Privacy statement Lynxx

Latest update on 9 June 2022

In order to be of service to you, we process (personal) data from you. Lynxx believes that privacy is a fundamental human right and therefore Lynxx treats your personal information carefully. In this privacy statement, you will read how we process your data and what we use it for.

Lynxx is responsible for processing your personal data as covered in the General Data Protection Regulation (GDPR or AVG).

Please read this privacy statement before you use our services. By using our services you agree to the contents of this privacy statement. In order for you to understand how a third party EUP treats or processes your data, please check their privacy policy or privacy statement.

We have structured our privacy statement as follows: 
A. Lynxx’s Privacy Principles
B. General Privacy Rules
C. With whom we share your data
D. Cookies
E. Analytics
F. Retention period
G. Security
H. Your rights
I. Questions
J: Amendments

A. Lynxx’s Privacy Principles

We design our products and services guided by our four key privacy principles:

• Data Minimization Collecting: only the minimum amount of data required to deliver what you need for a given service.
• User Transparency and Control: making sure that users know what data is shared and how it is used, and that they can exercise control over it.
• Privacy by design and default: protecting user privacy and minimizing data collection.
• Security Hardware and software: working together to keep data secure.

Through these four principles, Lynxx’s goal has always been to let users share data as they wish, in a way that is safe, and they understand and control.

B. General Privacy Rules
Above all, Lynxx complies with the requirements of the relevant and applicable privacy legislation. We carefully manage our client’s data. And we will continue to do that, whilst looking for the best way to provide our services as quickly and easily as possible.

B.1. What personal data do we process and what are we using that data for?
We collect (personal) data and information, which data we process for different purposes.

Per different purpose and different service, we only collect and process data and information which is required for the specific purpose or service. In case collection and processing of any of the below mentioned information and data is not required, we will not collect, process and/or use such information and data.

B.1.1 Personal information
We always collect your IP address.

B.1.2 Location data
We collect the GPS location and IP address of your operating system when the website runs, to determine your location.

B.1.3 Communication data
When subscribed to the emailing list, you agree with the following terms. This does not apply to support queries made through our Contact page. Only with your permission, we use your email address:

• for sending newsletters and other marketing communication. You can always unsubscribe from a newsletter. The newsletter provides a cancellation opportunity that you can click. You can also withdraw your consent via your account in the app.

B.1.4 Activities data
We will keep your activity on the website to:

• provide you with user support.
• observe how our service functions, how we can improve and maintain it.
• solve software and operational issues.
• perform tests and research.
• monitor and analyse usage and activity trends.

B.2. Legal basis for processing your personal data
Personal data may only be processed if there is a legal basis for this (rule of law).

B.2.1 Unambiguous consent
The basis we use for processing your location data is your unambiguous consent (Article 6, paragraph 1 sub a AVG).

By actively giving permission to Lynxx to process your location data, you consent to the processing of your data by Lynxx as described in this privacy statement.

In order for you to understand how a third party EUP treats or processes your data, please check their privacy policy or privacy statement.

If you are younger than 16 years old, then you may only provide personal data to Lynxx if your parent(s) or legal guardian(s) have read this privacy statement and have given permission for you to accept them. Taking into account the available technology, we make a reasonable effort to check whether your parent(s) or legal guardian(s) have actually given permission.

Of course, you can always withdraw your consent by sending us an e-mail. We disconnect your data and remove your personal data from our databases and administration. This right (to withdraw your permission) relates to future processing of your personal data and not to the personal data we have already processed. We cannot provide our services without processing your data.

B.2.2 Execution of the agreement
The basis we use for providing your data to the relevant carrier is based on the execution of the agreement. Personal data is provided to the relevant carrier before making a ticket in order to execute the agreement with you.

B.2.3 Legitimate interest
The basis we use for processing your activity data is necessary for the legitimate interest of Lynxx (Article 6, paragraph 1 sub f AVG). Processing this data is necessary for us to operate and improve our service. We process this data at such an aggregated level that it has minor consequences for the user.

C. With whom we share your data

C.1.1 For the operation of the service
For the operation of Lynxx, Lynxx stores your data with a number of parties inside and outside Europe.

Amazon Web Services is hosting our data. This party, which operates within the EU, has an appropriate level of protection for the processing of personal data within the meaning of the GDPR.

