Privacy policy

Endoxia respects the privacy of its users and processes personal data in accordance with the General Data Protection Regulation (GDPR).

1. Controller

Endoxia B.V., located at [address], is responsible for the processing of personal data.

2. What data do we process?

We process the following categories of personal data:

• Contact and identification details (name, email address, position, company)

• Invoice and payment details

• User data (IP address, login details, activity on the platform)

• Content contributions (questions created and answers given)

3. Purposes of processing

• Execution of the agreement (access to the platform, invoicing)

• Improvement of services

• Communication about updates and new features

• Compliance with legal obligations

4. Legal grounds

The processing is based on:

• Execution of the agreement

• Legitimate interest (service improvement, security)

• Legal obligation

5. Data sharing

Personal data is only shared with:

• Processors (e.g., hosting provider, payment provider) with whom a processing agreement has been concluded

• Third parties if this is required by law

6. Retention periods

• Account data: up to 2 years after the termination of the agreement

• Invoice data: 7 years (tax retention obligation)

• Login data: max. 1 year

7. Security

Endoxia takes appropriate technical and organizational measures to protect personal data against loss or unlawful processing (including encryption, access control, ISO 27001 certified hosting).

8. Rights of data subjects

Users have the right to access, rectification, deletion, restriction, data portability, and objection. Requests can be submitted via [email privacy@endoxia.com].

9. Cookies

The website uses functional and analytical cookies. See our cookie policy for more information.

10. Contact

Questions about this privacy statement can be directed to [email privacy@endoxia.com].