Interpretation and Definitions
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
- Account means a unique account created for a client’s users to access our service or parts of our service.
- Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Application means the software program provided by the company downloaded by user on any electronic device, named Silatha
- Company (referred to as either "the company", "we", "us" or "our" in this agreement) refers to Silatha BV, Zacharias Jansestraat 47.
- Country refers to: Netherlands
- Device means any device that can access the service such as a computer, a cell phone or a digital tablet.
- Personal Data is any information that relates to an identified or identifiable individual.
- Service refers to the application.
- Service Provider means any natural or legal person who processes the data on behalf of the company. It refers to third-party companies or individuals employed by the company to facilitate the service, to provide the Service on behalf of the company, to perform services related to the Service or to assist the company in analysing how the service is used.
- Third-party Social Media Service refers to any website or any social network website through which a user can log in or create an account to use the service.
- Usage Data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).
- Client means the company, or other legal entity on behalf of which such individual is accessing or using the service, as applicable.
- User means the individual accessing or using the service as applicable.
Collecting and Using user Personal Data
Types of Data Collected
While using our service, we may ask users to provide us with certain personally identifiable information that can be used to contact or identify users. Personally identifiable information may include, but is not limited to:
- Email address
- First name
- Usage Data
Usage data is collected automatically when using the service.
Usage data may include information such as user’s device's internet protocol address (e.g. IP address), browser type, browser version, the pages of our service that users visit, the time and date of user’s visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When client’s users access the service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device users use, user’s mobile device unique ID, the IP address of user’s mobile device, user’s mobile operating system, the type of mobile Internet browser users use, unique device identifiers and other diagnostic data.
We may also collect information that the user’s browser sends whenever the user visits our service or when the user accesses the service by or through a mobile device.
Information Collection and Use
The app does use third party services that may collect information used to identify users.
Link to relevant privacy documentation of third party service providers used by the app. By using the app, you agree to be bound by this documentation.
Information from Third-Party Social Media Services
The company allows client’s users to create an account and log in to use the service through the following third-party social media services:
If the client’s users decide to register through or otherwise grant us access to a third-party social media service, we may collect personal data that is already associated with that user’s third-party social media service's account, such as user name, user email address, user activities or user contact list associated with that account.
Third party providers
We may share the client’s user’s personal data within Silatha and with third parties, including in accordance with the GDPR. Where we share user data with a third party data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing, in accordance with articles 26, 28 and 29 GDPR. Furthermore, where we share user data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) standard contract clauses approved by the European Commission, in order to cover such transfers, in accordance with articles 44 ff. GDPR.
We use Google Analytics, Firebase, Mailchimp and HubSpot as our third party service providers in order to collect and analyse data, create email distribution lists and manage marketing campaigns.
We use Amazon Web Services for the storage of the data to authenticate and secure all logins on the Silatha App. Under this contract, AWS certified it will not store any data outside the EEA.
Use of user Personal Data
The company may use personal data for the following purposes:
- To provide and maintain our service, including to monitor the usage of our Service.
- To manage user account: to manage user registration as a user of the service. The personal data of client’s users can give users access to different functionalities of the service that are available to the client’s users as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services clients have purchased for the users or of any other contract with us through the service.
- To provide clients and their users with news, special offers and general information about other goods, services and events which we offer that are similar to those that client have already purchased or enquired about unless client and users have opted not to receive such information.
- To manage the client’s and their user’s requests: To attend and manage user requests to us.
- For business transfers: We may use the client’s users information to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our service users is among the assets transferred.
- For other purposes: We may use client’s users information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our service, products, services, marketing and client’s and their users’ experience.
We may share users personal information in the following situations:
- With service providers: We may share the personal information of the users with service providers to monitor and analyse the use of our service, to contact users.
- With business partners: We may share client’s user’s information with our business partners to offer clients certain products, services or promotions.
- With other users: When users share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If the client’s users interact with other users or registers through a third-party social media service, user's contacts on the third-party social media service may see user name, profile, pictures and description of user activity. Similarly, other users will be able to view descriptions of user activity, communicate with users and view user’s profiles.
- With client and users consent: We may disclose user’s personal information for any other purpose with user consent.
Retention of client and users personal data
The company will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our service, or we are legally obligated to retain this data for longer time periods.
Deletion of users Personal Data
In accordance with the GDPR regulation client’s user can at any point request user data to be deleted within the app in the profile section within the settings option.
Transfer of client Personal Data
Client’s user information, including personal data, is processed at the company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of the client and their users state, province, country or other governmental jurisdiction where the data protection laws may differ from those from client’s and user’s jurisdiction.
