Privacy & Cookie Statement

Effective date: January 21, 2021

Who are we?

nextAuth NV
Kapeldreef 60
3001 Leuven
Belgium
VAT BE 0653.729.619

privacy@nextauth.com

nextAuth NV operates the https://www.nextauth.com website and the nextAuth mobile application (hereinafter referred to as the “Service”).

This page informs you about the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

Data Controller and Processor

This statement applies to the data collection relating to the Service where nextAuth acts as data controller.

Note that, when using the nextAuth mobile application, nextAuth is not necessarily the data controller, but one of our customers might be. If our customer runs a dedicated nextAuth authentication server, we do not even process any of your personal data regarding the authentication. In these cases, this privacy statement does not apply and we refer you to the respective data controller.

This statement also does not apply to processing of personal data that is not related to the usage of the Service.

Information Collection

We collect several different types of information for various purposes to provide and improve our Service to you.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Cookies and Usage Data

Mobile application – Google/Apple

When using our mobile application, data can be processed by Google and/or Apple, including data related to installation of the mobile app, usage data, crash reports, diagnostics and identifiers and data for push messages. We are not necessarily the data controller, (part of) the data processing by Google and Apple is covered by a direct agreement between you as mobile phone user and these companies.

Regarding Google Firebase we are the data controller. Consult the Firebase Data Processing and Security Terms for details about how Google handles your data on our behalf.

Usage Data

We also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”).

This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Cookies

Cookies are files with small amount of data which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

We only use cookies that are technically necessary to provide you with our Service (i.e. session cookies for authentication and cookies to store your preferences).

Use of Data

We collect the above data for various purposes:

  • To provide and maintain the Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer care and support
  • To provide analysis or valuable information so that we can improve the Service
  • To monitor the usage of the Service
  • To detect, prevent and address technical issues
  • To inform you about our company, products and services

Legal Grounds

We strictly adhere to the Regulation (EU) 2016/679, also known as the General Data Protection Regulation (GDPR); and the Directive 2002/58/EC, also known as the e-Privacy Directive.

The data is processed based on one of the following legal grounds:

  • The performance of a contract as agreed with one of our customers, or the preparation of such contract at the request of a customer or prospect
  • To comply with a legal obligation (e.g. invoicing data).
  • When processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (e.g. usage data for service improvement and detecting abuse, crash reports for bug fixing, session cookies for a functional website, demo accounts on our server, contact data for newsletters, communicating with you when you have expressed interest in our company, products or services).
  • With your explicit consent (e.g. direct marketing when not covered by legitimate interests).

Transfer and Disclosure of Data

All of our own servers are located within the European Economic Area (EEA), but for some part of our Service we have to rely on parties outside the EEA (e.g. processing related to the mobile application by Google and Apple). The transfers to these countries are covered by an adequacy decision or based on the standard contractual clauses defined by the European Commission. If you are located outside the EEA and choose to provide information to us, your submission of such information represents your agreement to a transfer to the EEA.

We may employ third party companies and individuals as “Data Processors” to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We will not transfer your data to third parties without your explicit, prior consent.

We may, however, disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of nextAuth NV
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

We will only store your data for the time necessary.

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Rights

You have the right to request access to and rectification/erasure of your personal data or restriction of processing concerning yourself as a data subject or to object to processing as well as the right to data portability.

When processing is based on your explicit consent, you can always revoke this consent.

You also have the right to lodge a complaint with the Belgian Data Protection Authority or another supervisory authority (i.e. where you live/work or the location of the infraction).

Changes to This Privacy Statement

We may update our Privacy Statement from time to time. We will notify you of any changes by posting the new Privacy Statement on this page. You are advised to review this Privacy Statement periodically for any changes. Changes to this Privacy Statement are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Statement or want to exercise your rights, please contact us by email: privacy@nextauth.com

Book your personal demo