Whistleblower Software Logo
Langue
Essai gratuit

Client existant? S'identifier

Privacy Policy for Website Users, Potential Customers, and Marketing

1. Who we are and how to contact us

2. What personal data we collect and why

Catégorie de personnes concernées Données à caractère personnel collectées Finalités du traitement Base juridique Durée de conservation
Les utilisateurs du site web et les clients potentiels Données techniques essentielles (adresse IP à des fins de sécurité et de gestion des sessions). Fonctionnement du site web, sécurité, prévention de la fraude. Intérêt légitime (art. 6, paragraphe 1, point f). 14 mois maximum.
Les utilisateurs du site web et les clients potentiels Analyses et suivi non essentiel : cookies d'analyse, cookies marketing, cookies de préférences. Analyse des performances, personnalisation, optimisation marketing. Consentement (art. 6, paragraphe 1, point a). Données de navigation : 14 mois maximum. Formulaires : 12 mois.
Contacts marketing Données d'identification et coordonnées, informations professionnelles, préférences et historique des interactions. Envoi de communications commerciales, d'invitations à des événements, de webinaires et d'offres promotionnelles. Consentement explicite (art. 6, paragraphe 1, point a). Jusqu'au retrait du consentement. Durée maximale de 24 ou 36 mois sans interaction commerciale.
Participants au webinaire Identité (nom, adresse e-mail), informations professionnelles et historique des participations et interactions. Communications de suivi relatives au thème du webinaire et évaluation de l'intérêt commercial. Intérêt légitime (art. 6, paragraphe 1, point f) : entretenir des relations professionnelles et fournir des contenus pertinents. 12 mois après le webinaire (sauf si un consentement est donné pour des fins de marketing plus larges).
Responsables de contenu Identification (nom, adresse e-mail), fonction, entreprise. Fourniture du contenu demandé et suivi afin de discuter des thèmes abordés dans ce dernier. Intérêt légitime (art. 6, paragraphe 1, point f) : Évaluation de l'intérêt commercial sur la base de l'engagement vis-à-vis de contenus spécifiques. 12 mois à compter de la date de téléchargement (sauf si un consentement à des fins de marketing a été donné).
Utilisateurs du chat / Personnes qui posent des questions Nom, adresse e-mail, historiques de discussion et métadonnées (URL à partir de laquelle la discussion a commencé). Assurer une assistance en temps réel, répondre aux questions et assurer le suivi commercial lié à la demande. Intérêt légitime (art. 6, paragraphe 1, point f) : répondre aux demandes des utilisateurs et évaluer l'intérêt commercial. 12 mois après la dernière interaction (sauf si le prospect est devenu client).
Utilisateurs en période d'essai et de démo Données d'identification (nom, adresse e-mail), informations professionnelles (entreprise, fonction), journaux d'utilisation et historique des interactions. Fournir l'accès à la plateforme, une assistance technique, un suivi des performances, des conseils pour la mise en route et un interlocuteur pour le suivi commercial. Intérêt légitime (art. 6, paragraphe 1, point f) : permettre une intégration efficace et évaluer l'intérêt commercial. Durée de l'essai + 12 mois pour le suivi commercial (sauf en cas de conversion en client).

When we process data based on legitimate interest, our legitimate interests include:

  • Platform Operations: Ensuring website security and fraud prevention.
  • Webinar Follow-up: If you have registered for and attended one of our webinars, we have a legitimate interest in contacting you to provide additional materials related to the session, gather feedback, and discuss how our services may meet the professional needs identified during the event. This is based on the reasonable expectation that an attendee has an interest in the topic discussed.
  • Content Engagement: If you request access to "Gated Content" (such as whitepapers, templates, or reports), we have a legitimate interest in contacting you to ensure you received the material and to provide further insights or product information directly related to the subject of that content.
  • Inquiry Follow-up: When you contact us via our Website Chat, we have a legitimate interest in using your provided contact details to resolve your query and to follow up on your interest in our services (e.g., SDR outreach or trial-related emails). We consider that providing a helpful response and exploring a potential business relationship is a reasonable expectation of someone initiating a chat.
  • Trial Management: Communications related specifically to your Trial/Demo (such as setup guidance, usage tips, and follow-up regarding your experience) are processed under our legitimate interest to ensure you get the most out of the trial and to determine if a commercial relationship can be established.

Legal Basis for Marketing Communications

Consent-based marketing (Art. 6.1.a):

When you are not an existing customer or when you subscribe to our marketing communications (newsletters, promotional emails, event invitations), we rely on your explicit consent. This consent is:

  • Freely given through clear affirmative action (opt-in checkbox, subscription form)
  • Specific to the type of communication you will receive
  • Withdrawable at any time through unsubscribe links or contacting us

All marketing communications, regardless of legal basis, include clear and easy unsubscribe mechanisms as detailed in section 4.

