Privacy Policy RecensioAI

1. Who are we?

This privacy policy applies to the processing of personal data by:

RecensioAI B.V.
Trade name: RecensioAI
Registered office: De Nieuwe Erven 3, unit 14563, 5431 NV Cuijk, Netherlands
Email: support@recensioai.com
Phone: +31 97010251873
Chamber of Commerce number: 42028360
VAT identification number:  

In this privacy policy, we use the terms "RecensioAI", "wij", "ons" or "onze".

2. When is RecensioAI a data controller and when a processor?

Depending on the situation, RecensioAI may act as:

a. Data Controller

We are the data controller for personal data that we process for our own purposes, such as:

• creating and managing accounts,
• billing and administration,
• customer service and support,
• security, monitoring and fraud prevention,
• communication with customers and prospects,
• improving our platform,
• marketing communications, where permitted,
• website usage, cookies and analytics.

b. Data Processor

In some cases, we process personal data on behalf of our customers. This applies, for example, when our customers use RecensioAI to:

• send review requests,
• upload customer data,
• collect feedback,
• centralize reviews,
• have review responses drafted,
• use reports or flows for their own customers or visitors.

In those situations, our customer determines the purpose of the processing and RecensioAI acts as a processor, unless expressly stated otherwise.

3. To whom does this privacy policy apply?

This privacy policy applies to:

• visitors to our website,
• persons who contact us,
• customers and users of our platform,
• representatives and contact persons of customers,
• persons whose data is processed through our customers on the platform,
• persons whose public review data is visible within the platform through linked review platforms.

4. What personal data do we process?

Depending on the situation, we may process the following personal data:

a. Data from website visitors

• IP address
• browser and device data
• cookie data
• language settings
• usage and click behavior on the website
• form submissions

b. Data from customers and account users

• name
• company name
• email address
• phone number
• billing details
• payment status and subscription details
• login and account details
• communication with support
• settings and preferences on the platform

c. Data of end customers or data subjects of our customers

Depending on what our customer processes or links, this may include:

• name
• email address
• phone number
• review content
• Feedback
• responses to review requests
• rating scores
• metadata related to sent requests
• data that our customer imports or has processed through integrations

d. Data from review platforms and external integrations

When a customer links review platforms, we may receive or retrieve data from, for example:

• Google
• Facebook
• Trustpilot
• TripAdvisor
• Booking.com
• Yelp
• Airbnb
• Expedia
• other linked review or communication platforms

This may include:

• public review texts
• review score
• date and time of the review
• username or profile name as visible on the external platform
• responses to reviews
• metadata of linked locations or business profiles

e. AI and automation data

If AI functionalities are enabled, review texts, feedback, contextual data and draft responses may be processed to generate automatic replies, analyses or recommendations.

5. How do we obtain personal data?

We obtain personal data in various ways:

• directly from you, for example through the website, contact forms, demo requests, support requests or account registration;
• through our customers, when they upload, import or have data processed through the platform;
• through linked review platforms and external integrations;
• automatically through cookies, log files, analytics and use of the website or platform;
• through payment providers, communication providers or other service providers necessary for providing our services.

When personal data is not obtained directly from the data subject, this usually happens through our customer or through a link activated by our customer. In that case, our customer is generally responsible for informing data subjects, unless the law or the actual role distribution dictates otherwise.

6. For what purposes do we process personal data and on what basis?

We only process personal data for specific purposes and on the basis of a valid legal ground.

a. Account management and service delivery

We process personal data to:

• create accounts,
• provide access to the platform,
• manage subscriptions,
• make features available,
• provide support,
• perform onboarding.

Legal basis:performance of the contract and/or legitimate interest.

b. Billing, administration and payment processing

We process personal data for:

• invoicing,
• subscription costs,
• payment processing,
• bookkeeping,
• tax and administrative obligations.

Legal basis:performance of the contract and legal obligation.

c. Review requests, feedback flows and review management

We process personal data so that our customers can:

• send review requests,
• collect feedback,
• centralize reviews,
• view statistics and reports,
• use AI responses.

Legal basis:in most cases, processing on behalf of our customer. The customer is then responsible for a valid legal ground. RecensioAI processes this data on behalf of the customer.

d. Customer service, support and communication

We process personal data for:

• answering questions,
• support via email, WhatsApp or phone,
• following up on tickets,
• feedback on accounts or issues.

Legal basis:performance of the contract and legitimate interest.

e. Security, fraud prevention and monitoring

We process personal data for:

• security of our systems,
• monitoring of performance and disruptions,
• detection of abuse, fraud or unauthorized access,
• audit and logging purposes.

Legal basis:legitimate interest and, where necessary, legal obligation.

f. Platform improvement

We use personal data and usage data to:

• improve performance,
• fix bugs,
• develop functionalities,
• optimize user experience.

Legal basis:legitimate interest.

g. Marketing and newsletters

We may use personal data for:

• sending updates,
• tips, newsletters or product information,
• following up on demo or contact requests.

Legal basis:consent or legitimate interest, depending on the situation and applicable rules.

h. Compliance with laws and regulations

We may process personal data to comply with:

• tax obligations,
• administrative obligations,
• requests from competent authorities,
• other legal obligations.

Legal basis:legal obligation.