Groove Networks LLC, based outside the EU, handles our support questions. This party states to comply with GDPR. This means that there is an appropriate level of protection for the processing of any personal data.

We make use of Bugsnag as an error monitoring solution. All personal data collected via or by Bugsnag is stored on servers located in the United States. Please note that although the Court of Justice of the European Union has invalidated the EU-US Privacy Shield Framework as a mechanism for transfers of Personal Information between the EU and US in Case C-311/18, Bugsnag remains committed to complying with the Privacy Shield Principles.

We log performance and debugging data to ElasticSearch. This party, which operates within and outside the EU, has an appropriate level of protection for the processing of personal data within the meaning of the GDPR.

Furthermore, Google services are used by us. See E. Analytics for more information on Google services.

The website of Lynxx also contains links to other websites of third parties. Lynxx is not liable for hyperlinks or other references from the websites of third parties, nor for the way in which those third parties deal with personal data. We advise you to consult the privacy policy or privacy statement of the relevant website for more information.

D. Cookies
We use various types of cookies on our website. A cookie is a simple small file sent to pages from this website and stored by your browser on your device. The information stored therein can be used in a subsequent visit to make access to the website easier for you. For example, by loading your personal preferences. We require your permission for the use of a number of cookies. You can give this on your first visit to our website. For more information see our cookie policy via Privacy settings on our website.

If you do not want us to use cookies, you can choose from your browser for the “cookies off” option or ask your browser provider for the correct settings.

E. Analytics
Via our website, a cookie is placed from the United States based company Google, as part of the “Analytics” service. We use this service to keep track of and report on how visitors use the website.

In our app we use Google Firebase, as part of the “Analytics” service to keep track of and report on how visitors use the app.

Google may provide this information to third parties if Google is required to do so by law, or in so far as third parties process information on behalf of Google. We have no influence on this process. We have not allowed Google to use the analytics information obtained for other Google services.

The information collected by Google is as anonymized as possible. Your IP address is expressly not provided. The information is transferred to and stored by Google on servers in the United States. As of July 16, 2020, Google no longer relies on the EU-U.S. Privacy Shield to transfer EEA and UK personal information to the U.S. but they continue to apply the Privacy Shield Principles to personal data  received by them from the EEA and UK in reliance on the Shield. This implies that there is an appropriate level of protection for the processing of any personal data.

F. Security
Lynxx will take appropriate, state-of-the-art technical and organizational security measures to provide adequate safeguards for the security, integrity and availability of its data. This also applies to the information to be added, extracted and / or derived from it. Lynxx will protect both input and output against loss, theft or any unlawful and / or unauthorized form of processing. Lynxx has an ISO 27001 certification.

G. Your rights
If you use the Lynxx website and you want to use the rights below, please send an email to info@lynxx.com. We will process your request as soon as possible, but no later than one month after receipt. 

Access to your data
As a customer you have the right to access your personal information. This means that you can ask us which information is registered for you and for what purposes this information is used.

Correction of your data
As a customer you have the right to have your personal information corrected, if our registration does not appear to be correct. This also applies if the data is to be supplemented or modified.

Right to be forgotten
As a customer you have the right to have your personal information removed. This means that we remove your personal information from our systems. Your data may still be anonymized and / or aggregated in various management reports.

Right to object
As a customer you have the right to object to the processing of your personal information. We will address your objection, if provided with reasonable substantiation, and respond to you as soon as possible.

Right to data transfer
As a customer you have the right to portability of your personal information. This means that we can make your personal data available in standard file format so that you can reuse it.

H. Questions

Should you have any specific questions or comments about our privacy statement, please contact info@lynxx.com. You can also submit your questions about access, correction, forgotten, objection and removal of your data to info@lynxx.com. Alternatively, you may also send any communication to:

Lynxx
Attn: Privacy Officer
Stationsplein 61
3818 LE Amersfoort
The Netherlands

Should you have questions about the services provided by Lynxx, you can contact support@lynxx.com.

If you are of the opinion that Lynxx is not acting in accordance with the applicable privacy legislation and this privacy statement, you can submit a complaint about this to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). We kindly ask you to report this to us as well so that we can take immediate action.

I. Amendments
Our services are constantly evolving, which means that the way we process data, as well as which and how much data we process, can change. We therefore reserve the right to adjust this privacy statement. To see if a change has taken place, our privacy statement at the top always includes the last date on which it was changed. If necessary, we will actively inform you about a change.