Disclosure of user Personal Data
Under certain circumstances, the company may be required to disclose the client’s user’s personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The company may disclose client’s user’s personal data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the company
- Prevent or investigate possible wrongdoing in connection with the service
- Protect the personal safety of users of the service or the public
- Protect against legal liability
Security of client and users personal data
The security of the client's user’s personal data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect client and their users personal data, we cannot guarantee its absolute security.
Our service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If the user is a parent or guardian and the user is aware that the users’s child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.
If we need to rely on consent as a legal basis for processing user information and the user country requires consent from a parent, we may require the user’s parent's consent before we collect and use that information.
Links to other websites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
- By email: firstname.lastname@example.org
Data Processing Agreement
This Data Processing Agreement (the “DPA”) forms part of the agreement For Services (the “agreement”) between Silatha and client and client’s users. Terms used in the DPA have the same meaning as those used in the agreement, unless explicitly provided otherwise. If there are any conflicts or inconsistencies between the DPA and the agreement, the provisions in the DPA prevail.
Silatha supports companies to create an equitable workplace where women feel valued. Silatha does this two fold:
- By creating support groups for the women, in which they are assisted with peer-to-peer support, access to experts, coaching and mindfulness tools.
- Educating and knowledge sharing with the entire company to create awareness across all employees around taboo topics.
The Silatha app is a strong core product that is a supporting piece to the Silatha program.
In this DPA, “processing operations” means any action or set of actions relating to personal data (“personal data”), including in any case the collection, recording, organizing, retention, updating, modification, retrieval, consultation, use, provision by transmission, dissemination or any other form of making available, bringing together, linking together, as well as the shielding, erasure or destruction of personal data in the context of the user’s assignment to Silatha to make Silatha’s application (“app”) available for the benefit of the employees of the client. In this DPA, personal data means data such as: first name, last name, email address, job title, device ID, test results and telephone number. For purposes of high level continuous improvement of Silatha’s products and services and to reflect the ongoing development in our operation practices, with notice to client, Silatha may modify this DPA, but any modifications will not materially decrease Silatha's overall obligations during a subscription term.
The client has contracted Silatha to hold a workshop. This leads to the performance of processing operations as described in the agreement, as well as this DPA.
Silatha is not entitled to perform acts with regard to the personal data other than on the basis of written instructions from the client. Silatha will only process the personal data for the purposes stated in the agreement and Silatha guarantees that it will never exploit, use or otherwise process the personal data for its own (commercial) purposes. If a union or member state law applicable to Silatha requires it to process personal data, Silatha will notify the client of that legal provision prior to the processing, unless that legislation prohibits such notification for important reasons of public interest.
Silatha may outsource the processing operations to third parties, including affiliated companies or subcontractors. Sub-processors for user authentication and Amazon Web Services as a sub-processor for the hosting of our platform. The full list of sub-processors can be found in our data policy (https://Silatha.com/en/data-policy/). Silatha will ensure that these third parties are bound by all that is stipulated in this DPA. Silatha remains responsible for any act and/or omission of third parties engaged with.
Silatha will ensure that only those employees or other contractors of Silatha who are required to process the personal data will have access to the personal data. Silatha will adequately instruct these employees or other subordinates of Silatha and ensure that they are familiar with the responsibilities and obligations under this DPA and under applicable laws and regulations.
Silatha will, at the request of the client, make information available that is necessary to demonstrate compliance with this DPA as well as compliance with the applicable data protection laws and regulations.
At the request of the client and their users, Silatha will grant the user access to the personal data and respond to questions and requests from the client and their users in relation to the processing of personal data. Silatha will also, within 2 (two) weeks after request from the client or users:
(i) provide a copy to the client and their users of all personal data or personal data concerning a specific person that is in its possession or control, as well as a copy of all documents in which this personal data is included and an overview of all systems in which this personal data is included and all other processing of this personal data that is carried out by Silatha, in such a format as the client or their users reasonably requests;
(ii) delete, block or correct certain personal data in accordance with the instructions of the client and their users;
(iii) record non-compliance with specific requests for deletion, blocking or correction and the reasons for this.
Notifications of Disclosures
Silatha will notify the client and users within 72 (seventy-two) hours if a competent authority has made a legally binding request for the provision of the personal data, unless Silatha is not permitted to notify the client and users of this, such as in the event of a criminal injunction to maintain the confidentiality of any law enforcement investigation.
Silatha will notify the client and their users within 72 (seventy-two) hours if it receives a request from a data subject with regard to the personal data, including but not limited to a request for access, rectification, erasure or restriction of processing, data portability, and/or an objection to the processing. Silatha will assist the client and their users in fulfilling its duty to respond to requests to exercise the rights of data subjects by means of appropriate technical and organizational measures.
