Products
Products
Open-source Technology
Solutions
Resources
Company
Guardsquare Privacy Policy
Guardsquare ("we," "our," or "us") is committed to protecting your privacy. This privacy policy (“Privacy Policy”) regulates how we collect, use, disclose, and safeguard your personal data or personal information when you visit our website, guardsquare.com (the “Website”), use our services (the “Services”), or interact with us in other ways. Data processing is handled by Guardsquare NV, located at Tervuursevest 362/1, 3000 Leuven, Belgium, and registered with the CBE (Crossroads Bank for Enterprises) under number BE0550.675.829.
This Privacy Policy applies to all personal data collected through our Website, Services, or any other interactions with us. By using our Website and/or our Services, you acknowledge that you have carefully read this Privacy Policy and unreservedly agree with it.
While using the Website, you may encounter links to third-party websites. Please be advised that such third-party websites are independent sites, and we assume no responsibility or liability whatsoever regarding privacy matters or any other legal matter with respect to such sites. We encourage you to carefully read the privacy policies and the terms of use or service of such websites.
We comply with relevant data protection laws, including the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), and utilize the Data Privacy Framework (DPF) for service providers that are certified under this mechanism or Standard Contractual Clauses (SCCs) for international data transfers to ensure that personal data is protected when exported outside the European Economic Area (EEA) to countries that are not recognized by the European Commission to offer adequate personal data protection.
Changes to This Privacy Policy
We may update this Privacy Policy occasionally; therefore, please revisit this page frequently. Any changes will be posted on this page with an updated effective date. This Privacy Policy was last updated on 12 December 2024.
We collect various types of information based on your interactions with our Website and Services:
This Privacy Policy applies to the extent the above listed data constitute personal data (or personal information), defined as data about an identified or identifiable natural person.
We process your personal data based on the following legal grounds and for these purposes:
Data Minimization and Retention: We are committed to data minimization, meaning that we collect and process only the personal data necessary to fulfill the specific purposes outlined in this Privacy Policy. Your personal data will be processed only for as long as necessary to achieve those purposes or until you withdraw your consent. If you have registered on our Website and later remove your profile, we will delete your personal data unless statutory or regulatory obligations require us to retain it.
Please do not provide us with any sensitive information, such as (non-exhaustive list) health information, information pertaining to criminal convictions, or credit card/account numbers.
To the extent that you provide us with any personal data in connection with any third party, you are solely responsible for receiving and hereby represent and undertake to have received the consent, authority, permission, and approval of such person and to have provided them with sufficient disclosures, to allow the use of such personal data, and to allow us to access, store, collect, and process such personal data as detailed herein.
We may share your personal data under the following circumstances:
We may share your data with our affiliates and third-party vendors who assist in providing our Services. These external processors only process your personal data on our behalf, and we carefully select them to ensure the security and integrity of your personal information.
Your data may be shared with public authorities or law enforcement agencies when required by law or if requested to make such a disclosure by a court or to protect your rights and interests, ours, or those of another individual. This will only be done to the extent necessary and in compliance with applicable laws.
In the context of a merger, sale of company assets, or acquisition, your data may be transferred to the acquiring or merging entity, including transfers outside the European Economic Area (EEA) where applicable.
We may transmit anonymized or aggregated data to third parties for purposes such as improving products and services, as well as organizing targeted marketing or sales activities. This data cannot be used to identify you.
We may share your personal data in additional manners with your explicit consent.
We process personal data both within and outside the European Economic Area (EEA). Our product infrastructure is securely hosted in the European Union (EU) on the Google Cloud Platform (GCP). However, some of our product sub-processors may process data outside the European Economic Area (EEA). Please refer to our Data Processing Agreement (DPA) for detailed information.
For data transfers to countries outside the EEA, including the United States, we rely on the Data Privacy Framework (DPF) for service providers certified under this mechanism, ensuring that your personal data receives the same level of protection as within the EEA. For other service providers not certified under the DPF, we rely on adequacy decisions and Standard Contractual Clauses (SCCs) in conjunction with Transfer Impact Assessments (TIA) to assess and mitigate potential risks. These legal mechanisms ensure the security and integrity of your personal data when processed outside the EEA, meeting GDPR compliance standards.
When personal data or anonymized/aggregated data is transferred outside the EEA, the following protection mechanisms are applied:
Tool/Service |
Purpose |
Data Processed |
Country (outside EEA) |
Protection Mechanism |
Google Analytics 4 |
Website Analytics and Tracking |
Geographic metadata (based on IP address), User behavior, Device information, Cookies |
USA |
Standard Contractual Clauses (SCCs) + Transfer Impact Assessment (TIA) |
HubSpot |
Marketing and CRM |
Name, Email, Geographic metadata (based on IP address), User behavior, Contact details, Analytics, Device information |
USA |
Data Privacy Framework (DPF) |
LinkedIn Navigator |
Sales and Lead Generation |
Name, Email, Job Title, Professional Data |
USA |
DPF |
LinkedIn Recruiter |
Recruitment |
Name, Email, Job Title, Professional Data |
USA |
DPF |
SalesLoft |
Sales Engagement |
Name, Email, Phone Number, User Activity, Communication History |
USA |
DPF |
Greenhouse |
Recruitment and hiring process management |
Personal data related to job applicants (e.g., name, contact details, CVs, application information) |
USA |
DPF |
Twitter / X |
Social Media |
Aggregated engagement data (clicks, impressions) |
USA |
DPF |
|
Social Media and Advertising |
Aggregated engagement data (clicks, impressions) |
USA |
DPF |
|
Social Media |
Aggregated engagement data (clicks, impressions) |
USA |
DPF |
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. If you request the deletion of your data, we will comply unless statutory or regulatory obligations require us to retain it.
Under the GDPR and the Data Privacy Framework, you have the following rights:
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We take data security seriously and have implemented technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security audits. Please visit our Security Standards page for more detailed information on our security practices.
We use cookies and similar technologies to enhance your experience on our website. For more information on how we use cookies, please refer to our Cookie Policy.
If you have any concerns or complaints regarding our adherence to applicable data protection law, please contact us. We are committed to resolving disputes in a timely manner.
For GDPR-related complaints, you have the right to lodge a complaint with your local data protection authority. Since Guardsquare is headquartered in Belgium, you may contact the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit):
Belgian Data Protection Authority
Rue de la Presse 35, 1000 Brussels
Phone: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: www.dataprotectionauthority.be
Contact details for data protection authorities in the EEA are available here.
If a complaint cannot be resolved through our internal processes, we will comply with the dispute resolution procedures established under GDPR.
If you have any questions about this Privacy Policy or want to exercise your rights under the GDPR, please contact us with the specific right you wish to exercise (e.g., access, rectification, erasure, data portability). We may need to verify your identity before processing your request. If your request is valid, we will respond as quickly as reasonably possible and no later than 30 days from the date of your request.