After the retention periods indicated, we will either:

  • Request renewal of your consent, or
  • Permanently delete your data from our marketing systems

3. Use of cookies and other tracking technologies

We use cookies for functionality, performance, and analytics. For more details, please see our separate Cookie Policy.

4. Marketing Consent and Opt-out Mechanisms

All marketing communications include clear and easily accessible opt-out mechanisms. Data subjects can withdraw consent or object to marketing processing at any time through:

  • Email communications: You can manage email communication preferences in every marketing email
  • Direct contact: gdpr@formalize.com
  • Account management: Updating preferences through customer account settings where available
  • Postal communications: Written requests to company addresses listed in Who we are section.

5. Our data protection principles

We process your data based on these fundamental principles:

  • Lawfulness and transparency: All processing has a legal basis and is conducted fairly, with clear information about how we use your data.
  • Purpose limitation: Data is collected for specific, explicit, and legitimate business purposes and is not processed in a way that is incompatible with those purposes.
  • Data minimization: We only process data that is necessary and relevant for the stated purposes.
  • Accuracy: We keep data accurate, complete, and up-to-date, and rely on you to inform us of any changes.
  • Storage limitation: Data is retained only as long as necessary to fulfill processing purposes and comply with legal obligations.
  • Security: We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or damage.
  • Accountability: We demonstrate compliance with these principles and maintain records of our processing activities.

6. With whom we share your personal data

We may share your data with the following categories of recipients:

  • Analytics service providers (e.g., Google Analytics, website performance tools)
  • Marketing automation platforms (for email campaigns and CRM) for lead management and trial follow up
  • Customer support tools and chatbot providers
  • Content delivery networks (CDN) for website performance
  • Partners with whom we organize events or webinars

All external processors are subject to data processing agreements that ensure GDPR-compliant handling of personal data. We maintain a list of all authorized sub-processors, available upon request at: gdpr@formalize.com

We do not sell your personal data to third parties.

7. EEA data transfers

Formalize may transfer personal data between Group entities within the European Economic Area (Denmark, Spain, Italy) under appropriate intra-group agreements.

For transfers outside the EEA, we ensure your data remains protected. These transfers are exceptional and are subject to the safeguards required by the GDPR, such as Standard Contractual Clauses (SCCs) or an adequacy decision from the European Commission.

8. Your data protection rights

You have the following rights regarding your personal data under the General Data Protection Regulation (GDPR), which you may exercise at any time using this link:

  • Right of Access: You may request a copy of your personal information processed by us.
  • Right to Rectification: You may request the correction of inaccurate or incomplete data.
  • Right to Erasure (‘Right to be Forgotten’): You may request the deletion of your data under certain circumstances, unless we are legally obliged to retain it.
  • Right to Restriction of Processing: You may ask us to temporarily limit how we use your data in specific cases.
  • Right to Object: You may object to certain types of processing, such as direct marketing or processing based on our legitimate interests.
  • Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format, and have the right to transmit it to another controller.
  • Right not to be subject to automated decision-making (including profiling): You may request human intervention, contest decisions made solely by automated means, and obtain information on the logic involved.

When our processing is based on your consent, you have the right to withdraw it at any time. This withdrawal will not affect the lawfulness of processing that occurred before you withdrew your consent.

Please note that we respond to data rights requests within one month, extendable to three months for complex requests. dpo@sixtus-compliance.dk. We respond to requests within one month, extendable to three months for complex requests

9. Data breach management

We maintain coordinated incident response procedures. Breaches are assessed for risk and, where required, reported to supervisory authorities within 72 hours and to affected individuals without undue delay.

10. Policy approval and updates

This policy was approved by Formalize’s senior management the 1st of December 2025 and may be updated to reflect legal changes or operational improvements. If we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information about that new purpose and any other relevant information before carrying out such processing, as required by Article 13(3) GDPR.

Updates are communicated through our website and appropriate channels.

11. Complaints

You can lodge complaints with a supervisory authority in your country of residence, place of work, or where you believe an infringement occurred.

For Denmark Datatilsynet
Carl Jacobsens Vej 35 DK-2500 Valby, Denmark Tel: +45 33 19 32 00 Email: dt@datatilsynet.dk Website: www.datatilsynet.dk
For Spain Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6 28001 Madrid, Spain Tel: +34 912 66 35 17 Email: internacional@aepd.es Website: www.aepd.es
For Italy Garante per la Protezione dei Dati Personali
Piazza Venezia 11 00187 Roma, Italy Tel: +39 06 696771 Email: protocollo@gpdp.it Website: www.garanteprivacy.it

12. Our Commitment to Security

We maintain ISAE 3000 certification for assurance engagements related to data privacy and control environments, providing independent verification of our protection measures. Additionally, we are ISO 27001 certified, a global standard for information security management.

To uphold these commitments, we have implemented robust protection measures, including data encryption in transit and at rest, strict access controls based on the principle of least privilege, and periodic security audits. We are committed to a proactive approach to risk management and continuous improvement in data protection.

Réservez une démo

5/5 étoiles sur G2