Last updated: October, 2023

Applicability of Privacy Statement

This is the Privacy Statement of Virtual Vaults Nederland B.V. which applies to the websites within the domain (hereinafter jointly referred to as: “Websites”) and the services on the Virtual Vaults software-as-a-service platform (hereinafter "Services"). This statement provides you, as a user of the Websites and Services, insight into what data of yours Virtual Vaults processes during your visit to these web pages, the purposes for which Virtual Vaults processes the data and the way in which the data is processed.

This Privacy Statement does not apply to the processing of your personal data when using the Service by or on behalf of Virtual Vaults customers. For information regarding the processing of your personal data by customers using the Virtual Vaults services, please refer to the organization on behalf of which you have gained access to the Service.

To the extent there are links on our Websites to third-party websites, after clicking the aforementioned links you will be redirected to the website of the respective third-party (hereinafter: “Third-Party Websites”). The use of such Third-Party Websites is subject to the Privacy Statement of the respective third party. You should read the Privacy Statement of these third parties in order to gain insight into how this party handles your personal data. Virtual Vaults is not responsible for the information that is provided, processed or collected by third parties during the visits of these Third-Party Websites.

What personal data does Virtual Vaults collect, receive and use, and from whom?

Personal data is any information that, directly or indirectly, can be traced to you as a person. Personal data that Virtual Vaults processes include; name, address, email address, telephone number or for example a person’s job title. Virtual Vaults does not know what personal data is uploaded by its customers to its Services. Virtual Vaults does not verify this and considers this the responsibility of its customers.

Virtual Vaults processes personal data of people with whom it has, has had or seeks to have a direct or indirect relationship. Examples include existing or potential customers and their representatives, individuals associated with a company or organization with which Virtual Vaults has a relationship, individuals mentioned in documents Virtual Vaults customers upload to the Service, or visitors to the Websites.

Below is a description of each type of processing, the basis for processing and the applicable retention period.

Use of our services

Description and scope of data processing.

When you wish to use our services, we process the data you provide with the purpose of entering into an agreement and concluding a contract between you and us. To use our services, registration on our website is also required, which involves your (company) email address, first name, last name, and a password. You may also voluntarily provide your company and job title. For payment of the agreed price, we require your payment details. Your bank details are necessary because we collect the payable amount through automatic debit. The payment data is transmitted to our authorized payment provider. Without providing this information, we cannot execute the agreement. We do not have control over the content you upload to our platform. This content may include personal data. It is the customer's responsibility to ensure that they can lawfully process personal data on our platform.

Purpose and legal basis for processing.

The purpose of processing is the execution and handling of the agreement with you, our customer. In individual cases, data processing may result from legal requirements. These legal obligations may include compliance with retention and identification requirements, tax audit notifications, reporting obligations, and data processing in response to requests from authorities. Data processing may take place in the pursuit of our legitimate interests. It may be necessary to further process the personal data you provide beyond the actual execution of the agreement to improve our services. If you participate in a contract offer we provide using a digital signature (e.g., DocuSign), we process your data, including your email address, IP address, and the time at which you edited, released, viewed, or digitally signed the respective contract document, each with a timestamp. Our legitimate interest is an efficient and swift digital handling of the contract signing process, as well as the associated recording of the signing process for evidentiary purposes.

Retention period

We retain your personal data for as long as necessary to achieve the purposes mentioned above.

Questions and requests

When Virtual Vaults receives email or other communication from you with any questions or requests addressed to Virtual Vaults, these messages will be used as long as needed to: a. process your questions/respond to your requests (user communications); and b. on the basis of our justified interest to be able to show that and how your request was responded to. Should you have a complaint about how your request was handled, Virtual Vaults may ask the Personal Data Authority to show how these requests were handled. 

Retention period

The personal data in your message and the response to this (in the previous subparagraph) is stored for up to 5 years and after that, the personal data will be deleted. If the data has been anonymised, the data may be retained by Virtual Vaults for a longer period of time. Anonymised means that the data has been cleaned of elements that allow the data to be traced back to you.

Newsletters, white papers and other data sheets

If you wish to download whitepapers or other information from the Websites, Virtual Vaults may ask for your name and email address in order to send you the respective information. In order to also inquire about information about relevant products and services of Virtual Vaults by phone or email, some additional information, such as your phone number, gender, organization and job title, may be asked. If you have given your consent to Virtual Vaults to receive a newsletter, your name and email address will be used to send it. Each newsletter that you receive gives you the opportunity to unsubscribe from the newsletter.

Retention period

If you have successfully unsubscribed from a newsletter, Virtual Vaults will remove your personal data (name and email address) - collected for sending the newsletter. If the data has been anonymised, the data may be retained by Virtual Vaults for a longer period of time.

Market research and marketing

Virtual Vaults performs (desktop) research and, in this context, may gather (additional) information about you that can be found about your business identity and is industry related. For example, information that can be found about you via public online sources. These include social media channels such as LinkedIn, Twitter and (deal information), but also public lists of, for example, fast-growing companies or guest lists of events attended by Virtual Vaults. Virtual Vaults may also use the information it receives from you when you become a user of one of the Services. Virtual Vaults collects all this data on the basis of its legitimate interest to develop direct marketing activities.


The data will be updated periodically, and the obsolete data will be removed. Virtual Vaults stores this data no longer than five years after the last contact.

