Privacy Policy

Effective as of February 11, 2025.

This Privacy Policy describes how Redframe B.V., trading as SideIQ ("Redframe," "SideIQ," "we", "us" or "our") processes personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including as applicable, our website, mobile application, social media pages, marketing activities, live events and other activities described in this Privacy Policy (collectively, the "Service")).

Redframe B.V. is a company incorporated under Dutch law, registered with the Dutch Chamber of Commerce (Kamer van Koophandel) under number 95695559, with its registered office at Trekvaart 101, 8271 AC IJsselmuiden, the Netherlands. SideIQ is a trade name of Redframe B.V.

Our websites, products and services are designed for enterprise customers and their representatives. We do not offer products or services for use by individuals for their personal, family or household purposes. Accordingly, we treat all personal information we collect as pertaining to individuals in their capacities as representatives of the relevant enterprise and not their individual capacities.

As a company established in the European Economic Area, we process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Dutch GDPR Implementation Act (Uitvoeringswet AVG, "UAVG") and other applicable data protection laws. For users located in the United Kingdom, we also comply with the UK General Data Protection Regulation ("UK GDPR").

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:

Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, professional title and company name, and phone number.
Demographic data, such as your city, state, country of residence, and postal code.
Profile data, such as the username and password that you may set to establish an online account on the Service, redemption code, and any other information that you add to your account profile.
Communications data based on our exchanges with you, including when you contact us through the Service, social media, or otherwise.
Transactional data, such as information relating to or needed to complete your orders on or through the Service, including order numbers and transaction history.
Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
Payment data needed to complete transactions, including payment card information or bank account number.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
Marketing partners, such as joint marketing partners and event co-sponsors.
Our affiliate partners, such as our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs.
Third-party services, such as third-party services that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

Device data, such as your computer or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G) and general location information such as city, state or geographic area.
Activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and utilization of the Services (including server utilization, file and database storage activity, and mail transport volume).
Precise geolocation data when you authorize the Service to access your device's location.
Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.

Cookies and similar technologies. Some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Notice. In accordance with applicable European law, we will obtain your consent before placing non-essential cookies or similar tracking technologies on your device, except where such technologies are strictly necessary for the operation of the Service. We will also store a record of your preferences in respect of the use of these technologies in connection with the Service.

Data about others. We may offer features that help users invite their contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your personal information to:

provide, operate and improve the Service and our business;
personalize the service, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Service;
establish and maintain your user profile on the Service;
facilitate your invitations to contacts who you want to invite to join the Service;
enable security features of the Service, such as by sending you security codes via email or SMS and remembering devices from which you have previously logged in;
communicate with you about the Service, including by sending Service-related announcements, updates, security alerts and support and administrative messages;
understand your needs and interests, and personalize your experience with the Service and our communications; and
provide support for the Service, and respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services.

Marketing and advertising. We, our third-party advertising partners and our service providers may collect and use your personal information for marketing and advertising purposes:

Direct marketing. We may send you direct marketing communications where we have your consent or where we are otherwise permitted to do so under applicable law (e.g., for existing customers regarding similar products or services). You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Interest-based advertising. With your consent where required, our third-party advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Service, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. You can learn more about your choices for limiting interest-based advertising in the Your choices section below and in our Cookie Notice.

Service improvement and analytics. We may use your personal information to analyze your usage of the Service, improve the Service, improve the rest of our business, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services.

Compliance and protection. We may use your personal information to:

comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements or our internal policies;
enforce the terms and conditions that govern the Service; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Legal bases for processing

Under the GDPR, we are required to have a "legal basis" for each purpose for which we process your personal information. Our legal bases for processing your personal information described in this Privacy Policy are listed below.

Where we need to perform a contract we are about to enter into or have entered into with you ("Contractual Necessity").
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests ("Legitimate Interests"). More detail about the specific legitimate interests pursued in respect of each purpose is set out in the table below.
Where we need to comply with a legal or regulatory obligation ("Compliance with Law").
Where we have your specific consent to carry out the processing for the purpose in question ("Consent").

