In this privacy statement we explain how we, at Coosto, treat your personal data and how you can exercise your concerning rights.
Introduction – Coosto, data and personal data
Coosto is a marketing-communication tool, intended for organizations that want to improve their brand awareness or reputation, achieve more marketing conversions, or increase their customer satisfaction through online and social media. To this end, organizations can respond to questions and comments with the help of Coosto, reach their target audience via social media posts and improve their online communication by analyzing which themes around their organization or market are discussed. As such, Coosto offers a search engine to search through public information.
To make this possible, Coosto collects public data. This may also include personal data. Personal data includes information which, directly or indirectly, regards a specific individual.
In addition, Coosto processes certain personal data of customers so as to properly conduct the provision of services to them. This can regard the name and contact information of the customer or of the contact person acting on behalf of the customer, the address (for example for training visits, customer-relation maintenance, and satisfaction surveys), email address (optional when registering through the website), phone number and bank information (for payments). In addition, Coosto uses personal data which is filled out on the contact page of this website, so requests submitted through this page can be handled correctly. For that purpose, name, e-mail address, and phone number are requested. As indicated below under the heading ‘Transmission of data to third parties’, we do not share this personal data with third parties.
For the processing of personal data which Coosto conducts at its own initiative, such as the processing of our own customer data, Coosto is considered the ‘controller’ in the sense of privacy legislation. This means, in short, that Coosto (formally: Coosto B.V.) as a company is responsible for compliance with this legislation. In addition, Coosto may be ‘processor’ for certain operations on personal data in the sense of privacy regulations. For those services the customers of Coosto are the controllers.
Sources and types of personal data
Coosto collects data from various information sources, such as social media, news sites, blogs and fora. It always regards public information, that is, data which has been shared online actively and which can be found with a standard internet search engine, or by visiting the relevant websites. Coosto does not collect shielded information.
Some public data is provided to Coosto for which we collaborate with suppliers of this data. We make arrangements with these suppliers to make sure that this takes place in conformity with the privacy regulations, their own privacy policies and applicable user conditions.
Examples of personal data which may appear in public information are (profile) names, (profile) pictures, public account information, location information (in case these are shared) and possibly other personal data included in messages. The visibility of a possible username, profile picture or other personal data in Coosto does not only depend whether this is public information. Public information is also anonymized if it does not align with the intended uses of Coosto. For example, comments on Facebook and Instagram pages that are not managed by our customers are always anonymised, and those users are displayed as "Anonymous user" with an empty profile picture.
More privacy-sensitive personal data, such as information about someone’s health or political convictions, is called sensitive personal data. Since Coosto only uses public sources, this type of information is only collected in the event someone has shared this online proactively. Coosto is, however, reticent with the use of such personal data. If we do use such data, for example for publication on our blog, we always make sure the data is anonymised.
Furthermore, Coosto has taken as many technical and organisational measures possible to make sure that when information is removed, shielded or updated, it no longer appears in search results or is replaced with the updated version. In short, our software keeps social media messages up to date. Users also have the option of deleting data of their choice in their own environment.
Use of data
Coosto users can use the engagement module to search for questions about their product or service on social media in order to answer them. Through social media management & analysis, businesses and organisations can measure what the effectivity of their marketing campaigns is over the longer term or to detect market trends in order to anticipate to them and strengthen their brand. Coosto is also used for statistical applications by organisations such as educational and research institutions, non-profit organisations, municipalities, and by students. Coosto’s publishing service helps companies to manage their marketing campaigns. It allows them to plan when information will be rendered public and to measure response to it.
By making public information easily searchable, Coosto helps their customers making better decisions about their business strategies. In legal terms, Coosto appeals to the justified interest of Coosto and their users to make these decisions possible.
People posting online messages have an interest in having their privacy protected. Coosto respects the importance of privacy. You can have your personal information at Coosto removed (read more below), Coosto respects the privacy settings of all social media platforms, makes arrangements with collaborators, customers, and suppliers regarding privacy. Furthermore, Coosto has taken various measures to warrant a safe IT infrastructure.
Coosto saves data, among which personal data, only as far as is necessary to provide its services. We do not archive any social media messages but show them via a click-through link, only for the time being that these are online. When a source is deleted, our links do not work as well anymore. Additionally, Facebook messages older than one year are deleted.
On the website of Coosto, we offer you the possibility to use our web chat functionality. When personal data is filled in by you, we receive the right to use this data as it is necessary to help you the best way we can.
Transmission of data to third parties
Coosto does not transmit data, including personal data, to third parties, except for how is stated here. Access to data has been limited as much as possible within the Coosto organisation. If our marketing department researches a certain trend, data is always anonymised so it cannot be traced back to individuals.
We host the Coosto software and data ourselves on secured servers in the Netherlands. It is our policy to limit working with third parties and to only use them if their specialisation is strictly necessary to support our business processes. These collaborations are limited to large, trusted players within the European Economic Area, to countries for which the European Commission has determined to comply with adequacy decisions or to parties that guarantee privacy through standard contractual clauses.
Protection of data
Coosto is, among others, regularly tested for compliance with ISO 27001 and takes extensive measures to protect the data, including personal information.
We will specify some:
- Data is exclusively made available on a need-to-know basis to specific roles within the organisation, so they can exercise their functions;
- For multiple functions, screening by an independent party is required;
- Within the entire organisation, the privacy-by-design principle is applied, both at the level of policy and that of procedures, which comprises aspects such as access security, the separation of environments, encryption, monitoring, and auditing;
- Periodically, penetration tests and scans are carried out by independent parties to check on potential vulnerabilities;
- We work with a TierIV data-centre in the Netherlands with various relevant certifications.
Questions and rights
If you have further questions about how Coosto handles your personal data or if you wish to peruse it, want to request correction or removal of it, or if you want to submit a request for the limitation of the processing of your personal data, please send an email to Coosto at the address below.
Coosto will take your question or request into consideration and will get back to you as soon as possible. It may be, that Coosto requires additional information to be able to process your request. For example, in case of a request for perusal or removal, Coosto will want to be sure that you are, in fact, the person the relevant personal data refers to, and Coosto will have to check whether the request is justified and practicable. This is in the interest of all users of Coosto.
Correcting or removing information from (search results of) Coosto does not mean that the information from the internet has been corrected or removed. So it may be more effective to address your request to the website in question. There also exists the possibility to file a complaint with the Dutch Data Protection Authority, ‘Autoriteit Persoonsgegevens’. You can find more information how to do this on the website of the Autoriteit Persoonsgegevens.
Contact information Coosto
5611 ZS Eindhoven
+31 (0)40 249 27 00
Contact information Data Protection Officer
Name: Mrs. Victoria van Roosmalen
Telephone number: +31 (0)40 249 26 13
Last update: 23 april 2021
Coosto may adjust this privacy statement from time to time. A modified privacy statement is applicable from the date as specified here.