Privacy statement

In this privacy statement, we explain how we, at Coosto, treat your personal data and how you can exercise your concerning rights.


Introduction – Coosto, data and personal data

Coosto is a content & social media marketing tool, designed to help organizations get better results from content. We’re offering practical solutions for every stage of the content marketing process: our customers are relying on Coosto to come up with content, distribute content to social media, manage their community, and monitor and report all results. Among others, Coosto offers a search engine to search through public information.

To make this possible, Coosto collects public data. This may also include personal data. Personal data includes information that, directly or indirectly, regards a specific individual.

In addition, Coosto processes certain personal data of customers so as to properly conduct the provision of services to them. This can regard the name and contact information of the customer or of the contact person acting on behalf of the customer, the address (for example for training visits, customer-relation maintenance, and satisfaction surveys), email address (optional when registering through the website), phone number and bank information (for payments). In addition, Coosto uses personal data which is filled out on the contact page of this website, so requests submitted through this page can be handled correctly. For that purpose, name, email address, and phone number are requested. As indicated below under the heading ‘Transfer of data to third parties’, we do not share this personal data with third parties.

For the processing of personal data which Coosto conducts at its own initiative, such as the processing of our own customer data, Coosto is considered the ‘controller’ in the sense of privacy legislation. This means, in short, that Coosto (formally: Coosto B.V.) as a company is responsible for compliance with this legislation. In addition, Coosto may be ‘processor’ for certain operations on personal data in the sense of privacy regulations. For those services the customers of Coosto are the controllers.


Sources and types of personal data

Coosto collects data from various information sources, such as social media, news sites, blogs and fora. It always regards public information, that is, data that has been shared online actively and which can be found with a standard internet search engine, or by visiting the relevant websites. Coosto does not collect shielded information.

Some public data is provided to Coosto for which we collaborate with suppliers of this data. We make arrangements with these suppliers to make sure that this takes place in conformity with the privacy regulations, their own privacy policie,  and applicable user conditions.

Examples of personal data which may appear in public information are (profile) names, (profile) pictures, public account information, location information (in case these are shared, and possibly other personal data included in messages. The visibility of a possible username, profile picture, or other personal data in Coosto does not only depend on whether this is public information. Public information is also anonymized if it does not align with the intended uses of Coosto. For example, comments on Facebook and Instagram pages that are not managed by our customers are always anonymized, and those users are displayed as "Anonymous user" with an empty profile picture.

More privacy-sensitive personal data, such as information about someone’s health or political convictions, is called sensitive personal data. Since Coosto only uses public sources, this type of information is only collected in the event someone has shared this online proactively. Coosto is, however, reticent with the use of such personal data. If we do use such data, for example for publication on our blog, we always make sure the data is anonymized.

Furthermore, Coosto has taken as many technical and organizational measures as possible to make sure that when information is removed, shielded, or updated, it no longer appears in search results or is replaced with the updated version. In short, our software keeps social media messages up to date. Users also have the option of deleting data of their choice in their own environment.


Use of data

Coosto collects data to render public sources searchable for users to help organizations explore the impact of their content and measure their earned media. Coosto helps customers to create better content and perform measurably better in terms of brand awareness, brand preference, customer loyalty, and online conversions. In legal terms, Coosto appeals to the justified interest of Coosto and its users to make this possible.

Coosto is also used for statistical applications by organizations such as educational and research institutions, non-profit organizations, municipalities, and students. 

All users are bound by the terms of use of Coosto and of the various social media platforms. Government users are bound by additional terms, such as with the so-called “use case”. This use case is tested against legal conditions and terms of use of Coosto and the social media platforms. This explicitly prohibits unethical use such as surveillance. Amongst many others, the actual usage by users is also monitored on these terms.

People posting online messages have an interest in having their privacy protected. Coosto respects the importance of privacy. You can have your personal information at Coosto removed (read more below), Coosto respects the privacy settings of all social media platforms, makes arrangements with collaborators, customers, and suppliers regarding privacy. Furthermore, Coosto has taken various measures to warrant a safe IT infrastructure.

Coosto saves data, among which personal data, only as far as is necessary to provide its services. We do not archive any social media messages but show them via a click-through link, only for the time being that these are online. When a source is deleted, our links do not work as well anymore. Additionally, Facebook messages older than one year are deleted. 

On the website of Coosto, we offer you the possibility to use our web chat functionality. When personal data is filled in by you, we receive the right to use this data as it is necessary to help you the best way we can.  


Transfer of data to third parties

Coosto does not transmit data, including personal data, to third parties, except for how is stated here. Access to data has been limited as much as possible within the Coosto organization. If our marketing department researches a certain trend, data is always anonymized so it cannot be traced back to individuals.

In addition, under the user’s conditions of Coosto, users have access to collected public data  under applicable laws and regulations such as the GDPR, our terms of use, and those of the social media platforms. We show search results with a link to the original source.

We host the Coosto software and data ourselves on secured servers in the Netherlands. It is our policy to limit working with third parties and to only use them if their specialization is strictly necessary to support our business processes. These collaborations are limited to large, trusted players within the European Economic Area, to countries for which the European Commission has determined to comply with adequacy decisions, or to parties that guarantee privacy through standard contractual clauses. 


Protection of data

Coosto is, among others, regularly tested for compliance with ISO 27001 and takes extensive measures to protect the data, including personal information.

We will specify some:

  • Data is exclusively made available on a need-to-know basis to specific roles within the organization, so they can exercise their functions;
  • For multiple functions, screening by an independent party is required;
  • Within the entire organization, the privacy-by-design principle is applied, both at the level of policy and that of procedures, which comprises aspects such as access security, the separation of environments, encryption, monitoring, and auditing;
  • Periodically, penetration tests and scans are carried out by independent parties to check on potential vulnerabilities;
  • We work with a TierIV data centre in the Netherlands with various relevant certifications.


Questions and rights

If you have further questions about how Coosto handles your personal data or if you wish to peruse it, want to request correction or removal of it, or if you want to submit a request for the limitation of the processing of your personal data, please send an email to Coosto at the address below. 

Coosto will take your question or request into consideration and will get back to you as soon as possible. It may be, that Coosto requires additional information to be able to process your request. For example, in case of a request for perusal or removal, Coosto will want to be sure that you are, in fact, the person the relevant personal data refers to, and Coosto will have to check whether the request is justified and practicable. This is in the interest of all users of Coosto.

Correcting or removing information from (search results of) Coosto does not mean that the information from the internet has been corrected or removed. So it may be more effective to address your request to the website in question. There also exists the possibility to file a complaint with the Dutch Data Protection Authority, ‘Autoriteit Persoonsgegevens’. You can find more information on how to do this on the website of the Autoriteit Persoonsgegevens.


Contact information Coosto

Coosto B.V.
Kennedyplein 101
5611 ZS Eindhoven
+31 (0)40 249 27 00


Contact information Data Protection Officer

Name: Mrs. Victoria van Roosmalen
Telephone number: +31 (0)40 249 26 13

Last update: 17 January 2022

Coosto may adjust this privacy statement from time to time. A modified privacy statement is applicable from the date as specified here.

Page Type