Privacy Notice for Reditus

1. What Personal Data We Collect and For What Purpose

We process personal data for various purposes, in accordance with the principles of lawfulness, fairness, and transparency. The table below outlines the types of personal data we collect, the purposes of collection, the legal basis for processing, and how long we store your data:

2. How We Collect Your Personal Data

We use different methods to collect data from and about you, including through:

2.1 Direct Interactions:

You may provide us with personal information such as contact details, identifiers, financial data, and other categories when you:

• Apply for our products or services.
• Create an account with us.
• Subscribe to publications.
• Request marketing materials.
• Provide feedback or contact us through forms, post, phone, email, our website, or other means.

2.2 Automated Technologies or Interactions:

As you use our website and services, we may automatically collect technical, profile, and usage data, such as details about your device, browsing behavior, and usage patterns.

2.3 Third Parties or Publicly Available Sources:

• Online recruitment platforms or professional networks (e.g., work-related information).
• Publicly available sources providing identity and contact data.

3. Who Has Access to Your Data?

Your personal data is accessed by authorized personnel at Reditus and, where necessary, trusted third-party service providers who assist us in fulfilling the purposes mentioned above. These third parties may include marketing platforms, payment processors, IT service providers, and others, all of whom operate under strict confidentiality agreements.

We may also share your personal data:

• If required by law, regulation, or legal process;
• To protect our legal rights, prevent fraud, or comply with lawful requests;
• In connection with a merger, acquisition, or sale of all or a portion of our assets or in case of bankruptcy.

We ensure that access to your data is granted only on a need-to-know basis and is fully controlled and monitored.

3.1 Website and Hosting Services

3.2 Our Platform and Core Services

3.3 Internal Operations and Communication

3.4 Integrations (Client-Enabled)

3.5 Email, Marketing, and Outreach

3.6 Other Third Parties

4. Is Data Transferred Outside the European Economic Area (EEA)?

Some of our external third parties are located outside the EEA, meaning your personal data may be transferred to countries outside the EEA. To ensure your data is protected, we implement at least one of the following safeguards:

• The destination country has been recognized by the European Commission as providing an adequate level of data protection.
• We use specific contracts approved by the European Commission that ensure your personal data receives the same level of protection as within the EEA, such as Standard Contractual Clauses.

5. What Technical and Organizational Security Measures Are in Place?

We take the security of your personal data very seriously and implement appropriate technical and organizational measures to safeguard your information. These measures include:

• Data encryption (both in transit and at rest)
• Secure access controls and authentication procedures
• Regular security audits and vulnerability assessments
• Monitoring and logging of system access
• Employee training and awareness programs on data protection

In the event of a personal data breach, we will notify you and the relevant authorities as required by law.

6. What Are Your Data Subject Rights?

As a data subject, you have the following rights under the GDPR:

• Right to Access: You can request access to the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccuracies in your personal data.
• Right to Erasure: You can request the deletion of your personal data under certain conditions.
• Right to Restriction: You can request the restriction of processing your data under certain circumstances.
• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format when you have provided your personal data to us.
• Right to Object: You have the right to object to the processing of your data for direct marketing or other purposes based on legitimate interest.
• Right to Withdraw Consent: Where we rely on your consent, you can withdraw that consent at any time.

If you believe that we have not handled your data appropriately or you are unsatisfied with our response to your concerns, you have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. You can contact them via their website at www.autoriteitpersoonsgegevens.nl.

For data subjects in other countries, you can contact your respective national data protection authority.

We may ask for specific information to verify your identity and confirm your right to access your personal data (or exercise any other rights). This is a security measure to prevent unauthorized access to your personal data.

7. How Long Do We Keep Your Data?

When determining the appropriate retention period, we consider:

• The volume, nature, and sensitivity of the personal data.
• The potential risk of harm from unauthorized use or disclosure.
• The purposes for which we process your data and whether we can achieve those purposes through other means.
• Any applicable legal, regulatory, tax, accounting, or other requirements.

Once the retention period has expired, we securely delete or anonymize your personal data so that it can no longer be associated with you.

8. Use of Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your experience, analyze traffic, and provide personalized content. These may include:

• Essential cookies – Necessary for the website to function properly.
• Analytics cookies – Help us measure and understand how visitors interact with our site (e.g., via Google Analytics).
• Marketing cookies – Help us deliver more relevant advertisements and track campaign effectiveness.

When you visit our website, you will be given the option to manage your cookie preferences. You can also control cookies through your browser settings. For more information, see our Cookie Policy.

9. Third-Party Websites

Our Site may include hyperlinks to third-party websites, such as LinkedIn or Instagram. These hyperlinks are provided for your reference and convenience only, and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We are not responsible for the privacy practices or content of these third-party websites. You are encouraged to read their respective privacy notices for more information.

10. Privacy of Children

It is our policy to not collect personal data from any person under 18 because children are not permitted to use our services and our website and we request that children under the age of 18 not submit any personal data to us. If we learn that we have inadvertently gathered personal data from children under 18, we will promptly remove such information from our records. If you are a parent or guardian and believe we have collected personal information in violation of applicable data protection law, contact us at [email protected]. We will remove the personal information in accordance with applicable data protection law.

11. Updates to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our data practices, legal obligations, or operational requirements. If we make material changes, we will notify you via email (if we have your contact details) or via a prominent notice on our website prior to the change becoming effective.

The most recent version of this Privacy Notice will always be available on our website. We encourage you to review it regularly to stay informed about how we are protecting your data.

12. Contact Information

If you have any questions about this Privacy Notice or how we handle your personal data, please contact us: