V2.0 TriFact365 Privacy Statement
Effective Date: 1 August 2026
At TriFact365, we process personal data. In this privacy statement, we explain what data we process, why, for how long, and what rights you have.
Our Privacy Statement at a Glance
We define our processing purposes and legal bases before we process your personal data.
We process as little personal data as possible—only what is necessary for the purpose.
We explicitly request consent when required.
We secure your data and require our subprocessors to do the same.
You have rights—including the right to access, rectify, and erase your data, among others—and you can withdraw your consent at any time.
1. Who is TriFact365
TriFact365 provides business software and is the data controller for the personal data described in this statement. For privacy questions and our contact information, please visit our contact page.
2. Legal Framework
We process personal data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR).
3. When Does This Statement Apply
This statement applies to data for which TriFact365 itself is the data controller. For data that you, as a Customer, enter into our Software (Customer Data), we act as the data processor, and the terms set forth in our General Terms and Conditions and our Data Processing Agreement apply.
This privacy statement applies to:
our website (https://www.trifact365.com)
your use of the TriFact365 Software—your account, subscription, and usage data (SaaS portal and mobile app for Android and iOS)
our marketing activities (newsletters, webinars, advertisements)
job application processes (working at TriFact365)
4. What Data We Process and Why
The tables below list, for each processing activity: the purpose, the personal data we use for that purpose, and the legal basis. The legal basis determines the legal grounds on which we are permitted to process your data.
4.1 Website
When you visit our website or fill out a form, we process:
Appointment scheduling is handled through Microsoft Bookings. We use Microsoft Teams for participating in meetings. For webinars, we redirect you to YouTube after registration; there, YouTube processes data in accordance with its own privacy policy. Data from forms and appointment bookings is stored in our CRM system for follow-up by Marketing and Sales. Entering into a Subscription (trial or paid) is governed by our General Terms and Conditions.
Without the requested data, we cannot provide the relevant service or follow-up; other data submissions (such as newsletters or contact forms) are voluntary. For processing based on consent, you may withdraw your consent at any time, for example via the unsubscribe link in a newsletter email.
4.2 Use of the Software and Customer Management
When you use the Software and throughout our customer relationship, we process:
When you first use the app, you consent to push notifications; you can change this preference at any time in your device’s or the app’s settings.
4.3 Working at TriFact365
When you apply for a job with us, we process your data to evaluate your application and prepare for a potential employment relationship:
If anything relevant emerges from the preliminary review, we will discuss it with you.
Special categories of personal data: We do not actively request special categories of personal data (such as data regarding health, religion, political opinions, or sex life or sexual orientation). If you include such information in your CV or cover letter without being asked, we will not consider it in our assessment and will delete it as soon as practically possible. We do not consider a passport photo on your CV to be a special category, unless we were to process it biometrically—which we do not do.
4.4 Our Legitimate Interests
When we rely on a legitimate interest, it involves one or more of the following interests:
commercial follow-up of prospects and direct customer acquisition
service development and customer communication
security, fraud prevention, and audit trail
assessing the suitability of job applicants using public sources
You may always object to processing based on a legitimate interest.
5. Source of Personal Data
We receive most personal data directly from you. In some cases, we receive data indirectly—for example, when an organisation adds additional users to its account, during job applicant screening via public sources, or through commercial information providers for lead generation.
6. How Long Do We Retain Your Personal Data
We do not retain personal data longer than necessary for the purposes for which we process it. If the law requires a longer retention period, we will comply with it. For data for which TriFact365 is the data controller, the following retention periods apply:
Website and appointment data: up to 24 months after the last contact
Newsletter subscribers: until you unsubscribe
Login and session data: duration of the session, plus a reasonable period for fraud prevention
Invoice and payment data: 7 years (tax retention requirement, Article 52 of the Dutch General Tax Act (AWR))
Security and log data: 12 months
Job application data: up to 4 weeks after the position is filled; with consent, one year longer. Upon employment, this data is transferred to the personnel file.
Registration and subscription data: for the duration of the Subscription and for an additional 90 days after termination. After that, this data is deleted within 30 days.
7. With Whom Do We Share Your Data
TriFact365 does not sell or trade personal data or Customer Data to third parties.
We only disclose your personal data to third parties:
because we have engaged them as subprocessors
because we have a legal basis for doing so (for example, a legitimate interest)
because we are legally required to do so (for example, at the request of a government agency)
The categories of subprocessors we work with:
hosting providers and cloud service providers
email and communication service providers
CRM provider
appointment management and booking system provider
video and online meeting providers
e-invoicing provider via the Peppol network
feedback and support platform
We enter into a data processing agreement with all parties that process personal data on our behalf, in accordance with Article 28 of the GDPR.
The specific subprocessors that process Customer Data on behalf of our Customers are listed on our Subprocessors page.
8. Processing in the EU
We process personal data within the European Union (EU) and the broader European Economic Area (EEA) as much as possible. When a subprocessor processes data (in part) outside the EEA, we ensure appropriate safeguards—such as an adequacy decision by the European Commission or the EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914)—supplemented by technical and organisational measures where necessary.
9. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
encryption of data during storage and transmission
access restrictions based on roles and a need-to-know basis
confidentiality obligations for employees
logging and monitoring of access
regular backups
An up-to-date overview of our security measures, certifications, and compliance information is available on our Trust Center.
10. Children
Our website and Software are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we discover that we have received data from someone under the age of 16, we will delete it as soon as possible.
11. Your Rights
Under the GDPR, you have the following rights:
Access — you have the right to know what data we hold about you
Rectification — you have the right to have inaccurate data corrected
Erasure — you may request that your data be deleted
Restriction of processing
Data portability — you have the right to receive your data in a commonly used format
Objection
Not to be subject to solely automated decision-making
Right to object based on legitimate interest: When processing is based on our legitimate interest, you may object to it at any time.
Automated decision-making: We do not make decisions based solely on automated processing that produce legal effects concerning you or significantly affect you.
To submit a request, please contact us via our contact page. We will generally respond within one month. In the case of a complex request or a large number of requests, we may extend this period by up to two months; we will inform you of the reason in a timely manner. We do not require a copy of your ID for identity verification; we follow the guidelines of the Dutch Data Protection Authority.
Additional rights under other legislation: If you reside in a jurisdiction outside the European Economic Area that provides additional privacy rights, you may submit a request to exercise those rights via our contact page. We will assess the request in accordance with applicable local law to the extent required by the applicable law of that jurisdiction.
12. Cookies
Our website uses cookies. On your first visit, we ask for your consent to use non-functional cookies via a cookie banner. You can find more information on our cookie page. You can adjust your cookie preferences directly via the cookie banner, which you’ll find in the bottom-left corner of our website.
13. Social Media Links
Our website and marketing materials may contain buttons or links to social media platforms such as LinkedIn, YouTube, Instagram, or X. When you click on such a button or link, you will leave our website and be redirected to the relevant platform. From that point on, that platform’s privacy policy applies.
14. Filing a Complaint
Do you have a complaint about how we handle your data? Please contact us first—we believe it’s important to resolve this together. If we cannot reach a resolution, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
15. Changes
We may update this privacy statement from time to time. We will publish any changes on this page with a new date.
End of Privacy Statement — v2.0
TriFact365 B.V.
Arnhemseweg 10, 3817 CH Amersfoort, The Netherlands | Chamber of Commerce No. 30262227 | VAT No. NL820778540B01