Your privacy
In accordance with our ISO 27001 certification, we at Foleon believe that safeguarding personal data is of paramount importance in the execution of our activities. We, therefore, want to give you clear and transparent insight into how we process personal data from clients, contacts, and website visitors.
When processing personal data, we hold to the roles and regulations as stated in the General Data Protection Regulation (GDPR).
We have assigned a Data Protection Officer for any kind of inquiries related to our GDPR efforts, who can be contacted by email at legal@foleon.com. Foleon is the controller of your personal data. Foleon is registered with the Dutch Data Protection Authority.
Our role as a Controller
Personal data
Any reference to personal data refers to any information about an individual who is identified or identifiable.
There are various purposes for Foleon to gather, store, and process personal data, all aimed at maintaining and improving our level of support.
Security of personal data
Foleon ensures adequate security of the personal data that it holds, in line with the applicable legal requirements and guidelines.
Contact data storage limitation
Foleon stores personal data that it processes no longer than is necessary or required for the purposes of data processing and availability. We have a standard retention period of 90 days. Different standards apply to customer related information. If you would like further details of our data retention periods then please contact legal@foleon.com.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We gather personal data when a person is:
- Subscribing to our blog and/or news updates.
- Signing up for webinars and/or internal events.
- Requesting access to gated content assets.
- Starting a trial.
- Purchasing licenses and additional Products and Services.
- Communicating with our Client Services departments.
- Working in our editor and visiting our website.
We process personal data when:
- Working in the editor, for personalization and user experience optimization purposes.
- Following up on correspondences (live chat, email or phone inquiries).
- Informing clients about product and blog updates via owned media.
- Executing internal analyses for product development, market research, and user behavior research.
- Applying remarketing and display advertising features within Google Analytics and Google AdWords, as well as platforms like Facebook. We collect the data to inform, optimize, and serve ads based on someone's past visits to our website.
The following personal data is gathered and processed:
In our editor:
- When purchasing a license and/or additional services in our store, specific payment-related information is required to enable the purchase.
- When adding additional users to an existing account, we require the following user details: First name, last name, email address and telephone number.
- User activity, such as login frequency. This will help us to understand user engagement within the editor, enabling us to anticipate on a potential need for support.
Correspondence:
- Email and phone communications.
- Support requests created and resolved, via Intercom.
- Updates on given feedback of the product given through Intercom and/or Productboard.
- Chat threads, via Hubspot.
Trial request:
- We require a form completion, containing first name, last name, email address, phone number, company name, and industry before we send the activation link.
Blog and product subscriptions:
- Subscribing and unsubscribing from blog and product updates. Hubspot and Mandrill are the tools used to manage the subscription process.
- Email opens and clicks. Hubspot is used to record this.
Event subscriptions:
- For subscribing to webinars, learning sessions, internal events, and gated content, we require the following contact details: first name, last name, email address, and phone number.
Internal analyses:
- We gather anonymized data with Google Analytics and Microsoft Clarity. We use LogRocket to monitor user-specific data, but only when we have a client's opt-in in place.
Remarketing and display advertising:
- We use remarketing services (including Google, Meta, LinkedIn, and Reddit) to advertise on third-party websites to previous visitors to our site. This could mean we advertise to visitors who haven't completed a task on our site (for example, starting a trial but not finishing it). This could be in the form of an advertisement on the Google search results page, a post on LinkedIn, or a banner on Facebook.
How it works: These third-party vendors use cookies and tracking pixels to serve ads based on someone's past visits. This allows us to find "look-alike" audiences—new users with similar profiles to our existing visitors. Any data collected will be used in accordance with our own privacy policy and the privacy policies of the respective ad platforms.
Hashed Data: We may share hashed (encrypted) identifiers, such as email addresses, with our advertising partners to facilitate "Customer Match" or "Look-alike" targeting. This data is scrambled before upload so that the platform cannot identify the individual unless they already have that person in their database.
Your Choices and Opt-outs: You can set preferences for how these platforms advertise to you, or opt out of interest-based advertising entirely through the following links:
- Google: Google Ad Settings
- Meta: Facebook Ad Preferences
- LinkedIn: LinkedIn Advertising Preferences
- General Opt-out: You can opt out of most third-party behavioral advertising via the DAA Opt-Out Tool or Your Online Choices.
What happens if you don't provide us with your personal data?
Where we need to collect personal data because:
- we are complying with a legal or regulatory obligation, or
- we need it under the terms of a contract we have with you, or
- the information is necessary to enter into a contract with you
and you fail to provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to decline to provide services to you or enter into a contract with you, but we will notify you if this is the case at the time.
Purpose for Processing
We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- to comply with a legal or regulatory obligation.
- where it is in our legitimate interest or that of a third party. We will always make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our/a third party's legitimate interest.
- Performance of a contract to which you are a party to or to take steps at your request before entering into such a contract; and
- Consent, you can withdraw your consent at any time by contacting by following the opt-out links on any marketing communications sent to you.
| Purpose for processing | Data used | Scope | Legal basis relied on |
|---|---|---|---|
| Security Monitoring | Visitor IP Address | Visitor / Reader | We have a legitimate interest to keep our platform secure. |
| Access the platform | Firstname, lastname, email, profile picture, role | Customer | Performance of a contract with our customers. |
| Form submissions | The form submission of any input field the customer creates | Visitor / Reader | Performance of a contract with our customers. |
| Transactional emails to update customer about updates in the platform | Firstname, lastname, email, profile picture, role | Customer | Performance of a contract with our customers. |
| Content | Free form content | Any | Performance of a contract with our customers. Customer is free to upload any kind of content in the platform. We do not curate the content of our customers. |
Third-party disclosure
Foleon does not sell, trade, or otherwise transfer personal data to outside parties for commercial, charitable, or idealistic purposes. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others' rights, property, or safety.
