Privacy Policy XClick bv processes personal data according to the General Data Protection Regulation (GDPR) in order to enter into a Data Processing Agreement.
This processing agreement is included in the Privacy Policy. XClick bv is the ‘processor’ and the customer is the ‘controller’. XClick bv and the customer mutually commit to comply with the GDPR. Definitions follow the GDPR. XClick bv will only process personal data on behalf of and under instructions from the customer and to execute the agreement.

Processing Instructions The processing consists of providing the instntly software with the data entered and generated by the customer. XClick bv will not add, modify, or delete any data without the customer’s instruction via email to hello@instntly.ai.
In the customer’s personal instntly environment, different types of personal data can be recorded. XClick bv is aware that the customer can enter all these and possibly additional personal data or categories, which XClick bv will process by storing, backing up, processing for login, sending subscription invoices, etc. The customer is responsible for assessing whether the purpose and nature of the processing fit the services provided by XClick bv regarding the instntly software.
XClick bv collects anonymized data about the use of its products and services. This data helps XClick bv to understand if, how, and how often certain parts of the product are used. The anonymized data will only be used to improve products and services. XClick bv will never use collected user statistics for commercial purposes or share them with third parties.

Data Collection The instntly website and application use cookies to store small pieces of information on your computer. These are statistical data by instntly.ai (csrftoken, django_language) and a session ID to track login. When using the instntly software, the following data are stored in local storage, session storage, or cookies: instntly.ai, sidebar, tinymce-autosave-, tinymce-custom-colors-forecolor, tinymce-custom-colors-hilitecolor, and tinymce-url-history.

All visitors to the instntly websites are anonymously included in usage statistics via instntly.ai analytics.

Confidentiality XClick bv is aware that the information the customer shares and stores within their instntly environment is confidential and business sensitive. All XClick bv employees are contractually obligated to keep any customer data strictly confidential.

Employees with access to customer data Only instntly system administrators have full access to customer data for:

• * deploying a new version
• * applying patches and hotfixes
• * making backups
• * importing data upon explicit customer request

Support staff only have access to customer data if they have received permission from the customer and for as long as that permission is granted. This permission is sometimes essential to resolve specific issues. The customer is responsible for granting this access via the ‘GDPR’ tab under ‘Company Settings’ in their instntly account. This access can be revoked at any time.
For follow-up of a customer-reported support request, communication with the customer about this is also retained.

Security XClick bv continuously takes appropriate technical and organizational measures to secure the customer’s personal data against loss or any form of unlawful processing.
The connection between the subscriber’s (customer’s) computer and the instntly servers is secured with a 256-bit encryption certificate issued by Render.
Data entered by the subscriber (customer) in their instntly environment is always secured with the account name and password. An additional security layer of two-factor authentication via an authentication app can be activated by the customer. User passwords are stored securely in encrypted form. No one can view personal passwords within instntly.

Sub-processors XClick bv processes customer data in Render’s data centers (Frankfurt), which is a subprocessor. The physical servers used by XClick bv are located in Frankfurt and comply with strict European laws regarding logical and physical access security and continuity. The data centers are at least ISO 27001 certified. The personal data are only processed by XClick bv and subprocessors within the European Economic Area. XClick bv imposes the same obligations on subprocessors as on itself. Render does not have access to the actual data on these servers.

Connections with Third-Party Service Providers Software applications
By activating available integrations with other software applications, instntly may share data with third-party service providers as part of these integrations.
The customer chooses which integrations to activate and is therefore responsible for the relationship between their instntly environment and the access granted through the chosen integration. The customer will make the necessary agreements with the third parties offering these integrations.

External Users The customer has the option to grant external users access to the instntly environment from their own account. The customer is responsible for this granted access and must ensure compliance with the GDPR regarding this access.
If a user, for example, grants their accountant access to the instntly environment, there must be a GDPR-compliant agreement between the customer and the accountant clearly stating the rights and obligations of both parties.
XClick bv can never be held liable for actions of external users added to an instntly customer’s account.

Privacy Rights XClick bv has no control over the personal data provided by the customer. Without necessity, given the nature of the customer’s assignment, explicit customer consent, or legal obligation, XClick bv will not disclose data to third parties or process it for purposes other than those agreed. The customer guarantees that the personal data may be processed based on a legal ground mentioned in the GDPR.

Data Breach Notification The GDPR requires that any data breaches be reported to the Data Protection Authority by the data controller. Therefore, XClick bv will not make any reports to the Belgian Data Protection Authority (GBA). Of course, XClick bv will inform the customer accurately, timely, and fully about relevant incidents so that the customer, as the data controller, can comply with its legal obligations. More information
If the customer reports a (preliminary) breach to the GBA and/or the affected parties without informing XClick bv, the customer is liable for any damages and costs incurred by XClick bv due to this report. If it turns out that no breach occurred at XClick bv, the customer must immediately withdraw the report.

Notification to the Customer If it appears that there is a security incident or data breach at XClick bv, XClick bv will inform the customer as soon as possible after becoming aware of the breach. If a subprocessor of XClick bv experiences a data breach, XClick bv will of course also notify the customer.

Data Deletion Upon termination of the agreement, XClick bv will delete all customer data as described in the General Terms and Conditions under ‘Termination of the Agreement’. If the customer wants data deleted earlier, a simple request can be sent to hello@instntly.ai.
Data entered by the subscriber or customer in instntly is portable in one or more formats.