7. AI functionalities

RecensioAI may use AI for, among other things:

• generating draft responses to reviews,
• analyzing feedback,
• structuring review or reputation data,
• making suggestions or recommendations.

In this regard:

• AI output may be incorrect, incomplete or inappropriate;
• customers remain responsible for reviewing, adjusting and publishing AI-generated output, unless expressly agreed otherwise;
• we do not use AI to make fully automated decisions with legal effects or similarly significant consequences for data subjects, unless this is expressly and lawfully arranged and communicated otherwise.

If necessary, review texts, feedback or contextual data may be shared with AI service providers acting as our processor or sub-processor.

8. With whom do we share personal data?

We do not sell personal data.

We may share personal data with:

a. Service providers and processors

Such as:

• hosting and cloud providers
• email providers
• SMS and communication providers
• WhatsApp or messaging providers
• payment providers
• support and helpdesk tools
• analytics providers
• AI service providers
• security and monitoring providers

b. Customer-activated integrations

When a customer activates a link with a review platform or other external service, personal data may be exchanged with that external party.

c. Government bodies or competent authorities

If we are legally required to do so or if it is necessary for the protection of our rights or the security of our platform.

d. Legal successors or parties involved in an acquisition

In case of merger, acquisition, restructuring or sale of (part of) our company, insofar as permitted by law.

9. Is personal data processed outside the EEA?

Our primary servers and hosting are located in Europa.

However, in certain cases personal data may be processed or accessible outside the European Economic Area (EEA), for example when we use certain external software providers, AI service providers, communication providers, support tools or other sub-processors, or when a customer-activated integration processes personal data outside the EEA.

When personal data is transferred outside the EEA, we ensure appropriate safeguards where necessary, such as:

• an adequacy decision of the European Commission, or
• Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where necessary with appropriate additional measures.

10. How long do we retain personal data?

We do not retain personal data longer than necessary for the purpose for which they were collected, unless we are required to retain them longer by law or a legitimate interest.

In general, we apply the following retention periods:

• account and customer data: as long as the account is active and thereafter for a maximum of 24 months, unless longer is needed for administration, evidence or disputes;
• invoice and administrative data: as long as legally required, typically 7 years;
• support communications: in principle, a maximum of 24 months after completion, unless longer is needed for file building or disputes;
• website and analytics data: according to relevant cookie and analytics settings, or shorter if technically necessary;
• data we process on behalf of customers: according to customer instructions and/or contractual agreements, and in principle deleted or anonymized after termination of the agreement, unless a legal retention obligation applies;
• Backups: may temporarily still contain personal data until the relevant backup cycle is overwritten.

We periodically review retention periods and delete or anonymize data as soon as reasonably possible.

11. Cookies and similar technologies

We use cookies and similar techniques on our website and possibly also in parts of our platform.

These may be used for:

• proper functioning of the website,
• security,
• preferences and language settings,
• analytics and usage statistics,
• marketing or tracking, if applicable and permitted.

For more information, please refer to our cookie policy. Where legally required, we ask for consent in advance for non-essential cookies.

12. Security

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, unwanted disclosure and unlawful processing.

Measures used may include:

• role-based access restriction,
• encryption where appropriate,
• logging and monitoring,
• backup and recovery procedures,
• secure connections,
• vendor management,
• internal procedures for incidents and data breaches.

However, no system is completely secure. Therefore, we cannot guarantee absolute security.

13. Your rights

As a data subject, you have, insofar as legally applicable, the right to:

• access your personal data,
• rectification of inaccurate data,
• erasure of data,
• restriction of processing,
• objection to processing,
• data portability,
• withdrawal of previously given consent,
• filing a complaint with a supervisory authority.

You can submit a request via support@recensioai.com.

We may request additional information to verify your identity before responding to a request.

We will respond to your request in principle within one month. If your request is complex or if we receive many requests, we may extend this period as the GDPR allows, provided we inform you in a timely manner.

14. Complaints

If you have complaints about how we handle personal data, we first ask you to contact us at support@recensioai.com.

You also have the right to file a complaint with a competent supervisory authority, such as:

• the Dutch Data Protection Authority in the Netherlands, or
• the competent privacy supervisory authority in the country where you live, work or where the alleged infringement took place.

15. Public reviews and external platforms

RecensioAI may display or process public reviews, scores, profile information or metadata when a customer links a review platform.

Important:

• the rules and privacy terms of the relevant review platform continue to apply;
• RecensioAI has no control over how external review platforms process personal data themselves;
• the fact that data is publicly visible on an external platform does not automatically mean that all further processing is unrestricted;
• customers remain responsible for the lawful use of linked integrations and data within their own business operations.

16. Minors

Our services are not aimed at children under 16. We do not knowingly collect personal data from children without valid consent or other legal basis. If we discover that such data has been unlawfully collected, we will take appropriate measures.

17. Changes to this privacy policy

We may update this privacy policy from time to time, for example in case of:

• changes in laws and regulations,
• changes in our services or integrations,
• changes in the way we process personal data.

The most current version will always be published on our website. In case of significant changes, we will communicate this additionally where appropriate.

18. Contact

For questions about this privacy policy or about the processing of personal data, you can contact:

RecensioAI B.V.
De Nieuwe Erven 3, unit 14563
5431 NV Cuijk
Netherlands
Email: support@recensioai.com
Phone: +31 97010251873
Chamber of Commerce number: 42028360
VAT identification number: