Privacy Policy

1. Introduction and Scope

This Privacy Policy applies to SampleSync ("SampleSync," "we," "us," or "our") and our Services that help you tag, catalogue, and monitor physical materials using QR-codes. We are committed to protecting your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other EU data protection laws.

This policy describes the types of personal data we collect, how we use it, the lawful bases for our processing, how we share it, and your rights regarding your data.

2. Information We Collect

We collect information that you provide directly to us, information automatically collected when you use our Services, and potentially information from third parties.

A. Information You Provide to Us:

• Account Information: Name, email address, password, company name/role.
• Material Data: Descriptions, specifications, images, project links, metadata you upload.
• Communication Data: Information you provide when you contact us for support or other inquiries.

B. Information We Collect Automatically:

• Usage Data: Interactions with our Services (features used, pages visited).
• QR Code Scan Events: Timestamp, approximate location (from IP or if enabled), device type.
• Client Interaction Data: Aggregated/anonymized engagement with material profiles.
• Cookies and Similar Technologies: As detailed in our Cookie Policy.

3. Lawful Basis and Purposes for Processing Your Information

We process your personal data based on the following lawful bases and for the specified purposes:

• To Perform Our Contract With You:
  • To create and manage your SampleSync account.
  • To provide, operate, and maintain our Services as described in our Terms of Service.
  • To process your transactions.
  • To provide customer support and respond to your inquiries.
• For Our Legitimate Interests:
  • To improve, personalise, and expand our Services.
  • To understand and analyse how you use our Services to develop new products and features.
  • To send you real-time notifications for QR-code scans (you can manage these notifications).
  • To provide you with analytics and reporting on material engagement.
  • To ensure the security of our Services, prevent fraud, and protect our rights and property.
  • For internal administrative purposes.
  We have balanced these legitimate interests against your rights and freedoms.
• With Your Consent:
  • To send you marketing and promotional communications, where you have opted in. You can withdraw your consent at any time.
  • To use certain non-essential cookies, as detailed in our Cookie Policy.
• To Comply With Legal Obligations:
  • To comply with applicable laws, regulations, court orders, or other legal processes.

4. How We Share Your Information

SampleSync does not sell your personal information. We may share your information as follows:

• With End-Users Scanning QR Codes: Information you associate with a material is shown upon scan.
• With Service Providers: With trusted third parties who process data on our behalf (e.g., hosting, analytics, payment processing), under strict data processing agreements where required.
• For Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent.
• To Comply with Laws and Protect Rights.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. However, no method of transmission or storage is 100% secure.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to provide our Services. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and the applicable legal requirements.

7. International Data Transfers

SampleSync is based in the Netherlands. We primarily process and store data within the European Union.

If we transfer personal data to service providers or entities located outside the European Union (e.g., to the United States for certain hosting services), we take steps to ensure your personal data receives an adequate level of protection in the jurisdictions in which they are processed. For instance, we may rely on Standard Contractual Clauses or similar legally-mandated transfer mechanisms.

8. Your Data Protection Rights under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

• Right of Access: Request access to your personal data.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data, under certain conditions.
• Right to Restriction of Processing: Request restriction of how we process your data, under certain conditions.
• Right to Data Portability: Request transfer of your data to you or another controller, in a structured, commonly used, and machine-readable format, under certain conditions.
• Right to Object: Object to our processing of your personal data, particularly where we rely on legitimate interests as our legal basis, or for direct marketing purposes.
• Right to Withdraw Consent: If we process your data based on your consent, you can withdraw it at any time.
• Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (if applicable to SampleSync's services).

To exercise these rights, please contact us at [email protected].

You also have the right to lodge a complaint with your local Data Protection Authority if you believe our processing of your personal data infringes applicable data protection law.

9. Children's Privacy

Our Services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction within the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on SampleSyncand updating the "Last Updated" date.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• By email: [email protected]
• Via our website: SampleSync/contact
• By mail: Schiemond 20-22, 3024 EE Rotterdam, Netherlands