal data that is filled out on the contact page of this website, so requests submitted through this page can be handled correctly. For that purpose, name, email address, and phone number are requested.  

For what purpose does Coosto process personal data?

Coosto collects data to make public sources searchable for users to help organizations explore the impact of their content and measure their earned media. Coosto helps customers to create better content and perform measurably better in terms of brand awareness, brand preference, customer loyalty, and online conversions. In addition, Coosto collects customer data to be able to provide (technical) support to its customers.

In legal terms, Coosto appeals to the legitimate interest of Coosto and its users to make this purpose possible.

How long does Coosto keep personal data?

Coosto saves data, among which personal data, only as far as is necessary to provide its services. The retention periods depend on the purpose for which we obtained or collected the data and any legal obligations. We do not archive social media messages but show them via a click-through link, as long as they remain publicly  online on the original platform. When a source is deleted, our links do not work anymore as well. Additionally, Facebook messages older than one calendar year are deleted.
Users of Coosto remain the owner of their data at all times and can export or delete their data at any time. In Coosto you can set your own data retention policy as a user; through this feature you have full control over the desired retention periods of your data.

Does Coosto transfer personal data with third parties?

Coosto does not share data, including personal data, with third parties, except for how is stated here. Access to data within the Coosto organization has been limited as much as possible to certain functions on a need-to-know basis for the performance of those functions.

In addition, users have access to collected public data  under applicable laws and regulations such as the GDPR, the terms of use of Coosto, and those of the social media platforms. We show search results with a link to the original source.

Coosto does not use sub-processors unless the user purchases Mobile Messaging or Livechat. The sub-processors that are then used are located within the EEA.

We host the Coosto software and data ourselves on secured servers in the Netherlands. It is our policy to limit working with third parties and to only use them if their specialization is strictly necessary to support our business processes. These collaborations are limited to large, trusted players within the EEA, to countries for which the European Commission has determined to comply with adequacy decisions, or to parties that guarantee privacy through standard contractual clauses. 

How does Coosto protect your personal data?

Coosto has implemented appropriate technical and organizational measures in its internal policies to ensure that personal data is secured in an appropriate manner. We will specify some:

  • The measures to protect your data are part of our information security & privacy management system, for which Coosto is ISO 27001 certified;
  • Coosto respects the privacy settings of all social media platforms, has confidentiality agreements with collaborators, customers, and suppliers;
  • All users of Coosto are bound by the terms of use of Coosto and the various social media platforms;
  • Within the entire organization, the privacy-by-design principle is applied, on policy and procedure level, which addresses aspects such as access control, the seggregation of environments, encryption, monitoring, and auditing;
  • For multiple functions, screening by an independent party is required;
  • Periodically, penetration tests and scans are carried out by independent third-parties to check on potential vulnerabilities;
  • We work with a TierIV data centre in the Netherlands with various relevant certifications.

Questions and rights

If you have further questions about how Coosto handles your personal data or if you wish to access it, want to request correction or removal, or if you want to submit a request for the limitation of the processing of your personal data, please send an email to Coosto at the address below.
Coosto will take care of your question or request and will get back to you as soon as possible. It may be that Coosto requires additional information to process your request. For example, in case of a request for access or removal, Coosto will want to be sure that you are, in fact, the person the personal data refers to, and Coosto will have to check whether the request is justified.

Correcting or removing information from (search results of) Coosto does not mean that the information from the internet has been corrected or removed. So it may be more effective to address your request to the original source in question. There also exists the possibility to file a complaint with the Dutch Data Protection Authority, ‘Autoriteit Persoonsgegevens’. You can find more information on how to do this on the website of the Autoriteit Persoonsgegevens.

Contact information Coosto

Coosto B.V.     
Kennedyplein 101       
5611 ZS Eindhoven    
+31 (0)40 249 27 00  
[email protected]

Contact information Data Protection Officer

Name: Victoria van Roosmalen
E-mail: [email protected]
Telephone number: +31 (0)40 249 26 13

Last updated: 13th of July 2022

Coosto may adjust this privacy statement from time to time. A modified privacy statement is applicable from the date as specified here.