Last updated: December 2022
Zerocopter is committed to the security and privacy of its users. We want to make sure you, as a customer or researcher, understand what information we collect from you and why. Zerocopter treats your personal data and/or those of your business with the greatest possible care and confidentiality. We believe it is important to inform you of the manner in which your personal data is processed and secured by us.
In this privacy statement you can find more information on what personal data Zerocopter processes of you and/or your company, what Zerocopter uses this personal data for, on what legal grounds and for what purposes Zerocopter processes this personal data, when Zerocopter shares the personal data with third parties and when we deploy processors for the processing of the personal data, and what rights you have with regard to this personal data.
This privacy statement is applicable to:
In this privacy statement, the following definitions apply:
a. processor: a natural or legal person, a government institution, a services or other body who/which processes personal data for Zerocopter;
b. third party: any other besides: you, Zerocopter, a processor, or any person who is authorised to process personal data under the direct authority of the data controller or the processor;
c. you: the person whose personal data is processed by Zerocopter;
d. personal data: any data which regard you and can also be traced back to you, especially by way of an identifier such as a name, an identification number, location data, online identifier, or of one or more elements which are characteristic for your physical, physiological, genetic, psychological, economic, cultural, or social identity;
e. consent: any free, specific, informed and unequivocal expression of will by which, through a statement or an unequivocal active operation you accept the processing of your personal data;
f. provision of personal data: the disclosure or making available of personal data; and
g. processing of personal data: an act of processing or a whole of acts of processing regarding personal data or a whole of personal data, whether or not carried out through automatic procedures, such as the collecting, recording, ordering, structuring, storing, updating or modifying, requesting, perusing, using, providing by way of forwarding, distributing or making available in another manner, aligning or combining, shielding or destroying of data;
h. (Zerocopter) Service(s): the services offered by Zerocopter through the Application, which focus on the control of the security of your online information systems;
Zerocopter receives personal data from you in the following situations:
a. When you visit the Website;
b. When you contact Zerocopter, for example by email, by way of the registration form on the website, telephonically, or through social media, such as LinkedIn, Twitter or Facebook;
c. When you register for the Marketing of Zerocopter; and/or
a. Visit of Website
In case of a visit to the Website, our servers automatically store information, such as the URL, IP-address, browser type and language, date and time of the visit and your email address. For the rest, we would like to refer you to our cookie statement for more information which we collect on you during the use of the Website.
b. Contact with Zerocopter
When you contact Zerocopter, for instance with a request for information or advice on our Services, Zerocopter processes the personal data which you thereby transmit to us, such as the contact information provided by email, through the registration form on the Website, or by telephone, but also the information provided during an introductory conversation, or during an event which is organised by Zerocopter. We keep this information in our customer database, Hubspot. The email address, name and/or phone number provided by you, through the registration form on the Website or otherwise, will be used for providing information or advice as requested.We keep this information for two years after it has been stored there. The information will only be used for the purpose it was given to us.
c. Marketing (and unsubscribing)
Zerocopter makes use of newsletters, subscribers are sent newsletters with things (materials) which may be relevant for our (potential) customers and researchers, such as events, blog posts or customer cases. If you have agreed to receive the newsletter, you can always unsubscribe at a later date. You can do so by pressing the unsubscribe button in any marketing email from Zerocopter.
We make use of registration forms on the Website. We ask for your name, organisation, email address and phone number, so we can reach out to you. We keep your contact information in our customer database, Hubspot. We keep this information for two years after it has been stored there. The information will only be used for the purpose it was given to us.
a. Optimisation of the Website and provision of information
The information which the Website automatically stores and generates of you is used by us to further optimise the organisation of our Website and to improve information delivery. In addition, during the use of the Website cookies are placed on your computer, smartphone, or tablet. We would further like to refer you to our cookie statement for more information which we collect on you when using the Website.
b. Implementation of the agreement between you and Zerocopter
For the implementation of the agreement between you and Zerocopter, Zerocopter is required to process your personal data, such as your contact and invoicing information, and depending on the type of Service you purchase from Zerocopter, Zerocopter may process other personal data as well such as company name, company details, first name, last name, email address, phone number, function, country. Zerocopter uses this data for:
i. Maintaining contact with you if you request information from Zerocopter. Zerocopter processes the personal data provided to comply with that request and/or to answer your questions.
ii. Other purposes for the use of personal data. Such as audits and assessments.
