Privacy Policy

1. Introduction

Woozle B.V. ("we", "us", or "our") operates the Availys platform, accessible at www.availys.nl. We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR), the Dutch Uitvoeringswet AVG, and all other applicable privacy legislation.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, with whom we share it, and what rights you have. Please read it carefully before using our platform.

If you have any questions, contact us at:

• Woozle B.V.
• Email: info@availys.nl
• Website: www.availys.nl
• Country of establishment: the Netherlands

2. Who We Are

Woozle B.V. is the data controller for personal data collected through the Availys platform. We determine the purposes and means of processing your personal data as described in this policy.

Where we process data on behalf of our business customers (for example when a customer's employees use Availys), we act as data processor for those customers, who are the data controllers. In such cases, our data processing activities are governed by a Data Processing Agreement (DPA) with the relevant customer.

3. What Data We Collect

3.1 Account & Identity Data

When you register for an account or are invited to the platform by your organisation, we collect:

• Full name
• Email address
• Job title or role
• Organisation name
• Profile photo (if provided)
• Authentication credentials (managed via Clerk, our authentication provider)

3.2 Usage & Planning Data

As you use the platform, we collect data relating to:

• Assignments, projects, and forecasts you create or are assigned to
• Working hours, capacity settings, and availability
• Project status updates and changes
• Scenario planning data
• Actions and changes made within the platform (audit logs)

3.3 Billing & Payment Data

Payment processing on Availys is handled by Mollie B.V., a licensed payment service provider. We do not store your full payment card details. We do collect and store:

• Billing name and address
• Invoice history and payment status
• Subscription plan and billing cycle

Mollie's own privacy policy applies to data processed by them during payment. You can find it at mollie.com.

3.4 Technical & Device Data

When you access the platform we automatically collect:

• IP address
• Browser type and version
• Operating system
• Device type
• Pages visited and features used
• Timestamps of actions
• Error logs and crash reports

3.5 Communications Data

Transactional and notification emails are sent via Brevo (formerly Sendinblue). We retain records of emails sent to your address, including delivery status. Brevo's own privacy policy applies to data processed by them.

4. How We Use Your Data

We process your personal data on the following legal bases and for the following purposes:

4.1 Performance of a Contract (Article 6(1)(b) GDPR)

• Creating and managing your account
• Delivering the platform features and services you have subscribed to
• Processing payments and issuing invoices
• Providing customer support

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

• Improving and developing platform features based on usage patterns
• Ensuring the security and integrity of the platform
• Detecting and preventing fraud or misuse
• Maintaining audit logs for accountability
• Sending product update communications to existing customers

4.3 Legal Obligation (Article 6(1)(c) GDPR)

• Retaining financial records for the statutory period required under Dutch tax law (7 years)
• Responding to lawful requests from public authorities

4.4 Consent (Article 6(1)(a) GDPR)

• Sending marketing communications where you have explicitly opted in
• Setting non-essential cookies (see our Cookie Policy section)

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only with the following categories of recipients:

5.1 Sub-processors

We use the following third-party service providers who process personal data on our behalf:

• Clerk — user authentication and identity management (United States, with EU Standard Contractual Clauses)
• Mollie B.V. — payment processing (Netherlands, EU)
• Brevo (Sendinblue SAS) — transactional email (France, EU)
• Vercel Inc. — platform hosting and infrastructure (United States, with EU Standard Contractual Clauses)

We have Data Processing Agreements in place with each of these providers. A current list of sub-processors is available on request.

5.2 Your Organisation

If you access Availys through an organisation account, your profile data, assignments, and activity within that organisation's workspace are visible to authorised administrators of that organisation.

5.3 Legal Requirements

We may disclose your data if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of Woozle, our users, or the public.

6. International Data Transfers

Some of our sub-processors are based outside the European Economic Area (EEA), in particular Clerk and Vercel, who are based in the United States. Transfers to these providers are safeguarded by:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission
• Supplementary technical and organisational measures where required

You can request a copy of the applicable transfer safeguards by contacting us at the details above.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, subject to the following:

• Account data: retained for the duration of your subscription plus 12 months after termination, unless a longer period is required by law
• Financial and billing records: retained for 7 years in accordance with Dutch fiscal law
• Usage and audit logs: retained for 12 months
• Email communication logs: retained for 24 months

When data is no longer needed, it is securely deleted or anonymised.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — ask us to delete your data, subject to legal obligations
• Right to restriction — ask us to limit how we process your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at info@availys.nl. We will respond within one month. Where requests are complex or numerous we may extend this by a further two months, and will notify you accordingly.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Cookies

Availys uses cookies and similar technologies to operate the platform and improve your experience. We use:

• Strictly necessary cookies — required for the platform to function (authentication sessions, security tokens). No consent required.
• Functional cookies — remember your preferences and settings
• Analytics cookies — understand how the platform is used (only with your consent)

You can manage cookie preferences via the cookie banner shown on first visit, or by adjusting your browser settings. Note that disabling strictly necessary cookies may prevent the platform from functioning correctly.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include:

• Data encrypted in transit (TLS/HTTPS) and at rest
• Access controls limiting data access to authorised personnel only
• Regular security assessments
• Incident response procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected users without undue delay.

11. Children's Privacy

Availys is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or via a prominent notice on the platform before the changes take effect. The date at the top of this document indicates when it was last revised. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.