LEGAL
Privacy Policy
Terms and Conditions
Effec&ve Date: October 15, 2024
Authic Labs B.V., located at Singel 66-II, 1015 AC Amsterdam, and registered with the Chamber of Commerce under number 85539600, is committed to safeguarding your privacy. This policy outlines how we collect, use, store, and protect personal data in the context of our loyalty program services for business clients (B2B), such as those in the wellness and sports sectors.
1. Applicability
This privacy policy applies to all personal data collected and processed by Authic Labs B.V. (referred to as “Authic,” “we,” “us,” or “our”) in connection with the loyalty program services we provide to business clients. Our services are exclusively B2B, meaning we provide our platforms and applications to businesses that offer loyalty benefits, engagement tools and questionnaire incentives to their end-users, including any related products or deliverables, provided by Authic to the User or any third party, including but not limited to Authic's customer loyalty solutions platform.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
2. Roles and Responsibilities
2.1 Controller and Processor
Controller: Our business clients are the data controllers for their end-users' personal data. They determine the purpose and means of processing this data.
Processor: Authic acts as a data processor for end-users' personal data processed through our services. We process this data solely according to the instruc>ons of our business clients and do not use it for our purposes.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
2.2 Contact Information
For questions regarding the processing of your personal data by the service provider using Authic’s platform, please contact the respective organization’s privacy officer.
For inquiries directed to Authic, contact us at:
Email: [email protected]
Address: Singel 66-II, 1015 AC Amsterdam
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
3. What Personal Data Do We Process?
3.1 Data of Business Clients
We process the following categories of personal data of our business clients:
• Identification and Contact Information: Contact person’s name, company name, job title, address, phone number, email address.
• Account Data: Account details for accessing the Authic Dashboard, profile information (such as preferences and settings).
• Financial Data: Bank account number, billing information, payment details.
• Communication Data: Correspondence with Authic, including emails and support requests.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
3.2 End-user Data
On behalf of our clients, we process the following categories of end-user data:
• Identification and Contact Information: First and last name, phone number, email address.
• Loyalty and Engagement Data: Participation in loyalty programs, submission of reviews and feedback, engagement in social media actions (such as likes or shares).
• Technical Data: IP address, browser information, device data, log files and usage statistics.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
4. Purposes and Legal Grounds for Processing
4.1 Processing Business Client Data
We process personal data of business clients for the following purposes:
• Performance of the Agreement: Providing our services, including facilitating loyalty programs, managing reviews and tracking social media engagement.
• Communication and Support: Maintaining contact with clients and offering technical support.
• Billing and Administration: Processing payments and maintaining financial records.
Legal Grounds: Necessary for the performance of the agreement (Article 6(1)(b) GDPR) and our legitimate interest in effective communication and support (Article 6(1)(f) GDPR).
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
4.2 Processing End-user Data
As a processor, we process end-user personal data solely according to our clients' instructions for the following purposes:
• Loyalty Programs: Managing end-users' participation in loyalty programs.
• Reviews and Feedback: Collecting reviews and feedback from end-users on behalf of our clients.
• Social Media Actions: Facilitating social media engagement by end-users, such as likes and shares.
Legal Grounds: Consent of the end-user (Article 6(1)(a) GDPR) or performance of an agreement (Article 6(1)(b) GDPR).
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
5. Processor Agreement
We have a processor agreement with all our business clients, outlining terms for data processing, security measures, and responsibilities under GDPR. Authic only processes data as instructed by clients and does not use this data for our purposes.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
6. Security of Personal Data
We implement technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, and alteration, including:
• Access Control: Restricting data access to authorized personnel only.
• Encryption: Encrypting data during transmission and storage as needed.
• Network Security: Securing our networks with firewalls and secure servers.
• Monitoring and Logging: Actively monitoring systems to detect unauthorized access and managing log files.
• Regular Audits and Updates: Conducting regular security audits and updates.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
7. Data Retention Periods
We retain personal data no longer than necessary for service delivery and legal obligations, as follows:
• Business Client Data: Up to two years a[er the Agreement ends, unless legally required to retain it longer.
• End-user Loyalty and Engagement Data: Up to two years after the last interaction, unless longer retention is required by law.
• Financial Data: Retained for seven years in compliance with tax obligations.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
8. Sharing Personal Data with Third Parties
8.1 Sub-processors
We engage third parties as sub-processors to assist with our services, such as:
• Hosting and Cloud Providers: For data storage and management.
• Payment Processors: For handling payments.
• Analyics and Marketing Tools: For analyzing user behavior and performing marketing activities. We establish processor agreements with sub-processors to ensure they adhere to our privacy and security standards.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
8.2 Legal Obligations
We disclose personal data to government authorities if legally required or as part of legal proceedings.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
9. International Data Transfer
Data is processed within the European Economic Area (EEA). If data is transferred outside the EEA, we and our sub-processors provide appropriate safeguards, such as:
• Adequacy Decisions: Transfer to countries deemed adequate by the European Commission.
• Model Contract Clauses: Using EU-approved standard contractual clauses.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
10. Data Subject Rights
Business clients (our contracting parties) have the following rights regarding their personal data:
• Right to Access: Know which data we process.
• Right to Rectification: Correct inaccurate data.
• Right to Erasure: Delete personal data if no legal requirement mandates retention.
• Right to Restriction: Restrict data processing.
• Right to Data Portability: Receive data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interest.
• Right to Withdraw Consent: Withdraw consent for processing if it was the legal basis.
To exercise these rights, please contact us via the contact information in Section 2.2.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
11. Cookies and Similar Technologies
Our platforms use cookies and similar technologies to enhance functionality and improve user experience, such as:
• Functional Cookies: Necessary for service functionality (e.g., login retention).
• Analytical Cookies: Gathering usage statistics to understand user behavior and improve services.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
12. Changes to this Privacy Policy
This policy may be updated to reflect changes in our services or legal requirements. The latest version is available on our website. Significant changes will be communicated to clients, enabling them to inform end-users if needed.
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
13. Questions and Contact
For questions or comments about this policy, please contact us:
Email: [email protected]
Address: Singel 66-II, 1015 AC Amsterdam
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
14. Complaints
If you believe we have not handled your data properly, you have the right to file a complaint with the Dutch Data Protection Authority:
Website: www.autoriteitpersoonsgegevens.nl
Phone: 088 - 1805 250
We keep things clear, practical, and people-focused. We listen to our users, design with purpose, and build tools that work in the real world..
Launch your own loyalty app. Reward customers, track visits, and boost retention.
© 2026 Authic Labs
Launch your own loyalty app. Reward customers, track visits, and boost retention.
© 2026 Authic Labs
Launch your own loyalty app. Reward customers, track visits, and boost retention.
© 2026 Authic Labs
Launch your own loyalty app. Reward customers, track visits, and boost retention.
© 2026 Authic Labs
Meet the team
Meet the team
We’re a small team with a big mission: helping your business succeed.
WHO WE ARE