The personal data is only processed if one of the following conditions (grounds) has been complied with:
a. you have given your consent for it;
b. it is necessary for the implementation of an agreement to which you are a party;
c. it is necessary to comply with a legal obligation which Zerocopter is subject to;
d. it is necessary to protect the vital interests of you or of another natural person (these grounds are not rare);
e. it is necessary to defend the legitimate interests of Zerocopter, for instance to protect the security or integrity of our “Service”, or a third party, except in the event that your interests or basic rights and fundamental freedoms outweigh the interests of Zerocopter and/or the third party.
The security of your personal data is our top priority. Our team consists of a great number of security experts who are constantly assessing and improving the manner in which we collect, process, and store your personal data.
Zerocopter has taken both organisational and technical measures to assure the security of our customers. Zerocopter constantly implements security measures for the processing of the personal data which, within the possibilities of current techniques, is sufficient to prevent unauthorised access, modification, publication, or loss of your personal data. The security measures taken by Zerocopter are based on ISO/IEC 27002 (2013) and the security guideline NCSC (2015). The most important (security) measures of Zerocopter are:
a. The data security policy, in which specific attention is also dedicated to data classification, the granting of access, and the control of vulnerabilities;
b. The appointment of a Data Protection Officer. The Data Protection Officer collaborates closely with the Head of Software Development. The Data Protection Officer and the Head of Software Development are responsible for, amongst other things, the attribution of authorisations for access to sensitive customer information, the securing of back-ups, the registration and handling of incidents and the monitoring of compliance with the security policy.
c. The screening of staff prior to possible employment. Furthermore, every five years a certificate of good behaviour is required from all collaborators. In addition, collaborators sign a non-disclosure statement. Code of conduct for the Zerocopter staff, in which specific attention is given to confidentiality and security. This document is reviewed and updated annually.
a. Having a policy for network protection. There is an internal network at the office; on this internal network sensitive information is handled. This network is not accessible from the outside, as it is password-secured.
b. The application of a ‘clear screen’ and ‘clean desk’ policy, meaning that collaborators are obliged to lock their PC or laptop when leaving their workstation. The workstation must be left behind clean and tidy when leaving the building.
c. Having a policy in place for the physical security of both access and environment. The office of Zerocopter is protected against invaders by way of locks. The office area is closed outside office hours and to gain access a physical key and an electronic key must be used.
d. The policy for security incidents. Future incidents are registered in the internal incident register. The Data Protection Officer becomes responsible for the registration and timely handling of the incidents. After handling the incident, it will be evaluated, and appropriate improvement measures will be taken.
We have also implemented efficacious procedures. If Zerocopter were to face a data leak, our Data Protection Officer (contact information is listed below under 14) will be informed of the data leak. If the nature, the severity, and the extent of the data leak require such, the data subjects will be informed accordingly within 48 hours and Zerocopter will make a report to the monitoring agency Autoriteit Persoonsgegevens within 72 hours. When reporting the data leak, we indicate information and facts regarding the data leak. We indicate in addition in which category the data subjects were, and additional information so the report can be treated with due care.
Our database with customer information is saved digitally. The database is only accessible for authorised staff inside Zerocopter. Our database with customer information is only accessible through personal login data and a secured connection of authorised staff. Logging in outside our Wi-Fi network is only possible from a previously approved IP-address and never from a public Wi-Fi network.
You have the right to access your personal data, to restrict the processing of your personal data, to have it corrected, supplemented, modified, or even removed. For some personal data, it could be that Zerocopter is legally obliged to keep it. To this personal data it applies that Zerocopter cannot modify and/or remove it on your request.
We ask you to mail such requests to: email@example.com. We will take your request into consideration as soon as possible, with a final term of four weeks. If you submit a request, we will verify your identity against the requested information. Take into account besides that, after we have modified or removed your personal data on your request, it may be that this information will still be available for a while in our back-ups, until these back-ups will be deleted as well. If you have deregistered, we will keep the deregistration (that is, not the personal data themselves) for 5 years after deregistration.