Purpose	Categories of personal information involved	Legal basis
Service delivery and operations	Contact data Demographic data Profile data Communication data Transactional data Marketing data Payment data Device data Usage data	Contractual Necessity
Research and development	Any and all data types relevant in the circumstances	Legitimate Interests. We have a legitimate interest, and believe it is also in your interests, that we are able to take steps to ensure that our services and how we use personal information is as un-privacy intrusive as possible.
Direct marketing	Contact data Communication data Transactional data Marketing data Online activity data Communication interaction data	Consent, where required under applicable data protection laws (including the Dutch Telecommunications Act, Telecommunicatiewet). Legitimate Interests, where permitted by law (e.g., marketing to existing customers about similar products or services). We have a legitimate interest in promoting our operations and goals as an organization and sending marketing communications for that purpose.
Interest-based advertising	Online activity data Device data	Consent
Service improvement and analytics	Profile data Device data Online activity data Communication interaction data	Legitimate Interests. We have a legitimate interest in understanding your interests to enhance and personalize your experience while using our Service. Consent, where required under applicable data protection laws for the placement of non-essential cookies or similar technologies.
Compliance and protection	Any and all data types relevant in the circumstances	Compliance with Law. Legitimate Interests. Where Compliance with Law is not applicable, we and any relevant third parties have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We and any relevant third parties may also have a legitimate interest of ensuring the protection, maintenance, and enforcement of our and their rights, property, and/or safety.
To create aggregated, de-identified and/or anonymized data	Any and all data types relevant in the circumstances	Legitimate Interests. We have a legitimate interest, and believe it is also in your interests, that we are able to take steps to ensure that our services and how we use personal information is as un-privacy intrusive as possible.
Further uses	Any and all data types relevant in the circumstances	The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the personal information was collected. Consent, if the relevant further use is not compatible with the initial purpose for which the personal information was collected.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

Affiliates. Our corporate parent, subsidiaries, and affiliates.

Service providers (processors). Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, consumer research and website analytics). Where these parties act as processors, they process personal information only on our instructions and are bound by contractual obligations in accordance with Article 28 of the GDPR.

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Stripe. Stripe may use your payment data in accordance with its privacy policy, https://stripe.com/privacy.

Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above, where you have provided your consent.

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so. We will share personal information that is needed for these other companies to provide the services that you have requested.

Business and marketing partners. Third parties with whom we jointly offer products or services, or whose products or services may be of interest to you.

Linked third-party services. If you log into the Service with, or otherwise link your Service account to, a third-party service, we may share your personal information with that third-party service. The third party's use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities (including the Dutch Data Protection Authority, Autoriteit Persoonsgegevens) and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.

Business transferees. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in Redframe B.V., financing of Redframe B.V., or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor or assignee of Redframe B.V. as part of any merger, acquisition, sale of assets, or similar transaction and/or in the event of an insolvency, bankruptcy or receivership in which personal information is transferred to one or more third parties as one of our business assets.

International data transfers

We are headquartered in the Netherlands and our primary data processing takes place within the European Economic Area (EEA). However, some of our service providers may be located outside the EEA, including in the United States. Your personal information may therefore be transferred to countries outside the EEA where privacy laws may not provide the same level of protection as the laws in your country.

Where we transfer your personal information outside the EEA, we ensure that appropriate safeguards are in place in accordance with the GDPR, including:

Adequacy decisions. We may transfer your personal information to countries or territories that the European Commission has determined provide an adequate level of protection for personal data (including countries covered by the EU-U.S. Data Privacy Framework).
Standard Contractual Clauses (SCCs). Where no adequacy decision applies, we use the European Commission's Standard Contractual Clauses (as approved by Commission Implementing Decision (EU) 2021/914) to provide appropriate safeguards for transfers, supplemented by additional technical and organizational measures where necessary following a transfer impact assessment.
Derogations. In limited circumstances, we may rely on derogations under Article 49 of the GDPR, such as your explicit consent to the transfer.

You may contact us if you want further information on the specific mechanism used by us when transferring your personal information outside the EEA, or to obtain a copy of the safeguards in place.

Data retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the personal information, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

When we no longer need your personal information, we will securely delete or anonymize it in accordance with applicable law and our internal data retention policies.

Your rights

Under the GDPR and applicable Dutch law (UAVG), you have the following rights regarding your personal information:

Right of access (Article 15 GDPR). You have the right to obtain confirmation as to whether we process your personal data and, where that is the case, to request access to your personal data and certain related information.
Right to rectification (Article 16 GDPR). You have the right to request that we correct any inaccurate personal data concerning you and to have incomplete personal data completed.
Right to erasure (Article 17 GDPR). You have the right to request that we delete your personal data where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with applicable law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be described to you, if applicable, at the time of your request.
Right to data portability (Article 20 GDPR). You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where the processing is based on consent or contractual necessity and is carried out by automated means.
Right to restriction of processing (Article 18 GDPR). You have the right to request that we restrict the processing of your personal data if: (i) you contest the accuracy of the data; (ii) the processing is unlawful but you do not want us to erase it; (iii) you need us to hold the data for the establishment, exercise or defense of legal claims; or (iv) you have objected to our processing and we are verifying whether our legitimate grounds override your interests.
Right to object (Article 21 GDPR). You have the right to object to the processing of your personal data where we are relying on Legitimate Interests (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground. You also have an unconditional right to object to the processing of your personal data for direct marketing purposes.
Right to withdraw consent (Article 7(3) GDPR). Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
Right not to be subject to automated decision-making (Article 22 GDPR). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. We do not currently engage in such automated decision-making.

