Whistleblower Software Logo
Idioma
Prueba gratuita

¿Cliente existente? Iniciar Sesión

Privacy Policy for Website Users, Potential Customers, and Marketing

1. Who we are and how to contact us

2. What personal data we collect and why

Tipo de Persona Interesada Datos personales recopilados Finalidad del tratamiento Base legal Período de retención
Usuarios de la página web y clientes potenciales Datos técnicos esenciales (dirección IP para seguridad, gestión de sesiones). Funcionamiento de la página web, seguridad, prevención del fraude. Interés legítimo (Art. 6.1.f). Máx. 14 meses.
Usuarios de la página web y clientes potenciales Analíticas y seguimiento no esencial: Cookies analíticas, cookies de marketing, cookies de preferencias. Análisis de resultados, personalización, optimización del marketing. Consentimiento (Art. 6.1.a) Datos de navegación: máx. 14 meses. Formularios: 12 meses.
Contactos de marketing Datos de identificación y contacto, información profesional, preferencias e historial de interacciones. Envío de comunicaciones comerciales, invitaciones a eventos, webinars y promociones. Consentimiento explícito (Art. 6.1.a). Hasta la revocación del consentimiento. Máximo 24 o 36 meses sin interacción comercial.
Asistentes de Webinars Identificación (nombre, correo electrónico), información profesional e historial de asistencia/interacción. Comunicaciones de seguimiento relacionadas con el tema del webinar y evaluación del interés comercial. Interés legítimo (Art. 6.1.f): Fomentar las relaciones profesionales y proporcionar contenido relevante. 12 meses después del webinar (a menos que se dé el consentimiento para fines de marketing más amplios).
Leads de Contenido Identificación (nombre, correo electrónico), cargo, empresa. Entrega del contenido solicitado y seguimiento para debatir los temas tratados en el material. Interés legítimo (Art. 6.1.f): Evaluación del interés comercial en función de la interacción con contenido específico. 12 meses a partir de la fecha de la descarga (a menos que se dé el consentimiento para fines de marketing).
Usuarios del chat / Consultas Nombre, correo electrónico, transcripciones del chat y metadatos (URL donde se inició el chat). Proporcionar asistencia en tiempo real, responder a las consultas y realizar el seguimiento comercial relacionado con la consulta. Interés legítimo (Art. 6.1.f): Responder a las solicitudes de los usuarios y evaluar el interés comercial. 12 meses después de la última interacción (a menos que se convierta en cliente).
Usuarios de Pruebas y Demos Datos de identificación (nombre, correo electrónico), información profesional (empresa, función), registros de uso e historial de interacciones. Proporcionar acceso a la plataforma, asistencia técnica, supervisión del rendimiento, orientación para la incorporación y contacto para el seguimiento comercial. Interés legítimo (Art. 6.1.f): Facilitar una incorporación eficaz y evaluar el interés comercial. Duración del periodo de prueba + 12 meses para el seguimiento comercial (a menos que se convierta en cliente).

When we process data based on legitimate interest, our legitimate interests include:

  • Platform Operations: Ensuring website security and fraud prevention.
  • Webinar Follow-up: If you have registered for and attended one of our webinars, we have a legitimate interest in contacting you to provide additional materials related to the session, gather feedback, and discuss how our services may meet the professional needs identified during the event. This is based on the reasonable expectation that an attendee has an interest in the topic discussed.
  • Content Engagement: If you request access to "Gated Content" (such as whitepapers, templates, or reports), we have a legitimate interest in contacting you to ensure you received the material and to provide further insights or product information directly related to the subject of that content.
  • Inquiry Follow-up: When you contact us via our Website Chat, we have a legitimate interest in using your provided contact details to resolve your query and to follow up on your interest in our services (e.g., SDR outreach or trial-related emails). We consider that providing a helpful response and exploring a potential business relationship is a reasonable expectation of someone initiating a chat.
  • Trial Management: Communications related specifically to your Trial/Demo (such as setup guidance, usage tips, and follow-up regarding your experience) are processed under our legitimate interest to ensure you get the most out of the trial and to determine if a commercial relationship can be established.

Legal Basis for Marketing Communications

Consent-based marketing (Art. 6.1.a):

When you are not an existing customer or when you subscribe to our marketing communications (newsletters, promotional emails, event invitations), we rely on your explicit consent. This consent is:

  • Freely given through clear affirmative action (opt-in checkbox, subscription form)
  • Specific to the type of communication you will receive
  • Withdrawable at any time through unsubscribe links or contacting us

All marketing communications, regardless of legal basis, include clear and easy unsubscribe mechanisms as detailed in section 4.

After the retention periods indicated, we will either:

  • Request renewal of your consent, or
  • Permanently delete your data from our marketing systems

3. Use of cookies and other tracking technologies

We use cookies for functionality, performance, and analytics. For more details, please see our separate Cookie Policy.