Personal data in content of Virtual Vaults customers

The content that Virtual Vaults customers upload to the Services sometimes includes personal data. Virtual Vaults does not see or verify this. If you have questions about this, please contact the customer.

Retention period

Within sixty days after the termination of a Service, the content will be deleted from the active systems. Within ninety days after the termination of a Service, the Content will be deleted from the backup systems.


In order to enable you as a user of the Websites to use the full functionality of the Websites and to analyse the use of and navigation within the Websites and to display relevant advertisements, Virtual Vaults installs small amounts of information (cookies or similar technologies) on the peripheral devices used by its users (such as a laptop, tablet, phone) or Virtual Vaults reads the information as located in the browser settings on the peripheral devices of its users.

Read our Cookie Statement for more information about the cookies we use.

Recipients of personal data

Within Virtual Vaults, only those departments or individuals have access to your personal data who require it to fulfill our contractual and legal obligations. Your data is only shared with recipients outside of Virtual Vaults when it is legally permissible or required, when sharing personal data is necessary to fulfill the contract, or when you provide us with your consent. Categories of recipients in this case include:

• IT sector providers
• Customer management system providers
• Email marketing providers

Virtual Vaults shares personal data with third parties in the following cases:

• When processors of Virtual Vaults perform (part of) the services assigned to them. These third parties may only process the data at Virtual Vaults request, and process such data according to instructions of Virtual Vaults. The processors of Virtual Vaults can be found here.
• When Virtual Vaults in good faith believes that the granting of access, processing, use, or provision to competent courts, regulators, or other regulatory agencies of the data requested by them is necessary to comply with applicable laws and regulations, is necessary for the context of judicial proceedings or to comply with an enforceable request from the respective regulatory authority;
• When Virtual Vaults believes in good faith that accessing, processing, using or providing to external IT experts and/or security agencies the data requested by them is necessary for the legitimate interest of detecting, preventing or otherwise dealing with fraud, technical or security problems;
• When Virtual Vaults has received your prior express consent.

Transmission of personal data to a recipient from a third country or to an international organization

Your personal data may be transferred by Virtual Vaults to countries outside of the EU/EEA. Appropriate safeguards are considered with processors to which this applies. Virtual Vaults has often concluded Standard Contractual Clauses with them. The impact of processing outside the EEA is also considered.

You can receive more information regarding the aforementioned security measure taken by contacting Virtual Vaults. See below in this Privacy Statement for the relevant contact details.


Virtual Vaults will handle your personal data with the utmost care. Virtual Vaults takes appropriate security measures as protection against unauthorized access to or unauthorized modification, disclosure or destruction of data. This includes internal monitoring of the policies and security measures with respect to the collection, storing and processing of data, as well as physical security measures to protect against unauthorized access to systems on which Virtual Vaults stores personal data. Virtual Vaults processes personal data for the purposes for which it is collected and in accordance with this Privacy Statement.

Virtual Vaults is ISO 27001:2013 certified (information security management system). You can find out more about the security here.

Your rights

As a data subject, you have certain rights concerning your personal data that we process. These rights include:

1. Right to Access: You have the right to know which personal data we process about you and to request a copy of this data.
2. Right to Rectification: If your personal data is incorrect or incomplete, you have the right to request corrections.
3. Right to Erasure: You can request the deletion of your personal data if there is no legal reason for us to retain it.
4. Right to Restriction of Processing: In some cases, you can request that we limit the processing of your data, for instance, if you dispute the accuracy of the data.
5. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer this data to another data controller.
6. Right to Object: If we process your data based on legitimate interests or for direct marketing, you can object to this processing.
7. Right to Withdraw Consent: If the processing is based on your consent, you can withdraw that consent at any time.

To exercise these rights or for any questions concerning your personal data, you can contact us using the contact information provided in this policy. Please note that there may be certain legal exceptions and conditions regarding these rights. We will make reasonable and good faith efforts to comply with your requests in accordance with applicable data protection legislation.

Handling of the request

If Virtual Vaults receives a request from you, Virtual Vaults may ask you to identify yourself before Virtual Vaults will answer and process the request. Virtual Vaults does this to prevent someone pretending to be you from accessing your personal data or having it changed. Virtual Vaults will process your request within the time limits as set out in the GDPR.

You can submit a as described hereabove, in writing by email or by post. The contact information of Virtual Vaults can be found under the header “Questions and complaints procedure”.

Virtual Vaults will not charge you for answering your requests under the GDPR. Nor for the further processing thereof.

Questions and complaints procedure

Should you have any questions or have a complaint regarding the processing of your personal data by Virtual Vaults, you can report these at no charge and easily to Virtual Vaults, in the following manner:

• By email:
• By post: Virtual Vaults Nederland B.V., K.P. van der Mandelelaan 60, 3062 MB, Rotterdam, The Netherlands

The Virtual Vaults Security Officer can be reached at the email

[Dutch] Data Protection Authority

If you do not agree with Virtual Vaults response, then you may submit a complaint to the competent Personal Data Authority of the Member State in which you live. In the Netherlands, this is the Data Protection Authority. You can submit a complaint on the website of the Data Protection Authority in Dutch only. You can reach the Data Protection Authority via phone number in English: (+31) - (0) 70 - 888 85 00.

New developments and changes to the Privacy Statement

This Privacy Statement may be updated from time to time, for example to bring it in line with the laws and regulations that are applicable at that time. If this Privacy Statement is amended, then this will be communicated to you. This Privacy Statement is dated October 2023.