Privacy Notice

Who we are

We are Faktor B.V. We are based at Herengracht 244, 1016 BT Amsterdam. You can contact us at

We process your personal data when you do business with us, work or apply to work with us or visit our site. You can find more information in this privacy notice or check our cookie notice if you are interested in how we run our site.

Types of data we collect

If you browse our main website
  • Technical data to load the page you want to visit

For example, your ISP, screen resolution, the device make/model, operating system of its version, country or city you are coming from (not derived from the IP address). We do not store full IP addresses or referrer URLs.

  • Data on how you use our website

We combine the information above to make conclusions about your use of the site, for example to see how long you stay on our pages or the pseudonymised IP address of your device.

We use a number of third party resources on our site, for details please refer to our cookie notice.

If you are our current or potential client
  • Contact details

Such as your name, email, phone number, job title, company you work for; if you fill in the request forms on our site or share with our HubSpot chatbot.

  • Passive usage data

When you interact with our websites, we see your login details, your time zone, visit time stamp and device details such as browser type and version.

We place a conversion pixel in our email communication sent via HubSpot to know if you opened the email.

We also sometimes use HotJar to make sure that our freshly rolled out tools and services work as expected, create heatmaps and test the user experience. When this is the case, we collect your URL clickstream on our sites, mouse movements, etc. for a limited amount of time. We will always provide you with additional information when such data collection is going on.

  • Active usage data

Such as your feedback, questions and comments asked via email, Service Desk or phone.

  • Invoicing information

Such as bank account number, credit/debit card details, etc. Usually these data are not related to a person, but it can happen that they reveal name or job title of your company’s financial contact.

If you are applying to work with us
  • Contact details

Such as your name, email, phone number, address.

  • Information about your professional background and experience

Usually this is something you would share with us via a CV.

  • Other information you provide us with

For example, your photo if attached to the CV.

If you spotted our cookie consent tool on one of the websites of our clients
  • Visit and consent details

We might keep information like your visit timestamp, site visited, your audit ID and details about your consent choices made via our tool. Some of our clients do not use our storage services for keeping this information, so it could be that we do not have it.

UPD 4/01/2019: In any case, we do not disclose or further process this information outside of the agreements made with our clients. This means that we only provide our clients with the tool you see on sites and make sure it works as it is supposed to.

If you have further requests about your personal data processing by these websites, please reach to them directly. We only providing our services to them and we cannot handle these requests on our own.

Types of data we DO NOT collect

  • Sensitive data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning your sex life or sexual orientation.
  • Children’s data. We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us at

We also do not do profiling and we do not buy or sell data collected via our products and services.

We use personal data for these reasons

1. To keep our business running

This includes business administration like managing your requests (for example, sending you proposals or responding to your job applications), doing sales analysis and ales forecast, processing invoices and payments, storing communication with clients or partners on email servers and on the cloud, complying with laws like Dutch taxation law.

Legal basis: contract; legitimate interest; legal obligation

2. Security and fraud prevention

Pseudonymisation unless an attack is spotted (user is blocked in case of an alleged attack), restricted access to the log files.

3. To do customer support

This includes keeping our clients updated about our services and products, notifying them of changes, solving issues via phone, email or Jira Service Desk tool. We might also do some analytics based on your Service Desk tickets and requests.

Legal basis: contract; legitimate interest

4. To improve our current products and develop new ones

UPD 4/01/2019: This affects data we need for testing our software and websites, adding or removing features, optimising traffic and creating heat mapping. Please refer to our cookie notice to see details about measurement and analytics we do on our websites.

Legal basis: contract; legitimate interest; consent

5. To provide clients with our products and services

We will use your data for this purpose if you are our customer or considering to become one. For example, we would do authentication and login management.

If you become our client we will send you regular product updates and release notes. If you no longer wish to receive those please contact us at or use the “Unsubscribe” button on the bottom of each email.

Legal basis: contract, legitimate interest

6. Marketing and maintaining client base

We will send you emails about new products, features and services and other promotional content.

UPD 4/01/2019: If you are our customer or we have previously been in sales conversations with you, we will send you these emails about our own services without explicitly asking for your permission to do so. If you no longer wish to receive those please contact us at or use the “Unsubscribe” button on the bottom of each email.

UPD 4/01/2019: We store some emails with the potential clients on HubSpot to automate and optimise prospect management (such as creation of reminders for follow-up emails and logging of the important agreements), run additional analytics (for example, to see when the email was opened or if it went to spam). The email status tracking via a conversion pixel (opened/went to spam) is performed in three cases: when you send a “Schedule a demo request” via the website, during the sales negotiations and when we send cold marketing emails. The email logging in HubSpot is switched off by default, we turn this function on manually to store specific emails; those emails are always relevant and important for our commercial relationship records with your company.

UPD 4/01/2019: We also sometimes send cold marketing emails to companies we think could be interested in our products and services. We use emails and contacts available via the corporate websites of those companies as we believe that privacy and data protection managers could benefit from using our services. We use the opened/went to spam analytics from HubSpot on those emails to measure the success of those emailing campaigns. We will follow up 2 times if you do not respond and never bother you again after that. If you respond and we enter into a sales negotiation with you, we will log the most important emails (for example, meeting summaries and agreements) via HubSpot.

UPD 4/01/2019: In general, you can assume that we will create a HubSpot user entry for you if you have ever been in touch with us, so all our marketing and some of the sales communication is done via HubSpot.

Legal basis: consent, legitimate interest

Your privacy choices

You can choose not to provide us with personal data where it is based on consent. For example, you can turn off cookies in your browser by changing its settings. Please refer to our cookie notice to find out more about data collection on this site.

You can also ask us to stop sending you direct marketing communication. Usually we ask for your permission before sending you any marketing communication, unless you are our customer. In this case we will be sending you making communication for the services you are purchasing from us and we will always give you an opportunity to opt out of our marketing emails via the “unsubscribe” functionality. You can also reach us at if you have additional questions or concerns.

Your rights

You can exercise your rights by sending us an email at or mailing us at Herengracht 244, 1016 BT Amsterdam, Faktor B.V.

You have the right to know what information we hold about you; you can also get a copy of that data, ask us to correct or remove it and demand us to refrain from further processing of your information. Rights to data portability (export) and erasure are not absolute, so we might not act upon such requests if there are overriding circumstances. However, we will always let you know when this is the case and provide you with as much further information as we can.

You have the right to complain about our use of your data. Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address your complaint to the Dutch supervisory authority Autoriteit Persoonsgegevens:

How secure is the data we collect

We take technical and organisational measures to make sure that your data is safe with us. For example, we use encryption on our sites, two factor authentication for our internal tools, we have a password expiration and monitoring policy, allow only authorised employees to access your data based on “need to know” principle.

Who we share your data with

We use external service providers. We have signed data processing agreements with them, so they are obliged to keep your data secure and confidential.

Here is the current list of the companies we use in our data processing:


Service providerSafeguards for data transfersPurposeLocation of processing
Amazon Web Services, Inc., USAEU-U.S. Privacy ShieldWe use AWS for hosting our services and tools, including this websiteIreland, Germany

Security and user authorisation

Service providerSafeguards for data transfersPurposeLocation of processing
Cloudflare, Inc., USAEU-U.S. Privacy ShieldWe use Cloudflare to monitor the traffic on our websites to block and prevent security threatsUSA
Amazon Web Services, Inc., USAEU-U.S. Privacy ShieldWe use AWS for authorising user access to our servicesIreland, Germany

Communications and client management

Service providerSafeguards for data transfersPurposeLocation of processing
Hubspot, USAEU-U.S. Privacy ShieldWe send release notes and marketing communication via Hubspot, which is also our CRM tool.USA
Google, USAEU-U.S. Privacy Shield, Standard contractual clausesWe use Google for our email communicationsUSA
Atlassian, USAEU-U.S. Privacy ShieldOur Service Desk tool is provided by AtlassianUSA
Slack Technologies, Inc.EU-U.S. Privacy Shield, Standard contractual clausesMessaging and communicationUSA

Information storage:

Service providerSafeguards for data transfersPurposeLocation of processing
Google, USAEU-U.S. Privacy Shield, Standard contractual clausesWe use Google’s G Suite as our workspaceUSA


Service providerSafeguards for data transfersPurposeLocation of processing
Harvest, USAEU-U.S. Privacy ShieldWe manage our older invoices and do time tracking via HarvestUSA
Chargebee, Inc.Standard contractual clausesWe manage our invoices for the Privacy Analytics service via ChargebeeUSA
ChargifyStandard contractual clausesWe manage our invoices for the Privacy Manager service via ChargifyUSA

Website management:

Service providerSafeguards for data transfersPurposeLocation of processing
Hubspot, USAEU-U.S. Privacy ShieldWe use HubSpot for the contact forms on our siteUSA
Hotjar LimitedNot needed because they are in the EUWe sometimes use HotJar’s services to test usability of our client sitesMalta?
Amazon Web Services, Inc., USAEU-U.S. Privacy ShieldWe use AWS for hosting all our sitesIreland, Germany

How long do we store data for

We do not store personal data for longer than necessary unless we are obligated to do so by law. We have different storage policies for different types of data, for example:

  • We keep information of our former clients for 2 years to have a chance to follow up on new business opportunities.
  • If you want to work at Faktor, we will keep your application details for 4 weeks, unless you give us a permission to keep your CV for longer, in which case we’ll keep your data for up to 1 year.
  • If you are our client and you use our products and services, we will keep the data coming from those tools and services for as long as the contracts are running, unless our contract with you has a different timeline in it.

Cookie notice

Privacy notice updates

We will update this notice from time to time. In case if we change our processing operations we will update this document, making a notification on our site. Previous version of this privacy notice is available here.

Contact details

You can find us in Amsterdam, our full address is: Herengracht 244, 1016 BT Amsterdam, the Netherlands; we are Faktor B.V.

You can also contact us by email at

Our supervisory authority for personal data processing is Autoriteit Persoonsgegevens in the Netherlands (