Last update: 16.03.2021
This notice describes how we collect and processes users’ data through https://expandi.io website and platform (“Platform”). The terms “we”, “us”, “our” refer to ProfitSoft B.V., a legal person registered under the laws of the Netherlands.
We are committed to safeguarding the privacy of our users. We are not going to misuse your data.
Controller details: ProfitSoft B.V.
Registered address: Meerenakkerplein 51, Eindhoven, 5652BJ, the Netherlands
Contact email address: firstname.lastname@example.org
Please note, that this privacy notice covers our processing activities as a data controller, namely those relating to your account, information collected through the website, and our marketing activities.
Whenever you collect and otherwise process information from LinkedIn profiles and messages via the platform, our role is a data processor on your behalf. You as a data controller are responsible to process LinkedIn data in accordance with applicable data protection requirements. Our obligations as a data processor can be found in the data processing agreement, which forms an integral part of Expandi’s Terms and conditions .
Table of contents:
- Information we collect from you;
- Third-party Access to Information;
- Your rights;
- Security of information;
- Changes to this Notice.
Information we collect from you
Before registering an account, you can book a free demonstration of how the platform works. To perform registration, we will ask you to provide your first name, last name, company name, email address, phone number, type of account desired (single/group/agency), marketing tools used.
Additionally, you may access demos that were recorded previously by providing your first name, last name, email address, and LinkedIn Profile URL.
We will use this information to choose and provide you with the most appropriate type of demonstration and to follow you up with the subscription plans available on the platform. The applied legal basis for these activities is our legitimate interest (GDPR Art. 6.1.f). While signing up for a demo, you may also consent to receiving a newsletter from us (GDPR Art. 6.1.a).
Account and profile set up
If you want to use platform functionality, you will have to register an account. We will ask you for your first and last name, email address, language speaking, account password, country and address, company affiliation, voucher code (if any).
To be able to use the platform for the automation of your LinkedIn activities, you will have to connect your LinkedIn account via your login, password, and a temporary code. In profile settings, you can adjust interaction settings for your LinkedIn account, such as account warmup, number of messages to be sent, message limit ranges, active time for messaging, and inactive days for messaging. Without this information, we will be unable to provide platform services to you.
Please note that for connecting other people’s LinkedIn account you must have their consent or another applicable legal basis in accordance with GDPR Art. 6.
After the registration, you will be able to upload your profile picture, set up a 2-factor authentication, and choose the type of subscription you would like to use. You will also be able to create groups of users on the platforms (so-called agencies).
We use your account information to:
- create and maintain your user account, including in connection with other data points listed below. The applied legal basis for this is the performance of the contract (Terms and conditions) between you and us (GDPR Art. 6.1.b) or, if you connect a LinkedIn account of other people, your legitimate interest (GDPR Art. 6.1.f);
- contact you regarding the work of the platform or your account, including by email and sending you web notifications (GDPR Art. 6.1.b);
- analyse the efficiency of our platform in our legitimate interests (GDPR Art. 6.1.f);
- upon receiving the consent from you, to send you marketing or promotional materials (GDPR Art. 6.1.a).
We will store your account data, including the categories from the below sections (platform functionality, payments, and technical support) for as long as you have the account with us. If you become inactive, we will delete or anonymise your information 12 months after your last user session.
Via the platform, you will be able to perform different actions to automate your marketing activities on LinkedIn. We will store and process the following categories of information:
- tasks that you create and manage on the platform;
- messages that you send via LinkedIn, including date and time of messages, information about recipients, and messages content;
- messages that you send to other users of the platform, which also includes the date and time of messages, recipients, and messages content.
The applied legal basis for this is the performance of the contract (Terms and conditions) between you and us (GDPR Art. 6.1.b) or, if you connect a LinkedIn account of other people, your legitimate interest (GDPR Art. 6.1.f).
You will be able to generate invoices for the use of the platform directly in your profile. In this case, we will process your account data to calculate the amount of money payable and provide you with the invoice.
For payments, you will be prompted to a third-party payment processing provider, who will store and process your payment information. We will only receive information about payment confirmation from that provider.
The applied legal basis for processing information about payments is the performance of the contract with you (GDPR Art. 6.1.b). We also retain financial information to analyse our financial performance in our legitimate interests (GDPR Art. 6.1.f) and to comply with applicable accounting and financial laws (GDPR Art. 6.1.c).
You may leave a request for support via the support form on the website or by email. We use this information to provide you with the help you might need, fix and improve the platform, and analyse our efficiency in marketing and product efforts, including by creating statistics of inquiries.
The applied legal basis for this is the performance of the contract (Terms and conditions) between you and us (GDPR Art. 6.1.b) and our legitimate interest to improve the platform (GDPR Art. 6.1.f). If you connect a LinkedIn account of other people, the legal basis is your legitimate interest (GDPR Art. 6.1.f).