4. Marketing Consent and Opt-out Mechanisms

All marketing communications include clear and easily accessible opt-out mechanisms. Data subjects can withdraw consent or object to marketing processing at any time through:

  • Email communications: You can manage email communication preferences in every marketing email
  • Direct contact: gdpr@formalize.com
  • Account management: Updating preferences through customer account settings where available
  • Postal communications: Written requests to company addresses listed in Who we are section.

5. Our data protection principles

We process your data based on these fundamental principles:

  • Lawfulness and transparency: All processing has a legal basis and is conducted fairly, with clear information about how we use your data.
  • Purpose limitation: Data is collected for specific, explicit, and legitimate business purposes and is not processed in a way that is incompatible with those purposes.
  • Data minimization: We only process data that is necessary and relevant for the stated purposes.
  • Accuracy: We keep data accurate, complete, and up-to-date, and rely on you to inform us of any changes.
  • Storage limitation: Data is retained only as long as necessary to fulfill processing purposes and comply with legal obligations.
  • Security: We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or damage.
  • Accountability: We demonstrate compliance with these principles and maintain records of our processing activities.

6. With whom we share your personal data

We may share your data with the following categories of recipients:

  • Analytics service providers (e.g., Google Analytics, website performance tools)
  • Marketing automation platforms (for email campaigns and CRM) for lead management and trial follow up
  • Customer support tools and chatbot providers
  • Content delivery networks (CDN) for website performance
  • Partners with whom we organize events or webinars

All external processors are subject to data processing agreements that ensure GDPR-compliant handling of personal data. We maintain a list of all authorized sub-processors, available upon request at: gdpr@formalize.com

We do not sell your personal data to third parties.

7. EEA data transfers

Formalize may transfer personal data between Group entities within the European Economic Area (Denmark, Spain, Italy) under appropriate intra-group agreements.

For transfers outside the EEA, we ensure your data remains protected. These transfers are exceptional and are subject to the safeguards required by the GDPR, such as Standard Contractual Clauses (SCCs) or an adequacy decision from the European Commission.

8. Your data protection rights

You have the following rights regarding your personal data under the General Data Protection Regulation (GDPR), which you may exercise at any time using this link:

  • Right of Access: You may request a copy of your personal information processed by us.
  • Right to Rectification: You may request the correction of inaccurate or incomplete data.
  • Right to Erasure (‘Right to be Forgotten’): You may request the deletion of your data under certain circumstances, unless we are legally obliged to retain it.
  • Right to Restriction of Processing: You may ask us to temporarily limit how we use your data in specific cases.
  • Right to Object: You may object to certain types of processing, such as direct marketing or processing based on our legitimate interests.
  • Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format, and have the right to transmit it to another controller.
  • Right not to be subject to automated decision-making (including profiling): You may request human intervention, contest decisions made solely by automated means, and obtain information on the logic involved.

When our processing is based on your consent, you have the right to withdraw it at any time. This withdrawal will not affect the lawfulness of processing that occurred before you withdrew your consent.

Please note that we respond to data rights requests within one month, extendable to three months for complex requests. dpo@sixtus-compliance.dk. We respond to requests within one month, extendable to three months for complex requests

9. Data breach management

We maintain coordinated incident response procedures. Breaches are assessed for risk and, where required, reported to supervisory authorities within 72 hours and to affected individuals without undue delay.

10. Policy approval and updates

This policy was approved by Formalize’s senior management the 1st of December 2025 and may be updated to reflect legal changes or operational improvements. If we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information about that new purpose and any other relevant information before carrying out such processing, as required by Article 13(3) GDPR.

Updates are communicated through our website and appropriate channels.

11. Complaints

You can lodge complaints with a supervisory authority in your country of residence, place of work, or where you believe an infringement occurred.

For Denmark Datatilsynet
Carl Jacobsens Vej 35 DK-2500 Valby, Denmark Tel: +45 33 19 32 00 Email: dt@datatilsynet.dk Website: www.datatilsynet.dk
For Spain Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6 28001 Madrid, Spain Tel: +34 912 66 35 17 Email: internacional@aepd.es Website: www.aepd.es
For Italy Garante per la Protezione dei Dati Personali
Piazza Venezia 11 00187 Roma, Italy Tel: +39 06 696771 Email: protocollo@gpdp.it Website: www.garanteprivacy.it

12. Our Commitment to Security

We maintain ISAE 3000 certification for assurance engagements related to data privacy and control environments, providing independent verification of our protection measures. Additionally, we are ISO 27001 certified, a global standard for information security management.

To uphold these commitments, we have implemented robust protection measures, including data encryption in transit and at rest, strict access controls based on the principle of least privilege, and periodic security audits. We are committed to a proactive approach to risk management and continuous improvement in data protection.

Reserve una demo

5/5 estrellas en G2