In some cases, you have the right to obtain your personal data, which you have provided Zerocopter with, in a structured, customary, and machine-readable form. Also, you have the right to transfer this data, if this process is done in the manner to which the applicable legislation and regulations the transfer of data has been assigned. To exercise the rights mentioned in the preceding, you can send an email to firstname.lastname@example.org.
Cookies are files with a tiny quantity of data. “Cookies” are sent from your website to your browser and stored on the hard disk of your computer. We use "Cookies" to collect information. You can order your browser to refuse “Cookies” or use your browser to see how long “Cookies” are stored.
We can also collect information that your browser sends when you visit our “Website” ("Log-data"). This log-data can contain information such as the internet protocol-address ("IP") of your computer, browser type, browser version, the pages of our service you visit, the time and the date of your visit, the time spent on those pages, and other statistics.
We will not transmit your personal data to third parties without your consent, unless:
a. It is necessary in the context of negotiations on, the conclusion of, and the implementation of the assignment agreement between you and Zerocopter; and/or
b. It is necessary to offer the Service to you; and/or
c. Zerocopter on grounds of a legal obligation or in an emergency is obligated to transmit the personal data to government agencies, such as in the event of a court order imposes the obligation of providing personal data to third parties. In this particular case, Zerocopter will exclusively provide the data that is legally obliged; and/or
d. Zerocopter organises a training or event with a third party, in which case exclusively your contact information will be shared with a third party; and/or
e. A reorganisation or transfer of business activities takes place at Zerocopter with the result that Zerocopter must transfer personal data to another organisation.
Your information, including personal information, can be transferred to – and maintained on – computers outside your state, province, land, or other jurisdiction of the government where legislation regarding data protection may be different from that in your jurisdiction. If you are located outside the EEA and you choose to provide us with information, please take into account that we transfer the information, including personal information, to the EEA where we will process it.
By using the Website and/or the Service outside the EEA, followed by the submission of such information, you indicate your approval of the international transfer.
The privacy statement of Zerocopter is not applicable to websites and/or applications of third parties, not either in case Zerocopter has placed a hyperlink or connection on its Website to these other websites. If you choose to click on the links, you will be directed to the website of that third party. Zerocopter does not accept any responsibility and liability with regard to the manner in which these third parties handle personal data and cookies. We advise you to review the privacy statements and cookie statements of those websites, before you visit them.
Zerocopter deploys third parties to process your personal data. These third parties (processors) process your personal data exclusively within our assignment and we conclude processor agreements with these third parties which are compliant with the requirements of GDPR (or its Netherlands ratification AVG). This regards, amongst other things, companies and/or persons involved in the Application and the Services (‘developers’) or service providers which provide hosting services. In addition, our accountant processes personal data.
Your personal data is kept for as long as it is necessary for the realisation of the purposes as mentioned in article 4 of this privacy statement. After the (statutory) retention period, your personal data is destroyed.
Zerocopter keeps the reports of the researchers for 2 years after the reports have been drawn up. We keep the customer information for a period of 5 years after the end of the agreement or termination of the provision of services. This term is necessary for defence in case of a claim on Zerocopter. The customer base is protected by way of the security measures as stipulated in appendix 1 under 6 to this privacy statement.
The above retention period does not apply in case Zerocopter is subject to a legal obligation to keep the personal data any longer.
We do not aim our services at children under 16, so our service does not regard minors. We do not deliberately collect personal, identifiable information on minors. If you are a parent or guardian and you know that your children have provided us with personal data, please contact us. In case we become aware that we have collected personal information on a child younger than 13 without the parents’ consent, we take actions to remove the information from our servers.
If you have questions about our privacy statement, contact our Data Protection Officer at:
Attn: Privacy Officer
We reserve ourselves the right to modify the privacy statement at all times, for example when legislation or regulations change. The most recent can always be found on the Website. If and when the privacy statement is comprehensively reviewed, we report this on the Website. You are advised to regularly check this privacy statement for any possible changes. Modifications to this privacy statement are effective when they are published on this page.
If you have questions, comments and/or complaints in general or about/regarding our privacy statement, you can contact the monitoring agency of ‘Autoriteit Persoonsgegevens’ on: https://autoriteitpersoonsgegevens.nl/en.