PUBLISH DATE: FEBRUARY 2025

1. Introduction
This privacy policy relates to the processing of personal data via the website, the Setso studio, Setso web app, or the Setso mobile app of Setflow B.V (hereinafter: “Setflow”, “us”, “we”, and “our”). Setflow is located at (1032 LP) Amsterdam, Johan van Hasseltkade 257, Netherlands and is registered in the trade register of the Chamber of Commerce under number 91658942.

If you have any questions about our use of personal data, you may contact us at info@setso.com.

This privacy policy describes how we process personal data within the meaning of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter: “GDPR”), how you can contact us to exercise your GDPR rights, and other information that may be relevant regarding privacy. With this privacy policy, we also inform you about the purposes and legal bases for which the personal data is processed.

2. Applicability of the Privacy Policy
This privacy policy applies to the personal data that Setflow processes via our websites www.setso.com, studio.setso.com, app.setso.com (hereinafter: “Website”) and the Setso mobile App for iOS and Android (hereinafter: “Setso App”).

Setflow is the data controller within the meaning of the GDPR for the processing of your personal data via the Website and Setso App.

3. Personal Data
Setflow processes one or more of the following categories of personal data about you via our Website and the Setso App:

• Personal details (name, address, contact details; date of birth, telephone number, role/function);

• Business details (address, Chamber of Commerce number, VAT number, bank details);

• Account contact details (username and password);

• Device data (IP address, location data, internet browser, and device type);

• Marketing preferences;

• Online activity (data about your activity on our Website and in the App; data about your browsing behavior across different websites when these are part of an advertising network, subscription or unsubscription for newsletters);

• Other personal data that you provide to us, such as hours worked and kilometers driven.

Other personal data that you provide to us, such as allergies, dietary requirements, clothing sizes, and gender, may possibly be classified as sensitive personal data. We process this data only with your explicit consent.

4. Purposes of the Processing of Personal Data
The personal data collected via our Website and Setso App is processed solely for the specific purposes for which it was provided. Setflow processes your personal data exclusively for the following purposes:

• Providing our services, including registering your account;

• Being able to contact you in order to provide our services and/or answer your questions;

• Providing information about changes in our services;

• Sending newsletters about our services that are similar to services you have previously used from us;

• Sending invoices;

• Making an offer for our services;

• Improving our Website by analyzing the visitors on our Website, Studio, Web app, and iOS and Android Apps.

5. Legal Basis for the Processing of Personal Data
We only process your personal data if there is a legal basis for doing so. We process personal data solely on the following legal bases:

• Necessary for the performance of your agreement with Setflow
  In most cases, we process your personal data because it is necessary for the performance of your agreement with Setflow. For example, this is the case when you wish to use our services as agreed via the Website and/or the Setso App.

• Legal obligation
  We may be legally obliged to process your personal data in order to comply with tax and other legal obligations.

• Legitimate interest
  We may process personal data on the basis of our legitimate interests, such as our interest in maintaining a sustainable relationship with you and offering you our services, and our interest in improving the effectiveness of our Website and services by analyzing visitor behavior on our Website.
  In the event that we rely on a legitimate interest as the legal basis for processing your personal data, you have the right to object. In your objection, you may indicate why, in your situation, we do not have a legitimate interest in processing your personal data or why your privacy interest outweighs our interest. For more information on how to lodge an objection, see paragraph 11.

• Consent
  Sometimes we process your personal data on the basis of your consent, as in the case of sensitive personal data. For the use of your location data and for direct marketing, your consent is always required, which we obtain from you prior to use. You have the right at any time to withdraw your consent for the processing of your personal data. The withdrawal of consent does not affect the lawfulness of the processing based on consent that took place before the withdrawal. For more information on withdrawing consent, see paragraph 11.

6. Disclosure of Personal Data to Third Parties
As a company, Setflow makes use of third parties in the performance of certain services. External service providers receive from us no more personal data than is necessary to perform their assignment. External service providers that we use include, among others, hosting providers, IT suppliers, payment service providers, subcontractors, and invoicing services.

We enter into a processing agreement with third parties who process your personal data on our behalf, in the manner prescribed by the GDPR, for example to ensure that external service providers treat your personal data confidentially and have implemented appropriate technological and organizational security measures.

7. International Transfer
Setflow endeavors to process your personal data exclusively within the European Union or the European Economic Area (EEA). If it is necessary to transfer your personal data to organizations located outside the European Union or the EEA in order to provide our services, we do so only in accordance with Chapter 5 of the GDPR.

8. Retention Periods
We do not retain your personal data longer than is necessary for the purposes for which it was processed. As an exception to this general rule, Setflow may retain your personal data for a longer period if necessary to comply with a legal obligation, such as tax retention periods.

9. Security
We take the protection of your personal data seriously and take appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized alteration. In any event, we implement the following measures to secure your personal data:

• Security software, such as antivirus software and a firewall;

• TLS (formerly SSL) – We transmit your data via a secure internet connection. You can see this by the “https” in the address bar and the padlock icon;

• DKIM, SPF, and DMARC, which are three internet standards we use to prevent emails sent in our name from containing viruses, being spam, or being intended to capture personal (login) data;

• Encryption on, among other things, our local drives;

• Our accounts are secured with passwords and multi-factor authentication (MFA);

• The IT environment is regularly monitored for unusual activities;

• We periodically conduct penetration/hack tests.

10. Your Rights
Under the GDPR, you have the following rights regarding your personal data:

• Right of access: You may obtain access to your personal data;

• Right to rectification: You may have your personal data corrected by us if necessary;

• Right to restrict processing: You have the right to request that we (temporarily) stop or restrict the processing of your personal data;

• Right to data portability: You may request that we transfer your personal data;

• Right to erasure: You may request that we delete your personal data;

• Right to object: You may object to the processing of your personal data;

• Withdrawal of consent: As explained above, you can withdraw your consent. Withdrawal of your consent may result in us no longer being able to provide certain services to you;

• You have the right to lodge a complaint with the Data Protection Authority (www.autoriteitpersoonsgegevens.nl).

If you wish to exercise the above rights, please contact us at support@setso.com. We will respond to your request as soon as possible, but in any event within four weeks. To verify your identity, we will ask you some additional questions.

11. Amendments
This privacy policy may be amended. We publish the most recent version of this policy on our Website.