Exercising your rights. You may submit requests to exercise these rights by email to privacy@sideiq.com or by post to our address provided in the How to contact us section below. We will respond to your request within one (1) month of receipt, as required by the GDPR. This period may be extended by two (2) further months where necessary, taking into account the complexity and number of requests. We may request specific information from you to help us confirm your identity and process your request. If we reject any request you make (whether in whole or in part), we will let you know our grounds for doing so at the time, subject to any legal restrictions.

Right to lodge a complaint. If you are not satisfied with how we process your personal data or how we handle your request, you have the right to lodge a complaint with the competent data protection supervisory authority. For the Netherlands, this is the:

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
2594 AV Den Haag
Tel. +31 (0)70 888 8500
Website: https://autoriteitpersoonsgegevens.nl

For users located in other EEA member states, the contact information for the data protection regulator in your country can be found here: https://edpb.europa.eu/about-edpb/board/members_en

Your choices

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.

Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Cookies. For information about cookies employed by the Service and how to control them, see our Cookie Notice. You can manage your cookie preferences at any time through our cookie consent tool.

Blocking images/clear gifs. Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Mobile location data. You can disable our access to your device's precise geolocation in your mobile device settings.

Advertising choices. You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:

Browser settings. Changing your internet web browser settings to block third-party cookies.
Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies.
Platform settings. Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising. You may be able to exercise that option at the following websites:
- Google: https://adssettings.google.com/
- Facebook: https://www.facebook.com/about/ads
Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs:
- European Interactive Digital Advertising Alliance: https://www.youronlinechoices.eu/
- Network Advertising Initiative: https://thenai.org/opt-out/
- Digital Advertising Alliance: https://optout.aboutads.info/?c=2&lang=EN
Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

You will need to apply these opt-out settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Linked third-party platforms. If you choose to connect to the Service through a third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

Other sites and services

The Service may contain links to websites, mobile applications and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security

We employ appropriate technical and organizational measures designed to protect the personal information we collect, in accordance with Article 32 of the GDPR. These measures are designed to provide a level of security appropriate to the risk of processing your personal information. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the absolute security of your personal information. In the event of a personal data breach, we will comply with our notification obligations under Articles 33 and 34 of the GDPR.

Children

The Service is not intended for use by anyone under 16 years of age (in accordance with Article 8 of the GDPR and Article 8 of the UAVG, which sets the age of digital consent in the Netherlands at 16). If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. Where required by applicable law, we will also notify you of material changes by other appropriate means (e.g., by email or through a prominent notice on the Service). Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.

How to contact us

Redframe B.V. (trading as SideIQ)

Email: privacy@sideiq.com
Mail: Trekvaart 101, 8271 AC IJsselmuiden, the Netherlands
KVK-nummer: 95695559

Notice to United Kingdom users

The information provided in this section applies in addition to the rest of this Privacy Policy for individuals located in the United Kingdom.

Controller. Redframe B.V. (trading as SideIQ) is the controller in respect of the processing of your personal information covered by this Privacy Policy for purposes of the UK GDPR.

UK Representative. Pursuant to Article 27 of the UK GDPR, Redframe B.V. has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

by using EDPO's online request form: https://edpo.com/uk-gdpr-data-request
by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

Data transfers to the UK. Where we transfer personal data from the EEA to the UK, we rely on the European Commission's adequacy decision for the United Kingdom. Where we transfer personal data from the UK to countries outside the UK that are not covered by adequacy regulations, we use the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, as appropriate.

Supervisory authority. If you are located in the UK and are not satisfied with our response to a request or how we process your personal data, you can make a complaint to:

The Information Commissioner's Office
Water Lane, Wycliffe House
Wilmslow, Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/

Sensitive personal information

We ask that you not provide us with any special categories of personal data (as defined in Article 9 of the GDPR, including information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person's sex life or sexual orientation) on or through the Service, or otherwise to us. If you provide us with any such special category data, you must have a lawful basis for doing so. If you do not consent to our processing and use of such data, you must not submit it through our Service.

Automated decision-making

As part of the Service, we do not engage in automated decision-making and/or profiling which produces legal or similarly significant effects as described in Article 22 of the GDPR.