Website, sales, and marketing activities
The following data collection activities are present on our website:
- Collection of visitor logs (device, browser information, IP address) to ensure fraud prevention and manage user sessions, stored for 6 months of your last visit. The applied legal basis is our legitimate interests (GDPR Art. 6.1.f);
- Visitor traffic analysis done using third-party analytics providers. This activity, depending on the method used, is performed based either on your consent (cookie tracking) or our legitimate interests (GDPR Art. 6.1.f);
- Provision of a free eBook and other useful materials, which a website visitor may obtain by providing their email address, first and last name. We will also use this information to send you direct marketing messages. The processing is based on your consent (GDPR Art. 6.1.a);
- Organisation of our own webinars and participate in third-party webinars. We will also use this information to send you direct marketing messages. The processing is based on your consent (GDPR Art. 6.1.a).
We store marketing data for 12 months of the last communication with you. For the activities that are based on consent, you can withdraw your consent at any time by contacting us directly. The withdrawal will not affect the lawfulness of processing based on consent before. You can also opt-out of the e-mail subscription by clicking the appropriate button in our emails to you.
Whitelabel and affiliate partner registration
If you would like to partner with our platform, you may register as an affiliate or a whitelabel partner. In the course of registration, we will collect your company affiliation, name, email address, phone number, marketing tools used, number of accounts managed by the person, as well as the information on how you plan to distribute subscriptions to our platform.
We will process the collected data in order to take steps to conclude and perform a partner contract with you. The applied legal basis is the performance of the contract (GDPR Art. 6.1.b). The applied storage period is 12 months of your last activity.
Third-party access to information
We use the following third-party software providers:
- analytics providers to analyse our efficiency and conduct marketing research;
- client relationship management software to manage and perform our marketing (email) activities;
- email notification providers;
- technical support and ticket management software;
- cloud hosting providers to store and process collected data;
- third-party advertisement providers;
- response forms, app-to-app integrations, and webinar platforms;
- website personalisation tools.
The providers listed above process personal data based on our instructions only.
When using the analytics services, we collect details of the use of the platform, including, but not limited to traffic data, location data, length visit, and other communication data.
Non-personally identifiable information is collected and processed, among other services, by Google Analytics in an anonymised and aggregated way to improve our app’s usability and for marketing purposes. Google Analytics is a web analytics service that tracks and reports user traffic on apps and websites. Google Analytics uses the data collected to track and monitor the use of the platform. This data may also be shared with other Google services. For more information on the privacy practices of Google, you can check its Policies at www.google.com/analytics/policies/.
To process payments that you make via the platform, we use third-party payments processors. Please note that we do not receive your payment details from them, but only payment confirmations and details of the transactions you perform. Payment processors are independent controllers over your payment information which includes your payment card data.
To learn more about how those third-party payment processors process your payment details, please visit their websites or contact them directly.
The platform allows the connection of third-party software providers via an API. Please note, that whenever you interact with those third-party providers, you provide your information directly to them.
In addition to the disclosures for the purposes identified before, we may disclose information about you:
- if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights; and
- in case we sell, license or otherwise assign our company, corporate rights, the platform or its separate parts or features to third parties.
Except as provided in this privacy notice, we will not sell, share or rent your information to third parties.
You may exercise GDPR rights regarding your personal data. In particular, you have the right to:
- The right to object against the processing of your information.
If we process your information for our legitimate interests (e.g., for direct marketing emails or for our marketing research purposes), you can object against it. Let us know what you object against and we will consider your request. If there are no compelling interests for us to refuse to perform your request, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you.
- The right to access your information.
You have the right to know what personal data we process. As such you can obtain the disclosure of the data involved in the processing and you can obtain a copy of the information undergoing processing.
- The right to verify your information and seek its rectification.
If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;
- Restrict the processing of your information.
When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your data (other than storing it) until we are able to provide you with evidence of its lawful processing;
- The right to have your personal data deleted.
If we are not under the obligation to keep the data for legal compliance and your data is not needed in the scope of an active contract or claim, we will remove your information upon your request.
- The right to have your personal data transferred to another organisation.
Where we process your personal data on the legal basis of consent you provided us or on the necessity to perform a contract, we can make, at your request, your data available to you or to an organisation of your choosing.
You can formulate such requests or channel further questions on data protection by contacting us at email@example.com.
If you believe that our use of personal information violates your rights, or if you are dissatisfied with a response you received to a request you formulated to us, you have the right to lodge a complaint with the competent data protection authority of your choice.
Security of information
We will take all necessary measures to protect your information from unauthorised or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
As we use the services of third-party software providers across several countries outside of the European Union, we may transfer the collected data to those countries for further processing. In such cases, we will make sure that relevant safeguards are in place. More information on taken international safeguards can be provided upon request.
Immediate access to the data is only allowed to our authorised employees involved in maintaining the application. Such employees keep strict confidentiality and prevent unauthorised third-party access to personal information.
Changes to this notice
We may update this privacy notice from time-to-time by posting a new version on our website. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.