We explain in this privacy statement how we at Coosto treat your personal data and how you can exercise your concerning rights.
Introduction – Coosto, data and personal data
Coosto offers a search engine to search through public information. Users may deploy Coosto for their own provision of services.
To make this possible, Coosto collects public data. This may also include personal data. Personal data includes information which, directly or indirectly, regards a specific individual.
In addition, Coosto processes certain personal data of customers so as to properly conduct the provision of services to them. This can regard the name and contact information of the customer or of the contact person acting on behalf of the customer, the address (for example for training visits, customer-relation maintenance, and satisfaction surveys), email address (optional when registering through the website), phone number, IP-addresses and bank information (for payments). In addition, Coosto uses personal data which is filled out on the contact page of this website, so requests submitted through this page can be handled correctly. For that purpose, name, e-mail address, and phone number are requested. As indicated below under the heading ‘Transmission of data to third parties’, we do not share this personal data with third parties.
For the processing of personal data which Coosto conducts at its own initiative, such as the processing of our own customer data, Coosto is considered the ‘controller’ in the sense of privacy legislation. This means, in short, that Coosto (formally: Coosto B.V.) as a company is responsible for compliance with this legislation. In addition, Coosto may be ‘processor’ for certain operations on personal data in the sense of privacy regulations. For those services the customers of Coosto are the controllers.
Sources and types of personal data
Coosto collects data from various information sources, such as social media, news sites, blogs and fora. It always regards public information, that is, data which has been shared online actively and which can be found with a standard internet search engine, or by visiting the relevant websites. Coosto does not collect shielded information and therefore has a legitimate legal ground for processing this data.
Some public data is provided to Coosto for which we collaborate with suppliers of this data. We make arrangements with these suppliers to make sure that this takes place in conformity with the privacy regulations, their own privacy statements and applicable user conditions.
Examples of personal data which may appear in public information are (profile) names, (profile) pictures, public account information, location information (in case these are shared) and possibly other personal data included in messages.
More privacy-sensitive personal data, such as information about someone’s health or political convictions, is called sensitive personal data. Since Coosto only uses public sources, this type of information is only collected in the event someone has shared this online proactively. Coosto is, however, reticent with the use of such personal data. If we do use such data, for example for publication on our blog, we always make sure the data is anonymised.
Furthermore, Coosto has taken all the technical and organisational measures possible, to make sure that when information is removed, it will not reappear in search results. Users can also remove data themselves in their engagement environment.
Use of data
Coosto collects data to render public sources searchable for users.
Users themselves decide how and for what they use the Coosto software. They are bound by Coosto’s user conditions, though.
Coosto users can use the engagement module to search for questions about their product or service on social media in order to answer them. Through social media management & analysis, businesses and organisations can measure what the effectivity of their marketing campaigns is over the longer term or to detect market trends in order to anticipate to them and strengthen their brand. Coosto is also used for statistical applications by organisations such as educational and research institutions, non-profit organisations, municipalities, and by students. Coosto’s publishing service helps companies to manage their marketing campaigns. It allows them to plan when information will be rendered public and to measure response to it.
By making public information easily searchable, Coosto helps their customers making better decisions about their business strategies. In legal terms, Coosto appeals to the justified interest of Coosto and their users to make these decisions possible.
People posting online messages have an interest in having their privacy protected. Coosto respects the importance of privacy. You can have your personal information at Coosto removed (read more below), Coosto respects the privacy settings of all social media platforms, makes arrangements with collaborators, customers, and suppliers regarding privacy, and the information at Coosto Open (the limited, free Coosto service) is not available unlimitedly. Furthermore, Coosto has taken various measures to warrant a safe IT infrastructure.
Coosto saves data, including personal data, only to the extent it is necessary to have its services function well. Coosto does not archive complete messages, but only quotes which allow to click through to the original source. Once that source has been removed, the link to it no longer functions either.
On the website of Coosto, we offer you the possibility to use our web chat functionality. When personal data is filled in by you, we receive the right to use this data as it is necessary to help you the best way we can.
Transmission of data to third parties
Coosto does not transmit data, including personal data, to third parties, except for how is stated here. Access to data has been limited as much as possible within the Coosto organisation. If our marketing department researches a certain trend, data is always anonymised so it cannot be traced back to individuals.
In addition, under the user’s conditions of Coosto, users have access to collected public data. In Coosto Open, you can get an idea of what this looks like. We show search results with a link to the original source.
We host the Coosto software and data ourselves on secured servers in the Netherlands. It is our policy to limit working with third parties and to only use them if their specialisation is strictly necessary to support our business processes. These collaborations are limited to large, trusted players within the European Economic Area, to countries for which the European Commission has determined to comply with adequacy decisions or to parties that guarantee privacy through a Privacy Shield.
Protection of data
Coosto is regularly tested for compliance with ISO 27001 and takes extensive measures to protect the data, including personal information.
We will specify some:
- Data is exclusively made available on a need-to-know basis to specific roles within the organisation, so they can exercise their functions;
- For multiple functions, screening by an independent party is required;
- Within the entire organisation, the privacy-by-design principle is applied, both at the level of policy and that of procedures, which comprises aspects such as access security, the separation of environments, encryption, monitoring, and auditing;
- Periodically, penetration tests and scans are carried out by independent parties to check on potential vulnerabilities;
- We work with a TierIV data-centre in the Netherlands with various relevant certifications.
Questions and rights
If you have further questions about how Coosto handles your personal data or if you wish to peruse it, want to request correction or removal of it, or if you want to submit a request for the limitation of the processing of your personal data, please send an email to Coosto at the address below.
Coosto will take your question or request into consideration and will get back to you as soon as possible. It may be, that Coosto requires additional information to be able to process your request. For example, in case of a request for perusal or removal, Coosto will want to be sure that you are, in fact, the person the relevant personal data refers to, and Coosto will have to check whether the request is justified and practicable. This is in the interest of all users of Coosto.
Correcting or removing information from (search results of) Coosto does not mean that the information from the internet has been corrected or removed. So it may be more effective to address your request to the website in question. There also exists the possibility to file a complaint with the Dutch Data Protection Authority, ‘Autoriteit Persoonsgegevens’. You can find more information how to do this on the website of the Autoriteit Persoonsgegevens.
Contact information Coosto
5611 ZS Eindhoven
+31 (0)40 249 27 00
Contact information Data Protection Officer
Name: Mrs. Victoria van Roosmalen
Telephone number: +31 (0)40 249 26 13
Last update: 9 march 2020
Coosto may adjust this privacy statement from time to time. A modified privacy statement is applicable from the date as specified here.