Some of the third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of personal data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:
- We may transfer your personal data to countries that have been granted an adequacy decision by the European Commission confirming that the country in question provides an adequate level of protection for personal data; or
- We may use specific contracts approved by the European Commission which ensure that personal data is adequately protected. When we rely on this measure, we will conduct risk assessments and take appropriate measures to ensure that the third-party can comply with the provisions of such contracts and we have confirmed that the country to which the personal data is transferred to provides enforceable data subject rights and effective legal remedies for data subjects are available there; or
- a specific exception applies under applicable data protection law.
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law and the terms of the contract we have in place with them where they are our third-party service providers. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- Please contact us at legal@foleon.com if you want further information on how we transfer your personal data out of the EEA or you would like more information about the third parties we share your personal data with.
How do we use your personal data for marketing and how can you opt out?
We may use your Identity, Contact, Communications Data, Technical and Usage data to form a view on what we think you may want or need, or what may be of interest. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested marketing communications via our website.
You can ask us to stop sending you marketing communications at any time by following the opt-out links on any marketing communications sent to you or by contacting us at legal@foleon.com.
Your rights
Right to access
You have the right to request information about the personal data we hold on you at any time. You can contact us via legal@foleon.com, and we will provide you with your personal data via email.
Right to portability
Whenever we process your personal data by automated means based on your consent or based on an agreement, you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.
Right to rectification
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
Users within a Foleon account can edit their personal data, account data, and payment details in the profile, account, and store section.
Right to erasure
You have the right to erase any personal data processed by us at any time except for the following situations:
- You have an ongoing matter with customer support.
- You have an unsettled debt with us, regardless of the payment method.
- If you are suspected of misusing or have misused our services within the last four years.
- Your debt has been sold to a third party within the last three years or one year for deceased customers.
- Your credit application has been rejected within the last three months.
- If you have made any purchase, we will keep your personal data in connection with your transaction for bookkeeping purposes.
Your right to object to processing based on legitimate interest
You have the right to object to the processing of your personal data that is based on our legitimate interest. We will not continue to process the personal data unless we can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.
Your right to object to direct marketing
You have the right to object to direct marketing. You can opt-out from direct marketing by following the instruction in each marketing email.
Right to restriction
You have the right to request that we restrict the process of your personal data under the following circumstances:
- If you object to a processing based on our legitimate interest, we shall restrict all processing of such data pending the verification of the legitimate interest.
- If you have a claim that your personal data is incorrect, we must restrict all processing of such data pending the verification of the accuracy of the personal data.
- If the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead.
- If we no longer need the personal data but it is required by you to defend legal claims.
How can you exercise your rights?
Before we can process your request, we may need information from you to help us confirm your identity. This is a security measure to ensure that rights are being exercised by the correct person and to ensure that personal data is not disclosed to, erased by or altered by any person who has no right to do so.
We take data protection very seriously and therefore we have dedicated customer support personnel to handle your requests in relation to your rights stated above. You can always reach them at legal@foleon.com.
Right to complain to a supervisory authority
If you consider us to process your personal data in an incorrect way you can contact us. You also have the right to raise a complaint to a supervisory authority.
Do we use 'cookies'?
Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser.
What are cookies used for?
Foleon uses cookies to recognize a visitor's IP address, browser, operating system, source origin, applied search terms, and internal and external links clicked. These insights enable us to compile aggregate data about site traffic and site interactions, helping us to provide our visitors with better site experiences and tools in the future. We collaborate with trusted third-party services to help us that track this information on our behalf.
Cookies are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services.
Please see our cookie notice for details of the cookies we use on our website.
Feel free to reach out to legal@foleon.com if you would like to receive more information on how we use cookies on our website.
Complaint or remark about the use of personal data
We do our utmost to ensure the security of your personal data. However, if you do have a complaint or remark about our use of your personal data, because you feel that we don't handle your personal data carefully or because you have requested access to or correction of your personal data, but are not satisfied with the response, please let us know via legal@foleon.com so we can take appropriate action.
Our role as a Processor
Processor agreement
We enable organizations to share valuable content with their relations. We will process personal data solely for purposes of the storage, on our servers or those of third parties engaged by us, of the online magazines and/or forms created by or on behalf of the Processor. The Processor will not process the personal data for any purpose other than those established by the Controller. We have a Data Processing Agreement in place covering all aspects of processing personal data.
The applicable data processing agreement depends on the Foleon entity that is party to the customer contract. If the customer contracts with Foleon B.V., the Foleon B.V. Data Processing Agreement applies. If the customer contracts with Foleon Inc., the Foleon Inc. Data Processing Agreement applies.
Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
Foleon B.V.Transformaterweg 38-72
Amsterdam, Noord-Holland 1014 AK
The Netherlands
legal@foleon.com Cookie settings