Silatha will inform the client and the users if at any time it is not (any longer) able to fulfill its obligations under this DPA or if it foresees that it is not (any longer) able to do so in the near future. The client and their users can then decide to (i) with immediate effect stop providing personal data to Silatha, (ii) to instruct Silatha to suspend the processing activities until the moment Silatha is again able to properly fulfill the obligations under this DPA, or (iii) to terminate this DPA with immediate effect.
Silatha will maintain strict confidentiality with regard to the personal data and will guarantee that the persons authorized to process the personal data will maintain confidentiality or are bound by an appropriate legal obligation of confidentiality. Silatha will also ensure that it has taken measures to ensure that no more persons have access to the personal data than necessary, and that every natural person acting under the authority of Silatha, and has access to the personal data only uses it to fulfill the agreed purpose, unless the natural person is bound by union or member state law to do otherwise.
Silatha will notify the client and the users if, in the opinion of Silatha, an instruction from the client or the user is in conflict with the applicable laws and/or regulations, including but not limited to the applicable data protection laws and regulations, or if an upcoming change in applicable laws and regulations are likely to have a negative effect on the way in which Silatha will be able to fulfill obligations under this DPA.
Notifications of data breaches
Silatha will notify the client and the users in writing within 48 (forty-eight) hours of becoming aware of a suspected or actual breach in connection with personal data (a “data breach”), including but not limited to an actual or suspected unauthorized access, disclosure, use, loss, damage or destruction of the personal data by a current or former employee, contractor or agent of Silatha or by any other person or third party. Silatha will provide the client and the users with full assistance in fulfilling the obligations of the client and their users in this respect, such as assisting, if requested, with reporting to the supervisory authority and/or the data subject(s).
Silatha will timely assist and support the client and their users in the event of an investigation by a supervisory authority, if and insofar as that investigation is related to the processing of Personal Data as referred to in this DPA.
Silatha will at all times provide the client and their users in a timely manner with the fulfillment of its obligations under Article 32 to 36 of the GDPR, including but not limited to the obligations of the client and their users with regard to the security of the processing and the performance of data protection impact assessments.
Applicable legislation and regulations
Silatha will comply with its obligations under this DPA as well as from all applicable laws and regulations, including but not limited to the GDPR, and hereby accepts all (future) obligations that will ensue from this.
Technical and organizational measures
Silatha will take adequate technical and organizational measures to secure the personal data and will apply a security level that guarantees the confidentiality of the personal data and guarantees that the personal data is protected against loss, alteration, destruction, disclosure or access, and furthermore against all other forms of unlawful processing of the personal data. Taking into account the state of art and costs of implementation of these measures, these measures will guarantee an appropriate level of security in view of the risks associated with the processing and the nature of the personal data to be protected.
Processing outside the EEA
Without the prior written consent of the client and the users, Silatha will not process any personal data, or have it processed, outside the European Economic Area and/or the European Union.
Term and termination
This DPA will enter into force on the same date as the agreement between Silatha and client the users, and will remain valid for 6 (six) months after termination of the agreement.
Either party can terminate this DPA prematurely by giving notice of termination of the DPA in writing with due observance of a notice period of 3 (three) months. The party that terminates the DPA does not owe the other party any compensation in connection with the termination, with the exception of the fees as stipulated in the agreement between Silatha and client.
If one of the following cases occurs with regard to a party, this DPA will be terminated with immediate effect and by operation of law without notice of default being required and without the parties owing each other any compensation:
(i) the party has ceased exist or has been dissolved;
(ii) the party has been declared bankrupt or has been granted a moratorium on payments, whether or not temporarily;
(iii) the party has applied for a suspension of payments or that party is granted a suspension of payments;
(iv) the party is placed under administration.
Return of Personal Data
If this DPA ends, or if the client or any user, requests the cessation of the processing activities, or if the retention period of the personal data of 2 (two) years has expired, Silatha will cease the processing activities with regard to the personal data with immediate effect and it will, on its own accord, without delay, but no later than within 4 (four) weeks, return all documents and other information carriers, including copies thereof, containing personal data, to the client or user.
Insofar as personal data is stored in a computer system of Silatha or is recorded in another form that cannot reasonably be given to client or their users, Silatha will destroy that personal data, subject to other instructions from the client or their users, unless Silatha is obliged to store the personal data on the basis of an EU or member state law.
Governing law and jurisdiction
This DPA is exclusively subject to Dutch law. Applicability of the Vienna Sales Convention is expressly excluded.
All disputes arising in connection with this DPA , including disputes about its existence and validity, will be settled by the competent court in Amsterdam.
This DPA is not transferable by either party, except with the prior written consent of the other party.
This DPA can only be amended or supplemented in writing and with consent of both parties.